31,594 indexed
CVECVE vulnerabilities
31,594 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 2,251–2,300 of 8,314 in Critical · page 46 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2026-20912 | CVE-2026-20912 CVSS 9.1 | Gitea does not properly validate repository ownership when linking attachments to releases. An attachment uploaded to a private repository could potentially be… |
| CVE-2026-20911 | CVE-2026-20911 CVSS 9.8 | A heap-based buffer overflow vulnerability exists in the HuffTable::initval functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted mali… |
| CVE-2026-2090 | CVE-2026-2090 CVSS 9.8 | A vulnerability was determined in SourceCodester Online Class Record System 1.0. This issue affects some unknown processing of the file /admin/message/search.p… |
| CVE-2026-20897 | CVE-2026-20897 CVSS 9.1 | Gitea does not properly validate repository ownership when deleting Git LFS locks. A user with write access to one repository may be able to delete LFS locks b… |
| CVE-2026-2089 | CVE-2026-2089 CVSS 9.8 | A vulnerability was found in SourceCodester Online Class Record System 1.0. This vulnerability affects unknown code of the file /admin/subject/controller.php. … |
| CVE-2026-20889 | CVE-2026-20889 CVSS 9.8 | A heap-based buffer overflow vulnerability exists in the x3f_thumb_loader functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead t… |
| CVE-2026-20884 | CVE-2026-20884 CVSS 9.8 | An integer overflow vulnerability exists in the deflate_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a h… |
| CVE-2026-2088 | CVE-2026-2088 CVSS 9.8 | A vulnerability has been found in PHPGurukul Beauty Parlour Management System 1.1. This affects an unknown part of the file /admin/accepted-appointment.php. Su… |
| CVE-2026-2087 | CVE-2026-2087 CVSS 9.8 | A flaw has been found in SourceCodester Online Class Record System 1.0. Affected by this issue is some unknown functionality of the file /admin/login.php. This… |
| CVE-2026-2083 | CVE-2026-2083 CVSS 9.8 | A security flaw has been discovered in code-projects Social Networking Site 1.0. This affects an unknown function of the file /delete_post.php. Performing a ma… |
| CVE-2026-20797 | CVE-2026-20797 CVSS 9.8 | A stack based buffer overflow exists in an API route of XWEB Pro version 1.12.1 and prior, enabling unauthenticated attackers to cause stack corruption and a… |
| CVE-2026-20792 | CVE-2026-20792 CVSS 9.8 | The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attac… |
| CVE-2026-20781 | CVE-2026-20781 CVSS 9.8 | WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the b… |
| CVE-2026-20750 | CVE-2026-20750 CVSS 9.1 | Gitea does not properly validate project ownership in organization project operations. A user with project write access in one organization may be able to modi… |
| CVE-2026-2073 | CVE-2026-2073 CVSS 9.8 | A vulnerability was determined in itsourcecode School Management System 1.0. This affects an unknown function of the file /ramonsys/user/index.php. Executing a… |
| CVE-2026-20688 | CVE-2026-20688 CVSS 9.3 | A path handling issue was addressed with improved validation. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS… |
| CVE-2026-20677 | CVE-2026-20677 CVSS 9.0 | A race condition was addressed with improved handling of symbolic links. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS S… |
| CVE-2026-2060 | CVE-2026-2060 CVSS 9.8 | A vulnerability was found in code-projects Simple Blood Donor Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /si… |
| CVE-2026-2059 | CVE-2026-2059 CVSS 9.8 | A vulnerability has been found in SourceCodester Medical Center Portal Management System 1.0. Affected is an unknown function of the file /emp_edit1.php. Such … |
| CVE-2026-2058 | CVE-2026-2058 CVSS 9.8 | A flaw has been found in mathurvishal CloudClassroom-PHP-Project up to 5dadec098bfbbf3300d60c3494db3fb95b66e7be. This impacts an unknown function of the file /… |
| CVE-2026-2057 | CVE-2026-2057 CVSS 9.8 | A vulnerability was detected in SourceCodester Medical Center Portal Management System 1.0. This affects an unknown function of the file /login.php. The manipu… |
| CVE-2026-20418 | CVE-2026-20418 CVSS 9.8 | In Thread, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional executio… |
| CVE-2026-20407 | CVE-2026-20407 CVSS 9.3 | In wlan STA driver, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege with User execu… |
| CVE-2026-2039 | CVE-2026-2039 CVSS 9.8 | GFI Archiver MArc.Store Missing Authorization Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affec… |
