31,509 indexed
CVECVE vulnerabilities
31,509 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 1,301–1,350 of 8,314 in Critical · page 27 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2026-31217 | CVE-2026-31217 CVSS 9.8 | The _load_model() function in the neural_magic_training.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f (2024-07-21) allow… |
| CVE-2026-31216 | CVE-2026-31216 CVSS 9.1 | The nexent v1.7.5.2 backend service contains an unauthorized arbitrary storage file deletion vulnerability in its file management API. The DELETE /storage/{obj… |
| CVE-2026-31215 | CVE-2026-31215 CVSS 9.1 | The nexent v1.7.5.2 backend service contains an unauthorized arbitrary file deletion vulnerability in its ElasticSearch service interface. The DELETE /{index_n… |
| CVE-2026-31214 | CVE-2026-31214 CVSS 9.8 | The torch-checkpoint-shrink.py script in the ml-engineering project in commit 0099885db36a8f06556efe1faf552518852cb1e0 (2025-20-27) contains an insecure deseri… |
| CVE-2026-31181 | CVE-2026-31181 CVSS 9.8 | An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunServerAddr parameter t… |
| CVE-2026-31178 | CVE-2026-31178 CVSS 9.8 | An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunMaxAlive parameter to … |
| CVE-2026-31177 | CVE-2026-31177 CVSS 9.8 | An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunMinAlive parameter to … |
| CVE-2026-31175 | CVE-2026-31175 CVSS 9.8 | An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunEnable parameter to /c… |
| CVE-2026-31170 | CVE-2026-31170 CVSS 9.8 | An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stun-pass parameter to /cg… |
| CVE-2026-31151 | CVE-2026-31151 CVSS 9.8 | An issue in the login mechanism of Kaleris YMS v7.2.2.1 allows attackers to bypass login verification to access the application 's resources. |
| CVE-2026-31072 | CVE-2026-31072 CVSS 9.8 | The JSONSerializer and CBORSerializer in APScheduler (all versions including 3.10.x and 4.0.0a5) are vulnerable to Remote Code Execution (RCE) via Insecure Des… |
| CVE-2026-31071 | CVE-2026-31071 CVSS 9.1 | API endpoints in LalanaChami Pharmacy Management System (commit 5c3d028) lack authentication middleware. Unauthenticated remote attackers can exploit this to d… |
| CVE-2026-31070 | CVE-2026-31070 CVSS 9.8 | The LalanaChami Pharmacy Management System (commit 5c3d028) allows unauthenticated remote attackers to escalate privileges by self-assigning an administrative … |
| CVE-2026-31059 | CVE-2026-31059 CVSS 9.8 | A remote command execution (RCE) vulnerability in the /goform/formDia component of UTT Aggressive HiPER 520W v3v1.7.7-180627 allows attackers to execute arbitr… |
| CVE-2026-31049 | CVE-2026-31049 CVSS 9.8 | An issue in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to execute arbitrary code and escalate privileges via the CSV registration field |
| CVE-2026-31048 | CVE-2026-31048 CVSS 9.8 | An issue in the <code>pickle</code> protocol of Pyro v3.x allows attackers to execute arbitrary code via supplying a crafted pickled string message. |
| CVE-2026-31040 | CVE-2026-31040 CVSS 9.8 | A vulnerability was identified in stata-mcp prior to v1.13.0 where insufficient validation of user-supplied Stata do-file content can lead to command execution. |
| CVE-2026-31027 | CVE-2026-31027 CVSS 9.8 | TOTOlink A3600R v5.9c.4959 contains a buffer overflow vulnerability in the setAppEasyWizardConfig interface of /lib/cste_modules/app.so. The vulnerability occu… |
| CVE-2026-31017 | CVE-2026-31017 CVSS 9.1 | A Server-Side Request Forgery (SSRF) vulnerability exists in the Print Format functionality of ERPNext v16.0.1 and Frappe Framework v16.1.1, where user-supplie… |
| CVE-2026-30993 | CVE-2026-30993 CVSS 9.8 | Slah CMS v1.5.0 and below was discovered to contain a remote code execution (RCE) vulnerability in the session() function at config.php. This vulnerability is … |
| CVE-2026-30975 | CVE-2026-30975 CVSS 9.8 | Sonarr is a PVR for Usenet and BitTorrent users. Versions prior to 4.0.16.2942 have an authentication bypass that affected users that had disabled authenticati… |
| CVE-2026-30970 | CVE-2026-30970 CVSS 9.1 | Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The Internet of Agents. Prior to 1.1.0, Cora… |
| CVE-2026-30969 | CVE-2026-30969 CVSS 9.1 | Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The Internet of Agents. Prior to 1.1.0, Cora… |
| CVE-2026-30968 | CVE-2026-30968 CVSS 9.8 | Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The Internet of Agents. Prior to 1.1.0, the … |
