Search
31,027 CVEs · Critical severity
CVEs (31,027, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 76–100 of 31,027 (capped at 500)
| CVE ID ↓ | Severity | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-8495 | CRITICAL | Patched | 9.8 | 2026-05-19 | Missing Authorization vulnerability in Drupal Date iCal allows Forceful Browsing. This issue affects Date iCal: from 0.0.0 before 4.0.15. |
| CVE-2026-8450 | CRITICAL | Patched | 9.1 | 2026-05-27 | HTTP::Daemon versions before 6.17 for Perl allow OS command injection via send_file(). send_file() opens its string argument with Perl's 2-arg open(). The 2-arg form inter… |
| CVE-2026-8401 | CRITICAL | Patched | 9.8 | 2026-05-12 | Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11. |
| CVE-2026-8398 | CRITICAL | 9.8 | 2026-05-15 | A supply chain attack compromised the official installation packages of DAEMON Tools Lite (Windows versions 12.5.0.2421 through 12.5.0.2434), distributed from the legitimat… | |
| CVE-2026-8376 | CRITICAL | Patched | 9.8 | 2026-05-26 | Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perl_study_chunk in regcomp_stu… |
| CVE-2026-8364 | CRITICAL | 9.8 | 2026-05-27 | Gladinet Triofox Cloud Server Agent Access Service (GladServerAgentService.exe) listens on TCP port 7878 and processes remote HTTP messages with URL paths starting with /re… | |
| CVE-2026-8363 | CRITICAL | 9.8 | 2026-05-27 | A stack-based buffer overflow condition exists in WOSDeviceDropFolder.dll when processing a long URL path starting with /resources: | |
| CVE-2026-8362 | CRITICAL | 9.8 | 2026-05-27 | A stack-based buffer overflow condition exists in WOSDefaultHttpModule.dll when processing a long URL path starting with /woshome | |
| CVE-2026-8206 | CRITICAL | 9.8 | 2026-06-02 | The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions 6.0.0 to 6.0… | |
| CVE-2026-8181 | CRITICAL | 9.8 | 2026-05-14 | The Burst Statistics – Privacy-Friendly WordPress Analytics (Google Analytics Alternative) plugin for WordPress is vulnerable to Authentication Bypass in versions 3.4.0 to … | |
| CVE-2026-8175 | CRITICAL | Patched | 9.8 | 2026-05-27 | IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Tr… |
| CVE-2026-8153 | CRITICAL | 9.8 | 2026-05-08 | OS command injection in Dashboard Server interface in Universal Robots PolyScope versions prior to 5.25.1 allows unauthenticated attacker to craft commands that will execut… | |
| CVE-2026-8094 | CRITICAL | Patched | 9.8 | 2026-05-07 | Other issue in the WebRTC component. This vulnerability was fixed in Firefox ESR 140.10.2 and Thunderbird 140.10.2. |
| CVE-2026-8091 | CRITICAL | Patched | 9.8 | 2026-05-07 | Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150, Thunderbird 150, Firefox ESR 140.10.1, Thunderbird 140.10… |
| CVE-2026-8043 | CRITICAL | Patched | 9.6 | 2026-05-12 | External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a… |
| CVE-2026-8037 | CRITICAL | 9.6 | 2026-06-04 | OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster… | |
| CVE-2026-8034 | CRITICAL | Patched | 9.8 | 2026-05-07 | A server-side request forgery (SSRF) vulnerability was identified in the GitHub Enterprise Server notebook viewer that allowed an attacker to access internal services by ex… |
| CVE-2026-7910 | CRITICAL | Patched | 9.6 | 2026-05-06 | Use after free in Views in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HT… |
| CVE-2026-7908 | CRITICAL | Patched | 9.6 | 2026-05-06 | Use after free in Fullscreen in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium se… |
| CVE-2026-7876 | CRITICAL | Patched | 9.1 | 2026-05-27 | IBM Aspera HSTS for CP4I 1.5.1 through 1.5.19 |
| CVE-2026-7858 | CRITICAL | 9.8 | 2026-06-01 | A Deserialization of Untrusted Data vulnerability affecting Teamwork Cloud from No Magic Release 2022x through No Magic Release 2026x and Magic Collaboration Studio from CA… | |
| CVE-2026-7854 | CRITICAL | 9.8 | 2026-05-05 | A security vulnerability has been detected in D-Link DI-8100 16.07.26A1. Affected by this vulnerability is the function url_rule_asp of the file /url_rule.asp of the compon… | |
| CVE-2026-7853 | CRITICAL | 9.8 | 2026-05-05 | A weakness has been identified in D-Link DI-8100 16.07.26A1. Affected is the function sprintf of the file /auto_reboot.asp of the component HTTP Handler. This manipulation … | |
| CVE-2026-7834 | CRITICAL | 9.8 | 2026-05-05 | A security vulnerability has been detected in EFM ipTIME NAS1dual 1.5.24. This issue affects the function get_csrf_whites of the file /cgi/advanced/misc_main.cgi. Such mani… | |
| CVE-2026-7823 | CRITICAL | 9.8 | 2026-05-05 | A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function setAppFilterCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of … |