31,594 indexed
CVECVE vulnerabilities
31,594 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 2,151–2,200 of 8,314 in Critical · page 44 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2026-22252 | CVE-2026-22252 CVSS 9.9 | LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbitrary commands without validation, allo… |
| CVE-2026-2225 | CVE-2026-2225 CVSS 9.8 | A flaw has been found in itsourcecode News Portal Project 1.0. This vulnerability affects unknown code of the file /admin/index.php of the component Administra… |
| CVE-2026-22249 | CVE-2026-22249 CVSS 9.8 | Docmost is an open-source collaborative wiki and documentation software. From 0.21.0 to before 0.24.0, Docmost is vulnerable to Arbitrary File Write via Zip Im… |
| CVE-2026-22247 | CVE-2026-22247 CVSS 9.1 | GLPI is a free asset and IT management software package. From version 11.0.0 to before 11.0.5, a GLPI administrator can perform SSRF request through the Webhoo… |
| CVE-2026-22238 | CVE-2026-22238 CVSS 9.8 | The vulnerability exists in BLUVOYIX due to improper authentication in the BLUVOYIX admin APIs. An unauthenticated remote attacker could exploit this vulnerabi… |
| CVE-2026-22237 | CVE-2026-22237 CVSS 9.8 | The vulnerability exists in BLUVOYIX due to the exposure of sensitive internal API documentation. An unauthenticated remote attacker could exploit this vulnera… |
| CVE-2026-22236 | CVE-2026-22236 CVSS 9.8 | The vulnerability exists in BLUVOYIX due to improper authentication in the BLUVOYIX backend APIs. An unauthenticated remote attacker could exploit this vulnera… |
| CVE-2026-22234 | CVE-2026-22234 CVSS 9.8 | OPEXUS eCasePortal before version 9.0.45.0 allows an unauthenticated attacker to navigate to the 'Attachments.aspx' endpoint, iterate through predictable value… |
| CVE-2026-2223 | CVE-2026-2223 CVSS 9.8 | A security vulnerability has been detected in code-projects Online Reviewer System 1.0. Affected by this issue is some unknown functionality of the file /syste… |
| CVE-2026-22214 | CVE-2026-22214 CVSS 9.8 | RIOT OS versions up to and including 2026.01-devel-317 contain a stack-based buffer overflow vulnerability in the ethos utility due to missing bounds checking … |
| CVE-2026-22213 | CVE-2026-22213 CVSS 9.8 | RIOT OS versions up to and including 2026.01-devel-317 contain a stack-based buffer overflow vulnerability in the tapslip6 utility. The vulnerability is caused… |
| CVE-2026-2221 | CVE-2026-2221 CVSS 9.8 | A security flaw has been discovered in code-projects Online Reviewer System 1.0. Affected is an unknown function of the file /login/index.php of the component … |
| CVE-2026-22208 | CVE-2026-22208 CVSS 9.6 | OpenS100 (the reference implementation S-100 viewer) prior to commit 753cf29 contains a remote code execution vulnerability via an unrestricted Lua interpreter… |
| CVE-2026-22207 | CVE-2026-22207 CVSS 9.8 | OpenViking through version 0.1.18, prior to commit 0251c70, contains a broken access control vulnerability that allows unauthenticated attackers to gain ROOT p… |
| CVE-2026-2220 | CVE-2026-2220 CVSS 9.8 | A vulnerability was identified in code-projects Online Reviewer System 1.0. This impacts an unknown function of the file /system/system/admins/assessments/pret… |
| CVE-2026-22192 | CVE-2026-22192 CVSS 9.9 | Voltronic Power SNMP Web Pro version 1.1 contains an authentication bypass vulnerability that allows unauthenticated attackers to access privileged management … |
| CVE-2026-22189 | CVE-2026-22189 CVSS 9.8 | The egg-mkfont utility in Panda3D versions up to and including 1.10.16 contains a stack-based buffer overflow vulnerability due to use of an unbounded sprintf(… |
| CVE-2026-22172 | CVE-2026-22172 CVSS 9.9 | OpenClaw versions prior to 2026.3.12 contain an authorization bypass vulnerability in the WebSocket connect path that allows shared-token or password-authentic… |
| CVE-2026-22171 | CVE-2026-22171 CVSS 9.1 | OpenClaw versions prior to 2026.2.19 contain a path traversal vulnerability in the Feishu media download flow where untrusted media keys are interpolated direc… |
| CVE-2026-2217 | CVE-2026-2217 CVSS 9.8 | A vulnerability was found in itsourcecode Event Management System 1.0. The impacted element is an unknown function of the file /admin/manage_user.php. The mani… |
| CVE-2026-2212 | CVE-2026-2212 CVSS 9.8 | A vulnerability was identified in code-projects Online Music Site 1.0. Affected by this vulnerability is an unknown functionality of the file /Administrator/PH… |
| CVE-2026-2211 | CVE-2026-2211 CVSS 9.8 | A vulnerability was determined in code-projects Online Music Site 1.0. Affected is an unknown function of the file /Administrator/PHP/AdminDeleteCategory.php. … |
| CVE-2026-22070 | CVE-2026-22070 CVSS 9.8 | ColorOS Assistant has an unauthenticated start-download channel, leading to file path traversal. |
| CVE-2026-22043 | CVE-2026-22043 CVSS 9.8 | RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 through 1.0.0-alpha.78, a flawed `deny_only` short-circuit in RustFS IA… |
