Search
1,463 CVEs
CVEs (1,463, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 51–75 of 1,463 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-49448 | CRITICAL | Patched | 9.8 | 2026-06-02 | authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, the Source stage can be bypassed by sending an empty POST. This issue ha… |
| CVE-2026-5076 | CRITICAL | 9.8 | 2026-06-02 | The ARMember Premium plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 7.3.1. The plugin stores a plaintext c… | |
| CVE-2026-38967 | CRITICAL | 9.8 | 2026-06-02 | CrowCpp Crow through v1.3.1 HTTP is vulnerable to response header injection via unvalidated response header values. | |
| CVE-2026-42074 | CRITICAL | Patched | 9.8 | 2026-06-02 | OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Prior to version 0.5.1, the dangerouslyDisableSandbox parameter is exp… |
| CVE-2026-0611 | CRITICAL | Patched | 9.8 | 2026-06-02 | Spacelabs Healthcare Sentinel versions 10.5.x and higher and 11.x.x before 11.6.0 contain an unauthenticated remote code execution vulnerability through a deprecated .NET R… |
| CVE-2026-47117 | CRITICAL | Patched | 9.8 | 2026-06-02 | OpenMed before 1.5.2 contains a remote code execution vulnerability in the PII privacy-filter model loading path. The privacy-filter dispatcher used broad substring matchin… |
| CVE-2026-7198 | CRITICAL | Patched | 9.8 | 2026-06-02 | CWE-284: Improper Access Control in web services in Progress Sitefinity 15.4.8623 before 15.4.8630 allows a remote unauthenticated attacker to access content that should be… |
| CVE-2025-53209 | CRITICAL | 9.8 | 2026-06-02 | Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LMS PRO allows Privilege Escalation. This issue affects Masteriyo LMS PRO: from n/a through 2.20.0. | |
| CVE-2026-8206 | CRITICAL | 9.8 | 2026-06-02 | The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions 6.0.0 to 6.0… | |
| CVE-2026-45758 | CRITICAL | Patched | 9.6 | 2026-06-05 | Guardrails AI is a Python framework that helps build AI applications. On May 11, 2026 at approximately 6:00 PM Pacific, an attacker published a malicious version of `guardr… |
| CVE-2026-11293 | CRITICAL | 9.6 | 2026-06-05 | Use after free in Input in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium securit… | |
| CVE-2026-11282 | CRITICAL | 9.6 | 2026-06-05 | Insufficient policy enforcement in Sandbox in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted … | |
| CVE-2026-11250 | CRITICAL | Patched | 9.6 | 2026-06-05 | Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially se… |
| CVE-2026-11213 | CRITICAL | Patched | 9.6 | 2026-06-04 | Insufficient validation of untrusted input in Reading Mode in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to pot… |
| CVE-2026-11207 | CRITICAL | Patched | 9.6 | 2026-06-04 | Insufficient validation of untrusted input in Autofill in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via malicio… |
| CVE-2026-11198 | CRITICAL | Patched | 9.6 | 2026-06-04 | Insufficient validation of untrusted input in Codecs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted… |
| CVE-2026-11165 | CRITICAL | 9.6 | 2026-06-04 | Use after free in WebMIDI in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromiu… | |
| CVE-2026-11167 | CRITICAL | Patched | 9.6 | 2026-06-04 | Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially… |
| CVE-2026-11163 | CRITICAL | Patched | 9.6 | 2026-06-04 | Use after free in Messages in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Ch… |
| CVE-2026-11152 | CRITICAL | Patched | 9.6 | 2026-06-04 | Object lifecycle issue in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium … |
| CVE-2026-11146 | CRITICAL | Patched | 9.6 | 2026-06-04 | Insufficient validation of untrusted input in Chromoting in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to poten… |
| CVE-2026-11131 | CRITICAL | Patched | 9.6 | 2026-06-04 | Use after free in Autofill in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sa… |
| CVE-2026-11114 | CRITICAL | Patched | 9.6 | 2026-06-04 | Use after free in Device Trust in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sa… |
| CVE-2026-11119 | CRITICAL | Patched | 9.6 | 2026-06-04 | Inappropriate implementation in GPU in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially per… |
| CVE-2026-11120 | CRITICAL | Patched | 9.6 | 2026-06-04 | Insufficient validation of untrusted input in Enterprise Reporting in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer proces… |