31,594 indexed
CVECVE vulnerabilities
31,594 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 2,351–2,400 of 8,314 in Critical · page 48 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2026-1361 | CVE-2026-1361 CVSS 9.8 | ASDA-Soft Stack-based Buffer Overflow Vulnerability |
| CVE-2026-1358 | CVE-2026-1358 CVSS 9.8 | Airleader Master versions 6.381 and prior allow for file uploads without restriction to multiple webpages running maximum privileges. This could allow an una… |
| CVE-2026-1357 | CVE-2026-1357 CVSS 9.8 | The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Upload in versions up to and i… |
| CVE-2026-1340 | Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability KEVCVSS 9.8Ivanti | Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution. |
| CVE-2026-1331 | CVE-2026-1331 CVSS 9.8 | MeetingHub developed by HAMASTAR Technology has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web she… |
| CVE-2026-1325 | CVE-2026-1325 CVSS 9.8 | A security flaw has been discovered in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This affects the function edit_pwd_mall of th… |
| CVE-2026-1324 | CVE-2026-1324 CVSS 9.8 | A vulnerability was identified in Sangfor Operation and Maintenance Management System up to 3.0.12. Affected by this issue is the function SessionController of… |
| CVE-2026-1306 | CVE-2026-1306 CVSS 9.8 | The midi-Synth plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type and file extension validation in the 'export' AJAX action … |
| CVE-2026-1281 | Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability KEVCVSS 9.8Ivanti | Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution. |
| CVE-2026-1229 | CVE-2026-1229 CVSS 9.8 | The CombinedMult function in the CIRCL ecc/p384 package (secp384r1 curve) produces an incorrect value for specific inputs. The issue is fixed by using complete… |
| CVE-2026-1221 | CVE-2026-1221 CVSS 9.8 | PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has a Use of Hard-coded Credentials vulnerability, allowing unauthenticated remote attackers to … |
| CVE-2026-1202 | CVE-2026-1202 CVSS 9.8 | A security flaw has been discovered in CRMEB up to 5.6.3. The affected element is the function appleLogin of the file crmeb/app/api/controller/v1/LoginControll… |
| CVE-2026-1188 | CVE-2026-1188 CVSS 9.8 | In the Eclipse OMR port library component since release 0.2.0, an API function to return the textual names of all supported processor features was not accounti… |
| CVE-2026-1181 | CVE-2026-1181 CVSS 9.0 | Altium 365 workspace endpoints were configured with an overly permissive Cross-Origin Resource Sharing (CORS) policy that allowed credentialed cross-origin req… |
| CVE-2026-1179 | CVE-2026-1179 CVSS 9.8 | A vulnerability was detected in Yonyou KSOA 9.0. This affects an unknown part of the file /kmf/user_popedom.jsp of the component HTTP GET Parameter Handler. Th… |
| CVE-2026-1178 | CVE-2026-1178 CVSS 9.8 | A security vulnerability has been detected in Yonyou KSOA 9.0. Affected by this issue is some unknown functionality of the file /kmf/select.jsp of the componen… |
| CVE-2026-1177 | CVE-2026-1177 CVSS 9.8 | A weakness has been identified in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality of the file /kmf/save_folder.jsp of the component… |
| CVE-2026-1176 | CVE-2026-1176 CVSS 9.8 | A security flaw has been discovered in itsourcecode School Management System 1.0. Affected is an unknown function of the file /subject/index.php. Performing a … |
| CVE-2026-1173 | CVE-2026-1173 CVSS 9.8 | A vulnerability was found in birkir prime up to 0.4.0.beta.0. The impacted element is an unknown function of the file /graphql of the component GraphQL Array B… |
| CVE-2026-1162 | CVE-2026-1162 CVSS 9.8 | A flaw has been found in UTT HiPER 810 1.7.4-141218. The impacted element is the function strcpy of the file /goform/setSysAdm. This manipulation of the argume… |
| CVE-2026-1160 | CVE-2026-1160 CVSS 9.8 | A security vulnerability has been detected in PHPGurukul Directory Management System 1.0. Impacted is an unknown function of the file /index.php of the compone… |
| CVE-2026-1159 | CVE-2026-1159 CVSS 9.8 | A weakness has been identified in itsourcecode Online Frozen Foods Ordering System 1.0. This issue affects some unknown processing of the file /order_online.ph… |
| CVE-2026-1152 | CVE-2026-1152 CVSS 9.8 | A security vulnerability has been detected in technical-laohu mpay up to 1.2.4. The impacted element is an unknown function of the component QR Code Image Hand… |
| CVE-2026-1133 | CVE-2026-1133 CVSS 9.8 | A vulnerability was determined in Yonyou KSOA 9.0. The impacted element is an unknown function of the file /kmf/folder.jsp of the component HTTP GET Parameter … |
| CVE-2026-1132 | CVE-2026-1132 CVSS 9.8 | A vulnerability was found in Yonyou KSOA 9.0. The affected element is an unknown function of the file /kmf/edit_folder.jsp of the component HTTP GET Parameter … |
