31,509 indexed
CVECVE vulnerabilities
31,509 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 1,601–1,650 of 8,314 in Critical · page 33 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2026-2764 | CVE-2026-2764 CVSS 9.8 | JIT miscompilation, use-after-free in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8,… |
| CVE-2026-27637 | CVE-2026-27637 CVSS 9.8 | FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.206, FreeScout's `TokenAuth` middleware uses a predicta… |
| CVE-2026-27634 | CVE-2026-27634 CVSS 9.8 | Piwigo is an open source photo gallery application for the web. Prior to version 16.3.0, the four date filter parameters (f_min_date_available, f_max_date_avai… |
| CVE-2026-2763 | CVE-2026-2763 CVSS 9.8 | Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thu… |
| CVE-2026-27626 | CVE-2026-27626 CVSS 9.9 | OliveTin gives access to predefined shell commands from a web interface. In versions up to and including 3000.10.0, OliveTin's shell mode safety check (`checkS… |
| CVE-2026-2762 | CVE-2026-2762 CVSS 9.8 | Integer overflow in the JavaScript: Standard Library component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbir… |
| CVE-2026-27613 | CVE-2026-27613 CVSS 9.8 | TinyWeb is a web server (HTTP, HTTPS) written in Delphi for Win32. A vulnerability in versions prior to 2.01 allows unauthenticated remote attackers to bypass … |
| CVE-2026-2761 | CVE-2026-2761 CVSS 10.0 | Sandbox escape in the Graphics: WebRender component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and T… |
| CVE-2026-27607 | CVE-2026-27607 CVSS 9.1 | RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.56 through 1.0.0-alpha.82, RustFS does not validate policy conditions in p… |
| CVE-2026-27606 | CVE-2026-27606 CVSS 9.8 | Rollup is a module bundler for JavaScript. Versions prior to 2.80.0, 3.30.0, and 4.59.0 of the Rollup module bundler (specifically v4.x and present in current … |
| CVE-2026-2760 | CVE-2026-2760 CVSS 10.0 | Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Fire… |
| CVE-2026-27597 | CVE-2026-27597 CVSS 10.0 | Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to version 2.11.1, it is possible to escape the security boundraries se… |
| CVE-2026-27591 | CVE-2026-27591 CVSS 9.9 | Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Prior to 1.0.477, 1.1.12, and 1.2.12, Winter CMS allowed auth… |
| CVE-2026-27590 | CVE-2026-27590 CVSS 9.8 | Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's FastCGI path splitting logic computes the split index on a lo… |
| CVE-2026-2759 | CVE-2026-2759 CVSS 9.8 | Incorrect boundary conditions in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderb… |
| CVE-2026-27588 | CVE-2026-27588 CVSS 9.1 | Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's HTTP `host` request matcher is documented as case-insensitive… |
| CVE-2026-27587 | CVE-2026-27587 CVSS 9.1 | Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's HTTP `path` request matcher is intended to be case-insensitiv… |
| CVE-2026-27586 | CVE-2026-27586 CVSS 9.1 | Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, two swallowed errors in `ClientAuthentication.provision()` cause mTLS… |
| CVE-2026-2758 | CVE-2026-2758 CVSS 9.8 | Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunde… |
| CVE-2026-27577 | CVE-2026-27577 CVSS 9.9 | n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, additional exploits in the expression evaluation of n8n have… |
| CVE-2026-27575 | CVE-2026-27575 CVSS 9.1 | Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, the application allows users to set weak passwords (e.g., 1234, passwor… |
| CVE-2026-27574 | CVE-2026-27574 CVSS 9.9 | OneUptime is a solution for monitoring and managing online services. In versions 9.5.13 and below, custom JavaScript monitor feature uses Node.js's node:vm mod… |
| CVE-2026-2757 | CVE-2026-2757 CVSS 9.8 | Incorrect boundary conditions in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunder… |
| CVE-2026-27542 | CVE-2026-27542 CVSS 9.8 | Incorrect Privilege Assignment vulnerability in Rymera Web Co Pty Ltd. Woocommerce Wholesale Lead Capture woocommerce-wholesale-lead-capture allows Privilege E… |
| CVE-2026-27540 | CVE-2026-27540 CVSS 9.0 | Unrestricted Upload of File with Dangerous Type vulnerability in Rymera Web Co Pty Ltd. Woocommerce Wholesale Lead Capture woocommerce-wholesale-lead-capture a… |
