Search
31,034 CVEs · Critical severity
CVEs (31,034, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 201–225 of 31,034 (capped at 500)
| CVE ID | Severity ↑ | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-9872 | CRITICAL | Patched | 9.6 | 2026-05-28 | Out of bounds write in GPU in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (C… |
| CVE-2026-9874 | CRITICAL | Patched | 9.6 | 2026-05-28 | Use after free in Dawn in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium securit… |
| CVE-2026-9875 | CRITICAL | Patched | 9.6 | 2026-05-28 | Out of bounds read in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (… |
| CVE-2026-9876 | CRITICAL | Patched | 9.6 | 2026-05-28 | Use after free in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chro… |
| CVE-2026-8809 | CRITICAL | 9.8 | 2026-05-28 | The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Privilege Escalation via Validation Bypass in all versions up to and including 0.9.2.5. The vulne… | |
| CVE-2026-44881 | CRITICAL | Patched | 9.9 | 2026-05-28 | Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environme… |
| CVE-2026-9645 | CRITICAL | 9.9 | 2026-05-28 | Exposed methods allow authenticated users to create and execute arbitrary JavaScript code on the server. The scripts execute with full access, enabling complete system comp… | |
| CVE-2026-46833 | CRITICAL | Patched | 9.0 | 2026-05-28 | Vulnerability in the Net Service component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.2. Difficult to exploit vulnerability allows un… |
| CVE-2026-46839 | CRITICAL | Patched | 9.9 | 2026-05-28 | Vulnerability in Oracle REST Data Services (component: Core). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows low privilege… |
| CVE-2026-46840 | CRITICAL | Patched | 10.0 | 2026-05-28 | Vulnerability in Oracle REST Data Services (component: Backend-as-a-Service). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allo… |
| CVE-2026-46822 | CRITICAL | Patched | 9.9 | 2026-05-28 | Vulnerability in the Oracle iAssets product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily ex… |
| CVE-2026-46824 | CRITICAL | Patched | 9.9 | 2026-05-28 | Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Site Level Administration). Supported versions that are affec… |
| CVE-2026-45288 | CRITICAL | Patched | 9.8 | 2026-05-28 | Marten is a .NET Transactional Document DB and Event Store on PostgreSQL. Prior to 8.36.1, Marten's full-text search APIs interpolated the user-supplied regConfig parameter… |
| CVE-2026-46775 | CRITICAL | Patched | 9.9 | 2026-05-28 | Vulnerability in Oracle REST Data Services (component: Core). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows low privilege… |
| CVE-2026-46817 | CRITICAL | Patched | 9.8 | 2026-05-28 | Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versions that are affected are 12.2.3-12.2.15. Easily exp… |
| CVE-2026-46819 | CRITICAL | Patched | 9.1 | 2026-05-28 | Vulnerability in the Oracle Internet Procurement Connector product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12… |
| CVE-2026-34311 | CRITICAL | 9.8 | 2026-05-28 | Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: Opera). Supported versions that are affected are 5… | |
| CVE-2026-45039 | CRITICAL | Patched | 9.8 | 2026-05-28 | RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the internode RPC layer authenticates every request with an HMAC-SHA256 signature using … |
| CVE-2026-45311 | CRITICAL | Patched | 9.6 | 2026-05-28 | CodeWhale is a DeepSeek + MiMo coding agent in terminal. From 0.3.0 to 0.8.23, the run_tests tool executes cargo test in the workspace with ApprovalRequirement::Auto, meani… |
| CVE-2026-45323 | CRITICAL | Patched | 9.6 | 2026-05-28 | MeshCore Card provides MeshCore Lovelace card for Home Assistant. Prior to 0.3.3, Meshcore node names are rendered without HTML escaping in meshcore-card, allowing any node… |
| CVE-2026-45374 | CRITICAL | Patched | 9.6 | 2026-05-28 | CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.26, the task_create tool spawns durable sub-agents that inherit two insecure defaults, allow_shell def… |
| CVE-2026-45787 | CRITICAL | Patched | 9.1 | 2026-05-28 | electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to 3.9.5, deterministic AES-192-CBC with a fixed zero IV, constant KDF salt,… |
| CVE-2026-43898 | CRITICAL | Patched | 10.0 | 2026-05-28 | SandboxJS is a JavaScript sandboxing library. Prior to 0.9.6, sandbox-defined functions expose Function.caller, allowing sandboxed code to recover the internal LispType.Cal… |
| CVE-2026-9092 | CRITICAL | 9.1 | 2026-05-28 | Casdoor versions 2.362.0 and earlier contain a vulnerability involving unverified email binding that may enable account takeover. The getExistUserByBindingRule function mat… | |
| CVE-2026-9093 | CRITICAL | 9.8 | 2026-05-28 | In Casdoor versions 2.362.0 and earlier, the SAML service provider implementation does not validate the AudienceRestriction element in SAML assertions. The buildSp function… |