Search
31,027 CVEs · Critical severity
CVEs (31,027, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 101–125 of 31,027 (capped at 500)
| CVE ID ↓ | Severity | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-7813 | CRITICAL | Patched | 9.9 | 2026-05-11 | Authorization vulnerability in pgAdmin 4 server mode affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules. Multiple endpoints fetch… |
| CVE-2026-7786 | CRITICAL | 9.8 | 2026-05-29 | Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter device firmware contains plaintext administrative credentials embedded in the firmwar… | |
| CVE-2026-7763 | CRITICAL | 9.8 | 2026-06-05 | A heap-based buffer overflow vulnerability in the morse.ko HaLow Wi-Fi kernel driver in Morse Micro HaLowLink 2 software versions prior to 2.11.13 allows an unauthenticated… | |
| CVE-2026-7762 | CRITICAL | 9.8 | 2026-06-05 | A heap-based buffer overflow vulnerability in the dot11ah.ko HaLow Wi-Fi kernel driver in Morse Micro HaLowLink 2 software versions prior to 2.11.13 allows an unauthenticat… | |
| CVE-2026-7747 | CRITICAL | 9.8 | 2026-05-04 | A security flaw has been discovered in Totolink N300RH 3.2.4-B20220812. Affected by this vulnerability is the function loginauth of the file /cgi-bin/cstecgi.cgi of the com… | |
| CVE-2026-7719 | CRITICAL | 9.8 | 2026-05-04 | A security flaw has been discovered in Totolink WA300 5.2cu.7112_B20190227. The affected element is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component… | |
| CVE-2026-7637 | CRITICAL | 9.8 | 2026-05-20 | The Boost plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.0.3 via deserialization of untrusted input in the STYXKEY-BOOST_USE… | |
| CVE-2026-7567 | CRITICAL | 9.8 | 2026-05-01 | The Temporary Login plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.0.0. This is due to improper input validation in the maybe… | |
| CVE-2026-7546 | CRITICAL | 9.8 | 2026-05-01 | A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279_B20210910. The impacted element is the function find_host_ip of the component lighttpd. Such mani… | |
| CVE-2026-7538 | CRITICAL | 9.8 | 2026-05-01 | A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function Vulnerability of the file /cgi-bin/cstecgi.cgi of the component CGI … | |
| CVE-2026-7524 | CRITICAL | Patched | 9.8 | 2026-05-27 | IBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code execution due to improper validation of symbolic links during archive extraction. |
| CVE-2026-7482 | CRITICAL | Patched | 9.1 | 2026-05-04 | Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGUF model loader. The /api/create endpoint accepts an attacker-supplied GGUF file in which the… |
| CVE-2026-7458 | CRITICAL | 9.8 | 2026-05-02 | The User Verification by PickPlugins plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.0.46. This is due to the use of a l… | |
| CVE-2026-7415 | CRITICAL | 9.8 | 2026-05-07 | The MQTT broker embedded in Yarbo firmware v2.3.9 is configured to allow anonymous connections with no topic-level read or write ACLs. Any host on the same network can subs… | |
| CVE-2026-7414 | CRITICAL | 9.8 | 2026-05-07 | Yarbo firmware v2.3.9 contains hardcoded administrative credentials embedded in the firmware image. These credentials are identical across all devices running this firmware… | |
| CVE-2026-7411 | CRITICAL | 10.0 | 2026-05-05 | In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to p… | |
| CVE-2026-7381 | CRITICAL | Patched | 9.1 | 2026-04-29 | Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting. Plack::Middleware::XSendfile allows the variation setting (sendfi… |
| CVE-2026-7374 | CRITICAL | 9.9 | 2026-05-26 | A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit impr… | |
| CVE-2026-7372 | CRITICAL | Patched | 9.0 | 2026-05-04 | A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary cod… |
| CVE-2026-7333 | CRITICAL | Patched | 9.6 | 2026-04-28 | Use after free in GPU in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security… |
| CVE-2026-7321 | CRITICAL | Patched | 9.6 | 2026-04-28 | Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox 150, Thunderbird 150, Firefox ESR 140.10.1,… |
| CVE-2026-7312 | CRITICAL | Patched | 10.0 | 2026-06-02 | CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 14.0.7700 to 14.4.8152, and 15.0.8200 to 15.0.8234, and 15.1.8300 to 15.1.… |
| CVE-2026-7304 | CRITICAL | 9.8 | 2026-05-18 | SGLangs multimodal generation runtime is vulnerable to unauthenticated remote code execution when the --enable-custom-logit-processor option is enabled, as Python objects l… | |
| CVE-2026-7302 | CRITICAL | 9.1 | 2026-05-18 | SGLangs multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write arbitrary files anywhere the server pr… | |
| CVE-2026-7301 | CRITICAL | 9.8 | 2026-05-18 | SGLangs multimodal generation runtime scheduler's ROUTER socket binds to 0.0.0.0 by default and contains a sink that calls pickle.loads() on incoming messages, enabling RCE… |