31,467 indexed
CVECVE vulnerabilities
31,467 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 201–250 of 8,314 in Critical · page 5 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2026-5973 | CVE-2026-5973 CVSS 9.8 | A vulnerability was found in FoundationAgents MetaGPT up to 0.8.1. Impacted is the function get_mime_type of the file metagpt/utils/common.py. The manipulation… |
| CVE-2026-5972 | CVE-2026-5972 CVSS 9.8 | A vulnerability has been found in FoundationAgents MetaGPT up to 0.8.1. This issue affects the function Terminal.run_command in the library metagpt/tools/libs/… |
| CVE-2026-5971 | CVE-2026-5971 CVSS 9.8 | A flaw has been found in FoundationAgents MetaGPT up to 0.8.1. This vulnerability affects the function ActionNode.xml_fill of the file metagpt/actions/action_n… |
| CVE-2026-5970 | CVE-2026-5970 CVSS 9.8 | A vulnerability was detected in FoundationAgents MetaGPT up to 0.8.1. This affects the function check_solution of the component HumanEvalBenchmark/MBPPBenchmar… |
| CVE-2026-5965 | CVE-2026-5965 CVSS 9.8 | NewSoftOA developed by NewSoft has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and execute … |
| CVE-2026-5964 | CVE-2026-5964 CVSS 9.8 | EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modif… |
| CVE-2026-5963 | CVE-2026-5963 CVSS 9.8 | EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modif… |
| CVE-2026-5962 | CVE-2026-5962 CVSS 9.8 | A vulnerability was detected in Tenda CH22 1.0.0.6(468). This issue affects the function R7WebsSecurityHandlerfunction of the component httpd. The manipulation… |
| CVE-2026-5935 | CVE-2026-5935 CVSS 9.8 | IBM Total Storage Service Console (TSSC) / TS4500 IMC 9.2, 9.3, 9.4, 9.5, 9.6 TSSC/IMC could allow an unauthenticated user to execute arbitrary commands with n… |
| CVE-2026-5902 | CVE-2026-5902 CVSS 9.8 | Race in Media in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to corrupt media stream met… |
| CVE-2026-5874 | CVE-2026-5874 CVSS 9.6 | Use after free in PrivateAI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to potenti… |
| CVE-2026-5854 | CVE-2026-5854 CVSS 9.8 | A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi o… |
| CVE-2026-5853 | CVE-2026-5853 CVSS 9.8 | A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this vulnerability is the function setIpv6LanCfg of the file /… |
| CVE-2026-5852 | CVE-2026-5852 CVSS 9.8 | A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi of the component … |
| CVE-2026-5851 | CVE-2026-5851 CVSS 9.8 | A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi of the comp… |
| CVE-2026-5850 | CVE-2026-5850 CVSS 9.8 | A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the compon… |
| CVE-2026-5849 | CVE-2026-5849 CVSS 9.8 | A vulnerability was determined in Tenda i12 1.0.0.11(3862). The impacted element is an unknown function of the component HTTP Handler. Executing a manipulation… |
| CVE-2026-5845 | CVE-2026-5845 CVSS 9.6 | An improper authorization vulnerability in scoped user-to-server (ghu_) token authorization in GitHub Enterprise Server allows an authenticated attacker to acc… |
| CVE-2026-5841 | CVE-2026-5841 CVSS 9.8 | A weakness has been identified in Tenda i3 1.0.0.6(2204). The affected element is the function R7WebsSecurityHandler of the component HTTP Handler. Executing a… |
| CVE-2026-5788 | CVE-2026-5788 CVSS 9.8 | An Improper Access Control in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to invoke arbitrary methods. |
| CVE-2026-5787 | CVE-2026-5787 CVSS 9.1 | An Improper Certificate Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to impersonate regi… |
| CVE-2026-5760 | CVE-2026-5760 CVSS 9.8lmsys | SGLang's reranking endpoint (/v1/rerank) achieves Remote Code Execution (RCE) when a model file containing a malcious tokenizer.chat_template is loaded, as the… |
| CVE-2026-5752 | CVE-2026-5752 CVSS 9.3 | Sandbox Escape Vulnerability in Terrarium allows arbitrary code execution with root privileges on a host process via JavaScript prototype chain traversal. |
| CVE-2026-5735 | CVE-2026-5735 CVSS 9.8 | Memory safety bugs present in Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough … |
| CVE-2026-5734 | CVE-2026-5734 CVSS 9.8 | Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memo… |
| CVE-2026-5731 | CVE-2026-5731 CVSS 9.8 | Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs s… |
| CVE-2026-5722 | CVE-2026-5722 CVSS 9.8 | The MoreConvert Pro plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.9.14. This is due to the guest waitlist… |
