31,467 indexed
CVECVE vulnerabilities
31,467 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 251–300 of 8,314 in Critical · page 6 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2026-5294 | CVE-2026-5294 CVSS 9.8 | The Geeky Bot plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.2.2. This is due to a nopriv AJAX route allowing … |
| CVE-2026-5290 | CVE-2026-5290 CVSS 9.6 | Use after free in Compositing in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perfor… |
| CVE-2026-5289 | CVE-2026-5289 CVSS 9.6 | Use after free in Navigation in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform… |
| CVE-2026-5288 | CVE-2026-5288 CVSS 9.6 | Use after free in WebView in Google Chrome on Android prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially… |
| CVE-2026-5264 | CVE-2026-5264 CVSS 9.8 | Heap buffer overflow in DTLS 1.3 ACK message processing. A remote attacker can send a crafted DTLS 1.3 ACK message that triggers a heap buffer overflow. |
| CVE-2026-5257 | CVE-2026-5257 CVSS 9.8 | A vulnerability has been found in code-projects Simple Laundry System 1.0. This issue affects some unknown processing of the file /delstaffinfo.php of the comp… |
| CVE-2026-5256 | CVE-2026-5256 CVSS 9.8 | A flaw has been found in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /modify.php of the component Parameter Ha… |
| CVE-2026-5244 | CVE-2026-5244 CVSS 9.8 | A vulnerability has been found in Cesanta Mongoose up to 7.20. This affects the function mg_tls_recv_cert of the file mongoose.c of the component TLS 1.3 Handl… |
| CVE-2026-5229 | CVE-2026-5229 CVSS 9.8 | The Form Notify plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.1.10. This is due to the plugin trusting user-con… |
| CVE-2026-5194 | CVE-2026-5194 CVSS 9.1 | Missing hash/digest size and OID checks allow digests smaller than allowed when verifying ECDSA certificates, or smaller than is appropriate for the relevant k… |
| CVE-2026-5187 | CVE-2026-5187 CVSS 9.8 | Two potential heap out-of-bounds write locations existed in DecodeObjectId() in wolfcrypt/src/asn.c. First, a bounds check only validates one available slot be… |
| CVE-2026-5183 | CVE-2026-5183 CVSS 9.8 | A vulnerability was determined in TRENDnet TEW-713RE up to 1.02. The affected element is the function sub_421494 of the file /goform/addRouting. Executing a ma… |
| CVE-2026-5176 | CVE-2026-5176 CVSS 9.8 | A security flaw has been discovered in Totolink A3300R 17.0.0cu.557_b20221024. Affected is the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi. Performi… |
| CVE-2026-5166 | CVE-2026-5166 CVSS 9.6 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus … |
| CVE-2026-5118 | CVE-2026-5118 CVSS 9.8 | The Divi Form Builder plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.2. This is due to the plugin accepting a… |
| CVE-2026-5085 | CVE-2026-5085 CVSS 9.1 | Solstice::Session versions through 1440 for Perl generates session ids insecurely. The _generateSessionID method returns an MD5 digest seeded by the epoch tim… |
| CVE-2026-5081 | CVE-2026-5081 CVSS 9.1chorny | Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure. Apache::Session::Generate::ModUniqueId (added in ver… |
| CVE-2026-5059 | CVE-2026-5059 CVSS 9.8 | aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected … |
| CVE-2026-5058 | CVE-2026-5058 CVSS 9.8 | aws-mcp-server Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installa… |
| CVE-2026-5035 | CVE-2026-5035 CVSS 9.8 | A vulnerability has been found in code-projects Accounting System 1.0. This affects an unknown part of the file /view_work.php of the component Parameter Handl… |
| CVE-2026-5034 | CVE-2026-5034 CVSS 9.8 | A flaw has been found in code-projects Accounting System 1.0. Affected by this issue is some unknown functionality of the file /edit_costumer.php of the compon… |
| CVE-2026-5033 | CVE-2026-5033 CVSS 9.8 | A vulnerability was detected in code-projects Accounting System 1.0. Affected by this vulnerability is an unknown functionality of the file /view_costumer.php … |
| CVE-2026-5030 | CVE-2026-5030 CVSS 9.8 | A vulnerability has been found in Totolink NR1800X 9.1.0u.6279_B20210910. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of t… |
| CVE-2026-5020 | CVE-2026-5020 CVSS 9.8 | A vulnerability was detected in Totolink A3600R 4.1.2cu.5182_B20201102. Affected by this issue is the function setNoticeCfg of the file /cgi-bin/cstecgi.cgi of… |
| CVE-2026-5019 | CVE-2026-5019 CVSS 9.8 | A security vulnerability has been detected in code-projects Simple Food Order System 1.0. Affected by this vulnerability is an unknown functionality of the fil… |