| CVE-2026-30966 | CVE-2026-30966 CVSS 10.0 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.7 and 8.6.20, Parse Server's inter… |
| CVE-2026-30965 | CVE-2026-30965 CVSS 9.1 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.8 and 8.6.21, a vulnerability in P… |
| CVE-2026-30957 | CVE-2026-30957 CVSS 9.9 | OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, OneUptime Synthetic Monitors allow a low-privileged authenticated projec… |
| CVE-2026-30956 | CVE-2026-30956 CVSS 9.9 | OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, a low‑privileged user can bypass authorization and tenant isolation in O… |
| CVE-2026-30930 | CVE-2026-30930 CVSS 9.8 | Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, The TimescaleDB export module constructs SQL queries using string concatenatio… |
| CVE-2026-30924 | CVE-2026-30924 CVSS 9.6 | qui is a web interface for managing qBittorrent instances. Versions 1.14.1 and below use a permissive CORS policy that reflects arbitrary origins while also re… |
| CVE-2026-30921 | CVE-2026-30921 CVSS 9.9 | OneUptime is a solution for monitoring and managing online services. Prior to 10.0.20, OneUptime Synthetic Monitors allow low-privileged project users to submi… |
| CVE-2026-30909 | CVE-2026-30909 CVSS 9.8 | Crypt::NaCl::Sodium versions through 2.002 for Perl has potential integer overflows. bin2hex, encrypt, aes256gcm_encrypt_afternm and seal functions do not che… |
| CVE-2026-30903 | CVE-2026-30903 CVSS 9.8 | External Control of File Name or Path in the Mail feature of Zoom Workplace for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation… |
| CVE-2026-30893 | CVE-2026-30893 CVSS 9.9 | Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.4.0 to before version 4.14.4, a path traversal vul… |
| CVE-2026-30887 | CVE-2026-30887 CVSS 9.9 | OneUptime is a solution for monitoring and managing online services. Prior to 10.0.18, OneUptime allows project members to run custom Playwright/JavaScript cod… |
| CVE-2026-30884 | CVE-2026-30884 CVSS 9.6 | mdjnelson/moodle-mod_customcert is a Moodle plugin for creating dynamically generated certificates with complete customization via the web browser. Prior to ve… |
| CVE-2026-30880 | CVE-2026-30880 CVSS 9.8 | baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has an OS command injection vulnerability in the installer. This issue has been p… |
| CVE-2026-30872 | CVE-2026-30872 CVSS 9.8 | OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6 and 25.12.1, the mdns daemon has a Stack-based Buffer Over… |
| CVE-2026-30871 | CVE-2026-30871 CVSS 9.8 | OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6 and 25.12.1, the mdns daemon has a Stack-based Buffer Over… |
| CVE-2026-30869 | CVE-2026-30869 CVSS 9.8 | SiYuan is a personal knowledge management system. Prior to 3.5.10, a path traversal vulnerability in the /export endpoint allows an attacker to read arbitrary … |
| CVE-2026-30863 | CVE-2026-30863 CVSS 9.8 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.10 and 9.5.0-alpha.11, the Google… |
| CVE-2026-30862 | CVE-2026-30862 CVSS 9.0 | Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.96, a Critical Stored XSS vulnerability exists in the Table Widget (Ta… |
| CVE-2026-30860 | CVE-2026-30860 CVSS 9.8 | WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, a remote code execution (RCE) vul… |
| CVE-2026-30849 | CVE-2026-30849 CVSS 9.8 | Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions prior to 2.28.1 running on MySQL family databases are affected by an authentication byp… |
| CVE-2026-30836 | CVE-2026-30836 CVSS 10.0 | Step CA is an online certificate authority for secure, automated certificate management for DevOps. Versions 0.30.0-rc6 and below do not safeguard against unau… |
| CVE-2026-30832 | CVE-2026-30832 CVSS 9.1 | Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0.11.4, an authenticated SSH user can force the server to m… |
| CVE-2026-30831 | CVE-2026-30831 CVSS 9.8 | Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to versions 7.10.8, 7.11.5, 7.12.5, 7.13.4, 8.0.2, 8.1.1, and 8.2.0, a… |
| CVE-2026-30824 | CVE-2026-30824 CVSS 9.8 | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, the NVIDIA NIM router (/api/v1/nvidia-nim/*) … |
| CVE-2026-30821 | CVE-2026-30821 CVSS 9.8 | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, the /api/v1/attachments/:chatflowId/:chatId e… |
| CVE-2026-30805 | CVE-2026-30805 CVSS 9.1 | Insecure Default Initialization of Resource vulnerability allows Authentication Bypass via API access. This issue affects Pandora FMS: from 777 through 800 |