Search
19,363 CVEs
CVEs (19,363, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 1–25 of 19,363 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-11414 | NONE | — | 2026-06-05 | A hard-coded cryptographic key is used by Altium Enterprise Server to sign file download URLs in the Vault service. Because the key is identical across all installations, a… | |
| CVE-2026-11420 | NONE | — | 2026-06-05 | Two path traversal vulnerabilities in the Network Installation Service (NIS) of Altium Enterprise Server allow an unauthenticated network attacker to write arbitrary files … | |
| CVE-2026-46389 | CRITICAL | 10.0 | 2026-06-05 | UDS Identity Config builds the Keycloak configuration image (realm, plugins, theme, truststore, JARs) consumed by UDS Core's Identity deployment. In versions 0.11.0 through… | |
| CVE-2026-49777 | CRITICAL | Patched | 10.0 | 2026-06-05 | Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue af… |
| CVE-2026-48907 | NONE | — | 2026-06-05 | A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution. | |
| CVE-2026-48567 | CRITICAL | 10.0 | 2026-06-04 | Authentication bypass by spoofing in Azure HorizonDB allows an unauthorized attacker to elevate privileges over a network. | |
| CVE-2026-7312 | CRITICAL | Patched | 10.0 | 2026-06-02 | CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 14.0.7700 to 14.4.8152, and 15.0.8200 to 15.0.8234, and 15.1.8300 to 15.1.… |
| CVE-2026-40965 | CRITICAL | Patched | 10.0 | 2026-06-01 | Cloud Foundry UAA versions v76.12.0 through v78.12.0 are vulnerable to a private key exposure. The server contains a vulnerability where EC (Elliptic Curve) private keys ar… |
| CVE-2026-45131 | CRITICAL | 10.0 | 2026-06-01 | CloudPirates Open Source Helm Charts is a collection of Helm charts. Prior to commit fcf9302, a GitHub Actions workflow (pull-request.yaml) executes attacker-controlled cod… | |
| CVE-2026-45132 | CRITICAL | 10.0 | 2026-06-01 | CloudPirates Open Source Helm Charts is a collection of Helm charts. Prior to commit fcf9302, a GitHub Actions workflow (generate-schema.yaml) exposes sensitive credentials… | |
| CVE-2026-45631 | CRITICAL | Patched | 10.0 | 2026-05-29 | Dokploy is a free, self-hostable Platform as a Service (PaaS). From 0.27.0 to before 0.29.3, a hardcoded BETTER_AUTH_SECRET fallback ("better-auth-secret-123456789") lets a… |
| CVE-2026-8326 | NONE | — | 2026-05-29 | Path traversal vulnerability in Remote Spark (https://www.Remotespark.Com/) SparkView allows reading and writing arbitrary files in all directories as root. This leads to R… | |
| CVE-2026-9508 | NONE | — | 2026-05-29 | Incorrect permission settings on a critical resource in Suprema BioStar 2 (versions 2.9.3 through 2.9.11) that allow backup files to be publicly exposed when the administra… | |
| CVE-2026-46840 | CRITICAL | Patched | 10.0 | 2026-05-28 | Vulnerability in Oracle REST Data Services (component: Backend-as-a-Service). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allo… |
| CVE-2026-43898 | CRITICAL | Patched | 10.0 | 2026-05-28 | SandboxJS is a JavaScript sandboxing library. Prior to 0.9.6, sandbox-defined functions expose Function.caller, allowing sandboxed code to recover the internal LispType.Cal… |
| CVE-2026-45087 | CRITICAL | Patched | 10.0 | 2026-05-27 | Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is started in REST API server mode (dalfox server), the server … |
| CVE-2026-44327 | CRITICAL | Patched | 10.0 | 2026-05-27 | free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-oam route group without inbound OAuth2/bearer-token authoriza… |
| CVE-2026-44329 | CRITICAL | Patched | 10.0 | 2026-05-27 | free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without OAuth2/bearer-token authorizati… |
| CVE-2026-44330 | CRITICAL | Patched | 10.0 | 2026-05-27 | free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-pfdmanagement route group without inbound OAuth2/bearer-token… |
| CVE-2026-8054 | NONE | — | 2026-05-27 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in the Publish Audit API endpoints (/api/auditPublishing/get and /api/auditPublishing/g… | |
| CVE-2026-47280 | CRITICAL | 10.0 | 2026-05-22 | Improper authentication in Azure Resource Manager (ARM) allows an unauthorized attacker to elevate privileges over a network. | |
| CVE-2026-42901 | CRITICAL | 10.0 | 2026-05-22 | Origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges over a network. | |
| CVE-2026-41104 | CRITICAL | 10.0 | 2026-05-22 | Deserialization of untrusted data in Microsoft Planetary Computer Pro allows an unauthorized attacker to disclose information over a network. | |
| CVE-2026-40412 | CRITICAL | 10.0 | 2026-05-22 | Unrestricted upload of file with dangerous type in Azure Orbital Spatio allows an unauthorized attacker to execute code over a network. | |
| CVE-2026-23652 | CRITICAL | 10.0 | 2026-05-22 | Improper neutralization of special elements used in a command ('command injection') in Microsoft Power Pages allows an unauthorized attacker to execute code over a network. |