Search
59,162 CVEs
CVEs (59,162, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 126–150 of 59,162 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-27597 | CRITICAL | Patched | 10.0 | 2026-02-25 | Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to version 2.11.1, it is possible to escape the security boundraries set by `@enclav… |
| CVE-2026-2776 | CRITICAL | Patched | 10.0 | 2026-02-24 | Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefo… |
| CVE-2026-2778 | CRITICAL | Patched | 10.0 | 2026-02-24 | Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, T… |
| CVE-2026-2768 | CRITICAL | Patched | 10.0 | 2026-02-24 | Sandbox escape in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. |
| CVE-2026-2760 | CRITICAL | Patched | 10.0 | 2026-02-24 | Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8… |
| CVE-2026-2761 | CRITICAL | Patched | 10.0 | 2026-02-24 | Sandbox escape in the Graphics: WebRender component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. |
| CVE-2026-23693 | CRITICAL | 10.0 | 2026-02-23 | ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor (elementskit-lite) WordPress plugin versions prior to 3.7.9 expose the REST endpoint /wp-js… | |
| CVE-2026-27211 | CRITICAL | Patched | 10.0 | 2026-02-21 | Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. Versions 34.0 through 50.0 arevulnerable to arbitrary host file exfiltration (constrained by process priv… |
| CVE-2021-35402 | CRITICAL | Patched | 10.0 | 2026-02-20 | PROLiNK PRC2402M 20190909 before 2021-06-13 allows live_api.cgi?page=satellite_list OS command injection via shell metacharacters in the ip parameter (for satellite_status). |
| CVE-2025-30411 | CRITICAL | 10.0 | 2026-02-20 | Sensitive data disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938… | |
| CVE-2025-30412 | CRITICAL | 10.0 | 2026-02-20 | Sensitive data disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938… | |
| CVE-2025-30416 | CRITICAL | 10.0 | 2026-02-20 | Sensitive data disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938, … | |
| CVE-2026-2731 | NONE | — | 2026-02-19 | Path traversal and content injection in JobRunnerBackground.aspx in DynamicWeb 8 (all) and 9 (<9.19.7 and <9.20.3) allows unauthenticated attackers to execute code via simp… | |
| CVE-2025-15586 | NONE | — | 2026-02-19 | OGP-Website installs prior git commit 52f865a4fba763594453068acf8fa9e3fc38d663 are affected by a type juggling flaw which if exploited can result in authentication bypass w… | |
| CVE-2025-14009 | CRITICAL | Patched | 10.0 | 2026-02-18 | A critical vulnerability exists in the NLTK downloader component of nltk/nltk, affecting all versions. The _unzip_iter function in nltk/downloader.py uses zipfile.extractal… |
| CVE-2026-22769 | CRITICAL | Patched | 10.0 | 2026-02-17 | Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated remot… |
| CVE-2026-2577 | CRITICAL | 10.0 | 2026-02-16 | The WhatsApp bridge component in Nanobot binds the WebSocket server to all network interfaces (0.0.0.0) on port 3001 by default and does not require authentication for inco… | |
| CVE-2025-69770 | CRITICAL | 10.0 | 2026-02-13 | A zip slip vulnerability in the /DesignTools/SkinList.aspx endpoint of MojoPortal CMS v2.9.0.1 allows attackers to execute arbitrary commands via uploading a crafted zip file. | |
| CVE-2026-26216 | CRITICAL | Patched | 10.0 | 2026-02-12 | Crawl4AI versions prior to 0.8.0 contain a remote code execution vulnerability in the Docker API deployment. The /crawl endpoint accepts a hooks parameter containing Python… |
| CVE-2025-64075 | CRITICAL | 10.0 | 2026-02-11 | A path traversal vulnerability in the check_token function of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote attackers to bypass authentication and perfor… | |
| CVE-2026-25632 | CRITICAL | Patched | 10.0 | 2026-02-06 | EPyT-Flow is a Python package designed for the easy generation of hydraulic and water quality scenario data of water distribution networks. Prior to 0.16.1, EPyT-Flow’s RES… |
| CVE-2026-25641 | CRITICAL | Patched | 10.0 | 2026-02-06 | SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, there is a sandbox escape vulnerability due to a mismatch between the key on which the validation is performe… |
| CVE-2026-25520 | CRITICAL | Patched | 10.0 | 2026-02-06 | SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, The return values of functions aren't wrapped. Object.values/Object.entries can be used to get an Array conta… |
| CVE-2026-25586 | CRITICAL | Patched | 10.0 | 2026-02-06 | SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, a sandbox escape is possible by shadowing hasOwnProperty on a sandbox object, which disables prototype whitel… |
| CVE-2026-25587 | CRITICAL | Patched | 10.0 | 2026-02-06 | SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, as Map is in SAFE_PROTOYPES, it's prototype can be obtained via Map.prototype. By overwriting Map.prototype.h… |