31,467 indexed
CVECVE vulnerabilities
31,467 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 551–600 of 8,314 in Critical · page 12 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2026-4213 | CVE-2026-4213 CVSS 9.8 | A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-3… |
| CVE-2026-4212 | CVE-2026-4212 CVSS 9.8 | A security vulnerability has been detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, D… |
| CVE-2026-4211 | CVE-2026-4211 CVSS 9.8 | A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR… |
| CVE-2026-4210 | CVE-2026-4210 CVSS 9.8 | A security flaw has been discovered in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L… |
| CVE-2026-42090 | CVE-2026-42090 CVSS 9.6 | Notesnook is a note-taking app focused on user privacy & ease of use. Prior to Notesnook Web/Desktop version 3.3.15 and prior to Notesnook iOS/Android version … |
| CVE-2026-4209 | CVE-2026-4209 CVSS 9.8 | A vulnerability was identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR… |
| CVE-2026-42087 | CVE-2026-42087 CVSS 9.6 | OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. From version 6.7.0 to before version 7.… |
| CVE-2026-42076 | CVE-2026-42076 CVSS 9.8 | Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a command injection vulnerability in the _extractLLM() function allows at… |
| CVE-2026-42072 | CVE-2026-42072 CVSS 9.8 | Nornicdb is a distributed low-latency, Graph+Vector, Temporal MVCC with all sub-ms HNSW search, graph traversal, and writes. Prior to version 1.0.42-hotfix, th… |
| CVE-2026-4207 | CVE-2026-4207 CVSS 9.8 | A vulnerability was determined in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR… |
| CVE-2026-42062 | CVE-2026-42062 CVSS 9.8 | ELECOM wireless LAN access point devices contain an OS command injection in processing of username parameter. If processing a crafted request, an arbitrary OS … |
| CVE-2026-4206 | CVE-2026-4206 CVSS 9.8 | A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326,… |
| CVE-2026-4205 | CVE-2026-4205 CVSS 9.8 | A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR… |
| CVE-2026-42048 | CVE-2026-42048 CVSS 9.6 | Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow is vulnerable to Path Traversal in the Knowledge Bases … |
| CVE-2026-42044 | CVE-2026-42044 CVSS 9.1 | Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.15.2, he Axios library is vulnerable to a Prototype Pollution "Gadget"… |
| CVE-2026-42043 | CVE-2026-42043 CVSS 10.0 | Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, an attacker who can influence the target URL of an Axios request … |
| CVE-2026-4204 | CVE-2026-4204 CVSS 9.8 | A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS… |
| CVE-2026-42032 | CVE-2026-42032 CVSS 9.1 | CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastore_search_s… |
| CVE-2026-42031 | CVE-2026-42031 CVSS 9.8 | CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastore_search_s… |
| CVE-2026-4203 | CVE-2026-4203 CVSS 9.8 | A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-3… |
| CVE-2026-42027 | CVE-2026-42027 CVSS 9.8 | Arbitrary Class Instantiation via Model Manifest in Apache OpenNLP ExtensionLoader Versions Affected: before 2.5.9, before 3.0.0-M3 Description: Th… |
| CVE-2026-42010 | CVE-2026-42010 CVSS 7.1gnu | A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched usernames containing a NUL character wi… |
| CVE-2026-4197 | CVE-2026-4197 CVSS 9.8 | A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326,… |
| CVE-2026-4196 | CVE-2026-4196 CVSS 9.8 | A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR… |
| CVE-2026-4195 | CVE-2026-4195 CVSS 9.8 | A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS… |
| CVE-2026-41948 | CVE-2026-41948 CVSS 9.4 | Dify version 1.14.1 and prior contain a path traversal vulnerability that allows authenticated users to manipulate requests forwarded to the Plugin Daemon's in… |
| CVE-2026-41947 | CVE-2026-41947 CVSS 9.1 | Dify before version 1.14.2 contains an authorization bypass vulnerability that allows authenticated editor users to set and enable trace configurations for any… |
