Search
2,539 CVEs · High severity
CVEs (2,539, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 1–25 of 2,539 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-43984 | HIGH | 8.9 | 2026-06-04 | Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose `log_js_errors` to any authenticated user, including guest us… | |
| CVE-2026-42611 | HIGH | Patched | 8.9 | 2026-05-11 | Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a low-privileged (with the ability to create a page) user can cause XSS with the injection of svg element. The XSS… |
| CVE-2026-11557 | HIGH | 8.8 | 2026-06-08 | A weakness has been identified in Tenda F451 1.0.0.7/1.0.0.9. The affected element is the function fromNatlimit of the file /goform/Natlimit of the component Web Management… | |
| CVE-2026-11556 | HIGH | 8.8 | 2026-06-08 | A security flaw has been discovered in Tenda F451 1.0.0.7/1.0.0.9. Impacted is the function formWriteFacMac of the file /goform/WriteFacMac of the component Web Management … | |
| CVE-2026-11553 | HIGH | 8.8 | 2026-06-08 | A vulnerability was found in Tenda HG7HG9 and HG10 300001138_en_xpon. This affects the function formPPPEdit of the file /boaform/formPPPEdit. The manipulation of the argume… | |
| CVE-2026-25855 | HIGH | 8.8 | 2026-06-08 | OpenBullet2 through version 0.3.2 contains a remote code execution vulnerability that allows authenticated users to execute arbitrary commands by uploading script files (.b… | |
| CVE-2026-25856 | HIGH | 8.8 | 2026-06-08 | OpenBullet2 through version 0.3.2 contains an authenticated remote code execution vulnerability that allows authenticated users to execute arbitrary C# code on the server h… | |
| CVE-2026-25559 | HIGH | 8.8 | 2026-06-08 | OpenBullet2 through version 0.3.2 contains a path traversal vulnerability in the wordlist endpoint that allows authenticated attackers to perform arbitrary file read, write… | |
| CVE-2026-46656 | HIGH | 8.8 | 2026-06-08 | Bludit is a content management system. Versions prior to 3.22.0 have a Broken Access Control flaw where active sessions remain valid even after the corresponding user accou… | |
| CVE-2026-11523 | HIGH | 8.8 | 2026-06-08 | A flaw has been found in Tenda W20E 15.11.0.6. This issue affects the function formPortalAuth of the file /goform/PortalAuth of the component Web Management Interface. Exec… | |
| CVE-2026-11524 | HIGH | 8.8 | 2026-06-08 | A vulnerability has been found in Tenda W20E 15.11.0.6. Impacted is the function modifyWifiFilterRules of the file /goform/modifyWifiFilterRules of the component Web Manage… | |
| CVE-2026-11528 | HIGH | 8.8 | 2026-06-08 | A vulnerability was found in Tenda AC18 15.03.05.05. The affected element is the function sub_45304 of the file /goform/getRebootStatus of the component Web Management Inte… | |
| CVE-2026-11522 | HIGH | 8.8 | 2026-06-08 | A vulnerability was detected in Tenda W20E 15.11.0.6. This vulnerability affects the function formSetPortMirror of the file /goform/setPortMirror. Performing a manipulation… | |
| CVE-2026-11517 | HIGH | 8.8 | 2026-06-08 | A vulnerability was determined in UTT HiPER 2610G up to 3.0.0-171107. This impacts the function strcpy of the file /goform/formConfigDnsFilterGlobal. Executing a manipulati… | |
| CVE-2026-11504 | HIGH | 8.8 | 2026-06-08 | A vulnerability was detected in Tenda CX12L 16.03.53.12. The impacted element is the function setSchedWifi of the file /goform/openSchedWifi of the component Wi-Fi Schedule… | |
| CVE-2026-11503 | HIGH | 8.8 | 2026-06-08 | A security vulnerability has been detected in Tenda CX12L 16.03.53.12. The affected element is the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi… | |
| CVE-2026-11498 | HIGH | 8.8 | 2026-06-08 | A vulnerability was found in Tenda HG7HG9 and HG10 300001138_en_xpon. Affected by this issue is the function asp_voip_OtherSet of the file /boaform/voip_other_set of the co… | |
| CVE-2026-11413 | HIGH | 8.8 | 2026-06-06 | A security vulnerability has been detected in JingDong JD Cloud Box AX6600 4.5.3.r4546. The impacted element is the function set_macfilter of the file /sbin/jdcweb_rpc. The… | |
| CVE-2026-7654 | HIGH | 8.8 | 2026-06-05 | The Admin Columns plugin for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution in versions up to and including 7.0.18. This is due to the use… | |
| CVE-2026-5415 | HIGH | 8.8 | 2026-06-05 | The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the same slug) plugin for WordPress is vulnerable to Authentication Bypass in all… | |
| CVE-2026-5411 | HIGH | 8.8 | 2026-06-05 | The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the same slug) plugin for WordPress is vulnerable to arbitrary file upload in all… | |
| CVE-2026-50733 | HIGH | Patched | 8.8 | 2026-06-05 | Markdown Preview Enhanced before 0.8.28 parses WaveDrom diagrams by evaluating untrusted markdown content with eval(), allowing arbitrary JavaScript execution. The flaw aff… |
| CVE-2026-49492 | HIGH | Patched | 8.8 | 2026-06-05 | Markdown Preview Enhanced before 0.8.28 opens external files and links from the preview through a shell and does not validate untrusted inputs taken from the markdown docum… |
| CVE-2026-49493 | HIGH | Patched | 8.8 | 2026-06-05 | Markdown Preview Enhanced before 0.8.28 parses Bitfield fenced code blocks with interpretJS(), which evaluates the block content as code via vm.runInNewContext(), allowing … |
| CVE-2026-48095 | HIGH | Patched | 8.8 | 2026-06-05 | 7-Zip is a file archiver with a high compression ratio. Versions 26.00 and prior contain a heap buffer overflow vulnerability caused by an under-allocation in the NTFS comp… |