Search
127,907 CVEs · High severity
CVEs (127,907, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 476–500 of 127,907 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↓ | Description |
|---|---|---|---|---|---|
| CVE-2025-58897 | HIGH | 8.1 | 2026-06-02 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Fermentio allows PHP Local File Inclusi… | |
| CVE-2025-58707 | HIGH | 8.1 | 2026-06-02 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Spin allows PHP Local File Inclusion. … | |
| CVE-2019-25719 | HIGH | 8.6 | 2026-06-02 | Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors running software versions VG4.1.1, VG4.0.3, and lower contain network message handling vulne… | |
| CVE-2026-42685 | HIGH | 7.1 | 2026-06-02 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ahmad WP Job Portal allows Reflected XSS. This issue affects WP Job P… | |
| CVE-2026-42670 | HIGH | 7.5 | 2026-06-02 | Missing Authorization vulnerability in Etoile Web Design Incorporated Five Star Restaurant Reservations allows Exploiting Incorrectly Configured Access Control Security Lev… | |
| CVE-2026-42669 | HIGH | 7.5 | 2026-06-02 | Missing Authorization vulnerability in EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects EventPrime: from n/a through 4.3.2.0. | |
| CVE-2026-39551 | HIGH | 8.1 | 2026-06-02 | Deserialization of Untrusted Data vulnerability in Elated-Themes Töbel allows Object Injection. This issue affects Töbel: from n/a through 1.8.1. | |
| CVE-2026-39550 | HIGH | 8.1 | 2026-06-02 | Deserialization of Untrusted Data vulnerability in Elated-Themes Aperitif allows Object Injection. This issue affects Aperitif: from n/a through 1.6. | |
| CVE-2025-58705 | HIGH | 8.1 | 2026-06-02 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Crafti allows PHP Local File Inclusion.… | |
| CVE-2025-58024 | HIGH | 7.5 | 2026-06-02 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in UnboundStudio Accordion FAQ allows PHP Local File I… | |
| CVE-2025-53440 | HIGH | 8.1 | 2026-06-02 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Confidant allows PHP Local File Inclusi… | |
| CVE-2026-5422 | HIGH | 8.1 | 2026-06-02 | A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an incorrect root directory boundary check in the _get_os_path() function within jupyter_serve… | |
| CVE-2025-53345 | HIGH | 8.8 | 2026-06-02 | Missing Authorization vulnerability leading to code execution after installing malicious vulnerable plugin in ThimPress Thim Core. This issue affects Thim Core: from n/a t… | |
| CVE-2025-52759 | HIGH | 7.1 | 2026-06-02 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UnboundStudio Accordion FAQ allows Reflected XSS. This issue affects … | |
| CVE-2026-3514 | HIGH | Patched | 7.5 | 2026-06-02 | In version 3.6.19 of prefecthq/prefect, an authentication bypass vulnerability exists due to the improper handling of URL path exemptions for health check probes. Specifica… |
| CVE-2026-1784 | HIGH | 8.8 | 2026-06-02 | The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy. It was found that the checks performed on the spec.path YAML sta… | |
| CVE-2026-8293 | HIGH | Patched | 7.5 | 2026-06-02 | The Really Simple Security WordPress plugin before 9.5.10.1 does not enforce the second-factor challenge in two of its two-factor authentication REST endpoints, allowing a… |
| CVE-2026-25277 | HIGH | 8.8 | 2026-06-01 | Memory corruption while using Strongbox due to buffer overflow. | |
| CVE-2026-25276 | HIGH | 8.8 | 2026-06-01 | Memory corruption while using Strongbox due to missing bounds check. | |
| CVE-2026-25260 | HIGH | 7.8 | 2026-06-01 | Memory Corruption when accessing shared buffers without validation of concurrent user-mode input modifications. | |
| CVE-2026-25259 | HIGH | 7.8 | 2026-06-01 | Memory corruption while processing multiple IOCTL command for escape operations. | |
| CVE-2026-25258 | HIGH | 7.8 | 2026-06-01 | Memory corruption while processing IOCTL calls for escape operations. | |
| CVE-2026-24782 | HIGH | Patched | 7.6 | 2026-06-01 | Kiteworks is a private data network (PDN). Prior to version 9.3.0,ultiple SQL Injection vulnerabilities in Kiteworks Secure Data Forms could be exploited by an authenticate… |
| CVE-2026-24752 | HIGH | Patched | 8.2 | 2026-06-01 | Kiteworks is a private data network (PDN). Prior to version 9.3.0, a reflected XSS vulnerability in Kiteworks Secure Data Forms could allow an external attacker to trick a … |
| CVE-2026-24092 | HIGH | 7.2 | 2026-06-01 | Memory Corruption when processing fastboot commands to set display mode. |