31,509 indexed
CVECVE vulnerabilities
31,509 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 1,851–1,900 of 8,314 in Critical · page 38 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2026-25449 | CVE-2026-25449 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in shinetheme Traveler traveler allows Object Injection.This issue affects Traveler: from n/a through < 3.2.8.1. |
| CVE-2026-25447 | CVE-2026-25447 CVSS 9.1 | Improper Control of Generation of Code ('Code Injection') vulnerability in Jonathan Daggerhart Widget Wrangler widget-wrangler allows Code Injection.This issue… |
| CVE-2026-25429 | CVE-2026-25429 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in wpdive Nexa Blocks nexa-blocks allows Object Injection.This issue affects Nexa Blocks: from n/a through <= 1… |
| CVE-2026-25413 | CVE-2026-25413 CVSS 9.9 | Unrestricted Upload of File with Dangerous Type vulnerability in iqonicdesign WPBookit Pro wpbookit-pro allows Using Malicious Files.This issue affects WPBooki… |
| CVE-2026-25377 | CVE-2026-25377 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in eyecix Addon Jobsearch Chat addon-jobsearch-chat allows S… |
| CVE-2026-25371 | CVE-2026-25371 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in King-Theme Lumise Product Designer lumise allows Blind SQ… |
| CVE-2026-25366 | CVE-2026-25366 CVSS 9.9 | Improper Control of Generation of Code ('Code Injection') vulnerability in Themeisle Woody ad snippets insert-php allows Code Injection.This issue affects Wood… |
| CVE-2026-25345 | CVE-2026-25345 CVSS 9.9 | Improper Validation of Specified Quantity in Input vulnerability in GalleryCreator SimpLy Gallery simply-gallery-block allows Accessing Functionality Not Prope… |
| CVE-2026-25340 | CVE-2026-25340 CVSS 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NooTheme Jobmonster noo-jobmonster allows Blind SQL Injec… |
| CVE-2026-2532 | CVE-2026-2532 CVSS 9.8 | A vulnerability was detected in lintsinghua DeepAudit up to 3.0.3. This issue affects some unknown processing of the file backend/app/api/v1/endpoints/embeddin… |
| CVE-2026-25293 | CVE-2026-25293 CVSS 9.8 | Buffer overflow due to incorrect authorization in PLC FW |
| CVE-2026-2529 | CVE-2026-2529 CVSS 9.8 | A security flaw has been discovered in Wavlink WL-WN579A3 up to 20210219. Affected by this issue is the function DeleteMac of the file /cgi-bin/wireless.cgi. T… |
| CVE-2026-2528 | CVE-2026-2528 CVSS 9.8 | A vulnerability was identified in Wavlink WL-WN579A3 up to 20210219. Affected by this vulnerability is the function Delete_Mac_list of the file /cgi-bin/wirele… |
| CVE-2026-2527 | CVE-2026-2527 CVSS 9.8 | A vulnerability was determined in Wavlink WL-WN579A3 up to 20210219. Affected is an unknown function of the file /cgi-bin/login.cgi. Executing a manipulation o… |
| CVE-2026-25244 | CVE-2026-25244 CVSS 9.8 | WebdriverIO is a test automation framework for unit, e2e and component testing using WebDriver, WebDriver BiDi and Appium. Versions below 9.24.0 contain a comm… |
| CVE-2026-25242 | CVE-2026-25242 CVSS 9.8 | Gogs is an open source self-hosted Git service. Versions 0.13.4 and below expose unauthenticated file upload endpoints by default. When the global RequireSigni… |
| CVE-2026-25241 | CVE-2026-25241 CVSS 9.8 | PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, an unauthenticated SQL injection in the /get/<package>/<versi… |
| CVE-2026-25240 | CVE-2026-25240 CVSS 9.8 | PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability can occur in user::maintains() … |
| CVE-2026-25238 | CVE-2026-25238 CVSS 9.8 | PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability in bug subscription deletion ma… |
| CVE-2026-25237 | CVE-2026-25237 CVSS 9.8 | PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, use of preg_replace() with the /e modifier in bug update emai… |
| CVE-2026-25236 | CVE-2026-25236 CVSS 9.8 | PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection risk exists in karma queries due to unsafe li… |
| CVE-2026-25234 | CVE-2026-25234 CVSS 9.8 | PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability in category deletion can allow … |
| CVE-2026-25233 | CVE-2026-25233 CVSS 9.1 | PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, logic bug in the roadmap role check allows non-lead maintaine… |
| CVE-2026-2522 | CVE-2026-2522 CVSS 9.8 | A security vulnerability has been detected in Open5GS up to 2.7.6. Impacted is an unknown function of the file /src/mme/esm-build.c of the component MME. The m… |
