31,200 indexed
CVECVE vulnerabilities
31,200 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 101–150 of 8,314 in Critical · page 3 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2026-7248 | CVE-2026-7248 CVSS 9.4 | A vulnerability was found in D-Link DI-8100 16.07.26A1. This affects the function tgfile_htm of the file tgfile.htm of the component CGI Endpoint. The manipula… |
| CVE-2026-7244 | CVE-2026-7244 CVSS 9.8 | A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setWiFiEasyGuestCfg of the file /cgi-bin/cste… |
| CVE-2026-7243 | CVE-2026-7243 CVSS 9.8 | A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setRadvdCfg of the file /cgi-bin/cstecgi.cgi of th… |
| CVE-2026-7242 | CVE-2026-7242 CVSS 9.8 | A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setOpenVpnClientCfg of the file /cgi-bin/cstecgi.cgi of the co… |
| CVE-2026-7241 | CVE-2026-7241 CVSS 9.8 | A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi of the comp… |
| CVE-2026-7240 | CVE-2026-7240 CVSS 9.8 | A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setVpnAccountCfg of the file /cgi-bin/cstecgi.c… |
| CVE-2026-7210 | CVE-2026-7210 CVSS 7.5python | `xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger has… |
| CVE-2026-7204 | CVE-2026-7204 CVSS 9.8 | A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setPptpServerCfg of the file /cgi-bin/cstecgi.cgi of th… |
| CVE-2026-7203 | CVE-2026-7203 CVSS 9.8 | A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi o… |
| CVE-2026-7202 | CVE-2026-7202 CVSS 9.8 | A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setWiFiWpsStart of the file /cgi-bin/cstecgi.cgi of the compo… |
| CVE-2026-7161 | CVE-2026-7161 CVSS 9.3geovision | An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast pack… |
| CVE-2026-7156 | CVE-2026-7156 CVSS 9.8 | A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function CsteSystem of the file /cgi-bin/cstecgi.cgi of the component CGI… |
| CVE-2026-7155 | CVE-2026-7155 CVSS 9.8 | A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. This impacts the function setLoginPasswordCfg of the file /cgi-bin/cstecgi.… |
| CVE-2026-7154 | CVE-2026-7154 CVSS 9.8 | A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setAdvancedInfoShow of the file /cgi-bin/cstecgi.cgi of the c… |
| CVE-2026-7153 | CVE-2026-7153 CVSS 9.8 | A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setMiniuiHomeInfoShow of the file /cgi-bin/cs… |
| CVE-2026-7152 | CVE-2026-7152 CVSS 9.8 | A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of t… |
| CVE-2026-7140 | CVE-2026-7140 CVSS 9.8 | A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function CsteSystem of the file /cgi-bin/cstecgi.cgi of the component C… |
| CVE-2026-7139 | CVE-2026-7139 CVSS 9.8 | A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the componen… |
| CVE-2026-7138 | CVE-2026-7138 CVSS 9.8 | A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setNtpCfg of the file /cgi-bin/cstecgi.cgi of the… |
| CVE-2026-7137 | CVE-2026-7137 CVSS 9.8 | A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setStorageCfg of the file /cgi-bin/cstecgi.cgi of… |
| CVE-2026-7136 | CVE-2026-7136 CVSS 9.8 | A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. Affected by this issue is the function setDmzCfg of the file /cgi-bin/cstecgi.cgi of th… |
| CVE-2026-7125 | CVE-2026-7125 CVSS 9.8 | A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. Affected by this issue is the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi … |
| CVE-2026-7124 | CVE-2026-7124 CVSS 9.8 | A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. Affected by this vulnerability is the function setIpv6LanCfg of the file /cgi-bin/cstec… |
| CVE-2026-7123 | CVE-2026-7123 CVSS 9.8 | A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Ha… |
| CVE-2026-7122 | CVE-2026-7122 CVSS 9.8 | A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This impacts the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi of the component … |