| CVE-2026-1131 | CVE-2026-1131 CVSS 9.8 | A vulnerability has been found in Yonyou KSOA 9.0. Impacted is an unknown function of the file /kmc/save_catalog.jsp of the component HTTP GET Parameter Handle… |
| CVE-2026-1130 | CVE-2026-1130 CVSS 9.8 | A flaw has been found in Yonyou KSOA 9.0. This issue affects some unknown processing of the file /worksheet/worksadd_plan.jsp of the component HTTP GET Paramet… |
| CVE-2026-1129 | CVE-2026-1129 CVSS 9.8 | A vulnerability was detected in Yonyou KSOA 9.0. This vulnerability affects unknown code of the file /worksheet/worksadd.jsp of the component HTTP GET Paramete… |
| CVE-2026-1125 | CVE-2026-1125 CVSS 9.8 | A weakness has been identified in D-Link DIR-823X 250416. Affected by this issue is the function sub_412E7C of the file /goform/set_wifidog_settings. Executing… |
| CVE-2026-1124 | CVE-2026-1124 CVSS 9.8 | A security flaw has been discovered in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality of the file /worksheet/work_report.jsp of th… |
| CVE-2026-1123 | CVE-2026-1123 CVSS 9.8 | A vulnerability was identified in Yonyou KSOA 9.0. Affected is an unknown function of the file /worksheet/work_mod.jsp of the component HTTP GET Parameter Hand… |
| CVE-2026-1122 | CVE-2026-1122 CVSS 9.8 | A vulnerability was determined in Yonyou KSOA 9.0. This impacts an unknown function of the file /worksheet/work_info.jsp of the component HTTP GET Parameter Ha… |
| CVE-2026-1121 | CVE-2026-1121 CVSS 9.8 | A vulnerability was found in Yonyou KSOA 9.0. This affects an unknown function of the file /worksheet/del_workplan.jsp of the component HTTP GET Parameter Hand… |
| CVE-2026-1120 | CVE-2026-1120 CVSS 9.8 | A vulnerability has been found in Yonyou KSOA 9.0. The impacted element is an unknown function of the file /worksheet/del_work.jsp of the component HTTP GET Pa… |
| CVE-2026-1119 | CVE-2026-1119 CVSS 9.8 | A flaw has been found in itsourcecode Society Management System 1.0. The affected element is an unknown function of the file /admin/delete_activity.php. Execut… |
| CVE-2026-1118 | CVE-2026-1118 CVSS 9.8 | A vulnerability was detected in itsourcecode Society Management System 1.0. Impacted is an unknown function of the file /admin/add_activity.php. Performing a m… |
| CVE-2026-1115 | CVE-2026-1115 CVSS 9.6 | A Stored Cross-Site Scripting (XSS) vulnerability was identified in the social feature of parisneo/lollms, affecting the latest version prior to 2.2.0. The vul… |
| CVE-2026-1114 | CVE-2026-1114 CVSS 9.8 | In parisneo/lollms version 2.1.0, the application's session management is vulnerable to improper access control due to the use of a weak secret key for signing… |
| CVE-2026-1107 | CVE-2026-1107 CVSS 9.8 | A weakness has been identified in EyouCMS up to 1.7.1/5.0. Impacted is the function check_userinfo of the file Diyajax.php of the component Member Avatar Handl… |
| CVE-2026-1105 | CVE-2026-1105 CVSS 9.8 | A vulnerability was identified in EasyCMS up to 1.6. This vulnerability affects unknown code of the file /UserAction.class.php. Such manipulation of the argume… |
| CVE-2026-1062 | CVE-2026-1062 CVSS 9.8 | A flaw has been found in xiweicheng TMS up to 2.28.0. This affects the function Summary of the file src/main/java/com/lhjz/portal/util/HtmlUtil.java. This mani… |
| CVE-2026-1061 | CVE-2026-1061 CVSS 9.8 | A vulnerability was detected in xiweicheng TMS up to 2.28.0. Affected by this issue is the function Upload of the file src/main/java/com/lhjz/portal/controller… |
| CVE-2026-1059 | CVE-2026-1059 CVSS 9.8 | A security vulnerability has been detected in FeMiner wms up to 9cad1f1b179a98b9547fd003c23b07c7594775fa. Affected by this vulnerability is an unknown function… |
| CVE-2026-1056 | CVE-2026-1056 CVSS 9.8 | The Snow Monkey Forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'generate_user_dirpath' fun… |
| CVE-2026-1021 | CVE-2026-1021 CVSS 9.8 | Police Statistics Database System developed by Gotac has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attacker to upload and execute… |
| CVE-2026-1019 | CVE-2026-1019 CVSS 9.8 | Police Statistics Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and… |
| CVE-2026-0975 | CVE-2026-0975 CVSS 9.8 | Delta Electronics DIAView has Command Injection vulnerability. |
| CVE-2026-0953 | CVE-2026-0953 CVSS 9.8 | The Tutor LMS Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.9.5 via the Social Login addon. This is d… |
| CVE-2026-0933 | CVE-2026-0933 CVSS 9.9 | SummaryA command injection vulnerability (CWE-78) has been found to exist in the `wrangler pages deploy` command. The issue occurs because the `--commit-hash` … |
| CVE-2026-0926 | CVE-2026-0926 CVSS 9.8 | The Prodigy Commerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.0 via the 'parameters[template_name]'… |