31,467 indexed
CVECVE vulnerabilities
31,467 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 751–800 of 8,314 in Critical · page 16 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2026-39842 | CVE-2026-39842 CVSS 9.9 | OpenRemote is an open-source IoT platform. Versions 1.21.0 and below contain two interrelated expression injection vulnerabilities in the rules engine that all… |
| CVE-2026-39834 | CVE-2026-39834 CVSS 9.1 | When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop … |
| CVE-2026-39833 | CVE-2026-39833 CVSS 9.1 | The in-memory keyring returned by NewKeyring() silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without an… |
| CVE-2026-39832 | CVE-2026-39832 CVSS 9.1 | When adding a key to a remote agent constraint extensions such as restrict-destination-v00@openssh.com were not serialized in the request. Destination restrict… |
| CVE-2026-39831 | CVE-2026-39831 CVSS 9.1golang | The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nistp256@openssh.com, sk-ssh-ed25519@openssh.com) did not check the User Presence flag. Sign… |
| CVE-2026-39830 | CVE-2026-39830 CVSS 9.1golang | A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection's read loop. The blocked goroutine cou… |
| CVE-2026-39821 | CVE-2026-39821 CVSS 10.0 | The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode("xn--example-.com") i… |
| CVE-2026-39813 | CVE-2026-39813 CVSS 9.8fortinet | A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8 may allow attacker to escalation of… |
| CVE-2026-3981 | CVE-2026-3981 CVSS 9.8 | A vulnerability was found in itsourcecode Online Doctor Appointment System 1.0. Affected is an unknown function of the file /admin/doctor_action.php. Performin… |
| CVE-2026-39808 | CVE-2026-39808 CVSS 9.8 | A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may all… |
| CVE-2026-3980 | CVE-2026-3980 CVSS 9.8 | A vulnerability has been found in itsourcecode Online Doctor Appointment System 1.0. This impacts an unknown function of the file /admin/patient_action.php. Su… |
| CVE-2026-39640 | CVE-2026-39640 CVSS 9.6 | Cross-Site Request Forgery (CSRF) vulnerability in mndpsingh287 Theme Editor theme-editor allows Code Injection.This issue affects Theme Editor: from n/a throu… |
| CVE-2026-39620 | CVE-2026-39620 CVSS 9.6 | Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Appointment appointment allows Upload a Web Shell to a Web Server.This issue affects Appoint… |
| CVE-2026-39619 | CVE-2026-39619 CVSS 9.6 | Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Busiprof busiprof allows Upload a Web Shell to a Web Server.This issue affects Busiprof: fro… |
| CVE-2026-39617 | CVE-2026-39617 CVSS 9.6 | Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Bluestreet bluestreet allows Cross Site Request Forgery.This issue affects Bluestreet: from … |
| CVE-2026-3960 | CVE-2026-3960 CVSS 9.8 | A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint /99/ImportSQLTable in H2O-3 version 3.46.0.9 and prior. The vuln… |
| CVE-2026-39531 | CVE-2026-39531 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wp Directory Kit WP Directory Kit allows Blind SQL Inject… |
| CVE-2026-39440 | CVE-2026-39440 CVSS 9.9 | Improper Control of Generation of Code ('Code Injection') vulnerability in Funnelforms LLC FunnelFormsPro allows Remote Code Inclusion.This issue affects Funne… |
| CVE-2026-3944 | CVE-2026-3944 CVSS 9.8 | A vulnerability was determined in itsourcecode University Management System 1.0. This vulnerability affects unknown code of the file /att_add.php. This manipul… |
| CVE-2026-39429 | CVE-2026-39429 CVSS 9.1 | kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads. Prior to 0.30.3 and 0.29.3, the cache server i… |
| CVE-2026-39399 | CVE-2026-39399 CVSS 9.6 | NuGet Gallery is a package repository that powers nuget.org. A security vulnerability exists in the NuGetGallery backend job’s handling of .nuspec files within… |
| CVE-2026-39397 | CVE-2026-39397 CVSS 9.8 | @delmaredigital/payload-puck is a PayloadCMS plugin for integrating Puck visual page builder. Prior to 0.6.23, all /api/puck/* CRUD endpoint handlers registere… |
| CVE-2026-39394 | CVE-2026-39394 CVSS 9.8 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0… |
| CVE-2026-39351 | CVE-2026-39351 CVSS 9.1 | Frappe is a full-stack web application framework. Prior to 16.14.0 and 15.104.0, Frappe allows unrestricted Doctype access via API exploit. |
| CVE-2026-39339 | CVE-2026-39339 CVSS 9.1 | ChurchCRM is an open-source church management system. Prior to 7.1.0, a critical authentication bypass vulnerability in ChurchCRM's API middleware (ChurchCRM/… |
