Search
31,034 CVEs · Critical severity
CVEs (31,034, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 176–200 of 31,034 (capped at 500)
| CVE ID ↓ | Severity | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-6510 | CRITICAL | 9.8 | 2026-05-14 | The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation via missing authorization in all versions up to, and including, 5.1.2. This is due to missing … | |
| CVE-2026-6508 | CRITICAL | Patched | 9.8 | 2026-05-07 | Origin Validation Error vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Accessing Functionality Not Properly Constrained by ACLs.… |
| CVE-2026-6443 | CRITICAL | 9.8 | 2026-04-17 | All plugins by Essentialplugin for WordPress are vulnerable to an injected backdoor in various versions. This is due to the plugin being sold to a malicious threat actor th… | |
| CVE-2026-6388 | CRITICAL | 9.1 | 2026-04-15 | A flaw was found in ArgoCD Image Updater. This vulnerability allows an attacker, with permissions to create or modify an ImageUpdater resource in a multi-tenant environment… | |
| CVE-2026-6356 | CRITICAL | Patched | 9.6 | 2026-04-22 | A vulnerability in the web application allows standard users to escalate their privileges to those of a super administrator through parameter manipulation, enabling them to… |
| CVE-2026-6350 | CRITICAL | 9.8 | 2026-04-16 | MailGates/MailAudit developed by Openfind has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's execution flow… | |
| CVE-2026-6349 | CRITICAL | 9.8 | 2026-04-16 | The iSherlock developed by HGiga has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and execute them on t… | |
| CVE-2026-6296 | CRITICAL | Patched | 9.6 | 2026-04-15 | Heap buffer overflow in ANGLE in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium … |
| CVE-2026-6284 | CRITICAL | 9.1 | 2026-04-17 | An attacker with network access to the PLC is able to brute force discover passwords to gain unauthorized access to systems and services. The limited password complexity an… | |
| CVE-2026-6279 | CRITICAL | 9.8 | 2026-05-21 | The Avada Builder (fusion-builder) plugin for WordPress is vulnerable to Unauthenticated Remote Code Execution via PHP Function Injection in versions up to and including 3.… | |
| CVE-2026-6274 | CRITICAL | Patched | 9.8 | 2026-06-05 | Improper Authentication, Missing authentication for critical function, Weak Authentication vulnerability in DTS Electronics Industry and Trade Ltd. Co. Redline WR3200 allow… |
| CVE-2026-6271 | CRITICAL | 9.8 | 2026-05-14 | The Career Section plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7 via the CV upload handler. This is due to missing f… | |
| CVE-2026-6270 | CRITICAL | Patched | 9.1 | 2026-04-16 | @fastify/middie versions 9.3.1 and earlier do not register inherited middleware directly on child plugin engine instances. When a Fastify application registers authenticati… |
| CVE-2026-6264 | CRITICAL | 9.8 | 2026-04-14 | A critical vulnerability in the Talend JobServer and Talend Runtime allows unauthenticated remote code execution via the JMX monitoring port. The attack vector is the JMX m… | |
| CVE-2026-6257 | CRITICAL | 9.1 | 2026-04-20 | Vvveb CMS prior to v1.0.8.2 contains a remote code execution vulnerability in its media management functionality where a missing return statement in the file rename handler… | |
| CVE-2026-6235 | CRITICAL | 9.8 | 2026-04-22 | The Sendmachine for WordPress plugin for WordPress is vulnerable to authorization bypass via the 'manage_admin_requests' function in all versions up to, and including, 1.0.… | |
| CVE-2026-6195 | CRITICAL | 9.8 | 2026-04-13 | A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi … | |
| CVE-2026-6156 | CRITICAL | 9.8 | 2026-04-13 | A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setIpQosRules of the file /cgi-bin/cstecgi.cgi of the compone… | |
| CVE-2026-6155 | CRITICAL | 9.8 | 2026-04-13 | A weakness has been identified in Totolink A7100RU 7.4cu.2313. The impacted element is the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler.… | |
| CVE-2026-6154 | CRITICAL | 9.8 | 2026-04-13 | A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the comp… | |
| CVE-2026-6140 | CRITICAL | 9.8 | 2026-04-13 | A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi of the component CGI Handl… | |
| CVE-2026-6139 | CRITICAL | 9.8 | 2026-04-13 | A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function UploadOpenVpnCert of the file /cgi-bin/cstecgi.cgi of the component CGI H… | |
| CVE-2026-6138 | CRITICAL | 9.8 | 2026-04-13 | A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setAccessDeviceCfg of the file /cgi-bin/cstecgi.cgi of the component CG… | |
| CVE-2026-6132 | CRITICAL | 9.8 | 2026-04-12 | A vulnerability was determined in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setLedCfg of the file /cgi-bin/cstecgi.cgi of the component … | |
| CVE-2026-6131 | CRITICAL | 9.8 | 2026-04-12 | A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this vulnerability is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the … |