31,200 indexed
CVECVE vulnerabilities
31,200 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 151–200 of 8,314 in Critical · page 4 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2026-6508 | CVE-2026-6508 CVSS 9.8 | Origin Validation Error vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Accessing Functionality Not Properly Constra… |
| CVE-2026-6443 | CVE-2026-6443 CVSS 9.8 | All plugins by Essentialplugin for WordPress are vulnerable to an injected backdoor in various versions. This is due to the plugin being sold to a malicious th… |
| CVE-2026-6388 | CVE-2026-6388 CVSS 9.1 | A flaw was found in ArgoCD Image Updater. This vulnerability allows an attacker, with permissions to create or modify an ImageUpdater resource in a multi-tenan… |
| CVE-2026-6356 | CVE-2026-6356 CVSS 9.6 | A vulnerability in the web application allows standard users to escalate their privileges to those of a super administrator through parameter manipulation, ena… |
| CVE-2026-6350 | CVE-2026-6350 CVSS 9.8 | MailGates/MailAudit developed by Openfind has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's e… |
| CVE-2026-6349 | CVE-2026-6349 CVSS 9.8 | The iSherlock developed by HGiga has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and exec… |
| CVE-2026-6296 | CVE-2026-6296 CVSS 9.6 | Heap buffer overflow in ANGLE in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML pag… |
| CVE-2026-6290 | CVE-2026-6290 CVSS 9.1 | Velociraptor versions prior to 0.76.3 contain a vulnerability in the query() plugin which allows access to all orgs with the user's current ACL token. This all… |
| CVE-2026-6284 | CVE-2026-6284 CVSS 9.1 | An attacker with network access to the PLC is able to brute force discover passwords to gain unauthorized access to systems and services. The limited password … |
| CVE-2026-6279 | CVE-2026-6279 CVSS 9.8 | The Avada Builder (fusion-builder) plugin for WordPress is vulnerable to Unauthenticated Remote Code Execution via PHP Function Injection in versions up to and… |
| CVE-2026-6271 | CVE-2026-6271 CVSS 9.8 | The Career Section plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7 via the CV upload handler. This is due… |
| CVE-2026-6270 | CVE-2026-6270 CVSS 9.1 | @fastify/middie versions 9.3.1 and earlier do not register inherited middleware directly on child plugin engine instances. When a Fastify application registers… |
| CVE-2026-6264 | CVE-2026-6264 CVSS 9.8 | A critical vulnerability in the Talend JobServer and Talend Runtime allows unauthenticated remote code execution via the JMX monitoring port. The attack vector… |
| CVE-2026-6257 | CVE-2026-6257 CVSS 9.1 | Vvveb CMS v1.0.8.2 contains a remote code execution vulnerability in its media management functionality where a missing return statement in the file rename han… |
| CVE-2026-6235 | CVE-2026-6235 CVSS 9.8 | The Sendmachine for WordPress plugin for WordPress is vulnerable to authorization bypass via the 'manage_admin_requests' function in all versions up to, and in… |
| CVE-2026-6195 | CVE-2026-6195 CVSS 9.8 | A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setPasswordCfg of the file /cgi-bin… |
| CVE-2026-6156 | CVE-2026-6156 CVSS 9.8 | A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setIpQosRules of the file /cgi-bin/cstecgi.cgi o… |
| CVE-2026-6155 | CVE-2026-6155 CVSS 9.8 | A weakness has been identified in Totolink A7100RU 7.4cu.2313. The impacted element is the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component… |
| CVE-2026-6154 | CVE-2026-6154 CVSS 9.8 | A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setWizardCfg of the file /cgi-bin/cstecgi.cg… |
| CVE-2026-6140 | CVE-2026-6140 CVSS 9.8 | A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi of the compon… |
| CVE-2026-6139 | CVE-2026-6139 CVSS 9.8 | A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function UploadOpenVpnCert of the file /cgi-bin/cstecgi.cgi of the co… |
| CVE-2026-6138 | CVE-2026-6138 CVSS 9.8 | A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setAccessDeviceCfg of the file /cgi-bin/cstecgi.cgi of the… |
| CVE-2026-6132 | CVE-2026-6132 CVSS 9.8 | A vulnerability was determined in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setLedCfg of the file /cgi-bin/cstecgi.cgi of t… |
| CVE-2026-6131 | CVE-2026-6131 CVSS 9.8 | A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this vulnerability is the function setTracerouteCfg of the file /cgi-bin/cstecg… |
