31,200 indexed
CVECVE vulnerabilities
31,200 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 1–50 of 8,314 in Critical · page 1 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2026-9642 | CVE-2026-9642 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. |
| CVE-2026-9543 | CVE-2026-9543 CVSS 9.8 | A vulnerability has been found in Totolink N300RH 6.1c.1353_B20190305. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the componen… |
| CVE-2026-9478 | CVE-2026-9478 CVSS 9.8 | A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setParentalRules of the file /cgi-bin/cstecgi.cgi of the compo… |
| CVE-2026-9477 | CVE-2026-9477 CVSS 9.8 | A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setAccessDeviceCfg of the file /cgi-bin/cstecgi.cg… |
| CVE-2026-9476 | CVE-2026-9476 CVSS 9.8 | A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi… |
| CVE-2026-9475 | CVE-2026-9475 CVSS 9.8 | A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setIpQosRules of the file /cgi-bin/cstecgi.cgi of the compone… |
| CVE-2026-9458 | CVE-2026-9458 CVSS 9.8 | A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the … |
| CVE-2026-9457 | CVE-2026-9457 CVSS 9.8 | A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cg… |
| CVE-2026-9456 | CVE-2026-9456 CVSS 9.8 | A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setOpenVpnCfg of the file /cgi-bin/cstecgi.cgi of the component Web… |
| CVE-2026-9455 | CVE-2026-9455 CVSS 9.8 | A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function UploadOpenVpnCert of the file /cgi-bin/cstecgi.cgi of t… |
| CVE-2026-9454 | CVE-2026-9454 CVSS 9.8 | A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setOpenVpnCertGenerationCfg of the file /cgi-bin/cstecgi… |
| CVE-2026-9436 | CVE-2026-9436 CVSS 9.8 | A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setL2tpServerCfg of the file /cgi-bin/cstecgi.cgi of the co… |
| CVE-2026-9435 | CVE-2026-9435 CVSS 9.8 | A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setQosCfg of the file /cgi-bin/cstecgi.cgi of the co… |
| CVE-2026-9434 | CVE-2026-9434 CVSS 9.8 | A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setWiFiWpsCfg of the file /cgi-bin/cstecgi.cgi of … |
| CVE-2026-9433 | CVE-2026-9433 CVSS 9.8 | A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setMacFilterRules of the file /cgi-bin/cstecgi.cgi of t… |
| CVE-2026-9432 | CVE-2026-9432 CVSS 9.8 | A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setWiFiAdvancedCfg of the file /cgi-bin/cs… |
| CVE-2026-9408 | CVE-2026-9408 CVSS 9.8 | A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. Affected by this issue is the function setStaticDhcpRules of the file /cgi-bin/cstecgi.cg… |
| CVE-2026-9407 | CVE-2026-9407 CVSS 9.8 | A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. Affected by this vulnerability is the function setFirewallType of the file … |
| CVE-2026-9406 | CVE-2026-9406 CVSS 9.8 | A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function setRemoteCfg of the file /cgi-bin/cstecgi.cgi of the component… |
| CVE-2026-9405 | CVE-2026-9405 CVSS 9.8 | A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. This impacts the function setGameSpeedCfg of the file /cgi-bin/cstecgi.cgi of the … |
| CVE-2026-9404 | CVE-2026-9404 CVSS 9.8 | A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi of the component … |
| CVE-2026-9388 | CVE-2026-9388 CVSS 9.8 | A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi of… |
| CVE-2026-9387 | CVE-2026-9387 CVSS 9.8 | A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi… |
| CVE-2026-9386 | CVE-2026-9386 CVSS 9.8 | A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the compone… |
| CVE-2026-9385 | CVE-2026-9385 CVSS 9.8 | A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of th… |
| CVE-2026-9384 | CVE-2026-9384 CVSS 9.8 | A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of … |
| CVE-2026-9264 | CVE-2026-9264 CVSS 9.3 | A cross-site scripting (XSS) vulnerability in SketchUp 2026's Dynamic Components feature allows remote code execution and local file exfiltration through malic… |
