31,467 indexed
CVECVE vulnerabilities
31,467 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 901–950 of 8,314 in Critical · page 19 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2026-34953 | CVE-2026-34953 CVSS 9.1 | PraisonAI is a multi-agent teams system. Prior to version 4.5.97, OAuthManager.validate_token() returns True for any token not found in its internal store, whi… |
| CVE-2026-34952 | CVE-2026-34952 CVSS 9.1 | PraisonAI is a multi-agent teams system. Prior to version 4.5.97, the PraisonAI Gateway server accepts WebSocket connections at /ws and serves agent topology a… |
| CVE-2026-34950 | CVE-2026-34950 CVSS 9.1 | fast-jwt provides fast JSON Web Token (JWT) implementation. In 6.1.0 and earlier, the publicKeyPemMatcher regex in fast-jwt/src/crypto.js uses a ^ anchor that … |
| CVE-2026-34938 | CVE-2026-34938 CVSS 10.0 | PraisonAI is a multi-agent teams system. Prior to version 1.5.90, execute_code() in praisonai-agents runs attacker-controlled Python inside a three-layer sandb… |
| CVE-2026-34937 | CVE-2026-34937 CVSS 9.8 | PraisonAI is a multi-agent teams system. Prior to version 1.5.90, run_python() in praisonai constructs a shell command string by interpolating user-controlled … |
| CVE-2026-34935 | CVE-2026-34935 CVSS 9.8 | PraisonAI is a multi-agent teams system. From version 4.5.15 to before version 4.5.69, the --mcp CLI argument is passed directly to shlex.split() and forwarded… |
| CVE-2026-34934 | CVE-2026-34934 CVSS 9.8 | PraisonAI is a multi-agent teams system. Prior to version 4.5.90, the get_all_user_threads function constructs raw SQL queries using f-strings with unescaped t… |
| CVE-2026-34932 | CVE-2026-34932 CVSS 9.3 | hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, there is a stored XSS vulnerability that can lead to CSRF. This issue has be… |
| CVE-2026-34931 | CVE-2026-34931 CVSS 9.6 | hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, there is an open redirect vulnerability that leads to token exfiltration. Wi… |
| CVE-2026-34910 | CVE-2026-34910 CVSS 10.0 | A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection. |
| CVE-2026-34909 | CVE-2026-34909 CVSS 10.0 | A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system th… |
| CVE-2026-34908 | CVE-2026-34908 CVSS 10.0 | A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to t… |
| CVE-2026-34877 | CVE-2026-34877 CVSS 9.8arm | An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures a… |
| CVE-2026-34875 | CVE-2026-34875 CVSS 9.8trustedfirmware | An issue was discovered in Mbed TLS through 3.6.5 and TF-PSA-Crypto 1.0.0. A buffer overflow can occur in public key export for FFDH keys. |
| CVE-2026-34873 | CVE-2026-34873 CVSS 9.1trustedfirmware | An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session. |
| CVE-2026-34872 | CVE-2026-34872 CVSS 9.1 | An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input… |
| CVE-2026-34865 | CVE-2026-34865 CVSS 9.1 | Out-of-bounds write vulnerability in the WEB module.Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. |
| CVE-2026-3485 | CVE-2026-3485 CVSS 9.8 | A flaw has been found in D-Link DIR-868L 110b03. This affects the function sub_1BF84 of the component SSDP Service. This manipulation of the argument ST causes… |
| CVE-2026-34841 | CVE-2026-34841 CVSS 9.8 | Bruno is an open source IDE for exploring and testing APIs. Prior to 3.2.1, Bruno was affected by a supply chain attack involving compromised versions of the a… |
| CVE-2026-34838 | CVE-2026-34838 CVSS 9.9 | Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.156, 25.0.90, and 26.0.12, a vulnerability in the Abst… |
| CVE-2026-34775 | CVE-2026-34775 CVSS 9.8 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.4, 40.8.4, and 41.0.0, t… |
| CVE-2026-34758 | CVE-2026-34758 CVSS 9.1 | OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, unauthenticated access to Notification test and Phone Number manag… |
| CVE-2026-34751 | CVE-2026-34751 CVSS 9.1 | Payload is a free and open source headless content management system. Prior to version 3.79.1 in @payloadcms/graphql and payload, a vulnerability in the passwo… |
| CVE-2026-34745 | CVE-2026-34745 CVSS 9.1 | Fireshare facilitates self-hosted media and link sharing. Prior to version 1.5.3, the fix for CVE-2026-33645 was applied to the authenticated /api/uploadChunke… |
| CVE-2026-34727 | CVE-2026-34727 CVSS 9.1 | Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the OIDC callback handler issues a full JWT token without checking whether the … |
| CVE-2026-34660 | CVE-2026-34660 CVSS 9.3 | Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution… |
| CVE-2026-34659 | CVE-2026-34659 CVSS 9.6 | Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code … |
| CVE-2026-34615 | CVE-2026-34615 CVSS 9.3 | Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code executio… |
| CVE-2026-34612 | CVE-2026-34612 CVSS 9.0 | Kestra is an open-source, event-driven orchestration platform. Prior to version 1.3.7, Kestra (default docker-compose deployment) contains a SQL Injection vuln… |
| CVE-2026-3461 | CVE-2026-3461 CVSS 9.8 | The Visa Acceptance Solutions plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.1.0. This is due to the `expr… |
| CVE-2026-34582 | CVE-2026-34582 CVSS 9.1 | Botan is a C++ cryptography library. Prior to version 3.11.1, the TLS 1.3 implementation allowed ApplicationData records to be processed prior to the Finished … |
| CVE-2026-34571 | CVE-2026-34571 CVSS 9.0 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version … |
| CVE-2026-34569 | CVE-2026-34569 CVSS 9.0 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version … |
| CVE-2026-34568 | CVE-2026-34568 CVSS 9.0 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version … |
| CVE-2026-34567 | CVE-2026-34567 CVSS 9.0 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version … |
| CVE-2026-34566 | CVE-2026-34566 CVSS 9.0 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version … |
| CVE-2026-34565 | CVE-2026-34565 CVSS 9.0 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version … |
| CVE-2026-34564 | CVE-2026-34564 CVSS 9.0 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version … |
| CVE-2026-34563 | CVE-2026-34563 CVSS 9.0 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version … |
| CVE-2026-34562 | CVE-2026-34562 CVSS 9.0 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version … |
| CVE-2026-34560 | CVE-2026-34560 CVSS 9.0 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version … |
| CVE-2026-34559 | CVE-2026-34559 CVSS 9.0 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version … |
| CVE-2026-34558 | CVE-2026-34558 CVSS 9.0 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version … |
| CVE-2026-34557 | CVE-2026-34557 CVSS 9.0 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version … |
| CVE-2026-34532 | CVE-2026-34532 CVSS 9.1 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.67 and 9.7.0-alpha.11, an attacke… |
| CVE-2026-34529 | CVE-2026-34529 CVSS 9.0 | File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to version 2.62.… |
| CVE-2026-34528 | CVE-2026-34528 CVSS 9.8 | File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to version 2.62.… |
| CVE-2026-34520 | CVE-2026-34520 CVSS 9.1 | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, the C parser (the default for most installs) accepted … |
| CVE-2026-34475 | CVE-2026-34475 CVSS 9.8 | Varnish Cache before 8.0.1 and Varnish Enterprise before 6.0.16r12, in certain unchecked req.url scenarios, mishandle URLs with a path of / for HTTP/1.1, poten… |
| CVE-2026-34457 | CVE-2026-34457 CVSS 9.1 | OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions prior to 7.15.2 contain a configuration-dependent authentication … |