| CVE-2026-25212 | CVE-2026-25212 CVSS 9.9 | An issue was discovered in Percona PMM before 3.7. Because an internal database user retains specific superuser privileges, an attacker with pmm-admin rights c… |
| CVE-2026-2521 | CVE-2026-2521 CVSS 9.8 | A weakness has been identified in Open5GS up to 2.7.6. This issue affects the function sgwc_s5c_handle_create_session_response of the component SGW-C. Executin… |
| CVE-2026-25209 | CVE-2026-25209 CVSS 9.1 | Out-of-bounds read vulnerability in Samsung Open Source Escargot allows Resource Leak Exposure.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a7152… |
| CVE-2026-25208 | CVE-2026-25208 CVSS 9.8 | Integer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335. |
| CVE-2026-25207 | CVE-2026-25207 CVSS 9.8 | Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335. |
| CVE-2026-25206 | CVE-2026-25206 CVSS 9.1 | Out-of-bounds read vulnerability in Samsung Open Source Escargot allows Resource Leak Exposure.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a7152… |
| CVE-2026-25205 | CVE-2026-25205 CVSS 9.8 | Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows out-of-bounds write.This issue affects Escargot:commit hash 97e8115ab1110bc502… |
| CVE-2026-25202 | CVE-2026-25202 CVSS 9.8 | The database account and password are hardcoded, allowing login with the account to manipulate the database in MagicInfo9 Server.This issue affects MagicINFO 9… |
| CVE-2026-25200 | CVE-2026-25200 CVSS 9.8 | A vulnerability in MagicInfo9 Server allows authorized users to upload HTML files without authentication, leading to Stored XSS, which can result in account ta… |
| CVE-2026-25199 | CVE-2026-25199 CVSS 9.1 | Instances deployed via the Proxmox extension allow unauthorized access to instances belonging to other tenants. This issue affects Apache CloudStack: from … |
| CVE-2026-25192 | CVE-2026-25192 CVSS 9.8 | WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the bac… |
| CVE-2026-25150 | CVE-2026-25150 CVSS 10.0 | Qwik is a performance focused javascript framework. Prior to version 1.19.0, a prototype pollution vulnerability exists in the formToObj() function within @bui… |
| CVE-2026-25142 | CVE-2026-25142 CVSS 10.0 | SandboxJS is a JavaScript sandboxing library. Prior to 0.8.27, SanboxJS does not properly restrict __lookupGetter__ which can be used to obtain prototypes, whi… |
| CVE-2026-25141 | CVE-2026-25141 CVSS 9.8 | Orval generates type-safe JS clients (TypeScript) from any valid OpenAPI v3 or Swagger v2 specification. Versions starting with 7.19.0 and prior to 7.21.0 and … |
| CVE-2026-25139 | CVE-2026-25139 CVSS 9.1 | RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other embedded devices. In … |
| CVE-2026-25137 | CVE-2026-25137 CVSS 9.1 | The NixOs Odoo package is an open source ERP and CRM system. From 21.11 to before 25.11 and 26.05, every NixOS based Odoo setup publicly exposes the database m… |
| CVE-2026-25130 | CVE-2026-25130 CVSS 9.6 | Cybersecurity AI (CAI) is a framework for AI Security. In versions up to and including 0.5.10, the CAI (Cybersecurity AI) framework contains multiple argument … |
| CVE-2026-25115 | CVE-2026-25115 CVSS 9.9 | n8n is an open source workflow automation platform. Prior to version 2.4.8, a vulnerability in the Python Code node allows authenticated users to break out of … |
| CVE-2026-25114 | CVE-2026-25114 CVSS 9.8 | The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attac… |
| CVE-2026-25113 | CVE-2026-25113 CVSS 9.8 | The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attac… |
| CVE-2026-25101 | CVE-2026-25101 CVSS 9.8 | Bludit allows user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behavior enable… |
| CVE-2026-25085 | CVE-2026-25085 CVSS 9.8 | A vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, in which an unexpected return value from the authentication routine is later on process… |
| CVE-2026-25084 | CVE-2026-25084 CVSS 9.8 | Authentication for ZLAN5143D can be bypassed by directly accessing internal URLs. |
| CVE-2026-25072 | CVE-2026-25072 CVSS 9.8 | XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a predictable session identifier vulnerability in the /goform/SetLogin endpoint… |
| CVE-2026-25070 | CVE-2026-25070 CVSS 9.8 | XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain an OS command injection vulnerability in the /goform/PingTestSet endpoint that … |
| CVE-2026-25057 | CVE-2026-25057 CVSS 9.1 | MarkUs is a web application for the submission and grading of student assignments. Prior to 2.9.1, instructors are able to upload a zip file to create an assig… |