31,509 indexed
CVECVE vulnerabilities
31,509 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 1,951–2,000 of 8,314 in Critical · page 40 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2026-24450 | CVE-2026-24450 CVSS 9.8 | An integer overflow vulnerability exists in the uncompressed_fp_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lea… |
| CVE-2026-24448 | CVE-2026-24448 CVSS 9.8 | Use of hard-coded credentials issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to obtain administrative access. |
| CVE-2026-24445 | CVE-2026-24445 CVSS 9.8 | The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attac… |
| CVE-2026-24436 | CVE-2026-24436 CVSS 9.8 | Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) do not enforce rate limiting or account lockout mechanisms on authentication end… |
| CVE-2026-24429 | CVE-2026-24429 CVSS 9.8 | Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) ship with a predefined default password for a built-in authentication account th… |
| CVE-2026-24423 | SmarterTools SmarterMail Missing Authentication for Critical Function Vulnerability KEVCVSS 9.8SmarterTools | SmarterTools SmarterMail contains a missing authentication for critical function vulnerability in the ConnectToHub API method. This could allow the attacker to… |
| CVE-2026-24400 | CVE-2026-24400 CVSS 9.1 | AssertJ provides Fluent testing assertions for Java and the Java Virtual Machine (JVM). Starting in version 1.4.0 and prior to version 3.27.7, an XML External … |
| CVE-2026-2439 | CVE-2026-2439 CVSS 9.8 | Concierge::Sessions versions from 0.8.1 before 0.8.5 for Perl generate insecure session ids. The generate_session_id function in Concierge::Sessions::Base defa… |
| CVE-2026-24378 | CVE-2026-24378 CVSS 9.8 | Deserialization of Untrusted Data vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Object Injection.This issue affects EventPr… |
| CVE-2026-24352 | CVE-2026-24352 CVSS 9.8 | PluXml CMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour… |
| CVE-2026-24346 | CVE-2026-24346 CVSS 9.1 | Use of well-known default credentials in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to access protected areas in the web application |
| CVE-2026-24306 | CVE-2026-24306 CVSS 9.8 | Improper access control in Azure Front Door (AFD) allows an unauthorized attacker to elevate privileges over a network. |
| CVE-2026-24305 | CVE-2026-24305 CVSS 9.8 | Azure Entra ID Elevation of Privilege Vulnerability |
| CVE-2026-24303 | CVE-2026-24303 CVSS 9.6 | Improper access control in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network. |
| CVE-2026-24302 | CVE-2026-24302 CVSS 9.8 | Improper access control in Azure Arc allows an unauthorized attacker to elevate privileges over a network. |
| CVE-2026-24300 | CVE-2026-24300 CVSS 9.8 | Azure Front Door Elevation of Privilege Vulnerability |
| CVE-2026-24214 | CVE-2026-24214 CVSS 9.8 | NVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker could cause an integer overflow. A successful exploit of this vul… |
| CVE-2026-24213 | CVE-2026-24213 CVSS 9.8 | NVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker could cause an out-of-bounds read. A successful exploit of this v… |
| CVE-2026-24207 | CVE-2026-24207 CVSS 9.8 | NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an authentication bypass. A successful exploit of this vulnerability migh… |
| CVE-2026-24206 | CVE-2026-24206 CVSS 9.8 | NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an authentication bypass. A successful exploit of this vulnerability migh… |
| CVE-2026-2418 | CVE-2026-2418 CVSS 9.1 | The Login with Salesforce WordPress plugin through 1.0.2 does not validate that users are allowed to login through Salesforce, allowing unauthenticated users t… |
| CVE-2026-24178 | CVE-2026-24178 CVSS 9.8 | NVIDIA NVFlare Dashboard contains a vulnerability in the user management and authentication system where an unauthenticated attacker may cause authorization by… |
| CVE-2026-24164 | CVE-2026-24164 CVSS 9.8 | NVIDIA BioNeMo contains a vulnerability where a user could cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to … |
| CVE-2026-24163 | CVE-2026-24163 CVSS 9.8 | NVIDIA TRT-LLM for any platform contains a vulnerability in RPC testing, where an attacker could cause an unsafe deserialization. A successful exploit of this… |
| CVE-2026-24159 | CVE-2026-24159 CVSS 9.8 | NVIDIA NeMo Framework contains a vulnerability where an attacker may cause remote code execution. A successful exploit of this vulnerability might lead to code… |