| CVE-2026-9141 | CVE-2026-9141 CVSS 9.8 | Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains an authentication bypass vulnerability in the embedded web configuration interface that allows un… |
| CVE-2026-9139 | CVE-2026-9139 CVSS 9.8 | Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a hard-coded credential vulnerability in the embedded web configuration interface where authentic… |
| CVE-2026-9082 | Drupal Core SQL Injection Vulnerability KEVCVSS 9.8Drupal | Drupal Core contains a SQL injection vulnerability that could allow for privilege escalation and remote code execution via specially crafted requests sent with… |
| CVE-2026-8959 | CVE-2026-8959 CVSS 9.6 | Sandbox escape due to incorrect boundary conditions in the Widget: Win32 component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbir… |
| CVE-2026-8956 | CVE-2026-8956 CVSS 9.8 | Integer overflow in the Networking: JAR component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. |
| CVE-2026-8953 | CVE-2026-8953 CVSS 9.6 | Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.… |
| CVE-2026-8950 | CVE-2026-8950 CVSS 9.3 | Same-origin policy bypass in the Networking: HTTP component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird … |
| CVE-2026-8948 | CVE-2026-8948 CVSS 9.1 | Same-origin policy bypass in the DOM: Networking component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. |
| CVE-2026-8856 | CVE-2026-8856 CVSS 9.1 | IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service in configurations where an attacker has write access to parts of the server configuration. |
| CVE-2026-8855 | CVE-2026-8855 CVSS 9.8 | IBM HTTP Server 8.5, and 9.0 is vulnerable to remote code execution and denial of service in configurations with TLS mutual authentication (client authenticati… |
| CVE-2026-8838 | CVE-2026-8838 CVSS 9.8 | Unsafe use of Python's eval() on server-received data in the vector_in() function in amazon-redshift-python-driver before 2.1.14 allows a rogue server or man-i… |
| CVE-2026-8836 | CVE-2026-8836 CVSS 9.8 | A vulnerability was found in lwIP up to 2.2.1. Affected is the function snmp_parse_inbound_frame of the file src/apps/snmp/snmp_msg.c of the component snmpv3 U… |
| CVE-2026-8757 | CVE-2026-8757 CVSS 9.1 | A vulnerability was found in adenhq hive up to 0.11.0. This affects the function _read_events_tail of the file core/framework/server/routes_sessions.py of the … |
| CVE-2026-8751 | CVE-2026-8751 CVSS 9.8 | A security flaw has been discovered in h2oai h2o-3 up to 7402. This affects the function importBinaryModel of the file h2o-core/src/main/java/hex/Model.java of… |
| CVE-2026-8721 | CVE-2026-8721 CVSS 9.8 | Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs. Password parameters in PKCS12.xs are declared char *, which rou… |
| CVE-2026-8696 | CVE-2026-8696 CVSS 9.8 | radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_pids_list() function within the GDB client core that allows remote attackers to cause a denia… |
| CVE-2026-8695 | CVE-2026-8695 CVSS 9.8 | radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_threads_list() function that allows remote attackers to trigger memory corruption by sending … |
| CVE-2026-8686 | CVE-2026-8686 CVSS 9.1 | Missing bounds validation in the MQTT v5.0 property parser in coreMQTT before 5.0.1 allows an MQTT broker to cause a denial of service by sending a crafted pac… |
| CVE-2026-8670 | CVE-2026-8670 CVSS 9.6avantra | Insufficient session expiration vulnerability in syslink software AG Avantra on Linux, Windows allows Reusing Session IDs (aka Session Replay). This issue aff… |
| CVE-2026-8634 | CVE-2026-8634 CVSS 9.1 | Crabbox prior to v0.12.0 contains an environment variable exposure vulnerability that allows attackers with access to a malicious or compromised repository to … |
| CVE-2026-8633 | CVE-2026-8633 CVSS 9.8 | IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liber… |
| CVE-2026-8631 | CVE-2026-8631 CVSS 9.8 | A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of priv… |
| CVE-2026-8605 | CVE-2026-8605 CVSS 9.8 | In ScadaBR version 1.2.0, a Use of Hard-Coded Credentials vulnerability could allow an attacker to access the SCADA system as admin. |