Search
19,079 CVEs
CVEs (19,079, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 201–225 of 19,079 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-34717 | CRITICAL | Patched | 9.9 | 2026-04-02 | OpenProject is an open-source, web-based project management software. Prior to version 17.2.3, the =n operator in modules/reporting/lib/report/operator.rb:177 embeds user i… |
| CVE-2026-25212 | CRITICAL | Patched | 9.9 | 2026-04-02 | An issue was discovered in Percona PMM before 3.7. Because an internal database user retains specific superuser privileges, an attacker with pmm-admin rights can abuse the … |
| CVE-2026-34571 | CRITICAL | Patched | 9.9 | 2026-04-01 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, a S… |
| CVE-2026-34569 | CRITICAL | Patched | 9.9 | 2026-04-01 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the… |
| CVE-2026-33579 | CRITICAL | Patched | 9.9 | 2026-03-31 | OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the /pair approve command path that fails to forward caller scopes into the core approval check. … |
| CVE-2026-34156 | CRITICAL | Patched | 9.9 | 2026-03-31 | NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.28, NocoBase's Workflow Script Node ex… |
| CVE-2026-32922 | CRITICAL | Patched | 9.9 | 2026-03-29 | OpenClaw before 2026.3.11 contains a privilege escalation vulnerability in device.token.rotate that allows callers with operator.pairing scope to mint tokens with broader s… |
| CVE-2026-33873 | CRITICAL | Patched | 9.9 | 2026-03-27 | Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.9.0, the Agentic Assistant feature in Langflow executes LLM-generated Pyth… |
| CVE-2026-33945 | CRITICAL | Patched | 9.9 | 2026-03-27 | Incus is a system container and virtual machine manager. Incus instances have an option to provide credentials to systemd in the guest. For containers, this is handled thro… |
| CVE-2026-33897 | CRITICAL | Patched | 9.9 | 2026-03-26 | Incus is a system container and virtual machine manager. Prior to version 6.23.0, instance template files can be used to cause arbitrary read or writes as root on the host … |
| CVE-2026-33396 | CRITICAL | Patched | 9.9 | 2026-03-26 | OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.35, a low-privileged authenticated user (ProjectMember) can achieve remote command … |
| CVE-2026-32536 | CRITICAL | 9.9 | 2026-03-25 | Unrestricted Upload of File with Dangerous Type vulnerability in halfdata Green Downloads halfdata-paypal-green-downloads allows Using Malicious Files.This issue affects Gr… | |
| CVE-2026-32523 | CRITICAL | 9.9 | 2026-03-25 | Unrestricted Upload of File with Dangerous Type vulnerability in denishua WPJAM Basic wpjam-basic allows Using Malicious Files.This issue affects WPJAM Basic: from n/a thro… | |
| CVE-2026-32525 | CRITICAL | 9.9 | 2026-03-25 | Improper Control of Generation of Code ('Code Injection') vulnerability in jetmonsters JetFormBuilder jetformbuilder allows Code Injection.This issue affects JetFormBuilder… | |
| CVE-2026-32482 | CRITICAL | 9.9 | 2026-03-25 | Unrestricted Upload of File with Dangerous Type vulnerability in deothemes Ona ona allows Upload a Web Shell to a Web Server.This issue affects Ona: from n/a through < 1.24. | |
| CVE-2026-27044 | CRITICAL | 9.9 | 2026-03-25 | Improper Control of Generation of Code ('Code Injection') vulnerability in TotalSuite Total Poll Lite totalpoll-lite allows Remote Code Inclusion.This issue affects Total P… | |
| CVE-2026-25413 | CRITICAL | 9.9 | 2026-03-25 | Unrestricted Upload of File with Dangerous Type vulnerability in iqonicdesign WPBookit Pro wpbookit-pro allows Using Malicious Files.This issue affects WPBookit Pro: from n… | |
| CVE-2026-25366 | CRITICAL | 9.9 | 2026-03-25 | Improper Control of Generation of Code ('Code Injection') vulnerability in Themeisle Woody ad snippets insert-php allows Code Injection.This issue affects Woody ad snippets… | |
| CVE-2026-25345 | CRITICAL | 9.9 | 2026-03-25 | Improper Validation of Specified Quantity in Input vulnerability in GalleryCreator SimpLy Gallery simply-gallery-block allows Accessing Functionality Not Properly Constrain… | |
| CVE-2026-33309 | CRITICAL | Patched | 9.9 | 2026-03-24 | Langflow is a tool for building and deploying AI-powered agents and workflows. Versions 1.2.0 through 1.8.1 have a bypass of the patch for CVE-2025-68478 (External Control … |
| CVE-2026-22172 | CRITICAL | Patched | 9.9 | 2026-03-20 | OpenClaw versions prior to 2026.3.12 contain an authorization bypass vulnerability in the WebSocket connect path that allows shared-token or password-authenticated connecti… |
| CVE-2026-32768 | CRITICAL | Patched | 9.9 | 2026-03-20 | Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. In versions prior to 0.6.5, due to a miswritten NetworkPolicy, a malicious actor… |
| CVE-2026-32938 | CRITICAL | Patched | 9.9 | 2026-03-20 | SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the /api/lute/html2BlockDOM on the desktop copies local files pointed to by file:// links in … |
| CVE-2026-26137 | CRITICAL | 9.9 | 2026-03-19 | Server-side request forgery (ssrf) in Microsoft Exchange allows an authorized attacker to elevate privileges over a network. | |
| CVE-2026-32731 | CRITICAL | Patched | 9.9 | 2026-03-18 | ApostropheCMS is an open-source content management framework. Prior to version 3.5.3 of `@apostrophecms/import-export`, The `extract()` function in `gzip.js` constructs fil… |