Search
59,162 CVEs
CVEs (59,162, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 476–500 of 59,162 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-21669 | CRITICAL | Patched | 9.9 | 2026-03-12 | A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server. |
| CVE-2026-27591 | CRITICAL | Patched | 9.9 | 2026-03-11 | Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Prior to 1.0.477, 1.1.12, and 1.2.12, Winter CMS allowed authenticated bac… |
| CVE-2025-66956 | CRITICAL | 9.9 | 2026-03-11 | Insecure Access Control in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote attackers to access and execute attachments via a computable URL. | |
| CVE-2026-30956 | CRITICAL | Patched | 9.9 | 2026-03-10 | OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, a low‑privileged user can bypass authorization and tenant isolation in OneUptime v10.… |
| CVE-2026-30957 | CRITICAL | Patched | 9.9 | 2026-03-10 | OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, OneUptime Synthetic Monitors allow a low-privileged authenticated project user to exe… |
| CVE-2026-30921 | CRITICAL | Patched | 9.9 | 2026-03-10 | OneUptime is a solution for monitoring and managing online services. Prior to 10.0.20, OneUptime Synthetic Monitors allow low-privileged project users to submit custom Play… |
| CVE-2026-30887 | CRITICAL | Patched | 9.9 | 2026-03-10 | OneUptime is a solution for monitoring and managing online services. Prior to 10.0.18, OneUptime allows project members to run custom Playwright/JavaScript code via Synthet… |
| CVE-2026-30860 | CRITICAL | Patched | 9.9 | 2026-03-07 | WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, a remote code execution (RCE) vulnerability ex… |
| CVE-2026-30861 | CRITICAL | Patched | 9.9 | 2026-03-07 | WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. From version 0.2.5 to before version 0.2.10, an unauthenticated remote … |
| CVE-2026-29789 | CRITICAL | Patched | 9.9 | 2026-03-06 | Vito is a self-hosted web application that helps manage servers and deploy PHP applications into production servers. Prior to version 3.20.3, a missing authorization check … |
| CVE-2026-28466 | CRITICAL | Patched | 9.9 | 2026-03-05 | OpenClaw versions prior to 2026.2.14 contain a vulnerability in the gateway in which it fails to sanitize internal approval fields in node.invoke parameters, allowing authe… |
| CVE-2026-24960 | CRITICAL | 9.9 | 2026-03-05 | Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Charety charety allows Using Malicious Files.This issue affects Charety: from n/a through < 2.0.2. | |
| CVE-2026-22390 | CRITICAL | 9.9 | 2026-03-05 | Improper Control of Generation of Code ('Code Injection') vulnerability in Builderall Builderall Builder for WordPress builderall-cheetah-for-wp allows Code Injection.This … | |
| CVE-2025-68555 | CRITICAL | 9.9 | 2026-03-05 | Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Nutrie nutrie allows Upload a Web Shell to a Web Server.This issue affects Nutrie: from n/a thro… | |
| CVE-2025-68553 | CRITICAL | 9.9 | 2026-03-05 | Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Lendiz lendiz allows Upload a Web Shell to a Web Server.This issue affects Lendiz: from n/a thro… | |
| CVE-2025-68554 | CRITICAL | 9.9 | 2026-03-05 | Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Keenarch keenarch allows Using Malicious Files.This issue affects Keenarch: from n/a through < 2.0.1. | |
| CVE-2026-24848 | CRITICAL | Patched | 9.9 | 2026-03-03 | OpenEMR is a free and open source electronic health records and medical practice management application. In 7.0.4 and earlier, the disposeDocument() method in EtherFaxActio… |
| CVE-2026-2749 | CRITICAL | Patched | 9.9 | 2026-02-27 | Vulnerability in Centreon Centreon Open Tickets on Central Server on Linux (Centroen Open Ticket modules).This issue affects Centreon Open Tickets on Central Server: from a… |
| CVE-2026-28363 | CRITICAL | Patched | 9.9 | 2026-02-27 | In OpenClaw before 2026.2.23, tools.exec.safeBins validation for sort could be bypassed via GNU long-option abbreviations (such as --compress-prog) in allowlist mode, leadi… |
| CVE-2026-27965 | CRITICAL | Patched | 9.9 | 2026-02-26 | Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location (e… |
| CVE-2026-27941 | CRITICAL | Patched | 9.9 | 2026-02-26 | OpenLIT is an open source platform for AI engineering. Prior to version 1.37.1, several GitHub Actions workflows in OpenLIT's GitHub repository use the `pull_request_target… |
| CVE-2026-27577 | CRITICAL | Patched | 9.9 | 2026-02-25 | n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, additional exploits in the expression evaluation of n8n have been identif… |
| CVE-2026-27494 | CRITICAL | Patched | 9.9 | 2026-02-25 | n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could… |
| CVE-2026-27495 | CRITICAL | Patched | 9.9 | 2026-02-25 | n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could… |
| CVE-2026-24908 | CRITICAL | Patched | 9.9 | 2026-02-25 | OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an SQL injection vulnerability in the Patie… |