Search
31,027 CVEs · Critical severity
CVEs (31,027, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 51–75 of 31,027 (capped at 500)
| CVE ID ↓ | Severity | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-9051 | CRITICAL | 9.1 | 2026-05-29 | There is an authentication bypass vulnerability in the NI SystemLink Enterprise Dashboard application that may allow an unauthenticated remote attacker to bypass authentica… | |
| CVE-2026-8959 | CRITICAL | Patched | 9.6 | 2026-05-19 | Sandbox escape due to incorrect boundary conditions in the Widget: Win32 component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Th… |
| CVE-2026-8956 | CRITICAL | Patched | 9.8 | 2026-05-19 | Integer overflow in the Networking: JAR component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. |
| CVE-2026-8953 | CRITICAL | Patched | 9.6 | 2026-05-19 | Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbi… |
| CVE-2026-8950 | CRITICAL | Patched | 9.3 | 2026-05-19 | Same-origin policy bypass in the Networking: HTTP component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. |
| CVE-2026-8948 | CRITICAL | Patched | 9.1 | 2026-05-19 | Same-origin policy bypass in the DOM: Networking component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. |
| CVE-2026-8838 | CRITICAL | Patched | 9.8 | 2026-05-18 | Unsafe use of Python's eval() on server-received data in the vector_in() function in amazon-redshift-python-driver before 2.1.14 allows a rogue server or man-in-the-middle … |
| CVE-2026-8836 | CRITICAL | 9.8 | 2026-05-18 | A vulnerability was found in lwIP up to 2.2.1. Affected is the function snmp_parse_inbound_frame of the file src/apps/snmp/snmp_msg.c of the component snmpv3 USM Handler. P… | |
| CVE-2026-8809 | CRITICAL | 9.8 | 2026-05-28 | The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Privilege Escalation via Validation Bypass in all versions up to and including 0.9.2.5. The vulne… | |
| CVE-2026-8760 | CRITICAL | 9.8 | 2026-05-27 | The Login with OTP plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.6. This is due to an incomplete fix for CVE-2024-1117… | |
| CVE-2026-8732 | CRITICAL | 9.8 | 2026-05-29 | The WP Maps Pro plugin for WordPress is vulnerable to Privilege Escalation via Administrator Account Creation in all versions up to, and including, 6.1.0. This is due to th… | |
| CVE-2026-8721 | CRITICAL | 9.8 | 2026-05-17 | Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs. Password parameters in PKCS12.xs are declared char *, which routes through P… | |
| CVE-2026-8670 | CRITICAL | Patched | 9.6 | 2026-05-22 | Insufficient session expiration vulnerability in syslink software AG Avantra on Linux, Windows allows Reusing Session IDs (aka Session Replay). This issue affects Avantra:… |
| CVE-2026-8644 | CRITICAL | Patched | 9.1 | 2026-06-01 | IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing. |
| CVE-2026-8634 | CRITICAL | 9.1 | 2026-05-14 | Crabbox prior to v0.12.0 contains an environment variable exposure vulnerability that allows attackers with access to a malicious or compromised repository to forward local… | |
| CVE-2026-8633 | CRITICAL | Patched | 9.8 | 2026-05-26 | IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulner… |
| CVE-2026-8631 | CRITICAL | Patched | 9.8 | 2026-05-20 | A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of privileges and/or… |
| CVE-2026-8605 | CRITICAL | 9.8 | 2026-05-19 | In ScadaBR version 1.2.0, a Use of Hard-Coded Credentials vulnerability could allow an attacker to access the SCADA system as admin. | |
| CVE-2026-8603 | CRITICAL | 9.8 | 2026-05-19 | In ScadaBR version 1.2.0, an OS Command Injection vulnerability could allow an attacker to execute commands as root on the SCADA system. | |
| CVE-2026-8602 | CRITICAL | 9.1 | 2026-05-19 | In ScadaBR version 1.2.0, a Missing Authentication for Critical Function vulnerability could allow an unauthenticated attacker to send a HTTP GET requests to the SCADA syst… | |
| CVE-2026-8598 | CRITICAL | 9.1 | 2026-05-20 | An undocumented configuration export port is accessible on some models of ZKTeco CCTV cameras. This port does not require authentication and exposes critical information … | |
| CVE-2026-8580 | CRITICAL | Patched | 9.6 | 2026-05-14 | Use after free in Mojo in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium securit… |
| CVE-2026-8511 | CRITICAL | Patched | 9.6 | 2026-05-14 | Use after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security … |
| CVE-2026-8507 | CRITICAL | 9.8 | 2026-05-17 | Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds (OOB) write flaws. When parsing a PKCS12 file, with a >= 1 GiB OCTET STRING (or BIT STRING) attrib… | |
| CVE-2026-8500 | CRITICAL | 9.8 | 2026-05-13 | Web::Passwd versions through 0.03 for Perl is vulnerable to RCE. Web::Passwd is a small CGI application for managing htpasswd files using the htpasswd command. The user p… |