31,509 indexed
CVECVE vulnerabilities
31,509 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 1,351–1,400 of 8,314 in Critical · page 28 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2026-30793 | CVE-2026-30793 CVSS 9.8 | Cross-Site Request Forgery (CSRF) vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Flutter URI scheme h… |
| CVE-2026-30790 | CVE-2026-30790 CVSS 9.8 | Improper Restriction of Excessive Authentication Attempts, Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-server-pro Rus… |
| CVE-2026-30789 | CVE-2026-30789 CVSS 9.8 | Authentication Bypass by Capture-replay, Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-client RustDesk Client rustdesk-… |
| CVE-2026-30784 | CVE-2026-30784 CVSS 9.8 | Missing Authorization, Missing Authentication for Critical Function vulnerability in rustdesk-server RustDesk Server rustdesk-server, rustdesk-server-pro on hb… |
| CVE-2026-30783 | CVE-2026-30783 CVSS 9.8 | A vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient (Client signaling, API sync loop, config m… |
| CVE-2026-30741 | CVE-2026-30741 CVSS 9.8 | A remote code execution (RCE) vulnerability in OpenClaw Agent Platform v2026.2.6 allows attackers to execute arbitrary code via a Request-Side prompt injection… |
| CVE-2026-30704 | CVE-2026-30704 CVSS 9.1 | The WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02) exposes an unprotected UART interface through accessible hardware pads on the PCB |
| CVE-2026-30703 | CVE-2026-30703 CVSS 9.8 | A command injection vulnerability exists in the web management interface of the WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02). The adm.cgi endpoint im… |
| CVE-2026-30702 | CVE-2026-30702 CVSS 9.8 | The WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02) implements a broken authentication mechanism in its web management interface. The login page does no… |
| CVE-2026-30701 | CVE-2026-30701 CVSS 9.1 | The web interface of the WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02) contains hardcoded credential disclosure mechanisms (in the form of Server Side… |
| CVE-2026-30694 | CVE-2026-30694 CVSS 9.8 | An issue in DedeCMS v.5.7.118 and before allows a remote attacker to execute arbitrary code via the array_filter component |
| CVE-2026-3069 | CVE-2026-3069 CVSS 9.8 | A security vulnerability has been detected in itsourcecode Document Management System 1.0. Affected is an unknown function of the file /edtlbls.php. The manipu… |
| CVE-2026-3068 | CVE-2026-3068 CVSS 9.8 | A weakness has been identified in itsourcecode Document Management System 1.0. This impacts an unknown function of the file /deluser.php. Executing a manipulat… |
| CVE-2026-30643 | CVE-2026-30643 CVSS 9.8 | An issue was discovered in DedeCMS 5.7.118 allowing attackers to execute code via crafted setup tag values in a module upload. |
| CVE-2026-30625 | CVE-2026-30625 CVSS 9.8 | Upsonic 0.71.6 contains a remote code execution vulnerability in its MCP server/task creation functionality. The application allows users to define MCP tasks w… |
| CVE-2026-3062 | CVE-2026-3062 CVSS 9.8 | Out of bounds read and write in Tint in Google Chrome on Mac prior to 145.0.7632.116 allowed a remote attacker to perform out of bounds memory access via a cra… |
| CVE-2026-3061 | CVE-2026-3061 CVSS 9.1 | Out of bounds read in Media in Google Chrome prior to 145.0.7632.116 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.… |
| CVE-2026-3060 | CVE-2026-3060 CVSS 9.8 | SGLang' encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module, which deserializes unt… |
| CVE-2026-3059 | CVE-2026-3059 CVSS 9.8 | SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, which deserializes untrusted data using pi… |
| CVE-2026-3057 | CVE-2026-3057 CVSS 9.8 | A security flaw has been discovered in a54552239 pearProjectApi up to 2.8.10. Affected is the function dateTotalForProject of the file application/common/Model… |
| CVE-2026-30562 | CVE-2026-30562 CVSS 9.3 | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_stock.php… |
| CVE-2026-3055 | Citrix NetScaler Out-of-Bounds Read Vulnerability KEVCVSS 9.8Citrix | Citrix NetScaler ADC (formerly Citrix ADC), NetScaler Gateway (formerly Citrix Gateway) and NetScaler ADC FIPS and NDcPP contain an out-of-bounds reads vulnera… |
| CVE-2026-30533 | CVE-2026-30533 CVSS 9.8 | A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/manage_product.php file via the "id" parameter. |
| CVE-2026-30532 | CVE-2026-30532 CVSS 9.8 | A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/view_product.php file via the "id" parameter. |
