Search
18,985 CVEs
CVEs (18,985, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 476–500 of 18,985 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-31236 | CRITICAL | 9.8 | 2026-05-12 | The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command-line argument. This argument is intended to allow users to provide… | |
| CVE-2026-26083 | CRITICAL | Patched | 9.8 | 2026-05-12 | A missing authorization vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox Cloud 5.0.2 through 5.0.5, FortiSandbox P… |
| CVE-2026-43992 | CRITICAL | Patched | 9.8 | 2026-05-12 | JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, every MCP write tool (send_tokens, execute_contract, instantiate_contract, upload_wasm,… |
| CVE-2025-65719 | CRITICAL | 9.8 | 2026-05-12 | An issue in Open Source Kubectl MCP Server v1.1.1 allows attackers to execute arbitrary code on a victim system via user interaction with a crafted HTML page. | |
| CVE-2026-41293 | CRITICAL | Patched | 9.8 | 2026-05-12 | Improper Input Validation vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 t… |
| CVE-2026-43512 | CRITICAL | Patched | 9.8 | 2026-05-12 | DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10… |
| CVE-2026-31226 | CRITICAL | 9.8 | 2026-05-12 | The TinyZero project thru commit 6652a63c57fa7e5ccde3fc9c598c7176ff15b839 (2025-58-24) contains a critical command injection vulnerability (CWE-78) in its HDFS file operati… | |
| CVE-2026-31228 | CRITICAL | 9.8 | 2026-05-12 | The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a remote code execution vulnerability in its Kubeflow component. The robustness evaluation function for PyTorc… | |
| CVE-2026-34187 | CRITICAL | Patched | 9.8 | 2026-05-12 | Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via graph container parameter. This issue affects Pandora FMS: from 77… |
| CVE-2026-31214 | CRITICAL | 9.8 | 2026-05-12 | The torch-checkpoint-shrink.py script in the ml-engineering project in commit 0099885db36a8f06556efe1faf552518852cb1e0 (2025-20-27) contains an insecure deserialization vul… | |
| CVE-2026-31217 | CRITICAL | 9.8 | 2026-05-12 | The _load_model() function in the neural_magic_training.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f (2024-07-21) allows arbitrary c… | |
| CVE-2026-31220 | CRITICAL | 9.8 | 2026-05-12 | PySyft (Syft Datasite/Server) versions 0.9.5 and earlier are vulnerable to remote code execution due to insufficient validation and sandboxing of user-submitted code. The s… | |
| CVE-2026-8401 | CRITICAL | Patched | 9.8 | 2026-05-12 | Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11. |
| CVE-2025-6577 | CRITICAL | Patched | 9.8 | 2026-05-12 | Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allo… |
| CVE-2026-7210 | CRITICAL | Patched | 9.8 | 2026-05-11 | `xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\r… |
| CVE-2026-43995 | CRITICAL | Patched | 9.8 | 2026-05-11 | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, multiple tool implementations directly import and invoke raw HTTP c… |
| CVE-2026-38567 | CRITICAL | 9.8 | 2026-05-11 | HireFlow v1.2 is vulnerable to SQL injection in the /login and /search endpoints. User-supplied input is concatenated directly into SQL queries without parameterization. An… | |
| CVE-2026-40636 | CRITICAL | Patched | 9.8 | 2026-05-11 | Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains a use of hard-coded credentials vulnerability. An unauthenticated attacke… |
| CVE-2021-47940 | CRITICAL | 9.8 | 2026-05-10 | WordPress Plugin Download From Files version 1.48 and earlier contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious file… | |
| CVE-2021-47932 | CRITICAL | 9.8 | 2026-05-10 | WordPress TheCartPress 1.5.3.6 contains an unauthenticated privilege escalation vulnerability that allows attackers to create administrator accounts by submitting crafted r… | |
| CVE-2021-47933 | CRITICAL | 9.8 | 2026-05-10 | WordPress MStore API 2.0.6 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the R… | |
| CVE-2021-47936 | CRITICAL | 9.8 | 2026-05-10 | OpenCATS 0.9.4 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by uploading malicious PHP files disguised… | |
| CVE-2021-47923 | CRITICAL | 9.8 | 2026-05-10 | OpenCart 3.0.3.8 contains a session fixation vulnerability that allows attackers to hijack user sessions by injecting arbitrary values into the OCSESSID cookie. Attackers c… | |
| CVE-2026-6722 | CRITICAL | Patched | 9.8 | 2026-05-10 | In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers t… |
| CVE-2026-7261 | CRITICAL | Patched | 9.8 | 2026-05-10 | In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, when SoapServer is configured with SOAP_PERSISTENCE_SESSION, the hand… |