31,594 indexed
CVECVE vulnerabilities
31,594 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 2,301–2,350 of 8,314 in Critical · page 47 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2026-1868 | CVE-2026-1868 CVSS 9.9 | GitLab has remediated a vulnerability in the Duo Workflow Service component of GitLab AI Gateway affecting all versions of the AI Gateway from 18.1.6, 18.2.6, … |
| CVE-2026-1830 | CVE-2026-1830 CVSS 9.8 | The Quick Playground plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.1. This is due to insufficient autho… |
| CVE-2026-1813 | CVE-2026-1813 CVSS 9.8 | A vulnerability was found in bolo-blog bolo-solo up to 2.6.4. Affected is an unknown function of the file src/main/java/org/b3log/solo/bolo/pic/PicUploadProces… |
| CVE-2026-1812 | CVE-2026-1812 CVSS 9.8 | A vulnerability has been found in bolo-blog bolo-solo up to 2.6.4. This impacts the function importFromCnblogs of the file src/main/java/org/b3log/solo/bolo/pr… |
| CVE-2026-1774 | CVE-2026-1774 CVSS 9.8 | CASL Ability, versions 2.4.0 through 6.7.4, contains a prototype pollution vulnerability. |
| CVE-2026-1740 | CVE-2026-1740 CVSS 9.8 | A vulnerability was found in EFM ipTIME A8004T 14.18.2. This impacts the function httpcon_check_session_url of the file /cgi/timepro.cgi of the component Hidde… |
| CVE-2026-1731 | BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) OS Command Injection Vulnerability KEVCVSS 9.8BeyondTrust | BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)contain an OS command injection vulnerability. Successful exploitation could allow an unauthe… |
| CVE-2026-1729 | CVE-2026-1729 CVSS 9.8 | The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.0.12. This is due to the plugin not properly ve… |
| CVE-2026-1709 | CVE-2026-1709 CVSS 9.8 | A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security (TLS) authentication. This auth… |
| CVE-2026-1701 | CVE-2026-1701 CVSS 9.8 | A security vulnerability has been detected in itsourcecode School Management System 1.0. This issue affects some unknown processing of the file /enrollment/ind… |
| CVE-2026-1688 | CVE-2026-1688 CVSS 9.8 | A security vulnerability has been detected in itsourcecode Directory Management System 1.0. The affected element is an unknown function of the file /admin/inde… |
| CVE-2026-1678 | CVE-2026-1678 CVSS 9.8 | dns_unpack_name() caches the buffer tailroom once and reuses it while appending DNS labels. As the buffer grows, the cached size becomes incorrect, and the fin… |
| CVE-2026-1670 | CVE-2026-1670 CVSS 9.8 | The affected products are vulnerable to an unauthenticated API endpoint exposure, which may allow an attacker to remotely change the "forgot password" recovery… |
| CVE-2026-1668 | CVE-2026-1668 CVSS 9.8 | The web interface on multiple Omada switches does not adequately validate certain external inputs, which may lead to out-of-bound memory access when processing… |
| CVE-2026-1633 | CVE-2026-1633 CVSS 10.0 | The Synectix LAN 232 TRIO 3-Port serial to ethernet adapter exposes its web management interface without requiring authentication, allowing unauthenticated use… |
| CVE-2026-1632 | CVE-2026-1632 CVSS 9.1 | MOMA Seismic Station Version v2.4.2520 and prior exposes its web management interface without requiring authentication, which could allow an unauthenticated at… |
| CVE-2026-1626 | CVE-2026-1626 CVSS 9.1 | An attacker may exploit the use of weak CBC-based cipher suites in the device’s SSH service to potentially observe or manipulate parts of the encrypted SSH com… |
| CVE-2026-1615 | CVE-2026-1615 CVSS 9.8 | Versions of the package jsonpath before 1.3.0 are vulnerable to Arbitrary Code Injection via unsafe evaluation of user-supplied JSON Path expressions. The libr… |
| CVE-2026-1595 | CVE-2026-1595 CVSS 9.8 | A vulnerability was detected in itsourcecode Society Management System 1.0. This affects an unknown part of the file /admin/edit_student_query.php. The manipul… |
| CVE-2026-1594 | CVE-2026-1594 CVSS 9.8 | A security vulnerability has been detected in itsourcecode Society Management System 1.0. Affected by this issue is some unknown functionality of the file /adm… |
| CVE-2026-1593 | CVE-2026-1593 CVSS 9.8 | A weakness has been identified in itsourcecode Society Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/edi… |
| CVE-2026-1590 | CVE-2026-1590 CVSS 9.8 | A vulnerability was identified in itsourcecode School Management System 1.0. This impacts an unknown function of the file /ramonsys/faculty/index.php. Such man… |
| CVE-2026-1589 | CVE-2026-1589 CVSS 9.8 | A vulnerability was determined in itsourcecode School Management System 1.0. This affects an unknown function of the file /ramonsys/inquiry/index.php. This man… |
| CVE-2026-1579 | CVE-2026-1579 CVSS 9.8 | The MAVLink communication protocol does not require cryptographic authentication by default. When MAVLink 2.0 message signing is not enabled, any message -- … |