| CVE-2026-5720 | CVE-2026-5720 CVSS 9.1 | miniupnpd contains an integer underflow vulnerability in SOAPAction header parsing that allows remote attackers to cause a denial of service or information dis… |
| CVE-2026-5663 | CVE-2026-5663 CVSS 9.8 | A security flaw has been discovered in OFFIS DCMTK up to 3.7.0. This impacts the function executeOnReception/executeOnEndOfStudy of the file dcmnet/apps/stores… |
| CVE-2026-5652 | CVE-2026-5652 CVSS 9.0 | An insecure direct object reference vulnerability in the Users API component of Crafty Controller allows a remote, authenticated attacker to perform user modif… |
| CVE-2026-5584 | CVE-2026-5584 CVSS 9.8 | A vulnerability has been found in Fosowl agenticSeek 0.1.0. Impacted is the function PyInterpreter.execute of the file sources/tools/PyInterpreter.py of the co… |
| CVE-2026-5574 | CVE-2026-5574 CVSS 9.1 | A security vulnerability has been detected in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. Affected is the function deletefile of the component FsBrowseClean.… |
| CVE-2026-5573 | CVE-2026-5573 CVSS 9.8 | A weakness has been identified in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. This impacts an unknown function of the file /fs. Executing a manipulation of t… |
| CVE-2026-5570 | CVE-2026-5570 CVSS 9.8 | A vulnerability was determined in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. The affected element is the function index_config of the file /LoginCB. This ma… |
| CVE-2026-5569 | CVE-2026-5569 CVSS 9.8 | A vulnerability was found in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. Impacted is an unknown function of the file /Technostrobe/ of the component Endpoint… |
| CVE-2026-5562 | CVE-2026-5562 CVSS 9.8 | A vulnerability was identified in provectus kafka-ui up to 0.7.2. This impacts the function validateAccess of the file /api/smartfilters/testexecutions of the … |
| CVE-2026-5526 | CVE-2026-5526 CVSS 9.8 | A security flaw has been discovered in Tenda 4G03 Pro up to 1.0/1.1/04.03.01.53/192.168.0.1. Affected by this vulnerability is an unknown functionality of the … |
| CVE-2026-5503 | CVE-2026-5503 CVSS 9.1 | In TLSX_EchChangeSNI, the ctx->extensions branch set extensions unconditionally even when TLSX_Find returned NULL. This caused TLSX_UseSNI to attach the attack… |
| CVE-2026-5483 | CVE-2026-5483 CVSS 9.9 | A flaw was found in odh-dashboard in Red Hat Openshift AI. This vulnerability in the `odh-dashboard` component of Red Hat OpenShift AI (RHOAI) allows for the d… |
| CVE-2026-5450 | CVE-2026-5450 CVSS 9.8 | Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with… |
| CVE-2026-5445 | CVE-2026-5445 CVSS 9.1 | An out-of-bounds read vulnerability exists in the `DecodeLookupTable` function within `DicomImageDecoder.cpp`. The lookup-table decoding logic used for `PALETT… |
| CVE-2026-5443 | CVE-2026-5443 CVSS 9.8 | A heap buffer overflow vulnerability exists during the decoding of `PALETTE COLOR` DICOM images. Pixel length validation uses 32-bit multiplication for width a… |
| CVE-2026-5442 | CVE-2026-5442 CVSS 9.8 | A heap buffer overflow vulnerability exists in the DICOM image decoder. Dimension fields are encoded using Value Representation (VR) Unsigned Long (UL), instea… |
| CVE-2026-5433 | CVE-2026-5433 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. |
| CVE-2026-5426 | CVE-2026-5426 CVSS 9.1 | Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState… |
| CVE-2026-5393 | CVE-2026-5393 CVSS 9.1 | Dual-Algorithm CertificateVerify out-of-bounds read. When processing a dual-algorithm CertificateVerify message, an out-of-bounds read can occur on crafted inp… |
| CVE-2026-5368 | CVE-2026-5368 CVSS 9.8 | A vulnerability was determined in projectworlds Car Rental Project 1.0. The affected element is an unknown function of the file /login.php of the component Par… |
| CVE-2026-5334 | CVE-2026-5334 CVSS 9.8 | A weakness has been identified in itsourcecode Online Enrollment System 1.0. Impacted is an unknown function of the file /enrollment/index.php?view=edit&id=3 o… |
| CVE-2026-5333 | CVE-2026-5333 CVSS 9.8 | A security flaw has been discovered in DefaultFuction Content-Management-System 1.0. This issue affects some unknown processing of the file /admin/tools.php. T… |
| CVE-2026-5300 | CVE-2026-5300 CVSS 9.1 | Unauthenticated functionality in CoolerControl/coolercontrold <4.0.0 allows unauthenticated attackers to view and modify potentially sensitive data via HTTP r… |