Search
2,539 CVEs · High severity
CVEs (2,539, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 1–25 of 2,539 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↑ | Description |
|---|---|---|---|---|---|
| CVE-2026-8216 | HIGH | 7.3 | 2026-05-10 | A vulnerability was identified in Industrial Application Software IAS Canias ERP 8.03. This issue affects the function iasServerRemoteInterface.doAction of the component Ja… | |
| CVE-2026-7258 | HIGH | Patched | 7.5 | 2026-05-10 | In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, some functions, including urldecode(), pass signed char to ctype func… |
| CVE-2026-7262 | HIGH | Patched | 7.5 | 2026-05-10 | In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, when a SOAP server has a typemap configured, the decoding process con… |
| CVE-2026-7568 | HIGH | Patched | 7.5 | 2026-05-10 | In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the metaphone() function in ext/standard/metaphone.c uses a signed in… |
| CVE-2026-7263 | HIGH | Patched | 7.5 | 2026-05-10 | In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, DOMNode::C14N() method may process the XML data incorrectly, causing a circular linked list in the data structur… |
| CVE-2026-8234 | HIGH | 8.8 | 2026-05-10 | A security vulnerability has been detected in EFM ipTIME A8004T 14.18.2. This vulnerability affects the function formWifiBasicSet of the file /goform/WifiBasicSet. The mani… | |
| CVE-2021-47928 | HIGH | 8.2 | 2026-05-10 | Opencart TMD Vendor System 3.x contains a blind SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code thro… | |
| CVE-2021-47930 | HIGH | 8.2 | 2026-05-10 | Balbooa Joomla Forms Builder 2.0.6 contains an unauthenticated SQL injection vulnerability in the form submission handler that allows remote attackers to execute arbitrary … | |
| CVE-2021-47935 | HIGH | 8.8 | 2026-05-10 | Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized obje… | |
| CVE-2021-47937 | HIGH | 8.8 | 2026-05-10 | e107 CMS 2.3.0 contains a remote code execution vulnerability that allows authenticated users with theme installation permissions to execute arbitrary commands by uploading… | |
| CVE-2021-47938 | HIGH | 8.8 | 2026-05-10 | ImpressCMS 1.4.2 contains a remote code execution vulnerability in the autotasks administrative interface that allows authenticated attackers to execute arbitrary PHP code … | |
| CVE-2021-47939 | HIGH | 8.8 | 2026-05-10 | Evolution CMS 3.1.6 contains a remote code execution vulnerability that allows authenticated users with module creation permissions to execute arbitrary system commands by … | |
| CVE-2021-47941 | HIGH | 8.2 | 2026-05-10 | WordPress Plugin Survey & Poll 1.5.7.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious… | |
| CVE-2021-47943 | HIGH | 8.8 | 2026-05-10 | TextPattern CMS 4.8.7 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by uploading malicious PHP files thro… | |
| CVE-2021-47944 | HIGH | 7.5 | 2026-05-10 | memono Notepad 4.2 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character buffers into note fields.… | |
| CVE-2021-47945 | HIGH | 7.8 | 2026-05-10 | Argus Surveillance DVR 4.0 contains an unquoted service path vulnerability in the DVRWatchdog service that allows local attackers to escalate privileges by exploiting the s… | |
| CVE-2021-47949 | HIGH | 8.8 | 2026-05-10 | CyberPanel 2.1 contains a command execution vulnerability that allows authenticated attackers to read arbitrary files and execute remote code by exploiting symlink attacks … | |
| CVE-2022-50944 | HIGH | 8.8 | 2026-05-10 | Aero CMS 0.0.1 contains a PHP code injection vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious files through the image … | |
| CVE-2026-45180 | HIGH | 7.5 | 2026-05-10 | Catalyst::Plugin::Statsd versions through 0.10.0 for Perl may leak session ids. If the communication channel to the statsd daemon is not secured (for example, by sending U… | |
| CVE-2026-8177 | HIGH | 7.5 | 2026-05-10 | XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences. A node name ending in th… | |
| CVE-2026-8260 | HIGH | Patched | 8.8 | 2026-05-11 | A vulnerability was found in D-Link DCS-935L up to 1.10.01. The impacted element is the function SetDeviceSettings of the file /web/cgi-bin/hnap/hnap_service of the compone… |
| CVE-2026-6433 | HIGH | 7.3 | 2026-05-11 | The Custom css-js-php WordPress plugin through 2.0.7 does not properly sanitize user input before using it in a SQL query, and the result is passed to eval(), allowing unau… | |
| CVE-2026-43500 | HIGH | Patched | 7.8 | 2026-05-11 | In the Linux kernel, the following vulnerability has been resolved: rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present The DATA-packet handler in rxrp… |
| CVE-2025-10908 | HIGH | Patched | 7.3 | 2026-05-11 | Due to a lack of user account state validation during authentication, locked user accounts can be successfully authenticated using Magic Link or Pass Key methods. This bypa… |
| CVE-2026-32658 | HIGH | Patched | 8.0 | 2026-05-11 | Dell Automation Platform versions prior to 2.0.0.0, contains a missing authorization vulnerability. A low privileged attacker with remote access could potentially exploit t… |