Search
59,162 CVEs
CVEs (59,162, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 26–50 of 59,162 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-46595 | CRITICAL | Patched | 10.0 | 2026-05-22 | Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the sour… |
| CVE-2026-34908 | CRITICAL | 10.0 | 2026-05-22 | A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system. | |
| CVE-2026-34909 | CRITICAL | 10.0 | 2026-05-22 | A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be m… | |
| CVE-2026-34910 | CRITICAL | 10.0 | 2026-05-22 | A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection. | |
| CVE-2026-9152 | NONE | — | 2026-05-21 | A missing authentication vulnerability exists in the Altium 365 SearchService. A legacy SOAP endpoint exposes search index operations without requiring authentication, sess… | |
| CVE-2026-45444 | CRITICAL | 10.0 | 2026-05-20 | Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift Cards For WooCommerce Pro allows Using Malicious Files. This issue affects Gift Cards For W… | |
| CVE-2026-20223 | CRITICAL | 10.0 | 2026-05-20 | A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site resources with t… | |
| CVE-2026-42960 | CRITICAL | Patched | 10.0 | 2026-05-20 | NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to poisoning via promiscuous records for the authority section. Promiscuous RRSets that complement DNS r… |
| CVE-2026-34234 | CRITICAL | Patched | 10.0 | 2026-05-19 | CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the web-based installer (public/installer/index.php) is vulnerable to unauthen… |
| CVE-2026-43633 | CRITICAL | 10.0 | 2026-05-19 | HestiaCP versions 1.9.0 through 1.9.4 contain a deserialization vulnerability in the web terminal component caused by a session format mismatch between PHP and Node.js that… | |
| CVE-2026-42822 | CRITICAL | Patched | 10.0 | 2026-05-18 | Improper authentication in Azure Local Disconnected Operations allows an unauthorized attacker to elevate privileges over a network. |
| CVE-2026-45829 | NONE | — | 2026-05-18 | A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthenticated attacker to run arbitrary code on the … | |
| CVE-2026-2031 | NONE | — | 2026-05-15 | An Improper Access Control vulnerability in several internal API endpoints for Google Cloud Application Integration prior to 2026-01-23 allows a remote, unauthenticated att… | |
| CVE-2026-41553 | CRITICAL | Patched | 10.0 | 2026-05-15 | PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Remote Code Execution due to lack of "data" parameter sanitization. An unauthenticated atta… |
| CVE-2026-44523 | CRITICAL | Patched | 10.0 | 2026-05-14 | Note Mark is an open-source note-taking application. Prior to 0.19.4, no minimum length or entropy is enforced on the JWT_SECRET configuration value. The application accept… |
| CVE-2026-20182 | CRITICAL | Patched | 10.0 | 2026-05-14 | May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the was disclosed in February 2026. This … |
| CVE-2026-44005 | CRITICAL | Patched | 10.0 | 2026-05-13 | vm2 is an open source vm/sandbox for Node.js. From 3.9.6 to 3.10.5, vm2's bridge exposes mutable proxies for real host-realm intrinsic prototypes and then forwards sandbox … |
| CVE-2026-44006 | CRITICAL | Patched | 10.0 | 2026-05-13 | vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, It is possible to reach BaseHandler.getPrototypeOf, which can be used to get arbitrary prototypes. This vulne… |
| CVE-2026-43997 | CRITICAL | Patched | 10.0 | 2026-05-13 | vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, it is possible to obtain the host Object. There are various ways to use the host Object, to escape the sandbo… |
| CVE-2026-42288 | CRITICAL | Patched | 10.0 | 2026-05-12 | ChurchCRM is an open-source church management system. Prior to 7.3.2, The fix for CVE-2026-39337 is incomplete. The pre-authentication remote code execution vulnerability i… |
| CVE-2026-42869 | CRITICAL | Patched | 10.0 | 2026-05-11 | SOCFortress CoPilot focuses on providing a single pane of glass for all your security operations needs. Prior to 0.1.57, SOCFortress CoPilot ships a hardcoded JWT signing s… |
| CVE-2026-44643 | CRITICAL | Patched | 10.0 | 2026-05-11 | Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to 1.5.2, an attacker can write a malicious expression using filters… |
| CVE-2026-42298 | CRITICAL | Patched | 10.0 | 2026-05-08 | Postiz is an AI social media scheduling tool. Prior to commit da44801, a "Pwn Request" vulnerability in the Build and Publish PR Docker Image workflow (.github/workflows/pr… |
| CVE-2026-42287 | NONE | Patched | — | 2026-05-08 | Emlog is an open source website building system. Prior to version 2.6.11, direct SQL injection in article creation and update functions allows attackers to execute arbitrar… |
| CVE-2026-42160 | NONE | Patched | — | 2026-05-08 | Data Space Portal is an open-source Software as a Service (SaaS) solution designed to streamline Dataspace management. From version 2.1.1 to before version 7.3.2, there is … |