Search
59,162 CVEs
CVEs (59,162, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 51–75 of 59,162 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-41070 | CRITICAL | Patched | 10.0 | 2026-05-08 | openvpn-auth-oauth2 is a plugin/management interface client for OpenVPN server to handle an OIDC based single sign-on (SSO) auth flows. From version 1.26.3 to before versio… |
| CVE-2026-6213 | NONE | — | 2026-05-08 | A vulnerability in Remote Spark SparkView before build 1122 allows an attacker to bypasses the local connection check and achieve arbitrary code execution as root on the se… | |
| CVE-2026-42826 | CRITICAL | 10.0 | 2026-05-07 | Exposure of sensitive information to an unauthorized actor in Azure DevOps allows an unauthorized attacker to disclose information over a network. | |
| CVE-2026-33587 | CRITICAL | Patched | 10.0 | 2026-05-07 | Lack of user input sanitisation in Open Notebook v1.8.3 allows the application user to execute Python code (and subsequently OS commands) on the docker container via Server… |
| CVE-2026-40281 | CRITICAL | Patched | 10.0 | 2026-05-06 | Gotenberg is a Docker-powered stateless API for PDF files. In versions 8.30.1 and earlier, the metadata write endpoint validates metadata keys for control characters but le… |
| CVE-2026-7411 | CRITICAL | 10.0 | 2026-05-05 | In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to p… | |
| CVE-2026-42369 | CRITICAL | 10.0 | 2026-05-04 | GV-VMS V20 is a Video Monitoring Software used to gather the feeds of many surveillance cameras and manage other security devices. It is a native application accessed local… | |
| CVE-2026-37541 | CRITICAL | 10.0 | 2026-05-01 | Buffer overflow vulnerability in Open Vehicle Monitoring System 3 (OVMS3) 3.3.005. In canformat_gvret.cpp, the length field in GVRET binary data is not properly validated, … | |
| CVE-2026-42996 | NONE | Patched | — | 2026-05-01 | JS8Call through 2.3.1 and JS8Call-improved before 3.0 have a stack-based buffer overflow via a radio transmission of @APRSIS GRID followed by a long Maidenhead locator. Thi… |
| CVE-2026-35051 | CRITICAL | Patched | 10.0 | 2026-04-30 | Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is an authentication bypass vulnerability in Traefik's ForwardA… |
| CVE-2026-39858 | CRITICAL | Patched | 10.0 | 2026-04-30 | Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in Traef… |
| CVE-2026-36767 | CRITICAL | 10.0 | 2026-04-30 | A path traversal vulnerability in the /content/images/add endpoint of shopizer v3.2.5 allows attackers write arbitrary files to any writeable path via a crafted POST request. | |
| CVE-2026-3325 | NONE | — | 2026-04-29 | SQL injection (SQLi) in MegaCMS v12.0.0, specifically in the “id_territorio” parameter of the “/web_comunications/cms/get_provincias” endpoint. The vulnerability arises fro… | |
| CVE-2026-33453 | CRITICAL | Patched | 10.0 | 2026-04-27 | Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Apache Camel Camel-Coap component. Apache Camel's camel-coap component is v… |
| CVE-2026-35431 | CRITICAL | 10.0 | 2026-04-23 | Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network. | |
| CVE-2026-33819 | CRITICAL | 10.0 | 2026-04-23 | Deserialization of untrusted data in Microsoft Bing allows an unauthorized attacker to execute code over a network. | |
| CVE-2026-41679 | CRITICAL | Patched | 10.0 | 2026-04-23 | Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Prior to version 2026.416.0, an unauthenticated attacker can achieve ful… |
| CVE-2026-41211 | CRITICAL | Patched | 10.0 | 2026-04-23 | Vite+ is a unified toolchain and entry point for web development. Prior to version 0.1.17, `downloadPackageManager()` accepts an untrusted `version` string and uses it dire… |
| CVE-2026-41196 | CRITICAL | Patched | 10.0 | 2026-04-23 | Luanti (formerly Minetest) is an open source voxel game-creation platform. Starting in version 5.0.0 and prior to version 5.15.2, a malicious mod can trivially escape the s… |
| CVE-2026-40911 | CRITICAL | Patched | 10.0 | 2026-04-21 | WWBN AVideo is an open source video platform. In versions 29.0 and prior, the YPTSocket plugin's WebSocket server relays attacker-supplied JSON message bodies to every conn… |
| CVE-2025-15638 | CRITICAL | Patched | 10.0 | 2026-04-21 | Net::Dropbear versions before 0.14 for Perl contains a vulnerable version of libtomcrypt. Net::Dropbear versions before 0.14 includes versions of Dropbear 2019.78 or earli… |
| CVE-2017-20230 | CRITICAL | Patched | 10.0 | 2026-04-21 | Storable versions before 3.05 for Perl has a stack overflow. The retrieve_hook function stored the length of the class name into a signed integer but in read operations tr… |
| CVE-2026-39861 | CRITICAL | Patched | 10.0 | 2026-04-21 | Claude Code is an agentic coding tool. Prior to version 2.1.64, Claude Code's sandbox did not prevent sandboxed processes from creating symlinks pointing to locations outsi… |
| CVE-2026-39906 | CRITICAL | 10.0 | 2026-04-14 | Unisys WebPerfect Image Suite versions 3.0.3960.22810 and 3.0.3960.22604 expose a deprecated .NET Remoting TCP channel that allows remote unauthenticated attackers to leak … | |
| CVE-2026-39907 | CRITICAL | 10.0 | 2026-04-14 | Unisys WebPerfect Image Suite versions 3.0.3960.22810 and 3.0.3960.22604 expose an unauthenticated WCF SOAP endpoint on TCP port 1208 that accepts unsanitized file paths in… |