| CVE-2026-39337 | CVE-2026-39337 CVSS 10.0 | ChurchCRM is an open-source church management system. Prior to 7.1.0, critical pre-authentication remote code execution vulnerability in ChurchCRM's setup wiza… |
| CVE-2026-39324 | CVE-2026-39324 CVSS 9.8 | Rack::Session is a session management implementation for Rack. From 2.0.0 to before 2.1.2, Rack::Session::Cookie incorrectly handles decryption failures when c… |
| CVE-2026-39305 | CVE-2026-39305 CVSS 10.0 | PraisonAI is a multi-agent teams system. Prior to 1.5.113, the Action Orchestrator feature contains a Path Traversal vulnerability that allows an attacker (or … |
| CVE-2026-3916 | CVE-2026-3916 CVSS 9.6 | Out of bounds read in Web Speech in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML p… |
| CVE-2026-39109 | CVE-2026-39109 CVSS 9.4 | SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 within the username parameter of the login page (… |
| CVE-2026-39087 | CVE-2026-39087 CVSS 9.8 | ntfy before 2.22.0 allows SSRF because of an unanchored regular expression. |
| CVE-2026-38992 | CVE-2026-38992 CVSS 9.8 | Cockpit v2.13.5 and earlier is vulnerable to arbitrary code execution via the filter parameter within multiple endpoints. This vulnerability allows an attacker… |
| CVE-2026-3893 | CVE-2026-3893 CVSS 9.4 | The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism, allowing an attacker with network access to directly access and modify its configuration… |
| CVE-2026-3891 | CVE-2026-3891 CVSS 9.8 | The Pix for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check and missing file type validation in the 'l… |
| CVE-2026-38835 | CVE-2026-38835 CVSS 9.8 | Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the formSetUSBPartitionUmount function via the usbPartitionName parameter… |
| CVE-2026-38567 | CVE-2026-38567 CVSS 9.8 | HireFlow v1.2 is vulnerable to SQL injection in the /login and /search endpoints. User-supplied input is concatenated directly into SQL queries without paramet… |
| CVE-2026-3856 | CVE-2026-3856 CVSS 9.1 | IBM Db2 Recovery Expert for Linux, UNIX and Windows 5.5 IF 2 could allow an attacker to modify or corrupt data due to an insecure mechanism used for verifying … |
| CVE-2026-38526 | CVE-2026-38526 CVSS 9.9 | An authenticated arbitrary file upload vulnerability in the /admin/tinymce/upload endpoint of Webkul Krayin CRM v2.2.x allows attackers to execute arbitrary co… |
| CVE-2026-3849 | CVE-2026-3849 CVSS 9.8 | Stack Buffer Overflow in wc_HpkeLabeledExtract via Oversized ECH Config. A vulnerability existed in wolfSSL 5.8.4 ECH (Encrypted Client Hello) support, where a… |
| CVE-2026-3844 | CVE-2026-3844 CVSS 9.8 | The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetch_gravatar_from_remote' function … |
| CVE-2026-38431 | CVE-2026-38431 CVSS 9.8 | ERPNext v15.103.1 and before is vulnerable to Server-Side Template Injection (SSTI). An attacker with permission to create or edit email templates can inject t… |
| CVE-2026-3843 | CVE-2026-3843 CVSS 9.8 | Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 on Linux contains a SQL Injection vulnerability (CWE-89) in the system configuration module. … |
| CVE-2026-38429 | CVE-2026-38429 CVSS 9.8 | OpenCMS v20 and before is vulnerable to XML External Entity (XXE) in the Admin Import DB feature due to insecure XML parsing of user supplied .zip files contai… |
| CVE-2026-38428 | CVE-2026-38428 CVSS 9.8 | Kestra v1.3.3 and before is vulnerable to SQL Injection. The vulnerability occurs because user-controlled input from a GET parameter is directly concatenated i… |
| CVE-2026-38360 | CVE-2026-38360 CVSS 9.8 | Directory Traversal vulnerability in fohrloop dash-uploader v.0.1.0 through v.0.7.0a2 allows a remote attacker to execute arbitrary code via the dash_uploader/… |
| CVE-2026-3826 | CVE-2026-3826 CVSS 9.8 | IFTOP developed by WellChoose has a Local File Inclusion vulnerability, allowing unauthenticated remote attackers to execute arbitrary code on the server. |
| CVE-2026-3823 | CVE-2026-3823 CVSS 9.8 | EHG2408 series switch developed by Atop Technologies has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the … |
| CVE-2026-3818 | CVE-2026-3818 CVSS 9.8 | A flaw has been found in Tiandy Easy7 CMS Windows 7.17.0. Impacted is an unknown function of the file /Easy7/apps/WebService/GetDBData.jsp. This manipulation o… |
| CVE-2026-3813 | CVE-2026-3813 CVSS 9.8 | A vulnerability was identified in opencc JFlow up to 5badc00db382d7cb82dad231e6a866b18e0addfe. Affected by this vulnerability is the function Calculate of the … |
| CVE-2026-3795 | CVE-2026-3795 CVSS 9.8 | A security flaw has been discovered in doramart DoraCMS 3.0.x. Impacted is the function createFileBypath of the file /DoraCMS/server/app/router/api/v1.js. Perf… |