Search
6,811 CVEs
CVEs (6,811, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 151–175 of 6,811 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-44649 | CRITICAL | Patched | 9.8 | 2026-05-29 | SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voi… |
| CVE-2026-7786 | CRITICAL | 9.8 | 2026-05-29 | Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter device firmware contains plaintext administrative credentials embedded in the firmwar… | |
| CVE-2026-10042 | CRITICAL | 9.8 | 2026-05-29 | manga-image-translator contains a remote code execution vulnerability in the shared API server mode due to unsafe deserialization of untrusted pickle data in the share.py m… | |
| CVE-2026-46376 | CRITICAL | Patched | 9.8 | 2026-05-29 | FreePBX is an open source IP PBX. From 15.0.42 to before 16.0.45 and 17.0.7, unauthenticated users may be able to access the User Control Panel (UCP) using hard-coded initi… |
| CVE-2026-10071 | CRITICAL | 9.8 | 2026-05-29 | DreamMaker developed by Interinfo has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby e… | |
| CVE-2025-41276 | CRITICAL | Patched | 9.8 | 2026-05-29 | Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-50… |
| CVE-2025-41277 | CRITICAL | Patched | 9.8 | 2026-05-29 | Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-50… |
| CVE-2025-41269 | CRITICAL | Patched | 9.8 | 2026-05-29 | Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-50… |
| CVE-2025-41270 | CRITICAL | Patched | 9.8 | 2026-05-29 | Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-50… |
| CVE-2025-41272 | CRITICAL | Patched | 9.8 | 2026-05-29 | Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-50… |
| CVE-2025-41273 | CRITICAL | Patched | 9.8 | 2026-05-29 | Nozomi Networks Labs identified a CWE-288: Authentication Bypass Using an Alternate Path or Channel in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.… |
| CVE-2025-41274 | CRITICAL | Patched | 9.8 | 2026-05-29 | Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-50… |
| CVE-2025-41275 | CRITICAL | Patched | 9.8 | 2026-05-29 | Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-50… |
| CVE-2026-49201 | CRITICAL | Patched | 9.8 | 2026-05-29 | The upload.cgi binary, responsible for processing device backups, contains a hardcoded AES encryption key. This allows an attacker to decrypt, modify, and re-encrypt system… |
| CVE-2026-49199 | CRITICAL | Patched | 9.8 | 2026-05-29 | Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the target device. |
| CVE-2026-49200 | CRITICAL | Patched | 9.8 | 2026-05-29 | The acer_cgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credentials (for web and Telnet)… |
| CVE-2026-49197 | CRITICAL | Patched | 9.8 | 2026-05-29 | Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to block requests when Base64 decoding fails. |
| CVE-2026-3655 | CRITICAL | 9.8 | 2026-05-29 | The OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentication bypass in versions 1.8.50 through 1.8.60. This is due to the Firebase… | |
| CVE-2026-8732 | CRITICAL | 9.8 | 2026-05-29 | The WP Maps Pro plugin for WordPress is vulnerable to Privilege Escalation via Administrator Account Creation in all versions up to, and including, 6.1.0. This is due to th… | |
| CVE-2026-8809 | CRITICAL | 9.8 | 2026-05-28 | The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Privilege Escalation via Validation Bypass in all versions up to and including 0.9.2.5. The vulne… | |
| CVE-2026-45288 | CRITICAL | Patched | 9.8 | 2026-05-28 | Marten is a .NET Transactional Document DB and Event Store on PostgreSQL. Prior to 8.36.1, Marten's full-text search APIs interpolated the user-supplied regConfig parameter… |
| CVE-2026-46817 | CRITICAL | Patched | 9.8 | 2026-05-28 | Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versions that are affected are 12.2.3-12.2.15. Easily exp… |
| CVE-2026-34311 | CRITICAL | 9.8 | 2026-05-28 | Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: Opera). Supported versions that are affected are 5… | |
| CVE-2026-45039 | CRITICAL | Patched | 9.8 | 2026-05-28 | RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the internode RPC layer authenticates every request with an HMAC-SHA256 signature using … |
| CVE-2026-9093 | CRITICAL | 9.8 | 2026-05-28 | In Casdoor versions 2.362.0 and earlier, the SAML service provider implementation does not validate the AudienceRestriction element in SAML assertions. The buildSp function… |