Search
127 CVEs · Critical severity
CVEs (127)
Showing 1–25 of 127
| CVE ID | Severity | Patch | CVSS ↑ | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-11393 | CRITICAL | Patched | 9.0 | 2026-06-08 | Improper neutralization of triple-quote characters during Python code generation in AgentCore CLI before v0.14.2 might allow an authenticated remote threat actor to execute… |
| CVE-2026-45750 | CRITICAL | Patched | 9.0 | 2026-06-05 | Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the GET /ssh/file_manager/ssh/resolveP… |
| CVE-2026-45746 | CRITICAL | Patched | 9.0 | 2026-06-05 | Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the File Manager functionality in Term… |
| CVE-2026-36748 | CRITICAL | 9.0 | 2026-06-03 | RockRMS v16.13 and before v.17.7.0 is vulnerable to Cross Site Scripting (XSS) via Social Media links in user profile. | |
| CVE-2026-36500 | CRITICAL | 9.1 | 2026-06-05 | An issue in the cluster-admin:backup-datastore component of Controller v12.0.5 allows attackers to execute a directory traversal via a crafted request. | |
| CVE-2026-9270 | CRITICAL | 9.1 | 2026-06-05 | DataDog::DogStatsd versions through 0.07 for Perl allow metric injections. DataDog::DogStatsd does not properly sanitise input, allowing metric injections of data from unt… | |
| CVE-2026-48579 | CRITICAL | 9.1 | 2026-06-04 | Improper authorization in Microsoft Exchange Online allows an unauthorized attacker to disclose information over a network. | |
| CVE-2026-11153 | CRITICAL | Patched | 9.1 | 2026-06-04 | Side-channel information leakage in Forms in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium sec… |
| CVE-2026-48040 | CRITICAL | Patched | 9.1 | 2026-06-04 | The netty incubator codec.bhttp is a java language binary http parser. The library implements Oblivious HTTP (RFC 9458) using BoringSSL's HPKE C library via JNI. When deriv… |
| CVE-2026-50076 | CRITICAL | Patched | 9.1 | 2026-06-04 | Deserialization of Untrusted Data in the Java replace-resolve path in Apache Fory fory-core Java SDK before 1.1.0 on Java/JVM platforms allows a remote attacker to bypass c… |
| CVE-2026-50225 | CRITICAL | Patched | 9.1 | 2026-06-04 | The registration path /v1/account/register provides no bot mitigation mechanisms, allowing malicious automated systems to flood the database. |
| CVE-2026-46266 | CRITICAL | 9.1 | 2026-06-03 | In the Linux kernel, the following vulnerability has been resolved: inet: RAW sockets using IPPROTO_RAW MUST drop incoming ICMP Yizhou Zhao reported that simply having on… | |
| CVE-2026-46244 | CRITICAL | 9.1 | 2026-06-03 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_inner: Fix IPv6 inner_thoff desync In nft_inner_parse_l2l3(), when processing inner IPv… | |
| CVE-2026-50751 | CRITICAL | 9.3 | 2026-06-08 | A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user au… | |
| CVE-2026-42849 | CRITICAL | Patched | 9.3 | 2026-06-02 | authentik is an open-source identity provider. Prior to versions 2025.12.5 and 2026.2.3, due to the implementation of stages in the SFE (Simple Flow Executor) in order to m… |
| CVE-2026-42684 | CRITICAL | 9.3 | 2026-06-02 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ahmad WP Job Portal allows Blind SQL Injection. This issue affects WP… | |
| CVE-2026-41448 | CRITICAL | 9.4 | 2026-06-08 | AdGuard Home, when started with the --glinet flag, contains an authentication bypass vulnerability that allows unauthenticated attackers to gain full admin access by supply… | |
| CVE-2026-50208 | CRITICAL | Patched | 9.4 | 2026-06-04 | High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-coded DES symmetric encryption keys, a Man-in-the-Middle (MITM) actor could… |
| CVE-2026-45758 | CRITICAL | Patched | 9.6 | 2026-06-05 | Guardrails AI is a Python framework that helps build AI applications. On May 11, 2026 at approximately 6:00 PM Pacific, an attacker published a malicious version of `guardr… |
| CVE-2026-11293 | CRITICAL | 9.6 | 2026-06-05 | Use after free in Input in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium securit… | |
| CVE-2026-11282 | CRITICAL | 9.6 | 2026-06-05 | Insufficient policy enforcement in Sandbox in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted … | |
| CVE-2026-11250 | CRITICAL | Patched | 9.6 | 2026-06-05 | Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially se… |
| CVE-2026-11213 | CRITICAL | Patched | 9.6 | 2026-06-04 | Insufficient validation of untrusted input in Reading Mode in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to pot… |
| CVE-2026-11207 | CRITICAL | Patched | 9.6 | 2026-06-04 | Insufficient validation of untrusted input in Autofill in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via malicio… |
| CVE-2026-11198 | CRITICAL | Patched | 9.6 | 2026-06-04 | Insufficient validation of untrusted input in Codecs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted… |