| CVE-2026-41940 | WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerability KEVCVSS 9.8WebPros | WebPros cPanel & WHM (WebHost Manager) and WP2 (WordPress Squared) contain an authentication bypass vulnerability in the login flow that allows unauthenticated… |
| CVE-2026-4194 | CVE-2026-4194 CVSS 9.8 | A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-3… |
| CVE-2026-41930 | CVE-2026-41930 CVSS 9.8 | Vvveb before version 1.0.8.2 contains a hard-coded credentials vulnerability in its docker-compose-apache.yaml configuration that allows unauthenticated attack… |
| CVE-2026-41919 | CVE-2026-41919 CVSS 9.1 | Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24… |
| CVE-2026-41902 | CVE-2026-41902 CVSS 9.1 | FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, the /user-setup/{hash} endpoint accepts a 60-chara… |
| CVE-2026-41901 | CVE-2026-41901 CVSS 9.0 | Thymeleaf is a server-side Java template engine for web and standalone environments. Prior to 3.1.5.RELEASE, a security bypass vulnerability exists in the expr… |
| CVE-2026-41898 | CVE-2026-41898 CVSS 9.8 | rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.24 to before 0.10.78, the FFI trampolines behind SslContextBuilder::set_psk… |
| CVE-2026-41889 | CVE-2026-41889 CVSS 9.8 | pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when the non-default simple protocol is used, a dollar quoted st… |
| CVE-2026-41873 | CVE-2026-41873 CVSS 9.8 | ** UNSUPPORTED WHEN ASSIGNED ** Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Pony Mail leading to admin ac… |
| CVE-2026-4184 | CVE-2026-4184 CVSS 9.8 | A vulnerability was detected in D-Link DIR-816 1.10CNB05. Affected by this vulnerability is an unknown functionality of the file /goform/form2Wl5BasicSetup.cgi… |
| CVE-2026-4183 | CVE-2026-4183 CVSS 9.8 | A security vulnerability has been detected in D-Link DIR-816 1.10CNB05. Affected is an unknown function of the file /goform/form2WlanBasicSetup.cgi of the comp… |
| CVE-2026-4182 | CVE-2026-4182 CVSS 9.8 | A weakness has been identified in D-Link DIR-816 1.10CNB05. This impacts an unknown function of the file /goform/form2Wl5RepeaterStep2.cgi of the component goa… |
| CVE-2026-4181 | CVE-2026-4181 CVSS 9.8 | A security flaw has been discovered in D-Link DIR-816 1.10CNB05. This affects an unknown function of the file /goform/form2RepeaterStep2.cgi of the component g… |
| CVE-2026-4180 | CVE-2026-4180 CVSS 9.8 | A vulnerability was identified in D-Link DIR-816 1.10CNB05. The impacted element is an unknown function of the file redirect.asp of the component goahead. The … |
| CVE-2026-4177 | CVE-2026-4177 CVSS 9.1 | YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter. T… |
| CVE-2026-4176 | CVE-2026-4176 CVSS 9.8 | Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib. Comp… |
| CVE-2026-4170 | CVE-2026-4170 CVSS 9.8 | A weakness has been identified in Topsec TopACM 3.0. Affected by this vulnerability is an unknown functionality of the file /view/systemConfig/management/nmc_s… |
| CVE-2026-41681 | CVE-2026-41681 CVSS 9.8 | rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.39 to before 0.10.78, EVP_DigestFinal() always writes EVP_MD_CTX_size(ctx)… |
| CVE-2026-41679 | CVE-2026-41679 CVSS 10.0 | Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Prior to version 2026.416.0, an unauthenticated attacker ca… |
| CVE-2026-41678 | CVE-2026-41678 CVSS 9.8 | rust-openssl provides OpenSSL bindings for the Rust programming language. From to before 0.10.78, aes::unwrap_key() contains an incorrect assertion: it check… |
| CVE-2026-41677 | CVE-2026-41677 CVSS 9.1 | rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.0 to before 0.10.78, the *_from_pem_callback APIs did not validate the leng… |
| CVE-2026-41676 | CVE-2026-41676 CVSS 9.8 | rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.27 to before 0.10.78, Deriver::derive (and PkeyCtxRef::derive) sets len = b… |
| CVE-2026-4164 | CVE-2026-4164 CVSS 9.8 | A flaw has been found in Wavlink WL-WN578W2 221110. Impacted is the function Delete_Mac_list/SetName/GuestWifi of the file /cgi-bin/wireless.cgi of the compone… |