Search
31,034 CVEs · Critical severity
CVEs (31,034, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 151–175 of 31,034 (capped at 500)
| CVE ID | Severity ↑ | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-42252 | CRITICAL | Patched | 9.1 | 2026-06-01 | Apache Airflow's official documentation at `core-concepts/dag-run.html` ("Passing Parameters when triggering Dags") showed a verbatim `BashOperator(bash_command="echo value… |
| CVE-2026-48188 | CRITICAL | Patched | 9.1 | 2026-06-01 | An improper Input Validation vulnerability in OTRS or ((OTRS)) Community Edition database layer module allows an unauthenticated SQL injection which can lead to an authenti… |
| CVE-2026-10187 | CRITICAL | 9.8 | 2026-05-31 | A vulnerability was detected in Totolink N300RH 6.1c.1353_B20190305. Affected by this issue is the function setWiFiBasicConfig of the file wireless.so of the component Web … | |
| CVE-2018-25412 | CRITICAL | 9.8 | 2026-05-30 | Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to docs_upload.php … | |
| CVE-2026-45697 | CRITICAL | Patched | 9.8 | 2026-05-29 | Formie is a Craft CMS plugin for creating forms. Prior to 2.2.20 and 3.1.24, unauthenticated users could submit crafted values into Hidden fields (with Default value → Cust… |
| CVE-2026-45700 | CRITICAL | Patched | 9.8 | 2026-05-29 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's planar bitmap decoder has an out-of-bounds heap write when decoding RLE planar d… |
| CVE-2026-45372 | CRITICAL | Patched | 9.9 | 2026-05-29 | cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, when cpp-httplib's server parses an incoming request, it applies percent-… |
| CVE-2026-9051 | CRITICAL | 9.1 | 2026-05-29 | There is an authentication bypass vulnerability in the NI SystemLink Enterprise Dashboard application that may allow an unauthenticated remote attacker to bypass authentica… | |
| CVE-2026-47744 | CRITICAL | Patched | 9.9 | 2026-05-29 | Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, two distinct authorization defects in the team settings allowed any authenticated panel user to take over the … |
| CVE-2026-44649 | CRITICAL | Patched | 9.8 | 2026-05-29 | SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voi… |
| CVE-2026-44650 | CRITICAL | Patched | 9.1 | 2026-05-29 | SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voi… |
| CVE-2026-7786 | CRITICAL | 9.8 | 2026-05-29 | Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter device firmware contains plaintext administrative credentials embedded in the firmwar… | |
| CVE-2026-5386 | CRITICAL | 9.1 | 2026-05-29 | The affected KMW CCTV Security Cameras are vulnerable to a critical unauthenticated password reset. This flaw allows an attacker to remotely reset the administrator passwor… | |
| CVE-2026-45630 | CRITICAL | 9.0 | 2026-05-29 | Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.28.8 and earlier, authenticated OS command injection in the application.updateTraefikConfig tRPC endpoin… | |
| CVE-2026-45631 | CRITICAL | Patched | 10.0 | 2026-05-29 | Dokploy is a free, self-hostable Platform as a Service (PaaS). From 0.27.0 to before 0.29.3, a hardcoded BETTER_AUTH_SECRET fallback ("better-auth-secret-123456789") lets a… |
| CVE-2026-45632 | CRITICAL | 9.9 | 2026-05-29 | Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26.7 and earlier, the schedule router does not enforce organization/role checks. As a result, any authen… | |
| CVE-2026-45633 | CRITICAL | 9.9 | 2026-05-29 | Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26.6 and earlier, Dokploy contains a command injection vulnerability in the /docker-container-logs WebSo… | |
| CVE-2026-45661 | CRITICAL | 9.9 | 2026-05-29 | Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26.5 and earlier, a critical path traversal vulnerability exists in Dokploy v0.26.5 that allows authenti… | |
| CVE-2026-45625 | CRITICAL | Patched | 9.9 | 2026-05-29 | Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.0, Arcane's huma-based REST API exposes nine endpoints under /api/custom… |
| CVE-2026-45628 | CRITICAL | 9.6 | 2026-05-29 | Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.29.2 and earlier, Dokploy constructs shell commands using JavaScript template literals and executes them… | |
| CVE-2026-45629 | CRITICAL | 9.9 | 2026-05-29 | Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.28.8 and earlier, authenticated OS command injection in the /listen-deployment WebSocket endpoint allows… | |
| CVE-2026-45663 | CRITICAL | 9.9 | 2026-05-29 | Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.29.1 and earlier, a command injection vulnerability exists in the Docker file upload functionality. When… | |
| CVE-2026-44962 | CRITICAL | 9.9 | 2026-05-29 | Plesk contains an XPath injection vulnerability in the APS Application Catalog search functionality, where user-supplied input is interpolated into XPath queries without pr… | |
| CVE-2026-4290 | CRITICAL | 9.1 | 2026-05-29 | The WP Travel Pro plugin for WordPress is vulnerable to arbitrary user deletion via the /wp-json/wp-travel/v1/travel-guide/{user_id} REST API endpoint in all versions up to… | |
| CVE-2026-10042 | CRITICAL | 9.8 | 2026-05-29 | manga-image-translator contains a remote code execution vulnerability in the shared API server mode due to unsafe deserialization of untrusted pickle data in the share.py m… |