| CVE-2026-30530 | CVE-2026-30530 CVSS 9.8 | A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file (specifically the save_customer action). The ap… |
| CVE-2026-3053 | CVE-2026-3053 CVSS 9.8 | A vulnerability was determined in DataLinkDC dinky up to 1.2.5. This affects the function addInterceptors of the file dinky-admin/src/main/java/org/dinky/confi… |
| CVE-2026-30496 | CVE-2026-30496 CVSS 9.8 | The Optoma CinemaX P2 projector (firmware TVOS-04.24.010.04.01, Android 8.0.0) exposes an HTTP API on TCP port 2345 that allows full unauthenticated remote con… |
| CVE-2026-30479 | CVE-2026-30479 CVSS 9.1 | A Dynamic-link Library Injection vulnerability in OSGeo Project MapServer before v8.0 allows attackers to execute arbitrary code via a crafted executable. |
| CVE-2026-3046 | CVE-2026-3046 CVSS 9.8 | A security vulnerability has been detected in itsourcecode E-Logbook with Health Monitoring System for COVID-19 1.0. This vulnerability affects unknown code of… |
| CVE-2026-30458 | CVE-2026-30458 CVSS 9.1 | An issue in Daylight Studio FuelCMS v1.5.2 allows attackers to exfiltrate users' password reset tokens via a mail splitting attack. |
| CVE-2026-30457 | CVE-2026-30457 CVSS 9.8 | An issue in the /parser/dwoo component of Daylight Studio FuelCMS v1.5.2 allows attackers to execute arbitrary code via crafted PHP code. |
| CVE-2026-3042 | CVE-2026-3042 CVSS 9.8 | A vulnerability was detected in itsourcecode Event Management System 1.0. The affected element is an unknown function of the file /admin/index.php. Performing … |
| CVE-2026-30402 | CVE-2026-30402 CVSS 9.8 | An issue in wgcloud v.2.3.7 and before allows a remote attacker to execute arbitrary code via the test connection function |
| CVE-2026-30352 | CVE-2026-30352 CVSS 9.8 | A remote code execution (RCE) vulnerability in the /devserver/start endpoint of leonvanzyl autocoder commit 79d02a allows attackers to execute arbitrary code v… |
| CVE-2026-30314 | CVE-2026-30314 CVSS 9.8 | Ridvay Code's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely inef… |
| CVE-2026-30313 | CVE-2026-30313 CVSS 9.8 | DSAI-Cline's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineff… |
| CVE-2026-30312 | CVE-2026-30312 CVSS 9.8 | DSAI-Cline's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineff… |
| CVE-2026-30311 | CVE-2026-30311 CVSS 9.8 | Ridvay Code's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely inef… |
| CVE-2026-30310 | CVE-2026-30310 CVSS 9.8 | In its design for automatic terminal command execution, Sixth offers two options: Execute safe commands and Execute all commands. The description for the forme… |
| CVE-2026-30308 | CVE-2026-30308 CVSS 9.8 | In its design for automatic terminal command execution, HAI Build Code Generator offers two options: Execute safe commands and Execute all commands. The descri… |
| CVE-2026-30307 | CVE-2026-30307 CVSS 9.8 | Roo Code's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffec… |
| CVE-2026-30306 | CVE-2026-30306 CVSS 9.8 | In its design for automatic terminal command execution, SakaDev offers two options: Execute safe commands and execute all commands. The description for the for… |
| CVE-2026-30305 | CVE-2026-30305 CVSS 9.8 | Syntx's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffectiv… |
| CVE-2026-30304 | CVE-2026-30304 CVSS 9.6 | In its design for automatic terminal command execution, AI Code offers two options: Execute safe commands and execute all commands. The description for the for… |
| CVE-2026-30303 | CVE-2026-30303 CVSS 9.8 | The command auto-approval module in Axon Code contains an OS Command Injection vulnerability, rendering its whitelist security mechanism ineffective. The vulne… |
| CVE-2026-30302 | CVE-2026-30302 CVSS 10.0 | The command auto-approval module in CodeRider-Kilo contains an OS Command Injection vulnerability, rendering its whitelist security mechanism ineffective. The … |
| CVE-2026-30286 | CVE-2026-30286 CVSS 9.8 | An arbitrary file overwrite vulnerability in Funambol, Inc. Zefiro Cloud v32.0.2026011614 allows attackers to overwrite critical internal files via the file im… |
| CVE-2026-30285 | CVE-2026-30285 CVSS 9.8 | An arbitrary file overwrite vulnerability in Zora: Post, Trade, Earn Crypto v2.60.0 allows attackers to overwrite critical internal files via the file import p… |
| CVE-2026-30283 | CVE-2026-30283 CVSS 9.8 | An arbitrary file overwrite vulnerability in PEAKSEL D.O.O. NIS Animal Sounds and Ringtones v1.3.0 allows attackers to overwrite critical internal files via th… |
| CVE-2026-30282 | CVE-2026-30282 CVSS 9.0 | An arbitrary file overwrite vulnerability in UXGROUP LLC Cast to TV Screen Mirroring v2.2.77 allows attackers to overwrite critical internal files via the file… |