Search
1,827 CVEs
CVEs (1,827, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 1–25 of 1,827 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-11414 | NONE | — | 2026-06-05 | A hard-coded cryptographic key is used by Altium Enterprise Server to sign file download URLs in the Vault service. Because the key is identical across all installations, a… | |
| CVE-2026-11420 | NONE | — | 2026-06-05 | Two path traversal vulnerabilities in the Network Installation Service (NIS) of Altium Enterprise Server allow an unauthenticated network attacker to write arbitrary files … | |
| CVE-2026-46389 | CRITICAL | 10.0 | 2026-06-05 | UDS Identity Config builds the Keycloak configuration image (realm, plugins, theme, truststore, JARs) consumed by UDS Core's Identity deployment. In versions 0.11.0 through… | |
| CVE-2026-49777 | CRITICAL | Patched | 10.0 | 2026-06-05 | Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue af… |
| CVE-2026-48907 | NONE | — | 2026-06-05 | A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution. | |
| CVE-2026-48567 | CRITICAL | 10.0 | 2026-06-04 | Authentication bypass by spoofing in Azure HorizonDB allows an unauthorized attacker to elevate privileges over a network. | |
| CVE-2026-7312 | CRITICAL | Patched | 10.0 | 2026-06-02 | CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 14.0.7700 to 14.4.8152, and 15.0.8200 to 15.0.8234, and 15.1.8300 to 15.1.… |
| CVE-2026-40965 | CRITICAL | Patched | 10.0 | 2026-06-01 | Cloud Foundry UAA versions v76.12.0 through v78.12.0 are vulnerable to a private key exposure. The server contains a vulnerability where EC (Elliptic Curve) private keys ar… |
| CVE-2026-45131 | CRITICAL | 10.0 | 2026-06-01 | CloudPirates Open Source Helm Charts is a collection of Helm charts. Prior to commit fcf9302, a GitHub Actions workflow (pull-request.yaml) executes attacker-controlled cod… | |
| CVE-2026-45132 | CRITICAL | 10.0 | 2026-06-01 | CloudPirates Open Source Helm Charts is a collection of Helm charts. Prior to commit fcf9302, a GitHub Actions workflow (generate-schema.yaml) exposes sensitive credentials… | |
| CVE-2026-45744 | CRITICAL | Patched | 9.9 | 2026-06-05 | Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the GET /ssh/file_manager/ssh/resolveP… |
| CVE-2026-43986 | CRITICAL | 9.9 | 2026-06-04 | Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose a public `/image/<hash>` route that resolves attacker-control… | |
| CVE-2026-41283 | CRITICAL | 9.9 | 2026-06-04 | OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead to exfiltrati… | |
| CVE-2025-14771 | CRITICAL | 9.9 | 2026-06-03 | Files or directories accessible to external parties vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24. | |
| CVE-2026-52778 | CRITICAL | 9.8 | 2026-06-08 | YesWiki is a wiki system written in PHP. Prior to version 4.6.6, an unsafe execution vulnerability exists in the Bazar form field calculator (CalcField.php) of YesWiki. The… | |
| CVE-2026-39910 | CRITICAL | 9.8 | 2026-06-08 | STACKIT IaaS API contains a missing authorization check vulnerability that allows authenticated, low-privileged attackers to escalate privileges to full organization compro… | |
| CVE-2026-25555 | CRITICAL | 9.8 | 2026-06-08 | OpenBullet2 through version 0.3.2 contains an authentication bypass vulnerability in the API key authentication middleware that allows unauthenticated attackers to gain adm… | |
| CVE-2026-11499 | CRITICAL | 9.8 | 2026-06-08 | A vulnerability was determined in Tenda HG7HG9 and HG10 300001138_en_xpon. This affects the function formDOMAINBLK of the file /boaform/formDOMAINBLK. Executing a manipulat… | |
| CVE-2023-54352 | CRITICAL | 9.8 | 2026-06-08 | WordPress Seotheme contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by uploading malicious files to the th… | |
| CVE-2024-58348 | CRITICAL | 9.8 | 2026-06-08 | WordPress Background Image Cropper version 1.2 contains a remote code execution vulnerability that allows unauthenticated attackers to upload arbitrary files by accessing t… | |
| CVE-2024-58349 | CRITICAL | 9.8 | 2026-06-08 | WordPress Theme Travelscape 1.0.3 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by exploiting insufficient… | |
| CVE-2026-10580 | CRITICAL | 9.8 | 2026-06-05 | The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass leading to Administrator Account Takeover in all versions up to and includ… | |
| CVE-2026-45748 | CRITICAL | Patched | 9.8 | 2026-06-05 | Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The `POST /ssh/tunnel/connect` endpoint in Termix prior to ver… |
| CVE-2025-71317 | CRITICAL | 9.8 | 2026-06-05 | NetMan 204 contains a hard-coded backdoor account with the username and password 'eurek' that grants administrative access. A remote, unauthenticated attacker can authentic… | |
| CVE-2025-71318 | CRITICAL | 9.8 | 2026-06-05 | NetMan 204 fails to enforce authentication on its administrative pages and command endpoints. A remote, unauthenticated attacker can directly request administrative pages (… |