Search
7,090 CVEs · High severity
CVEs (7,090, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 1–25 of 7,090 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-43984 | HIGH | 8.9 | 2026-06-04 | Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose `log_js_errors` to any authenticated user, including guest us… | |
| CVE-2026-42611 | HIGH | Patched | 8.9 | 2026-05-11 | Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a low-privileged (with the ability to create a page) user can cause XSS with the injection of svg element. The XSS… |
| CVE-2026-42556 | HIGH | Patched | 8.9 | 2026-05-08 | Postiz is an AI social media scheduling tool. From version 2.21.6 to before version 2.21.7, any authenticated user who can create a post can store arbitrary HTML in post co… |
| CVE-2026-5787 | HIGH | Patched | 8.9 | 2026-05-07 | An Improper Certificate Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to impersonate registered Sentry… |
| CVE-2026-38949 | HIGH | 8.9 | 2026-04-28 | Cross-Site Scripting (XSS) vulnerability exists in HTMLy version 3.1.1 in the content creation functionality at the /add/content?type=image endpoint. The application fails … | |
| CVE-2026-5921 | HIGH | Patched | 8.9 | 2026-04-21 | A server-side request forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an attacker to extract sensitive environment variables from the i… |
| CVE-2026-40487 | HIGH | 8.9 | 2026-04-18 | Postiz is an AI social media scheduling tool. Prior to version 2.21.6, a file upload validation bypass allows any authenticated user to upload arbitrary HTML, SVG, or other… | |
| CVE-2025-40899 | HIGH | 8.9 | 2026-04-15 | A Stored Cross-Site Scripting vulnerability was discovered in the Assets and Nodes functionality due to improper validation of an input parameter. An authenticated user wit… | |
| CVE-2026-39328 | HIGH | Patched | 8.9 | 2026-04-07 | ChurchCRM is an open-source church management system. Prior to 7.1.0, a stored cross-site scripting vulnerability exists in ChurchCRM's person profile editing functionality… |
| CVE-2026-31889 | HIGH | Patched | 8.9 | 2026-03-11 | Shopware is an open commerce platform. Prior to 6.6.10.15 and 6.7.8.1, a vulnerability in the Shopware app registration flow that could, under specific conditions, allow at… |
| CVE-2026-11557 | HIGH | 8.8 | 2026-06-08 | A weakness has been identified in Tenda F451 1.0.0.7/1.0.0.9. The affected element is the function fromNatlimit of the file /goform/Natlimit of the component Web Management… | |
| CVE-2026-11556 | HIGH | 8.8 | 2026-06-08 | A security flaw has been discovered in Tenda F451 1.0.0.7/1.0.0.9. Impacted is the function formWriteFacMac of the file /goform/WriteFacMac of the component Web Management … | |
| CVE-2026-11553 | HIGH | 8.8 | 2026-06-08 | A vulnerability was found in Tenda HG7HG9 and HG10 300001138_en_xpon. This affects the function formPPPEdit of the file /boaform/formPPPEdit. The manipulation of the argume… | |
| CVE-2026-25855 | HIGH | 8.8 | 2026-06-08 | OpenBullet2 through version 0.3.2 contains a remote code execution vulnerability that allows authenticated users to execute arbitrary commands by uploading script files (.b… | |
| CVE-2026-25856 | HIGH | 8.8 | 2026-06-08 | OpenBullet2 through version 0.3.2 contains an authenticated remote code execution vulnerability that allows authenticated users to execute arbitrary C# code on the server h… | |
| CVE-2026-25559 | HIGH | 8.8 | 2026-06-08 | OpenBullet2 through version 0.3.2 contains a path traversal vulnerability in the wordlist endpoint that allows authenticated attackers to perform arbitrary file read, write… | |
| CVE-2026-46656 | HIGH | 8.8 | 2026-06-08 | Bludit is a content management system. Versions prior to 3.22.0 have a Broken Access Control flaw where active sessions remain valid even after the corresponding user accou… | |
| CVE-2026-11523 | HIGH | 8.8 | 2026-06-08 | A flaw has been found in Tenda W20E 15.11.0.6. This issue affects the function formPortalAuth of the file /goform/PortalAuth of the component Web Management Interface. Exec… | |
| CVE-2026-11524 | HIGH | 8.8 | 2026-06-08 | A vulnerability has been found in Tenda W20E 15.11.0.6. Impacted is the function modifyWifiFilterRules of the file /goform/modifyWifiFilterRules of the component Web Manage… | |
| CVE-2026-11528 | HIGH | 8.8 | 2026-06-08 | A vulnerability was found in Tenda AC18 15.03.05.05. The affected element is the function sub_45304 of the file /goform/getRebootStatus of the component Web Management Inte… | |
| CVE-2026-11522 | HIGH | 8.8 | 2026-06-08 | A vulnerability was detected in Tenda W20E 15.11.0.6. This vulnerability affects the function formSetPortMirror of the file /goform/setPortMirror. Performing a manipulation… | |
| CVE-2026-11517 | HIGH | 8.8 | 2026-06-08 | A vulnerability was determined in UTT HiPER 2610G up to 3.0.0-171107. This impacts the function strcpy of the file /goform/formConfigDnsFilterGlobal. Executing a manipulati… | |
| CVE-2026-11504 | HIGH | 8.8 | 2026-06-08 | A vulnerability was detected in Tenda CX12L 16.03.53.12. The impacted element is the function setSchedWifi of the file /goform/openSchedWifi of the component Wi-Fi Schedule… | |
| CVE-2026-11503 | HIGH | 8.8 | 2026-06-08 | A security vulnerability has been detected in Tenda CX12L 16.03.53.12. The affected element is the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi… | |
| CVE-2026-11498 | HIGH | 8.8 | 2026-06-08 | A vulnerability was found in Tenda HG7HG9 and HG10 300001138_en_xpon. Affected by this issue is the function asp_voip_OtherSet of the file /boaform/voip_other_set of the co… |