| CVE-2026-6116 | CVE-2026-6116 CVSS 9.8 | A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This vulnerability affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.c… |
| CVE-2026-6115 | CVE-2026-6115 CVSS 9.8 | A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setAppCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handl… |
| CVE-2026-6114 | CVE-2026-6114 CVSS 9.8 | A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setNetworkCfg of the file /cgi-bin/cstecgi.cgi of… |
| CVE-2026-6113 | CVE-2026-6113 CVSS 9.8 | A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this vulnerability is the function setTtyServiceCfg of the fil… |
| CVE-2026-6112 | CVE-2026-6112 CVSS 9.8 | A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setRadvdCfg of the file /cgi-bin/cstecgi.cgi of the component… |
| CVE-2026-6110 | CVE-2026-6110 CVSS 9.8 | A vulnerability was identified in FoundationAgents MetaGPT up to 0.8.1. This affects the function generate_thoughts of the file metagpt/strategy/tot.py of the … |
| CVE-2026-6104 | CVE-2026-6104 CVSS 9.1 | In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, when an encoding name containing an embedded NUL byte is passed to mb_convert_encoding() or related… |
| CVE-2026-6068 | CVE-2026-6068 CVSS 9.6 | NASM contains a heap use after free vulnerability in response file (-@) processing where a dangling pointer to freed memory is stored in the global depend_file… |
| CVE-2026-6057 | CVE-2026-6057 CVSS 9.8 | FalkorDB Browser 1.9.3 contains an unauthenticated path traversal vulnerability in the file upload API that allows remote attackers to write arbitrary files an… |
| CVE-2026-6029 | CVE-2026-6029 CVSS 9.8 | A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setVpnAccountCfg of the file /cgi-bin/cstecgi.cgi o… |
| CVE-2026-6028 | CVE-2026-6028 CVSS 9.8 | A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function setPptpServerCfg of the file /cgi-bin/cstecgi.cgi… |
| CVE-2026-6027 | CVE-2026-6027 CVSS 9.8 | A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. This issue affects the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi of … |
| CVE-2026-6026 | CVE-2026-6026 CVSS 9.8 | A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This vulnerability affects the function setPortalConfWeChat of the file /cgi-bin/… |
| CVE-2026-6025 | CVE-2026-6025 CVSS 9.8 | A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi of the compone… |
| CVE-2026-6024 | CVE-2026-6024 CVSS 9.8 | A vulnerability was determined in Tenda i6 1.0.0.7(2204). Affected by this issue is the function R7WebsSecurityHandlerfunction of the component HTTP Handler. T… |
| CVE-2026-6023 | CVE-2026-6023 CVSS 9.8 | In Progress® Telerik® UI for AJAX versions 2024.4.1114 through 2026.1.421, the RadFilter control is vulnerable to insecure deserialization when restoring filte… |
| CVE-2026-5997 | CVE-2026-5997 CVSS 9.8 | A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setLoginPasswordCfg of the file /cgi-bin/cstecgi.cg… |
| CVE-2026-5996 | CVE-2026-5996 CVSS 9.8 | A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setAdvancedInfoShow of the file /cgi-… |
| CVE-2026-5995 | CVE-2026-5995 CVSS 9.8 | A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function setMiniuiHomeInfoShow of the file /cgi-bin/cstecgi.cgi of the… |
| CVE-2026-5994 | CVE-2026-5994 CVSS 9.8 | A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This issue affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of … |
| CVE-2026-5993 | CVE-2026-5993 CVSS 9.8 | A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This vulnerability affects the function setWiFiGuestCfg of the file /cgi-bin/cstecgi.c… |
| CVE-2026-5978 | CVE-2026-5978 CVSS 9.8 | A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi … |
| CVE-2026-5977 | CVE-2026-5977 CVSS 9.8 | A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi of the comp… |
| CVE-2026-5976 | CVE-2026-5976 CVSS 9.8 | A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setStorageCfg of the file /cgi-bin/cstecgi.cgi of the c… |
| CVE-2026-5975 | CVE-2026-5975 CVSS 9.8 | A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setDmzCfg of the file /cgi-bin/cstecgi.cgi of the… |
| CVE-2026-5974 | CVE-2026-5974 CVSS 9.8 | A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The affected element is the function Bash.run in the library metagpt/tools/libs/termina… |