Search
6,905 CVEs
CVEs (6,905, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 201–225 of 6,905 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-45898 | CRITICAL | 9.8 | 2026-05-27 | In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix workqueue list corruption by removing work_list The commit e1168f0 ("RDMA/iwcm: Simplif… | |
| CVE-2026-42758 | CRITICAL | 9.8 | 2026-05-27 | Incorrect Privilege Assignment vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Privilege Escalation.This issue affects WebinarIgnition: fr… | |
| CVE-2026-42731 | CRITICAL | 9.8 | 2026-05-27 | Incorrect Privilege Assignment vulnerability in miniOrange miniorange otp verification miniorange-otp-verification allows Privilege Escalation.This issue affects miniorange… | |
| CVE-2025-12686 | CRITICAL | Patched | 9.8 | 2026-05-27 | Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in AdminCenter in Synology BeeStation OS before 1.3.2-65648 allows remote attackers to … |
| CVE-2026-8760 | CRITICAL | 9.8 | 2026-05-27 | The Login with OTP plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.6. This is due to an incomplete fix for CVE-2024-1117… | |
| CVE-2026-48689 | CRITICAL | Patched | 9.8 | 2026-05-26 | FastNetMon Community Edition through 1.2.9 contains an off-by-one heap-based buffer overflow in the dynamic_binary_buffer_t class (src/dynamic_binary_buffer.hpp). Five meth… |
| CVE-2026-3660 | CRITICAL | 9.8 | 2026-05-26 | IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an unauthenticated remote attacker to update server property files that would allow them to gain un… | |
| CVE-2026-9170 | CRITICAL | 9.8 | 2026-05-26 | IBM HTTP Server 8.5, and 9.0 | |
| CVE-2026-8633 | CRITICAL | Patched | 9.8 | 2026-05-26 | IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulner… |
| CVE-2026-7251 | CRITICAL | 9.8 | 2026-05-26 | Eppendorf BioFlo 320 is vulnerable due to VNC server using a hard-coded password. If a remote attacker knows the network address of any BioFlo 320 model with remote access … | |
| CVE-2026-44668 | CRITICAL | Patched | 9.8 | 2026-05-26 | FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, AccessControlInterceptor, the authentication gate for all Struts2 actions, unconditio… |
| CVE-2026-48904 | CRITICAL | Patched | 9.8 | 2026-05-26 | An improper access check allows privelege escalation through the com_users group editing webservice endpoint. |
| CVE-2026-48898 | CRITICAL | Patched | 9.8 | 2026-05-26 | An improper access check allows privilege escalation through the com_users batch task. |
| CVE-2026-48899 | CRITICAL | Patched | 9.8 | 2026-05-26 | An improper access check allows privilege escalation through the com_users batch task. |
| CVE-2026-48902 | CRITICAL | Patched | 9.8 | 2026-05-26 | The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set. |
| CVE-2026-48691 | CRITICAL | Patched | 9.8 | 2026-05-26 | FastNetMon Community Edition through 1.2.9 contains an integer overflow in the BGP AS_PATH attribute encoder. In src/bgp_protocol.hpp, the IPv4UnicastAnnounce::get_attribut… |
| CVE-2026-40383 | CRITICAL | Patched | 9.8 | 2026-05-26 | An improper validation of user-supplied input leads to a local file inclusion vulnerability. |
| CVE-2026-35223 | CRITICAL | Patched | 9.8 | 2026-05-26 | An improper access check allows unauthorized access to com_config webservice endpoints. |
| CVE-2026-35221 | CRITICAL | Patched | 9.8 | 2026-05-26 | Improperly built filter clauses lead to a SQL injection vulnerability in the search query for com_finder. |
| CVE-2026-35222 | CRITICAL | Patched | 9.8 | 2026-05-26 | Improperly validated order clauses lead to a SQL injection vulnerability in com_tags. |
| CVE-2026-48686 | CRITICAL | Patched | 9.8 | 2026-05-26 | FastNetMon Community Edition through 1.2.9 contains a stack-based buffer overflow in the BGP NLRI (Network Layer Reachability Information) decoder. The function decode_bgp_… |
| CVE-2026-48687 | CRITICAL | Patched | 9.8 | 2026-05-26 | FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the Juniper router integration plugin. The _log() function in src/juniper_plugi… |
| CVE-2026-45247 | CRITICAL | Patched | 9.8 | 2026-05-26 | Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote c… |
| CVE-2026-9543 | CRITICAL | 9.8 | 2026-05-26 | A vulnerability has been found in Totolink N300RH 6.1c.1353_B20190305. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Web Managem… | |
| CVE-2026-8376 | CRITICAL | Patched | 9.8 | 2026-05-26 | Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perl_study_chunk in regcomp_stu… |