Search
59,162 CVEs
CVEs (59,162, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 101–125 of 59,162 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-3587 | CRITICAL | 10.0 | 2026-03-23 | An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface, leading to full compromise of the device. | |
| CVE-2026-4606 | NONE | — | 2026-03-23 | GV Edge Recording Manager (ERM) v2.3.1 improperly runs application components with SYSTEM-level privileges, allowing any local user to gain full control of the operating sy… | |
| CVE-2026-33054 | CRITICAL | Patched | 10.0 | 2026-03-20 | Mesop is a Python-based UI framework that allows users to build web applications. Versions 1.2.2 and below contain a Path Traversal vulnerability that allows any user suppl… |
| CVE-2026-32169 | CRITICAL | 10.0 | 2026-03-19 | Server-side request forgery (ssrf) in Azure Cloud Shell allows an unauthorized attacker to elevate privileges over a network. | |
| CVE-2026-30836 | CRITICAL | Patched | 10.0 | 2026-03-19 | Step CA is an online certificate authority for secure, automated certificate management for DevOps. Versions 0.30.0-rc6 and below do not safeguard against unauthenticated c… |
| CVE-2026-22557 | CRITICAL | 10.0 | 2026-03-19 | A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network Application to access files on the underlying system th… | |
| CVE-2026-32737 | CRITICAL | Patched | 10.0 | 2026-03-18 | Romeo gives the capability to reach high code coverage of Go ≥1.20 apps by helping to measure code coverage for functional and integration tests within GitHub Actions. Prio… |
| CVE-2026-26954 | CRITICAL | Patched | 10.0 | 2026-03-13 | SandboxJS is a JavaScript sandboxing library. Prior to 0.8.34, it is possible to obtain arrays containing Function, which allows escaping the sandbox. Given an array contai… |
| CVE-2026-3611 | CRITICAL | Patched | 10.0 | 2026-03-12 | The Honeywell IQ4x building management controller, exposes its full web-based HMI without authentication in its factory-default configuration. With no user module configure… |
| CVE-2026-31957 | CRITICAL | Patched | 10.0 | 2026-03-11 | Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 3.0.0 to before 3.1.0, if Himmelblau is deployed without a configured tenant domain in… |
| CVE-2026-31852 | CRITICAL | 10.0 | 2026-03-11 | Jellyfin is an open-source media system. The code-quality.yml GitHub Actions workflow in jellyfin/jellyfin-ios is vulnerable to arbitrary code execution via pull requests f… | |
| CVE-2026-27897 | CRITICAL | Patched | 10.0 | 2026-03-11 | Vociferous provides cross-platform, offline speech-to-text with local AI refinement. Prior to 4.4.2, the vulnerability exists in src/api/system.py within the export_file ro… |
| CVE-2026-30966 | CRITICAL | Patched | 10.0 | 2026-03-10 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.7 and 8.6.20, Parse Server's internal tables, w… |
| CVE-2025-48611 | CRITICAL | 10.0 | 2026-03-10 | In DeviceId of DeviceId.java, there is a possible desync in persistence due to a missing bounds check. This could lead to local escalation of privilege with no additional e… | |
| CVE-2026-0848 | CRITICAL | Patched | 10.0 | 2026-03-05 | NLTK versions <=3.9.2 are vulnerable to arbitrary code execution due to improper input validation in the StanfordSegmenter module. The module dynamically loads external Jav… |
| CVE-2026-28353 | NONE | — | 2026-03-05 | Trivy Vulnerability Scanner is a VS Code extension that helps find vulnerabilities. In Trivy VSCode Extension version 1.8.12, which was distributed via OpenVSX marketplace … | |
| CVE-2026-29128 | CRITICAL | 10.0 | 2026-03-05 | IDC SFX2100 Satellite Receiver firmware ships with multiple daemon configuration files for routing components (e.g., zebra, bgpd, ospfd, and ripd) that are owned by root bu… | |
| CVE-2026-20131 | CRITICAL | Patched | 10.0 | 2026-03-04 | A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute a… |
| CVE-2026-20079 | CRITICAL | 10.0 | 2026-03-04 | A vulnerability in the web interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass authentication and … | |
| CVE-2026-28289 | CRITICAL | Patched | 10.0 | 2026-03-03 | FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. A patch bypass vulnerability for CVE-2026-27636 in FreeScout 1.8.206 and earlier allows a… |
| CVE-2026-24898 | CRITICAL | Patched | 10.0 | 2026-03-03 | OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0, an unauthenticated token disclosure vulnerability i… |
| CVE-2026-23600 | NONE | — | 2026-03-02 | A remote authentication bypass vulnerability exists in HPE AutoPass License Server (APLS). | |
| CVE-2026-28409 | CRITICAL | Patched | 10.0 | 2026-02-27 | WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, a critical Remote Code Execution (RCE) vulnerability exists in the WeGIA application's database … |
| CVE-2026-21718 | CRITICAL | Patched | 10.0 | 2026-02-27 | An authentication bypass vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, enabling any attackers to bypass the authentication requirement and achieve p… |
| CVE-2026-20127 | CRITICAL | Patched | 10.0 | 2026-02-25 | A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could… |