31,594 indexed
CVECVE vulnerabilities
31,594 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 2,201–2,250 of 8,314 in Critical · page 45 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2026-2172 | CVE-2026-2172 CVSS 9.8 | A vulnerability was determined in code-projects Online Application System for Admission 1.0. Affected by this vulnerability is an unknown functionality of the … |
| CVE-2026-21718 | CVE-2026-21718 CVSS 9.8 | An authentication bypass vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, enabling any attackers to bypass the authentication requirement … |
| CVE-2026-2171 | CVE-2026-2171 CVSS 9.8 | A vulnerability was found in code-projects Online Student Management System 1.0. Affected is an unknown function of the file accounts.php of the component Logi… |
| CVE-2026-21708 | CVE-2026-21708 CVSS 9.9veeam | A vulnerability allowing a Backup Viewer to perform remote code execution (RCE) as the postgres user. |
| CVE-2026-21679 | CVE-2026-21679 CVSS 9.8 | iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2… |
| CVE-2026-21675 | CVE-2026-21675 CVSS 9.8 | iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below contain a Use After Free vulnerability in… |
| CVE-2026-21671 | CVE-2026-21671 CVSS 9.1 | A vulnerability allowing an authenticated user with the Backup Administrator role to perform remote code execution (RCE) in high availability (HA) deployments … |
| CVE-2026-21669 | CVE-2026-21669 CVSS 9.9 | A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server. |
| CVE-2026-21660 | CVE-2026-21660 CVSS 9.8 | Hardcoded Email Credentials Saved as Plaintext in Firmware (CWE-256: Plaintext Storage of a Password) vulnerability in Frick Controls Quantum HD version 10.22 … |
| CVE-2026-2166 | CVE-2026-2166 CVSS 9.8 | A security vulnerability has been detected in code-projects Online Reviewer System 1.0. The affected element is an unknown function of the file /login/index.ph… |
| CVE-2026-21659 | CVE-2026-21659 CVSS 9.8 | Unauthenticated Remote Code Execution and Information Disclosure due to Local File Inclusion (LFI) vulnerability in Johnson Controls Frick Controls Quantum HD … |
| CVE-2026-21658 | CVE-2026-21658 CVSS 9.8 | Unauthenticated Remote Code Execution i.e Improper Control of Generation of Code ('Code Injection') vulnerability in Johnson Controls Frick Controls Quantum HD… |
| CVE-2026-21657 | CVE-2026-21657 CVSS 9.8 | Improper Control of Generation of Code ('Code Injection') vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient valid… |
| CVE-2026-21656 | CVE-2026-21656 CVSS 9.8 | Improper Control of Generation of Code ('Code Injection') vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient valid… |
| CVE-2026-21654 | CVE-2026-21654 CVSS 9.8 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Johnson Controls Frick Controls Quantum HD allows O… |
| CVE-2026-2165 | CVE-2026-2165 CVSS 9.8 | A weakness has been identified in detronetdip E-commerce 1.0.0. Impacted is an unknown function of the file /Admin/assets/backend/seller/add_seller.php of the … |
| CVE-2026-21643 | Fortinet FortiClient EMS SQL Injection Vulnerability KEVCVSS 9.8Fortinet | Fortinet FortiClient EMS contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized code or commands via specifi… |
| CVE-2026-2164 | CVE-2026-2164 CVSS 9.8 | A security flaw has been discovered in detronetdip E-commerce 1.0.0. This issue affects some unknown processing of the file /seller/assets/backend/profile/adda… |
| CVE-2026-21636 | CVE-2026-21636 CVSS 10.0 | A flaw in Node.js's permission model allows Unix Domain Socket (UDS) connections to bypass network restrictions when `--permission` is enabled. Even without `-… |
| CVE-2026-21628 | CVE-2026-21628 CVSS 9.8 | A improperly secured file management feature allows uploads of dangerous data types for unauthenticated users, leading to remote code execution. |
| CVE-2026-21622 | CVE-2026-21622 CVSS 9.8 | Insufficient Session Expiration vulnerability in hexpm hexpm/hexpm ('Elixir.Hexpm.Accounts.PasswordReset' module) allows Account Takeover. Password reset toke… |
| CVE-2026-2161 | CVE-2026-2161 CVSS 9.8 | A vulnerability was found in itsourcecode Directory Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/forget-passw… |
| CVE-2026-2158 | CVE-2026-2158 CVSS 9.8 | A vulnerability was detected in code-projects Student Web Portal 1.0. This impacts an unknown function of the file /check_user.php. Performing a manipulation o… |
| CVE-2026-21536 | CVE-2026-21536 CVSS 9.8 | Microsoft Devices Pricing Program Remote Code Execution Vulnerability |
| CVE-2026-21531 | CVE-2026-21531 CVSS 9.8 | Deserialization of untrusted data in Azure SDK allows an unauthorized attacker to execute code over a network. |
