Search
31,027 CVEs · Critical severity
CVEs (31,027, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 176–200 of 31,027 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↓ | Description |
|---|---|---|---|---|---|
| CVE-2025-41274 | CRITICAL | Patched | 9.8 | 2026-05-29 | Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-50… |
| CVE-2025-41273 | CRITICAL | Patched | 9.8 | 2026-05-29 | Nozomi Networks Labs identified a CWE-288: Authentication Bypass Using an Alternate Path or Channel in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.… |
| CVE-2025-41272 | CRITICAL | Patched | 9.8 | 2026-05-29 | Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-50… |
| CVE-2025-41270 | CRITICAL | Patched | 9.8 | 2026-05-29 | Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-50… |
| CVE-2025-41269 | CRITICAL | Patched | 9.8 | 2026-05-29 | Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-50… |
| CVE-2025-41268 | CRITICAL | Patched | 9.1 | 2026-05-29 | Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Administration WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows… |
| CVE-2026-9558 | CRITICAL | 9.9 | 2026-05-29 | A Server-Side Template Injection (SSTI) vulnerability exists in Mautic's theme engine. The platform renders uploaded Twig templates without a sandbox or strict function res… | |
| CVE-2026-49201 | CRITICAL | Patched | 9.8 | 2026-05-29 | The upload.cgi binary, responsible for processing device backups, contains a hardcoded AES encryption key. This allows an attacker to decrypt, modify, and re-encrypt system… |
| CVE-2026-49200 | CRITICAL | Patched | 9.8 | 2026-05-29 | The acer_cgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credentials (for web and Telnet)… |
| CVE-2026-49199 | CRITICAL | Patched | 9.8 | 2026-05-29 | Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the target device. |
| CVE-2026-49197 | CRITICAL | Patched | 9.8 | 2026-05-29 | Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to block requests when Base64 decoding fails. |
| CVE-2026-3655 | CRITICAL | 9.8 | 2026-05-29 | The OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentication bypass in versions 1.8.50 through 1.8.60. This is due to the Firebase… | |
| CVE-2026-8732 | CRITICAL | 9.8 | 2026-05-29 | The WP Maps Pro plugin for WordPress is vulnerable to Privilege Escalation via Administrator Account Creation in all versions up to, and including, 6.1.0. This is due to th… | |
| CVE-2026-9967 | CRITICAL | Patched | 9.6 | 2026-05-28 | Out of bounds write in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium sec… |
| CVE-2026-9918 | CRITICAL | Patched | 9.6 | 2026-05-28 | Inappropriate implementation in Tint in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Ch… |
| CVE-2026-9891 | CRITICAL | Patched | 9.0 | 2026-05-28 | Use after free in Extensions in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox es… |
| CVE-2026-9886 | CRITICAL | Patched | 9.6 | 2026-05-28 | Use after free in Base in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium … |
| CVE-2026-9881 | CRITICAL | Patched | 9.0 | 2026-05-28 | Use after free in Bluetooth in Google Chrome on Mac prior to 148.0.7778.216 allowed an attacker who convinced a user to install a malicious extension to potentially perform… |
| CVE-2026-9876 | CRITICAL | Patched | 9.6 | 2026-05-28 | Use after free in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chro… |
| CVE-2026-9875 | CRITICAL | Patched | 9.6 | 2026-05-28 | Out of bounds read in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (… |
| CVE-2026-9874 | CRITICAL | Patched | 9.6 | 2026-05-28 | Use after free in Dawn in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium securit… |
| CVE-2026-9872 | CRITICAL | Patched | 9.6 | 2026-05-28 | Out of bounds write in GPU in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (C… |
| CVE-2026-8809 | CRITICAL | 9.8 | 2026-05-28 | The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Privilege Escalation via Validation Bypass in all versions up to and including 0.9.2.5. The vulne… | |
| CVE-2026-44881 | CRITICAL | Patched | 9.9 | 2026-05-28 | Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environme… |
| CVE-2026-9645 | CRITICAL | 9.9 | 2026-05-28 | Exposed methods allow authenticated users to create and execute arbitrary JavaScript code on the server. The scripts execute with full access, enabling complete system comp… |