Search
31,027 CVEs · Critical severity
CVEs (31,027, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 451–475 of 31,027 (capped at 500)
| CVE ID ↓ | Severity | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-44377 | CRITICAL | Patched | 9.1 | 2026-05-13 | CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template Injection (SSTI) vulnerability exists in multiple modules of CubeCart (inc… |
| CVE-2026-44351 | CRITICAL | Patched | 9.1 | 2026-05-13 | fast-jwt provides fast JSON Web Token (JWT) implementation. Prior to 6.2.4, a critical authentication-bypass vulnerability in fast-jwt's async key-resolver flow allows any … |
| CVE-2026-44343 | CRITICAL | Patched | 9.8 | 2026-05-12 | WGDashboard is a dashboard for WireGuard VPN. Prior to 4.3.2, there are critical vulnerabilities affecting WGDashboard that, if exploited, could allow unauthorized parties … |
| CVE-2026-44336 | CRITICAL | Patched | 9.6 | 2026-05-08 | PraisonAI is a multi-agent teams system. Prior to version 4.6.34, PraisonAI's MCP (Model Context Protocol) server (praisonai mcp serve) registers four file-handling tools b… |
| CVE-2026-44335 | CRITICAL | Patched | 9.8 | 2026-05-08 | PraisonAI is a multi-agent teams system. Prior to version 1.6.32, the URL checking logic in PraisonAI has a logical flaw that could be bypassed by attackers, leading to SSR… |
| CVE-2026-44330 | CRITICAL | Patched | 10.0 | 2026-05-27 | free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-pfdmanagement route group without inbound OAuth2/bearer-token… |
| CVE-2026-44329 | CRITICAL | Patched | 10.0 | 2026-05-27 | free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without OAuth2/bearer-token authorizati… |
| CVE-2026-44327 | CRITICAL | Patched | 10.0 | 2026-05-27 | free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-oam route group without inbound OAuth2/bearer-token authoriza… |
| CVE-2026-44326 | CRITICAL | Patched | 9.4 | 2026-05-27 | free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the 3gpp-traffic-influence API without inbound OAuth2/bearer-token aut… |
| CVE-2026-44315 | CRITICAL | Patched | 9.4 | 2026-05-27 | free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the 3gpp-pfd-management API without inbound OAuth2/bearer-token author… |
| CVE-2026-44313 | CRITICAL | Patched | 9.1 | 2026-05-09 | Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. Prior to version 2.13.0, a Server-Side Request Forgery (S… |
| CVE-2026-44277 | CRITICAL | Patched | 9.8 | 2026-05-12 | A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through 6.6.8, FortiAuthenticator 6.5.0 thr… |
| CVE-2026-44262 | CRITICAL | Patched | 9.4 | 2026-05-12 | Scramble generates API documentation for Laravel project. From 0.13.2 to before 0.13.22, when documentation endpoints are publicly accessible and validation rules reference… |
| CVE-2026-44225 | CRITICAL | Patched | 9.3 | 2026-05-12 | Pulpy is a lightweight, cross-platform desktop application packager for web apps. Prior to 0.1.1, Pulpy injects a pulpy.fs JavaScript API into every packaged web applicatio… |
| CVE-2026-44221 | CRITICAL | Patched | 9.0 | 2026-05-12 | ArcadeDB is a Multi-Model DBMS. Prior to 2.6.4, authenticated users and API tokens scoped to a specific database could read, write, and mutate schema on any other database … |
| CVE-2026-44212 | CRITICAL | Patched | 9.3 | 2026-05-14 | PrestaShop is an open source e-commerce web application. Prior to 8.2.6 and 9.1.1, there is a stored Cross-Site Scripting (XSS) vulnerability in the PrestaShop back-office … |
| CVE-2026-44211 | CRITICAL | Patched | 9.6 | 2026-06-01 | Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. In versions 2.13.0 and prior, there is a cross-origin WebSocket hijack vulnerability in Clin… |
| CVE-2026-44196 | CRITICAL | Patched | 9.1 | 2026-05-12 | Pingvin Share X is a secure and easy self-hosted file sharing platform. From 1.14.1 to 1.16.2, a critical authentication bypass vulnerability allows an attacker who has obt… |
| CVE-2026-44194 | CRITICAL | Patched | 9.1 | 2026-05-13 | OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.8, an authenticated Remote Code Execution (RCE) vulnerability in the OPNsense core allows a user wi… |
| CVE-2026-44193 | CRITICAL | Patched | 9.1 | 2026-05-13 | OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.7, the XMLRPC method opnsense.restore_config_section fails to sanitize user supplied input leading … |
| CVE-2026-44183 | CRITICAL | Patched | 9.8 | 2026-05-12 | Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. Prior to 2.9.10, TrustedNe… |
| CVE-2026-44159 | CRITICAL | 9.8 | 2026-05-19 | Tyler Identity Local (TID-L) uses documented, default administrative credentials. Users are not required to change the credentials before deployment. TID-L has not been dis… | |
| CVE-2026-44112 | CRITICAL | Patched | 9.6 | 2026-05-06 | OpenClaw before 2026.4.22 contains a time-of-check/time-of-use race condition in OpenShell sandbox filesystem writes that allows attackers to redirect writes outside the in… |
| CVE-2026-44109 | CRITICAL | Patched | 9.8 | 2026-05-06 | OpenClaw before 2026.4.15 contains an authentication bypass vulnerability in Feishu webhook and card-action validation that allows unauthenticated requests to reach command… |
| CVE-2026-4408 | CRITICAL | Patched | 9.0 | 2026-05-28 | A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" featur… |