| CVE-2026-5018 | CVE-2026-5018 CVSS 9.8 | A weakness has been identified in code-projects Simple Food Order System 1.0. Affected is an unknown function of the file register-router.php of the component … |
| CVE-2026-5017 | CVE-2026-5017 CVSS 9.8 | A security flaw has been discovered in code-projects Simple Food Order System 1.0. This impacts an unknown function of the file /all-tickets.php of the compone… |
| CVE-2026-4965 | CVE-2026-4965 CVSS 9.8 | A vulnerability was detected in letta-ai letta 0.16.4. This issue affects the function resolve_type of the file letta/functions/ast_parsers.py of the component… |
| CVE-2026-4963 | CVE-2026-4963 CVSS 10.0 | A weakness has been identified in huggingface smolagents 1.25.0.dev0. This affects the function evaluate_augassign/evaluate_call/evaluate_with of the file src/… |
| CVE-2026-4908 | CVE-2026-4908 CVSS 9.8 | A security flaw has been discovered in code-projects Simple Laundry System 1.0. This affects an unknown function of the file /modstaffinfo.php of the component… |
| CVE-2026-48904 | CVE-2026-48904 CVSS 9.8 | An improper access check allows privelege escalation through the com_users group editing webservice endpoint. |
| CVE-2026-48899 | CVE-2026-48899 CVSS 9.8 | An improper access check allows privilege escalation through the com_users batch task. |
| CVE-2026-48898 | CVE-2026-48898 CVSS 9.8 | An improper access check allows privilege escalation through the com_users batch task. |
| CVE-2026-4885 | CVE-2026-4885 CVSS 9.8 | The Piotnet Addons for Elementor Pro plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'pafe_ajax_form_bui… |
| CVE-2026-4883 | CVE-2026-4883 CVSS 9.8 | The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'piotnetforms_ajax_form_builder' funct… |
| CVE-2026-4882 | CVE-2026-4882 CVSS 9.8 | The User Registration Advanced Fields plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'URAF_AJAX::metho… |
| CVE-2026-4880 | CVE-2026-4880 CVSS 9.8 | The Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of Sale) plugin for WordPress is vulnerable to privilege escalation… |
| CVE-2026-48689 | CVE-2026-48689 CVSS 9.8 | FastNetMon Community Edition through 1.2.9 contains an off-by-one heap-based buffer overflow in the dynamic_binary_buffer_t class (src/dynamic_binary_buffer.hp… |
| CVE-2026-48686 | CVE-2026-48686 CVSS 9.8 | FastNetMon Community Edition through 1.2.9 contains a stack-based buffer overflow in the BGP NLRI (Network Layer Reachability Information) decoder. The functio… |
| CVE-2026-4858 | CVE-2026-4858 CVSS 9.9 | Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to check integration URL for path traversal which allows an … |
| CVE-2026-4851 | CVE-2026-4851 CVSS 9.8 | GRID::Machine versions through 0.127 for Perl allows arbitrary code execution via unsafe deserialization. GRID::Machine provides Remote Procedure Calls (RPC) … |
| CVE-2026-4850 | CVE-2026-4850 CVSS 9.8 | A security flaw has been discovered in code-projects Simple Laundry System 1.0. Affected is an unknown function of the file /checkregisitem.php of the componen… |
| CVE-2026-48207 | CVE-2026-48207 CVSS 9.8 | Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce… |
| CVE-2026-48172 | LiteSpeed cPanel Plugin Privilege Escalation Vulnerability KEVCVSS 9.8LiteSpeed | LiteSpeed cPanel Plugin contains privilege escalation vulnerability that is exposed via the user-end cPanel plugin, which can be abused by any cPanel user acco… |
| CVE-2026-4809 | CVE-2026-4809 CVSS 9.8 | plank/laravel-mediable through version 6.4.0 can allow upload of a dangerous file type when an application using the package accepts or prefers a client-suppli… |
| CVE-2026-4800 | CVE-2026-4800 CVSS 9.8 | Impact: The fix for CVE-2021-23337 (https://github.com/advisories/GHSA-35jh-r3h4-6jhm) added validation for the variable option in _.template but did not appl… |
| CVE-2026-4789 | CVE-2026-4789 CVSS 9.8 | Kyverno, versions 1.16.0 and later, are vulnerable to SSRF due to unrestricted CEL HTTP functions. |
| CVE-2026-4784 | CVE-2026-4784 CVSS 9.8 | A vulnerability was found in code-projects Simple Laundry System 1.0. This affects an unknown function of the file /checkcheckout.php of the component Paramete… |
| CVE-2026-4755 | CVE-2026-4755 CVSS 9.8 | CWE-20 vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11. |
| CVE-2026-4753 | CVE-2026-4753 CVSS 9.1 | Out-of-bounds Read vulnerability in slajerek RetroDebugger.This issue affects RetroDebugger: before v0.64.72. |