31,594 indexed
CVECVE vulnerabilities
31,594 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 2,451–2,500 of 8,314 in Critical · page 50 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2026-0577 | CVE-2026-0577 CVSS 9.8 | A flaw has been found in code-projects Online Product Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file /handgunne… |
| CVE-2026-0576 | CVE-2026-0576 CVSS 9.8 | A vulnerability was detected in code-projects Online Product Reservation System 1.0. Affected is an unknown function of the file /handgunner-administrator/prod… |
| CVE-2026-0575 | CVE-2026-0575 CVSS 9.8 | A security vulnerability has been detected in code-projects Online Product Reservation System 1.0. This impacts an unknown function of the file /handgunner-adm… |
| CVE-2026-0573 | CVE-2026-0573 CVSS 9.0 | An URL redirection vulnerability was identified in GitHub Enterprise Server that allowed attacker-controlled redirects to leak sensitive authorization tokens. … |
| CVE-2026-0570 | CVE-2026-0570 CVSS 9.8 | A vulnerability was found in code-projects Online Music Site 1.0. This impacts an unknown function of the file /Frontend/Feedback.php. Performing a manipulatio… |
| CVE-2026-0569 | CVE-2026-0569 CVSS 9.8 | A vulnerability has been found in code-projects Online Music Site 1.0. This affects an unknown function of the file /Frontend/AlbumByCategory.php. Such manipul… |
| CVE-2026-0568 | CVE-2026-0568 CVSS 9.8 | A flaw has been found in code-projects Online Music Site 1.0. The impacted element is an unknown function of the file /Frontend/ViewSongs.php. This manipulatio… |
| CVE-2026-0567 | CVE-2026-0567 CVSS 9.8 | A vulnerability was detected in code-projects Content Management System 1.0. The affected element is an unknown function of the file /pages.php. The manipulati… |
| CVE-2026-0566 | CVE-2026-0566 CVSS 9.8 | A security vulnerability has been detected in code-projects Content Management System 1.0. Impacted is an unknown function of the file /admin/edit_posts.php. T… |
| CVE-2026-0565 | CVE-2026-0565 CVSS 9.8 | A weakness has been identified in code-projects Content Management System 1.0. This issue affects some unknown processing of the file /admin/delete.php. Execut… |
| CVE-2026-0558 | CVE-2026-0558 CVSS 9.8 | A vulnerability in parisneo/lollms, up to and including version 2.2.0, allows unauthenticated users to upload and process files through the `/api/files/extract… |
| CVE-2026-0546 | CVE-2026-0546 CVSS 9.8 | A vulnerability was determined in code-projects Content Management System 1.0. This impacts an unknown function of the file search.php. This manipulation of th… |
| CVE-2026-0545 | CVE-2026-0545 CVSS 9.8 | In mlflow/mlflow, the FastAPI job endpoints under `/ajax-api/3.0/jobs/*` are not protected by authentication or authorization when the `basic-auth` app is enab… |
| CVE-2026-0544 | CVE-2026-0544 CVSS 9.8 | A security flaw has been discovered in itsourcecode School Management System 1.0. This affects an unknown part of the file /student/index.php. The manipulation… |
| CVE-2026-0509 | CVE-2026-0509 CVSS 9.6 | SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated, low-privileged user to perform background Remote Function Calls without the re… |
| CVE-2026-0501 | CVE-2026-0501 CVSS 9.9 | Due to insufficient input validation in SAP S/4HANA Private Cloud and On-Premise (Financials General Ledger), an authenticated user could execute crafted SQL q… |
| CVE-2026-0491 | CVE-2026-0491 CVSS 9.1 | SAP Landscape Transformation allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the … |
| CVE-2026-0488 | CVE-2026-0488 CVSS 9.9 | An authenticated attacker in SAP CRM and SAP S/4HANA (Scripting Editor) could exploit a flaw in a generic function module call and execute unauthorized critica… |
| CVE-2026-0300 | Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability KEVCVSS 9.8Palo Alto Networks | Palo Alto Networks PAN-OS contains an out-of-bounds write vulnerability in the User-ID Authentication Portal (aka Captive Portal) service that can allow an una… |
| CVE-2026-0120 | CVE-2026-0120 CVSS 9.8 | In modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privi… |
| CVE-2026-0116 | CVE-2026-0116 CVSS 9.8 | In __mfc_handle_released_buf of mfc_core_isr.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution… |
| CVE-2026-0114 | CVE-2026-0114 CVSS 9.8 | In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privi… |
| CVE-2026-0113 | CVE-2026-0113 CVSS 9.8 | In ns_GetUserData of ns_SmscbUtilities.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of pri… |
| CVE-2026-0111 | CVE-2026-0111 CVSS 9.8 | In ns_GetUserData of ns_SmscbUtilities.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of pri… |
| CVE-2026-0110 | CVE-2026-0110 CVSS 9.8 | In MM_DATA_IND of cn_NrSmMsgHdlrFromMM.cpp, there is a possible EoP due to memory corruption. This could lead to remote escalation of privilege with no additio… |
