Search
31,026 CVEs · Critical severity
CVEs (31,026, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 1–25 of 31,026 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-46389 | CRITICAL | 10.0 | 2026-06-05 | UDS Identity Config builds the Keycloak configuration image (realm, plugins, theme, truststore, JARs) consumed by UDS Core's Identity deployment. In versions 0.11.0 through… | |
| CVE-2026-49777 | CRITICAL | Patched | 10.0 | 2026-06-05 | Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue af… |
| CVE-2026-48567 | CRITICAL | 10.0 | 2026-06-04 | Authentication bypass by spoofing in Azure HorizonDB allows an unauthorized attacker to elevate privileges over a network. | |
| CVE-2026-7312 | CRITICAL | Patched | 10.0 | 2026-06-02 | CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 14.0.7700 to 14.4.8152, and 15.0.8200 to 15.0.8234, and 15.1.8300 to 15.1.… |
| CVE-2026-40965 | CRITICAL | Patched | 10.0 | 2026-06-01 | Cloud Foundry UAA versions v76.12.0 through v78.12.0 are vulnerable to a private key exposure. The server contains a vulnerability where EC (Elliptic Curve) private keys ar… |
| CVE-2026-45131 | CRITICAL | 10.0 | 2026-06-01 | CloudPirates Open Source Helm Charts is a collection of Helm charts. Prior to commit fcf9302, a GitHub Actions workflow (pull-request.yaml) executes attacker-controlled cod… | |
| CVE-2026-45132 | CRITICAL | 10.0 | 2026-06-01 | CloudPirates Open Source Helm Charts is a collection of Helm charts. Prior to commit fcf9302, a GitHub Actions workflow (generate-schema.yaml) exposes sensitive credentials… | |
| CVE-2026-45631 | CRITICAL | Patched | 10.0 | 2026-05-29 | Dokploy is a free, self-hostable Platform as a Service (PaaS). From 0.27.0 to before 0.29.3, a hardcoded BETTER_AUTH_SECRET fallback ("better-auth-secret-123456789") lets a… |
| CVE-2026-46840 | CRITICAL | Patched | 10.0 | 2026-05-28 | Vulnerability in Oracle REST Data Services (component: Backend-as-a-Service). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allo… |
| CVE-2026-43898 | CRITICAL | Patched | 10.0 | 2026-05-28 | SandboxJS is a JavaScript sandboxing library. Prior to 0.9.6, sandbox-defined functions expose Function.caller, allowing sandboxed code to recover the internal LispType.Cal… |
| CVE-2026-45087 | CRITICAL | Patched | 10.0 | 2026-05-27 | Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is started in REST API server mode (dalfox server), the server … |
| CVE-2026-44327 | CRITICAL | Patched | 10.0 | 2026-05-27 | free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-oam route group without inbound OAuth2/bearer-token authoriza… |
| CVE-2026-44329 | CRITICAL | Patched | 10.0 | 2026-05-27 | free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without OAuth2/bearer-token authorizati… |
| CVE-2026-44330 | CRITICAL | Patched | 10.0 | 2026-05-27 | free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-pfdmanagement route group without inbound OAuth2/bearer-token… |
| CVE-2026-47280 | CRITICAL | 10.0 | 2026-05-22 | Improper authentication in Azure Resource Manager (ARM) allows an unauthorized attacker to elevate privileges over a network. | |
| CVE-2026-42901 | CRITICAL | 10.0 | 2026-05-22 | Origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges over a network. | |
| CVE-2026-41104 | CRITICAL | 10.0 | 2026-05-22 | Deserialization of untrusted data in Microsoft Planetary Computer Pro allows an unauthorized attacker to disclose information over a network. | |
| CVE-2026-40412 | CRITICAL | 10.0 | 2026-05-22 | Unrestricted upload of file with dangerous type in Azure Orbital Spatio allows an unauthorized attacker to execute code over a network. | |
| CVE-2026-23652 | CRITICAL | 10.0 | 2026-05-22 | Improper neutralization of special elements used in a command ('command injection') in Microsoft Power Pages allows an unauthorized attacker to execute code over a network. | |
| CVE-2026-46595 | CRITICAL | Patched | 10.0 | 2026-05-22 | Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the sour… |
| CVE-2026-34908 | CRITICAL | 10.0 | 2026-05-22 | A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system. | |
| CVE-2026-34909 | CRITICAL | 10.0 | 2026-05-22 | A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be m… | |
| CVE-2026-34910 | CRITICAL | 10.0 | 2026-05-22 | A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection. | |
| CVE-2026-45444 | CRITICAL | 10.0 | 2026-05-20 | Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift Cards For WooCommerce Pro allows Using Malicious Files. This issue affects Gift Cards For W… | |
| CVE-2026-20223 | CRITICAL | 10.0 | 2026-05-20 | A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site resources with t… |