31,467 indexed
CVECVE vulnerabilities
31,467 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 301–350 of 8,314 in Critical · page 7 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2026-4750 | CVE-2026-4750 CVSS 9.1 | Out-of-bounds Read vulnerability in fabiangreffrath woof.This issue affects woof: before woof_15.3.0. |
| CVE-2026-47372 | CVE-2026-47372 CVSS 9.1 | Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictabl… |
| CVE-2026-47323 | CVE-2026-47323 CVSS 9.8apache | Camel-CXF and Camel-Knative Message Header Injection via Missing Inbound Filtering The CXF and Knative HeaderFilterStrategy implementations (CxfRsHeaderFilter… |
| CVE-2026-4729 | CVE-2026-4729 CVSS 9.8 | Memory safety bugs present in Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort s… |
| CVE-2026-47280 | CVE-2026-47280 CVSS 10.0 | Improper authentication in Azure Resource Manager (ARM) allows an unauthorized attacker to elevate privileges over a network. |
| CVE-2026-4725 | CVE-2026-4725 CVSS 10.0 | Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149 and Thunderbird 149. |
| CVE-2026-4724 | CVE-2026-4724 CVSS 9.1 | Undefined behavior in the Audio/Video component. This vulnerability was fixed in Firefox 149 and Thunderbird 149. |
| CVE-2026-4723 | CVE-2026-4723 CVSS 9.8 | Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 149 and Thunderbird 149. |
| CVE-2026-4721 | CVE-2026-4721 CVSS 9.8 | Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence… |
| CVE-2026-4720 | CVE-2026-4720 CVSS 9.8 | Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruptio… |
| CVE-2026-4717 | CVE-2026-4717 CVSS 9.8 | Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. |
| CVE-2026-4716 | CVE-2026-4716 CVSS 9.1 | Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunder… |
| CVE-2026-4715 | CVE-2026-4715 CVSS 9.1 | Uninitialized memory in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.… |
| CVE-2026-4711 | CVE-2026-4711 CVSS 9.8 | Use-after-free in the Widget: Cocoa component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. |
| CVE-2026-4710 | CVE-2026-4710 CVSS 9.8 | Incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 14… |
| CVE-2026-4705 | CVE-2026-4705 CVSS 9.8 | Undefined behavior in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. |
| CVE-2026-4702 | CVE-2026-4702 CVSS 9.8 | JIT miscompilation in the JavaScript Engine component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. |
| CVE-2026-4701 | CVE-2026-4701 CVSS 9.8 | Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. |
| CVE-2026-4700 | CVE-2026-4700 CVSS 9.8 | Mitigation bypass in the Networking: HTTP component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. |
| CVE-2026-4698 | CVE-2026-4698 CVSS 9.8 | JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149… |
| CVE-2026-4696 | CVE-2026-4696 CVSS 9.8 | Use-after-free in the Layout: Text and Fonts component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, an… |
| CVE-2026-4692 | CVE-2026-4692 CVSS 10.0 | Sandbox escape in the Responsive Design Mode component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, an… |
| CVE-2026-4691 | CVE-2026-4691 CVSS 9.8 | Use-after-free in the CSS Parsing and Computation component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 14… |
| CVE-2026-4689 | CVE-2026-4689 CVSS 10.0 | Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, … |
| CVE-2026-4688 | CVE-2026-4688 CVSS 10.0 | Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, … |
| CVE-2026-4670 | CVE-2026-4670 CVSS 9.8 | Authentication bypass by primary weakness vulnerability in Progress Software MOVEit Automation allows Authentication Bypass. This issue affects MOVEit Automat… |
| CVE-2026-46624 | CVE-2026-46624 CVSS 9.9 | Twenty is an open source CRM. From 1.7.7 through 1.16.7, a critical Remote Code Execution (RCE) vulnerability exists in Twenty CRM via a chained SQL Injection … |
| CVE-2026-46595 | CVE-2026-46595 CVSS 10.0 | Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, … |