| CVE-2026-7121 | CVE-2026-7121 CVSS 9.8 | A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Han… |
| CVE-2026-7037 | CVE-2026-7037 CVSS 9.8 | A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of … |
| CVE-2026-7036 | CVE-2026-7036 CVSS 9.8 | A vulnerability was identified in Tenda i9 1.0.0.5(2204). This vulnerability affects the function R7WebsSecurityHandlerfunction of the component HTTP Handler. … |
| CVE-2026-6987 | CVE-2026-6987 CVSS 9.8 | A vulnerability was detected in PicoClaw up to 0.2.4. Impacted is an unknown function of the file /api/gateway/restart of the component Web Launcher Management… |
| CVE-2026-6960 | CVE-2026-6960 CVSS 9.8 | The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'bookingpress_validate_submitted_b… |
| CVE-2026-6951 | CVE-2026-6951 CVSS 9.8 | Versions of the package simple-git before 3.36.0 are vulnerable to Remote Code Execution (RCE) due to an incomplete fix for [CVE-2022-25912](https://security.s… |
| CVE-2026-6942 | CVE-2026-6942 CVSS 9.8radare | radare2-mcp version 1.6.0 and earlier contains an os command injection vulnerability that allows remote attackers to execute arbitrary commands by bypassing th… |
| CVE-2026-6920 | CVE-2026-6920 CVSS 9.6 | Out of bounds read in GPU in Google Chrome on Android prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially… |
| CVE-2026-6919 | CVE-2026-6919 CVSS 9.6 | Use after free in DevTools in Google Chrome prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a… |
| CVE-2026-6911 | CVE-2026-6911 CVSS 9.8 | Missing JWT signature verification in AWS Ops Wheel allows unauthenticated attackers to forge JWT tokens and gain unintended administrative access to the appli… |
| CVE-2026-6887 | CVE-2026-6887 CVSS 9.8 | Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a SQL Injection vulnerability, allowing unauthenticated remote attackers to in… |
| CVE-2026-6886 | CVE-2026-6886 CVSS 9.8 | Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a Authentication Bypass vulnerability, allowing unauthenticated remote attacke… |
| CVE-2026-6885 | CVE-2026-6885 CVSS 9.8 | Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attack… |
| CVE-2026-6795 | CVE-2026-6795 CVSS 9.6 | URL redirection to untrusted site ('open redirect') vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Parameter Injection. This issu… |
| CVE-2026-6771 | CVE-2026-6771 CVSS 9.8 | Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. |
| CVE-2026-6768 | CVE-2026-6768 CVSS 9.8 | Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. |
| CVE-2026-6760 | CVE-2026-6760 CVSS 9.8 | Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. |
| CVE-2026-6748 | CVE-2026-6748 CVSS 9.8 | Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbir… |
| CVE-2026-6722 | CVE-2026-6722 CVSS 9.8 | In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the SOAP extension's object deduplication mechanism stor… |
| CVE-2026-6665 | CVE-2026-6665 CVSS 9.8 | The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat() correctly when building the contents of the SCRAM client-final-message. A… |
| CVE-2026-6644 | CVE-2026-6644 CVSS 9.1 | A command injection vulnerability was found in the PPTP VPN Clients on the ADM. The vulnerability allows an administrative user to break out of the restricted … |
| CVE-2026-6643 | CVE-2026-6643 CVSS 9.9 | A stack-based buffer overflow vulnerability was found in the VPN Clients on the ADM. The issue stems from the use of unbounded sscanf() and passing user-contro… |
| CVE-2026-6555 | CVE-2026-6555 CVSS 9.8 | The ProSolution WP Client plugin for WordPress is vulnerable to Arbitrary File Upload in versions up to, and including, 2.0.0. This is due to an array validati… |
| CVE-2026-6512 | CVE-2026-6512 CVSS 9.1 | The InfusedWoo Pro plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.1.2. This is due to the plugin not proper… |
| CVE-2026-6510 | CVE-2026-6510 CVSS 9.8 | The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation via missing authorization in all versions up to, and including, 5.1.2. This is du… |