Search
127,949 CVEs · High severity
CVEs (127,949, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 176–200 of 127,949 (capped at 500)
| CVE ID ↓ | Severity | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-9334 | HIGH | Patched | 7.3 | 2026-06-03 | Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeys_as_arrayref is enabled. decode_hv() collapses duplicate object k… |
| CVE-2026-9330 | HIGH | Patched | 8.5 | 2026-06-01 | IBM WebSphere Application Server 9.0, and 8.5 is affected by an improper validation of user-supplied data during deserialization using the SAML Web Single Sign-On component… |
| CVE-2026-9312 | HIGH | Patched | 8.2 | 2026-05-27 | A server-side request forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to send crafted requests to internal … |
| CVE-2026-9295 | HIGH | 8.8 | 2026-05-23 | A security flaw has been discovered in Edimax BR-6428NS 1.10. This affects the function formWirelessTbl of the file /goform/formWirelessTbl of the component POST Request Ha… | |
| CVE-2026-9294 | HIGH | 8.8 | 2026-05-23 | A vulnerability was identified in Edimax BR-6428NS 1.10. The impacted element is the function formWanTcpipSetup of the file /goform/formWanTcpipSetup of the component POST … | |
| CVE-2026-9290 | HIGH | 7.5 | 2026-06-06 | The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.17 via the (pro… | |
| CVE-2026-9284 | HIGH | 8.2 | 2026-05-23 | The WooCommerce PayPal Payments plugin for WordPress is vulnerable to unauthorized order manipulation and information disclosure due to missing authorization checks on the … | |
| CVE-2026-9255 | HIGH | Patched | 7.8 | 2026-05-22 | Missing input source validation in the tool authorization prompt in Kiro CLI before 1.28.0 allows a local attacker to execute arbitrary tools, including shell commands, wit… |
| CVE-2026-9227 | HIGH | 8.8 | 2026-05-28 | The GutenBee – Gutenberg Blocks plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2.20.1 via the gutenbee_file_and_ext_json … | |
| CVE-2026-9208 | HIGH | Patched | 8.8 | 2026-05-27 | Tanium addressed an unauthorized code execution vulnerability in Connect. |
| CVE-2026-9207 | HIGH | Patched | 8.8 | 2026-05-27 | Tanium addressed an unauthorized code execution vulnerability in Connect. |
| CVE-2026-9200 | HIGH | 7.5 | 2026-05-27 | The Query Shortcode plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.2.1 via the shortcode function. This makes it possibl… | |
| CVE-2026-9157 | HIGH | Patched | 8.4 | 2026-05-21 | Improper input validation, Unrestricted upload of file with dangerous type vulnerability in Gmission Web Fax allows Remote Code Inclusion. This issue affects Web Fax: from… |
| CVE-2026-9144 | HIGH | 7.6 | 2026-05-20 | Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a stored cross-site scripting vulnerability in the embedded web configuration interface that allows authentica… | |
| CVE-2026-9137 | HIGH | Patched | 7.5 | 2026-05-20 | The CSP report endpoint in MISP intended to limit logged CSP reports to 1 KB but incorrectly allowed reports up to 1 MB before truncation. On deployments where the endpoint… |
| CVE-2026-9133 | HIGH | Patched | 7.7 | 2026-05-20 | Active debug code exists in the ARN resolver of amazon-mq rabbitmq-aws before version 0.2.1. A debug ARN scheme (arn:aws-debug:file) accepted by the PUT /api/aws/arn/valida… |
| CVE-2026-9126 | HIGH | Patched | 8.8 | 2026-05-20 | Use after free in DOM in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium se… |
| CVE-2026-9123 | HIGH | Patched | 7.5 | 2026-05-20 | Heap buffer overflow in Chromecast in Google Chrome on Android, Linux, ChromeOS prior to 148.0.7778.179 allowed a local attacker to execute arbitrary code inside a sandbox … |
| CVE-2026-9121 | HIGH | Patched | 8.8 | 2026-05-20 | Out of bounds read in GPU in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium se… |
| CVE-2026-9120 | HIGH | Patched | 8.8 | 2026-05-20 | Use after free in WebRTC in Google Chrome prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) |
| CVE-2026-9119 | HIGH | Patched | 8.8 | 2026-05-20 | Heap buffer overflow in WebRTC in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Ch… |
| CVE-2026-9118 | HIGH | Patched | 8.8 | 2026-05-20 | Use after free in XR in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security sev… |
| CVE-2026-9117 | HIGH | Patched | 7.5 | 2026-05-20 | Type Confusion in GFX in Google Chrome on Linux, ChromeOS prior to 148.0.7778.179 allowed a remote attacker who had compromised the renderer process to potentially perform … |
| CVE-2026-9114 | HIGH | Patched | 8.8 | 2026-05-20 | Use after free in QUIC in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via malicious network traffic. (Chro… |
| CVE-2026-9112 | HIGH | Patched | 8.8 | 2026-05-20 | Use after free in GPU in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chr… |