| CVE-2026-46470 | CVE-2026-46470 CVSS 9.1 | An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemux_audio_caps function does not su… |
| CVE-2026-46364 | CVE-2026-46364 CVSS 9.8 | phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector() and BuiltinCaptcha::saveCaptcha() methods t… |
| CVE-2026-4631 | CVE-2026-4631 CVSS 9.8 | Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An att… |
| CVE-2026-4622 | CVE-2026-4622 CVSS 9.8 | OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute arbitrary OS commands via network. |
| CVE-2026-4620 | CVE-2026-4620 CVSS 9.8 | OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute arbitrary OS commands via network. |
| CVE-2026-4619 | CVE-2026-4619 CVSS 9.8 | Path Traversal vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to wtite over any file via network. |
| CVE-2026-4601 | CVE-2026-4601 CVSS 9.1 | Versions of the package jsrsasign before 11.1.1 are vulnerable to Missing Cryptographic Step via the KJUR.crypto.DSA.signWithMessageHash process in the DSA sig… |
| CVE-2026-4600 | CVE-2026-4600 CVSS 9.1 | Versions of the package jsrsasign before 11.1.1 are vulnerable to Improper Verification of Cryptographic Signature via the DSA domain-parameter validation in K… |
| CVE-2026-4599 | CVE-2026-4599 CVSS 9.1 | Versions of the package jsrsasign from 7.0.0 and before 11.1.1 are vulnerable to Incomplete Comparison with Missing Factors via the getRandomBigIntegerZeroToMa… |
| CVE-2026-4585 | CVE-2026-4585 CVSS 9.8 | A vulnerability has been found in Tiandy Easy7 Integrated Management Platform up to 7.17.0. This vulnerability affects unknown code of the file /Easy7/apps/Web… |
| CVE-2026-4581 | CVE-2026-4581 CVSS 9.8 | A weakness has been identified in code-projects Simple Laundry System 1.0. Affected is an unknown function of the file /checklogin.php of the component Paramet… |
| CVE-2026-4580 | CVE-2026-4580 CVSS 9.8 | A security flaw has been discovered in code-projects Simple Laundry System 1.0. This impacts an unknown function of the file /checkupdatestatus.php of the comp… |
| CVE-2026-4579 | CVE-2026-4579 CVSS 9.8 | A vulnerability was identified in code-projects Simple Laundry System 1.0. This affects an unknown function of the file /viewdetail.php of the component Parame… |
| CVE-2026-45772 | CVE-2026-45772 CVSS 9.8 | Turborepo is a high-performance build system for JavaScript and TypeScript codebases. From 1.1.0 to before 2.9.14, Turborepo can be vulnerable to arbitrary cod… |
| CVE-2026-45721 | CVE-2026-45721 CVSS 9.0 | Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, when Algernon is asked for any URL path that resolves to a directory without an index f… |
| CVE-2026-45714 | CVE-2026-45714 CVSS 9.1 | CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template Injection (SSTI) vulnerability exists in multiple modules of … |
| CVE-2026-4567 | CVE-2026-4567 CVSS 9.8 | A vulnerability has been found in Tenda A15 15.13.07.13. The impacted element is the function UploadCfg of the file /cgi-bin/UploadCfg. The manipulation of the… |
| CVE-2026-45495 | CVE-2026-45495 CVSS 9.8 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
| CVE-2026-45444 | CVE-2026-45444 CVSS 10.0 | Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift Cards For WooCommerce Pro allows Using Malicious Files. This issue affects Gif… |
| CVE-2026-45434 | CVE-2026-45434 CVSS 9.8 | Improper Authentication vulnerability in Apache OFBiz via Password-Change Logic Flaw Leading to Remote Code Execution This issue affects Apache OFBiz: before … |
| CVE-2026-45411 | CVE-2026-45411 CVSS 9.8 | vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.3, it is possible to catch a host exception using the yield* expression inside an async generator. … |
| CVE-2026-45393 | CVE-2026-45393 CVSS 7.8 | A vulnerability chain in Cribl Edge for Windows before 4.17.1 allows a local authenticated user to escalate privileges to NT AUTHORITY\SYSTEM. Incorrect defaul… |