Search
6,905 CVEs
CVEs (6,905, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 176–200 of 6,905 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-45039 | CRITICAL | Patched | 9.8 | 2026-05-28 | RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the internode RPC layer authenticates every request with an HMAC-SHA256 signature using … |
| CVE-2026-9093 | CRITICAL | 9.8 | 2026-05-28 | In Casdoor versions 2.362.0 and earlier, the SAML service provider implementation does not validate the AudienceRestriction element in SAML assertions. The buildSp function… | |
| CVE-2026-9094 | CRITICAL | 9.8 | 2026-05-28 | Casdoor versions 2.362.0 and earlier contain a vulnerability enabling cross-organization token exchange. The GetTokenExchangeToken function in object/token_oauth.go validat… | |
| CVE-2026-9097 | CRITICAL | 9.8 | 2026-05-28 | Casdoor versions 2.362.0 and earlier do not verify that a JWT used for token exchange is still active. The GetTokenExchangeToken() function in object/token_oauth.go validat… | |
| CVE-2026-38702 | CRITICAL | Patched | 9.8 | 2026-05-28 | A command injection vulnerability exists in the Admin Access feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 fir… |
| CVE-2026-38703 | CRITICAL | Patched | 9.8 | 2026-05-28 | A command injection vulnerability exists in the ZeroTier VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 fir… |
| CVE-2026-38704 | CRITICAL | Patched | 9.8 | 2026-05-28 | A command injection vulnerability exists in the WireGuard VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 fi… |
| CVE-2026-38707 | CRITICAL | Patched | 9.8 | 2026-05-28 | A command injection vulnerability exists in the IPSec VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmwa… |
| CVE-2026-24444 | CRITICAL | Patched | 9.8 | 2026-05-28 | SDMC NE6037 cable modem routers running firmware 7.1.6.0.25 and 7.1.6.1.9_B9 contain a hardcoded password vulnerability in the web management interface recovery endpoints (… |
| CVE-2026-46195 | CRITICAL | 9.8 | 2026-05-28 | In the Linux kernel, the following vulnerability has been resolved: smb: client: validate dacloffset before building DACL pointers parse_sec_desc(), build_sec_desc(), and… | |
| CVE-2026-46135 | CRITICAL | 9.8 | 2026-05-28 | In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: fix race between ICReq handling and queue teardown nvmet_tcp_handle_icreq() updates queue->… | |
| CVE-2026-46137 | CRITICAL | 9.8 | 2026-05-28 | In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: ADD_ADDR rtx: fix potential data-race This mptcp_pm_add_timer() helper is executed as a tim… | |
| CVE-2026-46115 | CRITICAL | 9.8 | 2026-05-28 | In the Linux kernel, the following vulnerability has been resolved: block: add pgmap check to biovec_phys_mergeable biovec_phys_mergeable() is used by the request merge, … | |
| CVE-2026-45083 | CRITICAL | Patched | 9.8 | 2026-05-27 | The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. From 4.8.0 to before 26.04.1, the Goobi viewer REST endpoint POST /ap… |
| CVE-2026-8363 | CRITICAL | 9.8 | 2026-05-27 | A stack-based buffer overflow condition exists in WOSDeviceDropFolder.dll when processing a long URL path starting with /resources: | |
| CVE-2026-8364 | CRITICAL | 9.8 | 2026-05-27 | Gladinet Triofox Cloud Server Agent Access Service (GladServerAgentService.exe) listens on TCP port 7878 and processes remote HTTP messages with URL paths starting with /re… | |
| CVE-2026-8362 | CRITICAL | 9.8 | 2026-05-27 | A stack-based buffer overflow condition exists in WOSDefaultHttpModule.dll when processing a long URL path starting with /woshome | |
| CVE-2026-44888 | CRITICAL | Patched | 9.8 | 2026-05-27 | Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's SaveConfigFile() endpoint writes user-supplied numeric config values… |
| CVE-2026-44887 | CRITICAL | Patched | 9.8 | 2026-05-27 | Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's web-based configuration editor allows arbitrary Python code to be in… |
| CVE-2026-48027 | CRITICAL | 9.8 | 2026-05-27 | Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 P… | |
| CVE-2026-7524 | CRITICAL | Patched | 9.8 | 2026-05-27 | IBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code execution due to improper validation of symbolic links during archive extraction. |
| CVE-2026-8175 | CRITICAL | Patched | 9.8 | 2026-05-27 | IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Tr… |
| CVE-2026-46039 | CRITICAL | 9.8 | 2026-05-27 | In the Linux kernel, the following vulnerability has been resolved: rxgk: Fix potential integer overflow in length check Fix potential integer overflow in rxgk_extract_to… | |
| CVE-2026-45988 | CRITICAL | 9.8 | 2026-05-27 | In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix re-decryption of RESPONSE packets If a RESPONSE packet gets a temporary failure during proc… | |
| CVE-2026-45972 | CRITICAL | 9.8 | 2026-05-27 | In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF and double free in smb2_open_file() Zero out @err_iov and @err_buftype … |