| CVE-2026-27515 | CVE-2026-27515 CVSS 9.1 | Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 generate predictable numeric session identifiers in the web management interfac… |
| CVE-2026-2751 | CVE-2026-2751 CVSS 9.8 | Blind SQL Injection via unsanitized array keys in Service Dependencies deletion. Vulnerability in Centreon Centreon Web on Central Server on Linux (Service Dep… |
| CVE-2026-27507 | CVE-2026-27507 CVSS 9.8 | Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior contain hard-coded administrative credentials that cannot be changed by users. … |
| CVE-2026-2750 | CVE-2026-2750 CVSS 9.8 | Improper Input Validation vulnerability in Centreon Centreon Open Tickets on Central Server on Linux (Centreon Open Tickets modules).This issue affects Centreo… |
| CVE-2026-27495 | CVE-2026-27495 CVSS 9.9 | n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify wo… |
| CVE-2026-27494 | CVE-2026-27494 CVSS 9.9 | n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify wo… |
| CVE-2026-27493 | CVE-2026-27493 CVSS 9.0 | n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, a second-order expression injection vulnerability existed in… |
| CVE-2026-27478 | CVE-2026-27478 CVSS 9.1 | Unity Catalog is an open, multi-modal Catalog for data and AI. In 0.4.0 and earlier, a critical authentication bypass vulnerability exists in the Unity Catalog… |
| CVE-2026-27476 | CVE-2026-27476 CVSS 9.8 | RustFly 2.0.0 contains a command injection vulnerability in its remote UI control mechanism that accepts hex-encoded instructions over UDP port 5005 without pr… |
| CVE-2026-27471 | CVE-2026-27471 CVSS 9.1 | ERP is a free and open source Enterprise Resource Planning tool. In versions up to 15.98.0 and 16.0.0-rc.1 and through 16.6.0, certain endpoints lacked access … |
| CVE-2026-27459 | CVE-2026-27459 CVSS 9.8 | pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to `set_cookie_ge… |
| CVE-2026-27446 | CVE-2026-27446 CVSS 9.8apache | Missing Authentication for Critical Function (CWE-306) vulnerability in Apache Artemis, Apache ActiveMQ Artemis. An unauthenticated remote attacker can use the… |
| CVE-2026-27441 | CVE-2026-27441 CVSS 9.8 | SEPPmail Secure Email Gateway before version 15.0.1 insufficiently neutralizes the PDF encryption password, allowing OS command execution. |
| CVE-2026-27439 | CVE-2026-27439 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in ThemeREX Dentario dentario allows Object Injection.This issue affects Dentario: from n/a through <= 1.5. |
| CVE-2026-27438 | CVE-2026-27438 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in ThemeREX Kingler kingler allows Object Injection.This issue affects Kingler: from n/a through <= 1.7. |
| CVE-2026-27437 | CVE-2026-27437 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in ThemeREX Tennis Club tennis-sportclub allows Object Injection.This issue affects Tennis Club: from n/a throu… |
| CVE-2026-2743 | CVE-2026-2743 CVSS 9.8 | Arbitrary File Write via Path Traversal upload to Remote Code Execution in SeppMail User Web Interface. The affected feature is the large file transfer (LFT). … |
| CVE-2026-27417 | CVE-2026-27417 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in SeventhQueen Sweet Date sweetdate allows Object Injection.This issue affects Sweet Date: from n/a through < … |
| CVE-2026-27413 | CVE-2026-27413 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozmoslabs Profile Builder Pro allows Blind SQL Injection… |
| CVE-2026-27389 | CVE-2026-27389 CVSS 9.8 | Authentication Bypass Using an Alternate Path or Channel vulnerability in designthemes WeDesignTech Ultimate Booking Addon wedesigntech-ultimate-booking-addon … |
| CVE-2026-27384 | CVE-2026-27384 CVSS 9.0 | Improper Validation of Specified Quantity in Input vulnerability in BoldGrid W3 Total Cache w3-total-cache allows Accessing Functionality Not Properly Constrai… |
| CVE-2026-27304 | CVE-2026-27304 CVSS 9.3 | ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the… |
| CVE-2026-27303 | CVE-2026-27303 CVSS 9.6 | Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code executio… |
| CVE-2026-27246 | CVE-2026-27246 CVSS 9.3 | Adobe Connect versions 2025.3, 12.10 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerabi… |
| CVE-2026-27245 | CVE-2026-27245 CVSS 9.3 | Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerabi… |