| CVE-2026-21515 | CVE-2026-21515 CVSS 9.9 | Exposure of sensitive information to an unauthorized actor in Azure IOT Central allows an authorized attacker to elevate privileges over a network. |
| CVE-2026-21450 | CVE-2026-21450 CVSS 9.8 | Bagisto is an open source laravel eCommerce platform. Versions prior to 2.3.10 are vulnerable to server-side template injection via type parameter, which can l… |
| CVE-2026-21448 | CVE-2026-21448 CVSS 9.8 | Bagisto is an open source laravel eCommerce platform. Versions prior to 2.3.10 are vulnerable to server-side template injection. When a normal customer orders … |
| CVE-2026-21446 | CVE-2026-21446 CVSS 9.8 | Bagisto is an open source laravel eCommerce platform. In versions on the 2.3 branch prior to 2.3.10, API routes remain active even after initial installation i… |
| CVE-2026-21445 | CVE-2026-21445 CVSS 9.1 | Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0.dev45, multiple critical API endpoints in Langflow are mi… |
| CVE-2026-21430 | CVE-2026-21430 CVSS 9.3 | Emlog is an open source website building system. In version 2.5.23, article creation functionality is vulnerable to cross-site request forgery (CSRF). This can… |
| CVE-2026-21413 | CVE-2026-21413 CVSS 9.8 | A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted … |
| CVE-2026-21410 | CVE-2026-21410 CVSS 9.8 | InSAT MasterSCADA BUK-TS is susceptible to SQL Injection through its main web interface. Malicious users that use the vulnerable endpoint are potentially able … |
| CVE-2026-2136 | CVE-2026-2136 CVSS 9.8 | A flaw has been found in projectworlds Online Food Ordering System 1.0. This affects an unknown function of the file /view-ticket.php. Executing a manipulation… |
| CVE-2026-2133 | CVE-2026-2133 CVSS 9.8 | A weakness has been identified in code-projects Online Music Site 1.0. Impacted is an unknown function of the file /Administrator/PHP/AdminUpdateCategory.php. … |
| CVE-2026-2132 | CVE-2026-2132 CVSS 9.8 | A security flaw has been discovered in code-projects Online Music Site 1.0. This issue affects some unknown processing of the file /Administrator/PHP/AdminUpda… |
| CVE-2026-2130 | CVE-2026-2130 CVSS 9.8 | A vulnerability was determined in BurtTheCoder mcp-maigret up to 1.0.12. This affects an unknown part of the file src/index.ts of the component search_username… |
| CVE-2026-21227 | CVE-2026-21227 CVSS 9.8 | Improper limitation of a pathname to a restricted directory ('path traversal') in Azure Logic Apps allows an unauthorized attacker to elevate privileges over a… |
| CVE-2026-2122 | CVE-2026-2122 CVSS 9.8 | A security flaw has been discovered in Xiaopi Panel up to 20260126. This impacts an unknown function of the file /demo.php of the component WAF Firewall. The m… |
| CVE-2026-2117 | CVE-2026-2117 CVSS 9.8 | A vulnerability was found in itsourcecode Society Management System 1.0. The affected element is an unknown function of the file /admin/edit_activity.php. Perf… |
| CVE-2026-2116 | CVE-2026-2116 CVSS 9.8 | A vulnerability has been found in itsourcecode Society Management System 1.0. Impacted is an unknown function of the file /admin/edit_expenses.php. Such manipu… |
| CVE-2026-2115 | CVE-2026-2115 CVSS 9.8 | A flaw has been found in itsourcecode Society Management System 1.0. This issue affects some unknown processing of the file /admin/delete_expenses.php. This ma… |
| CVE-2026-2114 | CVE-2026-2114 CVSS 9.8 | A vulnerability was detected in itsourcecode Society Management System 1.0. This vulnerability affects unknown code of the file /admin/edit_admin.php. The mani… |
| CVE-2026-2113 | CVE-2026-2113 CVSS 9.8 | A security vulnerability has been detected in yuan1994 tpadmin up to 1.3.12. This affects an unknown part in the library /public/static/admin/lib/webuploader/0… |
| CVE-2026-20998 | CVE-2026-20998 CVSS 9.8 | Improper authentication in Smart Switch prior to version 3.7.69.15 allows remote attackers to bypass authentication. |
| CVE-2026-20997 | CVE-2026-20997 CVSS 9.8 | Improper verification of cryptographic signature in Smart Switch prior to version 3.7.69.15 allows remote attackers to potentially bypass authentication. |
| CVE-2026-20973 | CVE-2026-20973 CVSS 9.1 | Out-of-bounds read in libimagecodec.quram.so prior to SMR Jan-2026 Release 1 allows remote attacker to access out-of-bounds memory. |
| CVE-2026-20963 | Microsoft SharePoint Deserialization of Untrusted Data Vulnerability KEVCVSS 9.8Microsoft | Microsoft SharePoint contains a deserialization of untrusted data vulnerability that allows an unauthorized attacker to execute code over a network. |
| CVE-2026-2096 | CVE-2026-2096 CVSS 9.8 | Agentflow developed by Flowring has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database cont… |
| CVE-2026-2095 | CVE-2026-2095 CVSS 9.8 | Agentflow developed by Flowring has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to exploit a specific functionality to ob… |