Search
18,985 CVEs
CVEs (18,985, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 451–475 of 18,985 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-8500 | CRITICAL | 9.8 | 2026-05-13 | Web::Passwd versions through 0.03 for Perl is vulnerable to RCE. Web::Passwd is a small CGI application for managing htpasswd files using the htpasswd command. The user p… | |
| CVE-2026-42031 | CRITICAL | Patched | 9.8 | 2026-05-13 | CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastore_search_sql allowed at… |
| CVE-2026-45411 | CRITICAL | Patched | 9.8 | 2026-05-13 | vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.3, it is possible to catch a host exception using the yield* expression inside an async generator. When the gene… |
| CVE-2026-44008 | CRITICAL | Patched | 9.8 | 2026-05-13 | vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.2, the new method neutralizeArraySpeciesBatch works with objects from the other side but can call into this side… |
| CVE-2026-44009 | CRITICAL | Patched | 9.8 | 2026-05-13 | vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.2, This vulnerability is fixed in 3.11.2. |
| CVE-2020-37168 | CRITICAL | 9.8 | 2026-05-13 | Ecommerce Systempay 1.0 contains a weak cryptographic implementation vulnerability that allows attackers to brute force the 16-character production secret key used for paym… | |
| CVE-2026-42062 | CRITICAL | 9.8 | 2026-05-13 | ELECOM wireless LAN access point devices contain an OS command injection in processing of username parameter. If processing a crafted request, an arbitrary OS command may b… | |
| CVE-2026-40621 | CRITICAL | 9.8 | 2026-05-13 | ELECOM wireless LAN access point devices do not require authentication to access some specific URLs. The affected product may be operated without authentication. | |
| CVE-2026-32661 | CRITICAL | 9.8 | 2026-05-13 | Stack-based buffer overflow vulnerability exists in GUARDIANWALL MailSuite and GUARDIANWALL Mail Security Cloud (SaaS version). If a remote attacker sends a specially craft… | |
| CVE-2026-42854 | CRITICAL | Patched | 9.8 | 2026-05-12 | arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, the WebServer multipart form parser in… |
| CVE-2026-45185 | CRITICAL | Patched | 9.8 | 2026-05-12 | Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS close… |
| CVE-2026-44277 | CRITICAL | Patched | 9.8 | 2026-05-12 | A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through 6.6.8, FortiAuthenticator 6.5.0 thr… |
| CVE-2026-44343 | CRITICAL | Patched | 9.8 | 2026-05-12 | WGDashboard is a dashboard for WireGuard VPN. Prior to 4.3.2, there are critical vulnerabilities affecting WGDashboard that, if exploited, could allow unauthorized parties … |
| CVE-2026-44183 | CRITICAL | Patched | 9.8 | 2026-05-12 | Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. Prior to 2.9.10, TrustedNe… |
| CVE-2026-41096 | CRITICAL | Patched | 9.8 | 2026-05-12 | Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network. |
| CVE-2026-41089 | CRITICAL | Patched | 9.8 | 2026-05-12 | Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network. |
| CVE-2026-31237 | CRITICAL | 9.8 | 2026-05-12 | The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization (CWE-502) through its predict() method. When a user provides a dataset file path to the predict()… | |
| CVE-2026-31238 | CRITICAL | 9.8 | 2026-05-12 | The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization (CWE-502) in its model serving component. When starting a model server with the ludwig serve comm… | |
| CVE-2026-31239 | CRITICAL | 9.8 | 2026-05-12 | The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization (CWE-502) when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel… | |
| CVE-2026-31229 | CRITICAL | 9.8 | 2026-05-12 | The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains an insecure deserialization vulnerability (CWE-502) in its Kubeflow component's model loading functionality. W… | |
| CVE-2026-31230 | CRITICAL | 9.8 | 2026-05-12 | The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a command-line argument injection vulnerability in its Kubeflow component (robustness_evaluation_fgsm_pytorch.… | |
| CVE-2026-31231 | CRITICAL | 9.8 | 2026-05-12 | Cognee thru v0.4.0 contains a critical remote code execution vulnerability in its notebook cell execution API endpoint. The endpoint is designed to execute arbitrary Python… | |
| CVE-2026-31233 | CRITICAL | 9.8 | 2026-05-12 | Guardrails AI thru 0.6.7 contains a code injection vulnerability (CWE-94) in its Hub package installation mechanism. When installing validator packages via guardrails hub i… | |
| CVE-2026-31234 | CRITICAL | 9.8 | 2026-05-12 | Horovod thru 0.28.1 contains an insecure deserialization vulnerability (CWE-502) in its KVStore HTTP server component. The KVStore server, used for distributed task coordin… | |
| CVE-2026-31235 | CRITICAL | 9.8 | 2026-05-12 | The imgaug library thru 0.4.0 contains an insecure deserialization vulnerability in its BackgroundAugmenter class within the multicore.py module. The class uses Python's pi… |