31,594 indexed
CVECVE vulnerabilities
31,594 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 2,401–2,450 of 8,314 in Critical · page 49 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2026-0920 | CVE-2026-0920 CVSS 9.8 | The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Administrative User Creation in all versions up to, and including, 1.5.6.3. This … |
| CVE-2026-0907 | CVE-2026-0907 CVSS 9.8 | Incorrect security UI in Split View in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium… |
| CVE-2026-0906 | CVE-2026-0906 CVSS 9.8 | Incorrect security UI in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafte… |
| CVE-2026-0905 | CVE-2026-0905 CVSS 9.8 | Insufficient policy enforcement in Network in Google Chrome prior to 144.0.7559.59 allowed an attack who obtained a network log file to potentially obtain pote… |
| CVE-2026-0892 | CVE-2026-0892 CVSS 9.8 | Memory safety bugs present in Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort s… |
| CVE-2026-0884 | CVE-2026-0884 CVSS 9.8 | Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7. |
| CVE-2026-0881 | CVE-2026-0881 CVSS 10.0 | Sandbox escape in the Messaging System component. This vulnerability was fixed in Firefox 147 and Thunderbird 147. |
| CVE-2026-0879 | CVE-2026-0879 CVSS 9.8 | Sandbox escape due to incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140… |
| CVE-2026-0863 | CVE-2026-0863 CVSS 9.9 | Using string formatting and exception handling, an attacker may bypass n8n's python-task-executor sandbox restrictions and run arbitrary unrestricted Python co… |
| CVE-2026-0852 | CVE-2026-0852 CVSS 9.8 | A security flaw has been discovered in code-projects Online Music Site 1.0. The impacted element is an unknown function of the file /Administrator/PHP/AdminUpd… |
| CVE-2026-0851 | CVE-2026-0851 CVSS 9.8 | A vulnerability was identified in code-projects Online Music Site 1.0. The affected element is an unknown function of the file /Administrator/PHP/AdminAddUser.… |
| CVE-2026-0848 | CVE-2026-0848 CVSS 10.0 | NLTK versions <=3.9.2 are vulnerable to arbitrary code execution due to improper input validation in the StanfordSegmenter module. The module dynamically loads… |
| CVE-2026-0821 | CVE-2026-0821 CVSS 9.8 | A vulnerability was determined in quickjs-ng quickjs up to 0.11.0. This vulnerability affects the function js_typed_array_constructor of the file quickjs.c. Ex… |
| CVE-2026-0794 | CVE-2026-0794 CVSS 9.8 | ALGO 8180 IP Audio Alerter SIP Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affe… |
| CVE-2026-0793 | CVE-2026-0793 CVSS 9.8 | ALGO 8180 IP Audio Alerter InformaCast Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute ar… |
| CVE-2026-0792 | CVE-2026-0792 CVSS 9.8 | ALGO 8180 IP Audio Alerter SIP INVITE Alert-Info Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to… |
| CVE-2026-0791 | CVE-2026-0791 CVSS 9.8 | ALGO 8180 IP Audio Alerter SIP INVITE Replaces Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to e… |
| CVE-2026-0787 | CVE-2026-0787 CVSS 9.8 | ALGO 8180 IP Audio Alerter SAC Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on a… |
| CVE-2026-0773 | CVE-2026-0773 CVSS 9.8 | Upsonic Cloudpickle Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code… |
| CVE-2026-0770 | CVE-2026-0770 CVSS 9.8 | Langflow exec_globals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability. This vulnerability allows remote attackers … |
| CVE-2026-0769 | CVE-2026-0769 CVSS 9.8 | Langflow eval_custom_component_code Eval Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on… |
| CVE-2026-0768 | CVE-2026-0768 CVSS 9.8 | Langflow code Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installation… |
| CVE-2026-0764 | CVE-2026-0764 CVSS 9.8 | GPT Academic upload Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code… |
| CVE-2026-0763 | CVE-2026-0763 CVSS 9.8 | GPT Academic run_in_subprocess_wrapper_func Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers t… |
| CVE-2026-0761 | CVE-2026-0761 CVSS 9.8 | Foundation Agents MetaGPT actionoutput_str_to_mapping Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute… |
| CVE-2026-0760 | CVE-2026-0760 CVSS 9.8 | Foundation Agents MetaGPT deserialize_message Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers… |
| CVE-2026-0759 | CVE-2026-0759 CVSS 9.8 | Katana Network Development Starter Kit executeCommand Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to exec… |
