Search
31,027 CVEs · Critical severity
CVEs (31,027, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 151–175 of 31,027 (capped at 500)
| CVE ID ↓ | Severity | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-7125 | CRITICAL | 9.8 | 2026-04-27 | A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. Affected by this issue is the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi of the compon… | |
| CVE-2026-7124 | CRITICAL | 9.8 | 2026-04-27 | A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. Affected by this vulnerability is the function setIpv6LanCfg of the file /cgi-bin/cstecgi.cgi of the… | |
| CVE-2026-7123 | CRITICAL | 9.8 | 2026-04-27 | A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Perfor… | |
| CVE-2026-7122 | CRITICAL | 9.8 | 2026-04-27 | A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This impacts the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. … | |
| CVE-2026-7121 | CRITICAL | 9.8 | 2026-04-27 | A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This ma… | |
| CVE-2026-7037 | CRITICAL | 9.8 | 2026-04-26 | A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component… | |
| CVE-2026-6960 | CRITICAL | 9.8 | 2026-05-21 | The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'bookingpress_validate_submitted_booking_form_f… | |
| CVE-2026-6951 | CRITICAL | Patched | 9.8 | 2026-04-25 | Versions of the package simple-git before 3.36.0 are vulnerable to Remote Code Execution (RCE) due to an incomplete fix for [CVE-2022-25912](https://security.snyk.io/vuln/S… |
| CVE-2026-6942 | CRITICAL | Patched | 9.8 | 2026-04-23 | radare2-mcp version 1.6.0 and earlier contains an os command injection vulnerability that allows remote attackers to execute arbitrary commands by bypassing the command fil… |
| CVE-2026-6920 | CRITICAL | Patched | 9.6 | 2026-04-23 | Out of bounds read in GPU in Google Chrome on Android prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sa… |
| CVE-2026-6919 | CRITICAL | Patched | 9.6 | 2026-04-23 | Use after free in DevTools in Google Chrome prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox esca… |
| CVE-2026-6911 | CRITICAL | 9.8 | 2026-04-24 | Missing JWT signature verification in AWS Ops Wheel allows unauthenticated attackers to forge JWT tokens and gain unintended administrative access to the application, inclu… | |
| CVE-2026-6887 | CRITICAL | 9.8 | 2026-04-23 | Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrar… | |
| CVE-2026-6886 | CRITICAL | 9.8 | 2026-04-23 | Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a Authentication Bypass vulnerability, allowing unauthenticated remote attackers to log int… | |
| CVE-2026-6885 | CRITICAL | 9.8 | 2026-04-23 | Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload… | |
| CVE-2026-6795 | CRITICAL | Patched | 9.6 | 2026-05-07 | URL redirection to untrusted site ('open redirect') vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Parameter Injection. This issue affects Div… |
| CVE-2026-6771 | CRITICAL | Patched | 9.8 | 2026-04-21 | Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. |
| CVE-2026-6768 | CRITICAL | Patched | 9.8 | 2026-04-21 | Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. |
| CVE-2026-6760 | CRITICAL | Patched | 9.8 | 2026-04-21 | Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. |
| CVE-2026-6748 | CRITICAL | Patched | 9.8 | 2026-04-21 | Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. |
| CVE-2026-6722 | CRITICAL | Patched | 9.8 | 2026-05-10 | In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers t… |
| CVE-2026-6644 | CRITICAL | Patched | 9.1 | 2026-04-20 | A command injection vulnerability was found in the PPTP VPN Clients on the ADM. The vulnerability allows an administrative user to break out of the restricted web environme… |
| CVE-2026-6643 | CRITICAL | Patched | 9.9 | 2026-04-20 | A stack-based buffer overflow vulnerability was found in the VPN Clients on the ADM. The issue stems from the use of unbounded sscanf() and passing user-controlled data dir… |
| CVE-2026-6555 | CRITICAL | 9.8 | 2026-05-20 | The ProSolution WP Client plugin for WordPress is vulnerable to Arbitrary File Upload in versions up to, and including, 2.0.0. This is due to an array validation mismatch w… | |
| CVE-2026-6512 | CRITICAL | 9.1 | 2026-05-14 | The InfusedWoo Pro plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.1.2. This is due to the plugin not properly verifying … |