| CVE-2026-2038 | CVE-2026-2038 CVSS 9.8 | GFI Archiver MArc.Core Missing Authorization Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affect… |
| CVE-2026-20223 | CVE-2026-20223 CVSS 10.0 | A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site res… |
| CVE-2026-20186 | CVE-2026-20186 CVSS 9.9 | A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating… |
| CVE-2026-20184 | CVE-2026-20184 CVSS 9.8 | A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote attacker to i… |
| CVE-2026-20182 | Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability KEVCVSS 10.0Cisco | Cisco Catalyst SD-WAN Controller & Manager contain an authentication bypass vulnerability that allows an unauthenticated, remote attacker to bypass authenticat… |
| CVE-2026-20180 | CVE-2026-20180 CVSS 9.9 | A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating… |
| CVE-2026-2018 | CVE-2026-2018 CVSS 9.8 | A flaw has been found in itsourcecode School Management System 1.0. This affects an unknown part of the file /ramonsys/settings/controller.php. This manipulati… |
| CVE-2026-2017 | CVE-2026-2017 CVSS 9.8 | A vulnerability was detected in IP-COM W30AP up to 1.0.0.11(1340). Affected by this issue is the function R7WebsSecurityHandler of the file /goform/wx3auth of … |
| CVE-2026-20160 | CVE-2026-20160 CVSS 9.8 | A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to execute arbitrary commands on the unde… |
| CVE-2026-20147 | CVE-2026-20147 CVSS 9.9 | A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system o… |
| CVE-2026-2014 | CVE-2026-2014 CVSS 9.8 | A security flaw has been discovered in itsourcecode Student Management System 1.0. This impacts an unknown function of the file /ramonsys/billing/index.php. Pe… |
| CVE-2026-20131 | Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management Deserialization of Untrusted Data Vulnerability KEVCVSS 10.0Cisco | Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management contain a deserialization of untrusted data v… |
| CVE-2026-2013 | CVE-2026-2013 CVSS 9.8 | A vulnerability was identified in itsourcecode Student Management System 1.0. This affects an unknown function of the file /ramonsys/soa/index.php. Such manipu… |
| CVE-2026-20129 | CVE-2026-20129 CVSS 9.8 | A vulnerability in the API user authentication of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain access to an affected s… |
| CVE-2026-20127 | Cisco Catalyst SD-WAN Controller and Manager Authentication Bypass Vulnerability KEVCVSS 10.0Cisco | Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, contain an authentication bypass vulnerab… |
| CVE-2026-2012 | CVE-2026-2012 CVSS 9.8 | A vulnerability was determined in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /ramonsys/facultyloading/… |
| CVE-2026-2011 | CVE-2026-2011 CVSS 9.8 | A vulnerability was found in itsourcecode Student Management System 1.0. The affected element is an unknown function of the file /ramonsys/enrollment/controlle… |
| CVE-2026-20093 | CVE-2026-20093 CVSS 9.8 | A vulnerability in the change password functionality of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to bypass … |
| CVE-2026-20079 | CVE-2026-20079 CVSS 10.0 | A vulnerability in the web interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass authen… |
| CVE-2026-20045 | Cisco Unified Communications Products Code Injection Vulnerability KEVCVSS 9.8Cisco | Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communicatio… |
| CVE-2026-1994 | CVE-2026-1994 CVSS 9.8 | The s2Member plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 260127. This is due to the p… |
| CVE-2026-1963 | CVE-2026-1963 CVSS 9.8 | A vulnerability was found in WeKan up to 8.20. This affects an unknown function of the file models/attachments.js of the component Attachment Storage. The mani… |
| CVE-2026-1962 | CVE-2026-1962 CVSS 9.8 | A vulnerability has been found in WeKan up to 8.20. The impacted element is an unknown function of the file server/attachmentMigration.js of the component Atta… |
| CVE-2026-1951 | CVE-2026-1951 CVSS 9.8 | Delta Electronics AS320T has no checking of the length of the buffer with the directory name vulnerability. |
| CVE-2026-1950 | CVE-2026-1950 CVSS 9.8 | Delta Electronics AS320T has No checking of the length of the buffer with the file name vulnerability. |
| CVE-2026-1949 | CVE-2026-1949 CVSS 9.8 | Delta Electronics AS320T has incorrect calculation of the buffer size on the stack in the GET/PUT request handler of the web service. |