| CVE-2026-1568 | CVE-2026-1568 CVSS 9.6 | Rapid7 InsightVM versions before 8.34.0 contain a signature verification issue on the Assertion Consumer Service (ACS) cloud endpoint that could allow an attac… |
| CVE-2026-1555 | CVE-2026-1555 CVSS 9.8 | The WebStack theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the io_img_upload() function in all versions up… |
| CVE-2026-1552 | CVE-2026-1552 CVSS 9.8 | A security vulnerability has been detected in SEMCMS 5.0. This vulnerability affects unknown code of the file /SEMCMS_Info.php. The manipulation of the argumen… |
| CVE-2026-1547 | CVE-2026-1547 CVSS 9.8 | A vulnerability was detected in Totolink A7000R 4.1cu.4154. This affects the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of t… |
| CVE-2026-1546 | CVE-2026-1546 CVSS 9.8 | A security vulnerability has been detected in jishenghua jshERP up to 3.6. The impacted element is the function getBillItemByParam of the file /jshERP-boot/dep… |
| CVE-2026-1545 | CVE-2026-1545 CVSS 9.8 | A weakness has been identified in itsourcecode School Management System 1.0. The affected element is an unknown function of the file /course/index.php. Executi… |
| CVE-2026-1535 | CVE-2026-1535 CVSS 9.8 | A security vulnerability has been detected in code-projects Online Music Site 1.0. This impacts an unknown function of the file /Administrator/PHP/AdminReply.p… |
| CVE-2026-1534 | CVE-2026-1534 CVSS 9.8 | A weakness has been identified in code-projects Online Music Site 1.0. This affects an unknown function of the file /Administrator/PHP/AdminEditUser.php. This … |
| CVE-2026-1533 | CVE-2026-1533 CVSS 9.8 | A security flaw has been discovered in code-projects Online Music Site 1.0. The impacted element is an unknown function of the file /Administrator/PHP/AdminAdd… |
| CVE-2026-1525 | CVE-2026-1525 CVSS 9.8 | Undici allows duplicate HTTP Content-Length headers when they are provided in an array with case-variant names (e.g., Content-Length and content-length). This … |
| CVE-2026-1524 | CVE-2026-1524 CVSS 9.8 | An edgecase in SSO implementation in Neo4j Enterprise edition versions prior to version 2026.02 can lead to unauthorised access under the following conditions:… |
| CVE-2026-1492 | CVE-2026-1492 CVSS 9.8 | The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin plugin for Word… |
| CVE-2026-1490 | CVE-2026-1490 CVSS 9.8 | The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization … |
| CVE-2026-1470 | CVE-2026-1470 CVSS 9.9 | n8n contains a critical Remote Code Execution (RCE) vulnerability in its workflow Expression evaluation system. Expressions supplied by authenticated users dur… |
| CVE-2026-1453 | CVE-2026-1453 CVSS 9.8 | A missing authentication for critical function vulnerability in KiloView Encoder Series could allow an unauthenticated attacker to create or delete administrat… |
| CVE-2026-1443 | CVE-2026-1443 CVSS 9.8 | A flaw has been found in code-projects Online Music Site 1.0. Affected by this issue is some unknown functionality of the file /Administrator/PHP/AdminDeleteUs… |
| CVE-2026-1435 | CVE-2026-1435 CVSS 9.8 | Not properly invalidated session vulnerability in Graylog Web Interface, version 2.2.3, due to incorrect management of session invalidation after new logins. T… |
| CVE-2026-1423 | CVE-2026-1423 CVSS 9.8 | A vulnerability was determined in code-projects Online Examination System 1.0. Affected by this issue is some unknown functionality of the file /admin_pic.php.… |
| CVE-2026-1422 | CVE-2026-1422 CVSS 9.8 | A vulnerability was found in code-projects Online Examination System 1.0. Affected by this vulnerability is an unknown functionality of the file /index.php of … |
| CVE-2026-1420 | CVE-2026-1420 CVSS 9.8 | A flaw has been found in Tenda AC23 16.03.07.52. This impacts an unknown function of the file /goform/WifiExtraSet. This manipulation of the argument wpapsk_cr… |
| CVE-2026-1414 | CVE-2026-1414 CVSS 9.8 | A vulnerability was determined in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This impacts the function getInformation of the fi… |
| CVE-2026-1413 | CVE-2026-1413 CVSS 9.8 | A vulnerability was found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This affects the function portValidate of the file /for… |
| CVE-2026-1412 | CVE-2026-1412 CVSS 9.8 | A vulnerability has been found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. The impacted element is an unknown function of the… |
| CVE-2026-1405 | CVE-2026-1405 CVSS 9.8 | The Slider Future plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'slider_future_handle_image_upload' f… |
| CVE-2026-1364 | CVE-2026-1364 CVSS 9.8 | IAQS and I6 developed by JNC has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly operate system administrative fu… |
| CVE-2026-1363 | CVE-2026-1363 CVSS 9.8 | IAQS and I6 developed by JNC has a Client-Side Enforcement of Server-Side Security vulnerability, allowing unauthenticated remote attackers to gain administrat… |