Search
127,907 CVEs · High severity
CVEs (127,907, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 1–25 of 127,907 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↓ | Description |
|---|---|---|---|---|---|
| CVE-2026-11557 | HIGH | 8.8 | 2026-06-08 | A weakness has been identified in Tenda F451 1.0.0.7/1.0.0.9. The affected element is the function fromNatlimit of the file /goform/Natlimit of the component Web Management… | |
| CVE-2026-11556 | HIGH | 8.8 | 2026-06-08 | A security flaw has been discovered in Tenda F451 1.0.0.7/1.0.0.9. Impacted is the function formWriteFacMac of the file /goform/WriteFacMac of the component Web Management … | |
| CVE-2026-11553 | HIGH | 8.8 | 2026-06-08 | A vulnerability was found in Tenda HG7HG9 and HG10 300001138_en_xpon. This affects the function formPPPEdit of the file /boaform/formPPPEdit. The manipulation of the argume… | |
| CVE-2026-48507 | HIGH | 7.1 | 2026-06-08 | Snipe-IT is an IT asset/license management system. A vulnerability in versions prior to 8.6.0 allows a non-admin user holding only the granular `users.edit` permission to l… | |
| CVE-2026-46481 | HIGH | Patched | 8.3 | 2026-06-08 | OpenMetadata is a unified metadata platform. Prior to version 1.12.4, a non-admin SSO user can trigger a TEST_CONNECTION workflow for a Database Service and receive, in the… |
| CVE-2026-25856 | HIGH | 8.8 | 2026-06-08 | OpenBullet2 through version 0.3.2 contains an authenticated remote code execution vulnerability that allows authenticated users to execute arbitrary C# code on the server h… | |
| CVE-2026-25855 | HIGH | 8.8 | 2026-06-08 | OpenBullet2 through version 0.3.2 contains a remote code execution vulnerability that allows authenticated users to execute arbitrary commands by uploading script files (.b… | |
| CVE-2026-25559 | HIGH | 8.8 | 2026-06-08 | OpenBullet2 through version 0.3.2 contains a path traversal vulnerability in the wordlist endpoint that allows authenticated attackers to perform arbitrary file read, write… | |
| CVE-2026-11531 | HIGH | 7.3 | 2026-06-08 | A security flaw has been discovered in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. This impacts an unknown function of the file admin… | |
| CVE-2026-11530 | HIGH | 7.3 | 2026-06-08 | A vulnerability was identified in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. This affects an unknown function of the file /index.ph … | |
| CVE-2026-48913 | HIGH | 7.3 | 2026-06-08 | Use After Free vulnerability in Apache HTTP Server module mod_http2 when file handles are already exhausted. This issue affects Apache HTTP Server: from 2.4.55 through 2.4.67. | |
| CVE-2026-46657 | HIGH | 7.1 | 2026-06-08 | Bludit is a content management system. Versions prior to 3.22.0 have a vulnerability in the user management logic that allows deactivated accounts to maintain access via pe… | |
| CVE-2026-46656 | HIGH | 8.8 | 2026-06-08 | Bludit is a content management system. Versions prior to 3.22.0 have a Broken Access Control flaw where active sessions remain valid even after the corresponding user accou… | |
| CVE-2026-46440 | HIGH | Patched | 7.5 | 2026-06-08 | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, the checkBasicAuth endpoint validates credentials in plaint… |
| CVE-2026-44185 | HIGH | Patched | 7.3 | 2026-06-08 | Buffer Over-read vulnerability in Apache HTTP Server via outbound OCSP requests to an attacker controlled OCSP server This issue affects Apache HTTP Server: from 2.4.0 thr… |
| CVE-2026-42536 | HIGH | Patched | 7.5 | 2026-06-08 | Heap-based Buffer Overflow vulnerability in Apache HTTP Server with mod_xml2enc, xml2StartParse, and untrusted content This issue affects Apache HTTP Server: from 2.4.0 th… |
| CVE-2026-36786 | HIGH | 7.5 | 2026-06-08 | Shenzhen Tenda Technology Co., Ltd Tenda FH451 V1.0.0.9 was discovered to contain a stack overflow in the list1 parameter of the fromDhcpListClient function. This vulnerabi… | |
| CVE-2026-34356 | HIGH | Patched | 7.5 | 2026-06-08 | Heap-based Buffer Overflow vulnerability in Apache HTTP Server with malicious backend servers and ProxyPassReverseCookie* This issue affects Apache HTTP Server: from 2.4.0… |
| CVE-2026-34355 | HIGH | Patched | 7.5 | 2026-06-08 | A buffer overflow in mod_proxy_html in Apache HTTP Server 2.4.67 and earlier allows an attack by an untrusted backend. Users are recommended to upgrade to version 2.4.68, w… |
| CVE-2026-22164 | HIGH | 7.5 | 2026-06-08 | Software installed and run as a non-privileged user may conduct improper GPU system calls to corrupt kernel heap memory. By creating resources of certain types and prese… | |
| CVE-2026-11528 | HIGH | 8.8 | 2026-06-08 | A vulnerability was found in Tenda AC18 15.03.05.05. The affected element is the function sub_45304 of the file /goform/getRebootStatus of the component Web Management Inte… | |
| CVE-2026-11524 | HIGH | 8.8 | 2026-06-08 | A vulnerability has been found in Tenda W20E 15.11.0.6. Impacted is the function modifyWifiFilterRules of the file /goform/modifyWifiFilterRules of the component Web Manage… | |
| CVE-2026-11523 | HIGH | 8.8 | 2026-06-08 | A flaw has been found in Tenda W20E 15.11.0.6. This issue affects the function formPortalAuth of the file /goform/PortalAuth of the component Web Management Interface. Exec… | |
| CVE-2026-11522 | HIGH | 8.8 | 2026-06-08 | A vulnerability was detected in Tenda W20E 15.11.0.6. This vulnerability affects the function formSetPortMirror of the file /goform/setPortMirror. Performing a manipulation… | |
| CVE-2026-36789 | HIGH | 7.5 | 2026-06-08 | Shenzhen Tenda Technology Co., Ltd Tenda AC1206 v15.03.06.23 was discovered to contain multiple stack overflows in the fromGstDhcpSetSer function via the username and passw… |