| CVE-2026-22039 | CVE-2026-22039 CVSS 9.9 | Kyverno is a policy engine designed for cloud native platform engineering teams. Versions prior to 1.16.3 and 1.15.3 have a critical authorization boundary byp… |
| CVE-2026-22034 | CVE-2026-22034 CVSS 9.8 | Snuffleupagus is a module that raises the cost of attacks against website by killing bug classes and providing a virtual patching system. On deployments of Snu… |
| CVE-2026-21994 | CVE-2026-21994 CVSS 9.8 | Vulnerability in the Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit product of Oracle Open Source Projects (component: Desktop). The sup… |
| CVE-2026-21992 | CVE-2026-21992 CVSS 9.8 | Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: REST WebServices) and Oracle Web Services Manager product of Oracl… |
| CVE-2026-2199 | CVE-2026-2199 CVSS 9.8 | A security flaw has been discovered in code-projects Online Reviewer System 1.0. The impacted element is an unknown function of the file /reviewer/system/syste… |
| CVE-2026-2198 | CVE-2026-2198 CVSS 9.8 | A vulnerability was identified in code-projects Online Reviewer System 1.0. The affected element is an unknown function of the file /system/system/admins/asses… |
| CVE-2026-2197 | CVE-2026-2197 CVSS 9.8 | A vulnerability was determined in code-projects Online Reviewer System 1.0. Impacted is an unknown function of the file /system/system/admins/assessments/prete… |
| CVE-2026-21969 | CVE-2026-21969 CVSS 9.8 | Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain (component: Supplier Portal). The supported version… |
| CVE-2026-21962 | CVE-2026-21962 CVSS 10.0 | Vulnerability in the Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in product of Oracle Fusion Middleware (component: Weblogic Server Proxy Plug-in for… |
| CVE-2026-2196 | CVE-2026-2196 CVSS 9.8 | A vulnerability was found in code-projects Online Reviewer System 1.0. This issue affects some unknown processing of the file /system/system/admins/assessments… |
| CVE-2026-2195 | CVE-2026-2195 CVSS 9.8 | A vulnerability has been found in code-projects Online Reviewer System 1.0. This vulnerability affects unknown code of the file /system/system/admins/assessmen… |
| CVE-2026-21902 | CVE-2026-21902 CVSS 9.8 | An Incorrect Permission Assignment for Critical Resource vulnerability in the On-Box Anomaly detection framework of Juniper Networks Junos OS Evolved on PTX Se… |
| CVE-2026-2190 | CVE-2026-2190 CVSS 9.8 | A security flaw has been discovered in itsourcecode School Management System 1.0. This impacts an unknown function of the file /ramonsys/user/controller.php. T… |
| CVE-2026-21891 | CVE-2026-21891 CVSS 9.8 | ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In versions up to and including 1.5.0, the application checks th… |
| CVE-2026-2189 | CVE-2026-2189 CVSS 9.8 | A vulnerability was identified in itsourcecode School Management System 1.0. This affects an unknown function of the file /ramonsys/report/index.php. The manip… |
| CVE-2026-21881 | CVE-2026-21881 CVSS 9.1 | Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below is vulnerable to a critical authentication bypass when REVERSE… |
| CVE-2026-21877 | CVE-2026-21877 CVSS 9.9 | n8n is an open source workflow automation platform. In versions 0.121.2 and below, an authenticated attacker may be able to execute malicious code using the n8… |
| CVE-2026-21875 | CVE-2026-21875 CVSS 9.8 | ClipBucket v5 is an open source video sharing platform. Versions 5.5.2-#187 and below allow an attacker to perform Blind SQL Injection through the add comment … |
| CVE-2026-21869 | CVE-2026-21869 CVSS 9.8 | llama.cpp is an inference of several LLM models in C/C++. In commits 55d4206c8 and prior, the n_discard parameter is parsed directly from JSON input in the lla… |
| CVE-2026-21858 | CVE-2026-21858 CVSS 10.0 | n8n is an open source workflow automation platform. Versions starting with 1.65.0 and below 1.121.0 enable an attacker to access files on the underlying server… |
| CVE-2026-21854 | CVE-2026-21854 CVSS 9.8 | The Tarkov Data Manager is a tool to manage the Tarkov item data. Prior to 02 January 2025, an authentication bypass vulnerability in the login endpoint allows… |
| CVE-2026-2184 | CVE-2026-2184 CVSS 9.8 | A vulnerability was detected in Great Developers Certificate Generation System up to 97171bb0e5e22e52eacf4e4fa81773e5f3cffb73. This vulnerability affects unkno… |
| CVE-2026-2183 | CVE-2026-2183 CVSS 9.8 | A security vulnerability has been detected in Great Developers Certificate Generation System up to 97171bb0e5e22e52eacf4e4fa81773e5f3cffb73. This affects an un… |
| CVE-2026-2174 | CVE-2026-2174 CVSS 9.8 | A security flaw has been discovered in code-projects Contact Management System 1.0. This affects an unknown part of the component CRUD Endpoint. The manipulati… |
| CVE-2026-21732 | CVE-2026-21732 CVSS 9.6 | A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash in the GPU shader co… |
| CVE-2026-2173 | CVE-2026-2173 CVSS 9.8 | A vulnerability was identified in code-projects Online Examination System 1.0. Affected by this issue is some unknown functionality of the file login.php. The … |