| CVE-2026-0106 | CVE-2026-0106 CVSS 9.3 | In vpu_mmap of vpu_ioctl, there is a possible arbitrary address mmap due to a missing bounds check. This could lead to local escalation of privilege with no ad… |
| CVE-2026-0006 | CVE-2026-0006 CVSS 9.8 | In multiple locations, there is a possible out of bounds read and write due to a heap buffer overflow. This could lead to remote code execution with no additio… |
| CVE-2025-9994 | CVE-2025-9994 CVSS 9.8 | The Amp’ed RF BT-AP 111 Bluetooth access point's HTTP admin interface does not have an authentication feature, allowing unauthorized access to anyone with netw… |
| CVE-2025-9976 | CVE-2025-9976 CVSS 9.0 | An OS Command Injection vulnerability affecting Station Launcher App in 3DEXPERIENCE platform from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R20… |
| CVE-2025-9972 | CVE-2025-9972 CVSS 9.8 | Certain models of Industrial Cellular Gateway developed by Planet Technology have an OS Command Injection vulnerability, allowing unauthenticated remote attack… |
| CVE-2025-9971 | CVE-2025-9971 CVSS 9.8 | Certain models of Industrial Cellular Gateway developed by Planet Technology have a Missing Authentication vulnerability, allowing unauthenticated remote attac… |
| CVE-2025-9967 | CVE-2025-9967 CVSS 9.8 | The Orion SMS OTP Verification plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.7. Thi… |
| CVE-2025-9953 | CVE-2025-9953 CVSS 9.8 | Authorization Bypass Through User-Controlled SQL Primary Key vulnerability in DATABASE Software Training Consulting Ltd. Databank Accreditation Software allows… |
| CVE-2025-9943 | CVE-2025-9943 CVSS 9.1 | An SQL injection vulnerability has been identified in the "ID" attribute of the SAML response when the replay cache of the Shibboleth Service Provider (SP) is … |
| CVE-2025-9935 | CVE-2025-9935 CVSS 9.8 | A vulnerability was determined in TOTOLINK N600R 4.3.0cu.7866_B20220506. This vulnerability affects the function sub_4159F8 of the file /web_cste/cgi-bin/cstec… |
| CVE-2025-9934 | CVE-2025-9934 CVSS 9.8 | A vulnerability was found in TOTOLINK X5000R 9.1.0cu.2415_B20250515. This affects the function sub_410C34 of the file /cgi-bin/cstecgi.cgi. Performing manipula… |
| CVE-2025-9933 | CVE-2025-9933 CVSS 9.8 | A vulnerability has been found in PHPGurukul Beauty Parlour Management System 1.1. Affected by this issue is some unknown functionality of the file /admin/view… |
| CVE-2025-9932 | CVE-2025-9932 CVSS 9.8 | A flaw has been found in PHPGurukul Beauty Parlour Management System 1.1. Affected by this vulnerability is an unknown functionality of the file /admin/update-… |
| CVE-2025-9930 | CVE-2025-9930 CVSS 9.8 | A security vulnerability has been detected in 1000projects Beauty Parlour Management System 1.0. This impacts an unknown function of the file /admin/contact-us… |
| CVE-2025-9928 | CVE-2025-9928 CVSS 9.8 | A security flaw has been discovered in projectworlds Travel Management System 1.0. The impacted element is an unknown function of the file /viewcategory.php. P… |
| CVE-2025-9927 | CVE-2025-9927 CVSS 9.8 | A vulnerability was identified in projectworlds Travel Management System 1.0. The affected element is an unknown function of the file /viewpackage.php. Such ma… |
| CVE-2025-9926 | CVE-2025-9926 CVSS 9.8 | A vulnerability was determined in projectworlds Travel Management System 1.0. Impacted is an unknown function of the file /viewsubcategory.php. This manipulati… |
| CVE-2025-9925 | CVE-2025-9925 CVSS 9.8 | A vulnerability was found in projectworlds Travel Management System 1.0. This issue affects some unknown processing of the file /detail.php. The manipulation o… |
| CVE-2025-9924 | CVE-2025-9924 CVSS 9.8 | A vulnerability has been found in projectworlds Travel Management System 1.0. This vulnerability affects unknown code of the file /enquiry.php. The manipulatio… |
| CVE-2025-9919 | CVE-2025-9919 CVSS 9.8 | A vulnerability was identified in 1000projects Beauty Parlour Management System 1.0. This affects an unknown function of the file /admin/bwdates-reports-detail… |
| CVE-2025-9847 | CVE-2025-9847 CVSS 9.8 | A weakness has been identified in ScriptAndTools Real Estate Management System 1.0. Impacted is an unknown function of the file register.php. This manipulation… |
| CVE-2025-9846 | CVE-2025-9846 CVSS 10.0 | Unrestricted Upload of File with Dangerous Type vulnerability in TalentSys Consulting Information Technology Industry Inc. Inka.Net allows Command Injection. … |
| CVE-2025-9840 | CVE-2025-9840 CVSS 9.8 | A weakness has been identified in itsourcecode Sports Management System 1.0. The impacted element is an unknown function of the file /Admin/gametype.php. Execu… |
| CVE-2025-9839 | CVE-2025-9839 CVSS 9.8 | A security flaw has been discovered in itsourcecode Student Information Management System 1.0. The affected element is an unknown function of the file /admin/m… |
| CVE-2025-9838 | CVE-2025-9838 CVSS 9.8 | A vulnerability was identified in itsourcecode Student Information Management System 1.0. Impacted is an unknown function of the file /admin/modules/subject/in… |