| CVE-2026-24157 | CVE-2026-24157 CVSS 9.8 | NVIDIA NeMo Framework contains a vulnerability in checkpoint loading where an attacker could cause remote code execution. A successful exploit of this vulnerab… |
| CVE-2026-24148 | CVE-2026-24148 CVSS 9.4 | NVIDIA Jetson for JetPack contains a vulnerability in the system initialization logic, where an unprivileged attacker could cause the initialization of a resou… |
| CVE-2026-24142 | CVE-2026-24142 CVSS 9.8 | NVIDIA TRT-LLM for any platform contains a deserialization vulnerability and unsafe serialized handle. A successful exploit of this vulnerability might lead … |
| CVE-2026-2414 | CVE-2026-2414 CVSS 9.8 | Authorization bypass through User-Controlled key vulnerability in HYPR Server allows Privilege Escalation.This issue affects Server: from 9.5.2 before 10.7.2. |
| CVE-2026-24132 | CVE-2026-24132 CVSS 9.8 | Orval generates type-safe JS clients (TypeScript) from any valid OpenAPI v3 or Swagger v2 specification. Versions 7.19.0 and below and 8.0.0-rc.0 through 8.0.… |
| CVE-2026-24126 | CVE-2026-24126 CVSS 9.1 | Weblate is a web based localization tool. Prior to 5.16.0, the SSH management console did not validate the passed input while adding the SSH host key, which co… |
| CVE-2026-24124 | CVE-2026-24124 CVSS 9.8 | Dragonfly is an open source P2P-based file distribution and image acceleration system. In versions 2.4.1-rc.0 and below, the Job API endpoints (/api/v1/jobs) l… |
| CVE-2026-24120 | CVE-2026-24120 CVSS 9.8 | vm2 is an open source vm/sandbox for Node.js. Prior to version 3.10.5, the fix for CVE-2023-37466 is insufficient and can be circumvented allowing attackers to… |
| CVE-2026-24118 | CVE-2026-24118 CVSS 9.8 | vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code w… |
| CVE-2026-24115 | CVE-2026-24115 CVSS 9.8 | An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate the sizes of `gstup` and `gstdwn` before concatenating them into `gstruleQos` may … |
| CVE-2026-24114 | CVE-2026-24114 CVSS 9.8 | An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate `pPortMapIndex` may lead to buffer overflows when using `strcpy`. |
| CVE-2026-24113 | CVE-2026-24113 CVSS 9.8 | An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `nptr`. When this value is passed … |
| CVE-2026-24112 | CVE-2026-24112 CVSS 9.8 | An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by specifying the value of `userInfo`. When `userInfo` is pass… |
| CVE-2026-24111 | CVE-2026-24111 CVSS 9.8 | An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by specifying the value of `userInfo`. When `userInfo` is pass… |
| CVE-2026-24110 | CVE-2026-24110 CVSS 9.8 | An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may send overly long `addDhcpRules` data. When these rules enter the `addDhcpRule` function … |
| CVE-2026-24109 | CVE-2026-24109 CVSS 9.8 | An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `picName`. When this value is used… |
| CVE-2026-24108 | CVE-2026-24108 CVSS 9.8 | An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `nptr`. When this value is passed … |
| CVE-2026-24107 | CVE-2026-24107 CVSS 9.8 | An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate the value of `usbPartitionName`, which is directly used in `doSystemCmd`, may lead… |
| CVE-2026-24105 | CVE-2026-24105 CVSS 9.8 | An issue was discovered in goform/formsetUsbUnload in Tenda AC15V1.0 V15.03.05.18_multi. The value of `v1` was not checked, potentially leading to a command in… |
| CVE-2026-24103 | CVE-2026-24103 CVSS 9.8 | A buffer overflow vulnerability was discovered in goform/formSetMacFilterCfg in Tenda AC15V1.0 V15.03.05.18_multi. |
| CVE-2026-24101 | CVE-2026-24101 CVSS 9.8 | An issue was discovered in goform/formSetIptv in Tenda AC15V1.0 V15.03.05.18_multi. When the condition is met, `s1_1` will be passed into sub_B0488, concatenat… |
| CVE-2026-24061 | GNU InetUtils Argument Injection Vulnerability KEVCVSS 9.8GNU | GNU InetUtils contains an argument injection vulnerability in telnetd that could allow for remote authentication bypass via a "-f root" value for the USER envi… |
| CVE-2026-24060 | CVE-2026-24060 CVSS 9.1 | Service information is not encrypted when transmitted as BACnet packets over the wire, and can be sniffed, intercepted, and modified by an attacker. Valuable… |
| CVE-2026-24058 | CVE-2026-24058 CVSS 9.8 | Soft Serve is a self-hostable Git server for the command line. Versions 0.11.2 and below have a critical authentication bypass vulnerability that allows an att… |
| CVE-2026-24054 | CVE-2026-24054 CVSS 10.0 | Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. In versions… |