Search
127,949 CVEs · High severity
CVEs (127,949, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 201–225 of 127,949 (capped at 500)
| CVE ID ↓ | Severity | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-9111 | HIGH | Patched | 8.8 | 2026-05-20 | Use after free in WebRTC in Google Chrome on Linux prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security s… |
| CVE-2026-9096 | HIGH | 7.5 | 2026-05-28 | Casdoor versions 2.362.0 and earlier do not enforce SAML assertion time bounds. The gosaml2 library reports all time-validation results, including NotOnOrAfter and NotBefor… | |
| CVE-2026-9095 | HIGH | 8.1 | 2026-05-28 | Casdoor versions 2.362.0 and earlier map SAML assertions to user sessions without replay protection. The ParseSamlResponse() function in object/saml_sp.go calls sp.Retrieve… | |
| CVE-2026-9089 | HIGH | Patched | 8.8 | 2026-05-21 | The ConnectWise Automate™ Agent does not fully verify the authenticity of components obtained during plugin loading and self-update operations. This issue is addressed in A… |
| CVE-2026-9064 | HIGH | 7.5 | 2026-05-20 | A flaw was found in 389-ds-base. The get_ldapmessage_controls_ext() function in the LDAP server does not enforce an upper bound on the number of controls per LDAP message. … | |
| CVE-2026-9057 | HIGH | Patched | 8.2 | 2026-05-20 | A broken access control issue has been identified in the Talend Administration Center, that allows a user with “View” permission to modify the Talend Studio update URL. Thi… |
| CVE-2026-9024 | HIGH | 8.7 | 2026-06-01 | A Stored Cross-site Scripting (XSS) vulnerability affecting Process Experience Studio in DELMIA Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3D… | |
| CVE-2026-9018 | HIGH | 8.8 | 2026-05-22 | The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.4.5 via the … | |
| CVE-2026-9011 | HIGH | 7.5 | 2026-05-22 | The Ditty – Responsive News Tickers, Sliders, and Lists plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.1.65. This is due… | |
| CVE-2026-9010 | HIGH | 7.5 | 2026-05-20 | The Boost plugin for WordPress is vulnerable to time-based SQL Injection via the 'current_url' and 'user_name' parameters in versions up to, and including, 2.0.3 due to ins… | |
| CVE-2026-9009 | HIGH | 8.8 | 2026-05-28 | The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.7.2 via the filter_cont… | |
| CVE-2026-9003 | HIGH | 7.5 | 2026-05-20 | E-LAN Hybrid Recording System developed by TONNET has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read data… | |
| CVE-2026-8994 | HIGH | 8.1 | 2026-05-27 | The Login with NEAR plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 0.3.3. The `ajaxLoginWithNear()` function — registered… | |
| CVE-2026-8975 | HIGH | Patched | 8.8 | 2026-05-19 | Memory safety bugs present in Firefox ESR 115.35, Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enoug… |
| CVE-2026-8974 | HIGH | Patched | 8.8 | 2026-05-19 | Memory safety bugs present in Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of the… |
| CVE-2026-8973 | HIGH | Patched | 8.8 | 2026-05-19 | Memory safety bugs present in Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… |
| CVE-2026-8972 | HIGH | Patched | 8.8 | 2026-05-19 | Privilege escalation in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. |
| CVE-2026-8970 | HIGH | Patched | 8.8 | 2026-05-19 | Privilege escalation in the Security component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. |
| CVE-2026-8969 | HIGH | Patched | 8.1 | 2026-05-19 | Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. |
| CVE-2026-8968 | HIGH | Patched | 7.5 | 2026-05-19 | Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thu… |
| CVE-2026-8967 | HIGH | Patched | 7.5 | 2026-05-19 | Information disclosure in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. |
| CVE-2026-8966 | HIGH | Patched | 7.5 | 2026-05-19 | Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. |
| CVE-2026-8965 | HIGH | Patched | 7.5 | 2026-05-19 | Information disclosure in the DOM: Security component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. |
| CVE-2026-8964 | HIGH | Patched | 7.5 | 2026-05-19 | Spoofing issue in the Popup Blocker component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. |
| CVE-2026-8963 | HIGH | Patched | 7.5 | 2026-05-19 | Spoofing issue in the Web Speech component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. |