| CVE-2026-0756 | CVE-2026-0756 CVSS 9.8 | github-kanban-mcp-server execAsync Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code … |
| CVE-2026-0755 | CVE-2026-0755 CVSS 9.8 | gemini-mcp-tool execAsync Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affect… |
| CVE-2026-0740 | CVE-2026-0740 CVSS 9.8 | The Ninja Forms - File Uploads plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'NF_FU_AJAX_Controllers_… |
| CVE-2026-0732 | CVE-2026-0732 CVSS 9.8 | A vulnerability was found in D-Link DI-8200G 17.12.20A1. This affects an unknown function of the file /upgrade_filter.asp. The manipulation of the argument pat… |
| CVE-2026-0704 | CVE-2026-0704 CVSS 9.1 | In affected version of Octopus Deploy it was possible to remove files and/or contents of files on the host using an API endpoint. The field lacked validation w… |
| CVE-2026-0700 | CVE-2026-0700 CVSS 9.8 | A vulnerability was determined in code-projects Intern Membership Management System 1.0. Affected is an unknown function of the file /intern/admin/check_admin.… |
| CVE-2026-0643 | CVE-2026-0643 CVSS 9.8 | A flaw has been found in projectworlds House Rental and Property Listing 1.0. Impacted is an unknown function of the file /app/register.php?action=reg of the c… |
| CVE-2026-0640 | CVE-2026-0640 CVSS 9.8 | A weakness has been identified in Tenda AC23 16.03.07.52. This affects the function sscanf of the file /goform/PowerSaveSet. Executing a manipulation of the ar… |
| CVE-2026-0610 | CVE-2026-0610 CVSS 9.8 | SQL Injection vulnerability in remote-sessions in Devolutions Server.This issue affects Devolutions Server 2025.3.1 through 2025.3.12 |
| CVE-2026-0607 | CVE-2026-0607 CVSS 9.8 | A flaw has been found in code-projects Online Music Site 1.0. This affects an unknown part of the file /Administrator/PHP/AdminViewSongs.php. Executing a manip… |
| CVE-2026-0606 | CVE-2026-0606 CVSS 9.8 | A vulnerability was detected in code-projects Online Music Site 1.0. Affected by this issue is some unknown functionality of the file /FrontEnd/Albums.php. Per… |
| CVE-2026-0605 | CVE-2026-0605 CVSS 9.8 | A security vulnerability has been detected in code-projects Online Music Site 1.0. Affected by this vulnerability is an unknown functionality of the file /logi… |
| CVE-2026-0597 | CVE-2026-0597 CVSS 9.8 | A flaw has been found in Campcodes Supplier Management System 1.0. Affected by this issue is some unknown functionality of the file /retailer/edit_profile.php.… |
| CVE-2026-0592 | CVE-2026-0592 CVSS 9.8 | A security flaw has been discovered in code-projects Online Product Reservation System 1.0. This affects an unknown function of the file /handgunner-administra… |
| CVE-2026-0591 | CVE-2026-0591 CVSS 9.8 | A vulnerability was identified in code-projects Online Product Reservation System 1.0. The impacted element is an unknown function of the file /app/checkout/up… |
| CVE-2026-0590 | CVE-2026-0590 CVSS 9.8 | A vulnerability was determined in code-projects Online Product Reservation System 1.0. The affected element is an unknown function of the file /app/checkout/de… |
| CVE-2026-0585 | CVE-2026-0585 CVSS 9.8 | A security vulnerability has been detected in code-projects Online Product Reservation System 1.0. Impacted is an unknown function of the file /order_view.php … |
| CVE-2026-0584 | CVE-2026-0584 CVSS 9.8 | A weakness has been identified in code-projects Online Product Reservation System 1.0. This issue affects some unknown processing of the file app/products/left… |
| CVE-2026-0583 | CVE-2026-0583 CVSS 9.8 | A security flaw has been discovered in code-projects Online Product Reservation System 1.0. This vulnerability affects unknown code of the file app/user/login.… |
| CVE-2026-0582 | CVE-2026-0582 CVSS 9.8 | A vulnerability was identified in itsourcecode Society Management System 1.0. This affects an unknown part of the file /admin/edit_activity_query.php. The mani… |
| CVE-2026-0581 | CVE-2026-0581 CVSS 9.8 | A vulnerability was determined in Tenda AC1206 15.03.06.23. Affected by this issue is the function formBehaviorManager of the file /goform/BehaviorManager of t… |
| CVE-2026-0579 | CVE-2026-0579 CVSS 9.8 | A vulnerability was found in code-projects Online Product Reservation System 1.0. This affects an unknown part of the file /handgunner-administrator/edit.php o… |
| CVE-2026-0578 | CVE-2026-0578 CVSS 9.8 | A vulnerability has been found in code-projects Online Product Reservation System 1.0. Affected by this issue is some unknown functionality of the file /handgu… |