Search
18,985 CVEs
CVEs (18,985, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 101–125 of 18,985 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-3587 | CRITICAL | 10.0 | 2026-03-23 | An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface, leading to full compromise of the device. | |
| CVE-2026-4606 | NONE | — | 2026-03-23 | GV Edge Recording Manager (ERM) v2.3.1 improperly runs application components with SYSTEM-level privileges, allowing any local user to gain full control of the operating sy… | |
| CVE-2026-33054 | CRITICAL | Patched | 10.0 | 2026-03-20 | Mesop is a Python-based UI framework that allows users to build web applications. Versions 1.2.2 and below contain a Path Traversal vulnerability that allows any user suppl… |
| CVE-2026-32169 | CRITICAL | 10.0 | 2026-03-19 | Server-side request forgery (ssrf) in Azure Cloud Shell allows an unauthorized attacker to elevate privileges over a network. | |
| CVE-2026-30836 | CRITICAL | Patched | 10.0 | 2026-03-19 | Step CA is an online certificate authority for secure, automated certificate management for DevOps. Versions 0.30.0-rc6 and below do not safeguard against unauthenticated c… |
| CVE-2026-22557 | CRITICAL | 10.0 | 2026-03-19 | A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network Application to access files on the underlying system th… | |
| CVE-2026-32737 | CRITICAL | Patched | 10.0 | 2026-03-18 | Romeo gives the capability to reach high code coverage of Go ≥1.20 apps by helping to measure code coverage for functional and integration tests within GitHub Actions. Prio… |
| CVE-2026-26954 | CRITICAL | Patched | 10.0 | 2026-03-13 | SandboxJS is a JavaScript sandboxing library. Prior to 0.8.34, it is possible to obtain arrays containing Function, which allows escaping the sandbox. Given an array contai… |
| CVE-2026-3611 | CRITICAL | Patched | 10.0 | 2026-03-12 | The Honeywell IQ4x building management controller, exposes its full web-based HMI without authentication in its factory-default configuration. With no user module configure… |
| CVE-2026-31957 | CRITICAL | Patched | 10.0 | 2026-03-11 | Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 3.0.0 to before 3.1.0, if Himmelblau is deployed without a configured tenant domain in… |
| CVE-2026-31852 | CRITICAL | 10.0 | 2026-03-11 | Jellyfin is an open-source media system. The code-quality.yml GitHub Actions workflow in jellyfin/jellyfin-ios is vulnerable to arbitrary code execution via pull requests f… | |
| CVE-2026-27897 | CRITICAL | Patched | 10.0 | 2026-03-11 | Vociferous provides cross-platform, offline speech-to-text with local AI refinement. Prior to 4.4.2, the vulnerability exists in src/api/system.py within the export_file ro… |
| CVE-2026-45744 | CRITICAL | Patched | 9.9 | 2026-06-05 | Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the GET /ssh/file_manager/ssh/resolveP… |
| CVE-2026-43986 | CRITICAL | 9.9 | 2026-06-04 | Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose a public `/image/<hash>` route that resolves attacker-control… | |
| CVE-2026-41283 | CRITICAL | 9.9 | 2026-06-04 | OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead to exfiltrati… | |
| CVE-2025-14771 | CRITICAL | 9.9 | 2026-06-03 | Files or directories accessible to external parties vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24. | |
| CVE-2026-45372 | CRITICAL | Patched | 9.9 | 2026-05-29 | cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, when cpp-httplib's server parses an incoming request, it applies percent-… |
| CVE-2026-47744 | CRITICAL | Patched | 9.9 | 2026-05-29 | Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, two distinct authorization defects in the team settings allowed any authenticated panel user to take over the … |
| CVE-2026-45632 | CRITICAL | 9.9 | 2026-05-29 | Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26.7 and earlier, the schedule router does not enforce organization/role checks. As a result, any authen… | |
| CVE-2026-45633 | CRITICAL | 9.9 | 2026-05-29 | Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26.6 and earlier, Dokploy contains a command injection vulnerability in the /docker-container-logs WebSo… | |
| CVE-2026-45661 | CRITICAL | 9.9 | 2026-05-29 | Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26.5 and earlier, a critical path traversal vulnerability exists in Dokploy v0.26.5 that allows authenti… | |
| CVE-2026-45625 | CRITICAL | Patched | 9.9 | 2026-05-29 | Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.0, Arcane's huma-based REST API exposes nine endpoints under /api/custom… |
| CVE-2026-45629 | CRITICAL | 9.9 | 2026-05-29 | Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.28.8 and earlier, authenticated OS command injection in the /listen-deployment WebSocket endpoint allows… | |
| CVE-2026-45663 | CRITICAL | 9.9 | 2026-05-29 | Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.29.1 and earlier, a command injection vulnerability exists in the Docker file upload functionality. When… | |
| CVE-2026-44962 | CRITICAL | 9.9 | 2026-05-29 | Plesk contains an XPath injection vulnerability in the APS Application Catalog search functionality, where user-supplied input is interpolated into XPath queries without pr… |