Search
31,027 CVEs · Critical severity
CVEs (31,027, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 26–50 of 31,027 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↑ | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-30893 | CRITICAL | Patched | 9.0 | 2026-04-29 | Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.4.0 to before version 4.14.4, a path traversal vulnerability in… |
| CVE-2026-42523 | CRITICAL | Patched | 9.0 | 2026-04-29 | Jenkins GitHub Plugin 1.46.0 and earlier improperly processes the current job URL as part of JavaScript implementing validation of the feature "GitHub hook trigger for GITS… |
| CVE-2026-5652 | CRITICAL | Patched | 9.0 | 2026-04-21 | An insecure direct object reference vulnerability in the Users API component of Crafty Controller allows a remote, authenticated attacker to perform user modification actio… |
| CVE-2026-40569 | CRITICAL | 9.0 | 2026-04-21 | FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a mass assignment vulnerability in the mailbox connection settings endpoints of… | |
| CVE-2026-24467 | CRITICAL | Patched | 9.0 | 2026-04-20 | OpenAEV is an open source platform allowing organizations to plan, schedule and conduct cyber adversary simulation campaign and tests. Starting in version 1.0.0 and prior t… |
| CVE-2026-40572 | CRITICAL | Patched | 9.0 | 2026-04-18 | NovumOS is a custom 32-bit operating system written in Zig and x86 Assembly. In versions prior to 0.24, Syscall 15 (MemoryMapRange) allows Ring 3 user-mode processes to map… |
| CVE-2026-40477 | CRITICAL | Patched | 9.0 | 2026-04-17 | Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulnerability in the express… |
| CVE-2026-40478 | CRITICAL | Patched | 9.0 | 2026-04-17 | Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulnerability in the the exp… |
| CVE-2026-40322 | CRITICAL | Patched | 9.0 | 2026-04-16 | SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, Mermaid diagrams are rendered with securityLevel set to "loose", and the resulti… |
| CVE-2026-26149 | CRITICAL | Patched | 9.0 | 2026-04-14 | Improper neutralization of escape, meta, or control sequences in Microsoft Power Apps allows an authorized attacker to perform spoofing over a network. |
| CVE-2026-39860 | CRITICAL | Patched | 9.0 | 2026-04-08 | Nix is a package manager for Linux and other Unix systems. A bug in the fix for CVE-2024-27297 allowed for arbitrary overwrites of files writable by the Nix process orchest… |
| CVE-2026-39846 | CRITICAL | Patched | 9.0 | 2026-04-07 | SiYuan is a personal knowledge management system. Prior to 3.6.4, a malicious note synced to another user can trigger remote code execution in the SiYuan Electron desktop c… |
| CVE-2026-39305 | CRITICAL | Patched | 9.0 | 2026-04-07 | PraisonAI is a multi-agent teams system. Prior to 1.5.113, the Action Orchestrator feature contains a Path Traversal vulnerability that allows an attacker (or compromised a… |
| CVE-2026-34989 | CRITICAL | Patched | 9.0 | 2026-04-06 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 31.0.0.0, the applica… |
| CVE-2026-28798 | CRITICAL | Patched | 9.0 | 2026-04-03 | ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. Prior to version 1.5.3, a proxy endpoint (/v1/sys/proxy) exposed by ZimaOS's … |
| CVE-2026-35216 | CRITICAL | Patched | 9.0 | 2026-04-03 | Budibase is an open-source low-code platform. Prior to version 3.33.4, an unauthenticated attacker can achieve Remote Code Execution (RCE) on the Budibase server by trigger… |
| CVE-2026-34448 | CRITICAL | Patched | 9.0 | 2026-03-31 | SiYuan is a personal knowledge management system. Prior to version 3.6.2, an attacker who can place a malicious URL in an Attribute View mAsse field can trigger stored XSS … |
| CVE-2026-30282 | CRITICAL | 9.0 | 2026-03-31 | An arbitrary file overwrite vulnerability in UXGROUP LLC Cast to TV Screen Mirroring v2.2.77 allows attackers to overwrite critical internal files via the file import proce… | |
| CVE-2026-33749 | CRITICAL | Patched | 9.0 | 2026-03-25 | n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, an authenticated user with permission to create or modify workflows coul… |
| CVE-2026-32519 | CRITICAL | 9.0 | 2026-03-25 | Incorrect Privilege Assignment vulnerability in Bit Apps Bit SMTP bit-smtp allows Privilege Escalation.This issue affects Bit SMTP: from n/a through <= 1.2.2. | |
| CVE-2025-32991 | CRITICAL | Patched | 9.0 | 2026-03-25 | In N2WS Backup & Recovery before 4.4.0, a two-step attack against the RESTful API results in remote code execution. |
| CVE-2025-33244 | CRITICAL | 9.0 | 2026-03-24 | NVIDIA APEX for Linux contains a vulnerability where an unauthorized attacker could cause a deserialization of untrusted data. This vulnerability affects environments that … | |
| CVE-2026-33066 | CRITICAL | Patched | 9.0 | 2026-03-20 | SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the backend renderREADME function uses lute.New() without calling SetSanitize(true), allowing… |
| CVE-2026-33067 | CRITICAL | Patched | 9.0 | 2026-03-20 | SiYuan is a personal knowledge management system. Versions 3.6.0 and below render package metadata fields (displayName, description) using template literals without HTML es… |
| CVE-2026-32891 | CRITICAL | Patched | 9.0 | 2026-03-20 | Anchorr is a Discord bot for requesting movies and TV shows and receiving notifications when items are added to a media server. Versions 1.4.1 and below contain a stored XS… |