31,467 indexed
CVECVE vulnerabilities
31,467 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 501–550 of 8,161 in High · page 11 of 164
| ID | Title | Summary |
|---|---|---|
| CVE-2026-5547 | CVE-2026-5547 CVSS 8.8 | A vulnerability has been found in Tenda AC10 16.03.10.10_multi_TDE01. Affected is the function formAddMacfilterRule of the file /bin/httpd. Such manipulation l… |
| CVE-2026-5544 | CVE-2026-5544 CVSS 8.8 | A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. The impacted element is an unknown function of the file /goform/formRemoteCo… |
| CVE-2026-5501 | CVE-2026-5501 CVSS 8.1 | wolfSSL_X509_verify_cert in the OpenSSL compatibility layer accepts a certificate chain in which the leaf's signature is not checked, if the attacker supplies … |
| CVE-2026-5479 | CVE-2026-5479 CVSS 8.1 | In wolfSSL's EVP layer, the ChaCha20-Poly1305 AEAD decryption path in wolfSSL_EVP_CipherFinal (and related EVP cipher finalization functions) fails to verify t… |
| CVE-2026-5478 | CVE-2026-5478 CVSS 8.1 | The Everest Forms plugin for WordPress is vulnerable to Arbitrary File Read and Deletion in all versions up to, and including, 3.4.4. This is due to the plugin… |
| CVE-2026-5474 | CVE-2026-5474 CVSS 8.8 | A vulnerability was found in NASA cFS up to 7.0.0. This affects the function CFE_MSG_GetSize of the file apps/to_lab/fsw/src/to_lab_passthru_encode.c of the co… |
| CVE-2026-5466 | CVE-2026-5466 CVSS 8.1 | wolfSSL's ECCSI signature verifier `wc_VerifyEccsiHash` decodes the `r` and `s` scalars from the signature blob via `mp_read_unsigned_bin` with no check that t… |
| CVE-2026-5465 | CVE-2026-5465 CVSS 8.8 | The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and inc… |
| CVE-2026-5463 | CVE-2026-5463 CVSS 8.6danmcinerney | Command injection vulnerability in console.run_module_with_output() in pymetasploit3 through version 1.0.6 allows attackers to inject newline characters into m… |
| CVE-2026-5436 | CVE-2026-5436 CVSS 8.1 | The MW WP Form plugin for WordPress is vulnerable to Arbitrary File Move/Read in all versions up to and including 5.1.1. This is due to insufficient validation… |
| CVE-2026-5402 | CVE-2026-5402 CVSS 8.8 | TLS protocol dissector heap overflow in Wireshark 4.6.0 to 4.6.4 allows denial of service and possible code execution |
| CVE-2026-5398 | CVE-2026-5398 CVSS 8.4 | The implementation of TIOCNOTTY failed to clear a back-pointer from the structure representing the controlling terminal to the calling process' session. If th… |
| CVE-2026-5396 | CVE-2026-5396 CVSS 8.2 | The Fluent Forms plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 6.1.21. This is d… |
| CVE-2026-5395 | CVE-2026-5395 CVSS 8.2 | The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Referen… |
| CVE-2026-5373 | CVE-2026-5373 CVSS 8.4 | An issue that allowed all-organization administrators to promote accounts to superuser status has been resolved. This is an instance of CWE-269: Improper Privi… |
| CVE-2026-5367 | CVE-2026-5367 CVSS 8.6 | A flaw was found in OVN (Open Virtual Network). A remote attacker, by sending crafted DHCPv6 (Dynamic Host Configuration Protocol for IPv6) SOLICIT packets wit… |
| CVE-2026-5364 | CVE-2026-5364 CVSS 8.1 | The Drag and Drop File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file upload in versions up to, and including, 1.1.3. This is d… |
| CVE-2026-5363 | CVE-2026-5363 CVSS 8.8 | Inadequate Encryption Strength vulnerability in TP-Link Archer C7 v5 and v5.8 (uhttpd modules) allows Password Recovery Exploitation. The web interface encrypt… |
| CVE-2026-5355 | CVE-2026-5355 CVSS 8.8 | A vulnerability has been found in Trendnet TEW-657BRM 1.00.1. Affected by this issue is the function vpn_drop of the file /setup.cgi. The manipulation of the a… |
| CVE-2026-5354 | CVE-2026-5354 CVSS 8.8 | A flaw has been found in Trendnet TEW-657BRM 1.00.1. Affected by this vulnerability is the function vpn_connect of the file /setup.cgi. Executing a manipulatio… |
| CVE-2026-5353 | CVE-2026-5353 CVSS 8.8 | A vulnerability was detected in Trendnet TEW-657BRM 1.00.1. Affected is the function ping_test of the file /setup.cgi. Performing a manipulation of the argumen… |
| CVE-2026-5352 | CVE-2026-5352 CVSS 8.8 | A security vulnerability has been detected in Trendnet TEW-657BRM 1.00.1. This impacts the function Edit of the file /setup.cgi. Such manipulation of the argum… |
| CVE-2026-5351 | CVE-2026-5351 CVSS 8.8 | A weakness has been identified in Trendnet TEW-657BRM 1.00.1. This affects the function add_wps_client of the file /setup.cgi. This manipulation of the argumen… |
| CVE-2026-5350 | CVE-2026-5350 CVSS 8.8 | A security flaw has been discovered in Trendnet TEW-657BRM 1.00.1. The impacted element is the function update_pcdb of the file /setup.cgi. The manipulation of… |
| CVE-2026-5349 | CVE-2026-5349 CVSS 8.8 | A vulnerability was identified in Trendnet TEW-657BRM 1.00.1. The affected element is the function add_apcdb of the file /setup.cgi. The manipulation of the ar… |
| CVE-2026-5339 | CVE-2026-5339 CVSS 8.8 | A vulnerability was detected in Tenda G103 1.0.0.5. The impacted element is the function action_set_net_settings of the file gpon.lua of the component Setting … |
| CVE-2026-5317 | CVE-2026-5317 CVSS 8.8 | A security flaw has been discovered in Nothings stb up to 1.22. This affects the function start_decoder of the file stb_vorbis.c. The manipulation results in o… |
| CVE-2026-5315 | CVE-2026-5315 CVSS 8.8 | A vulnerability was determined in Nothings stb up to 1.26. The affected element is the function stbtt__buf_get8 in the library stb_truetype.h of the component … |
| CVE-2026-5314 | CVE-2026-5314 CVSS 8.8 | A vulnerability was found in Nothings stb up to 1.26. Impacted is the function stbtt_InitFont_internal in the library stb_truetype.h of the component TTF File … |
| CVE-2026-5302 | CVE-2026-5302 CVSS 8.1 | CORS misconfiguration in CoolerControl/coolercontrold <4.0.0 allows unauthenticated remote attackers to read data and send commands to the service via maliciou… |
| CVE-2026-5295 | CVE-2026-5295 CVSS 8.0 | A stack buffer overflow exists in wolfSSL's PKCS7 implementation in the wc_PKCS7_DecryptOri() function in wolfcrypt/src/pkcs7.c. When processing a CMS Envelope… |
| CVE-2026-5292 | CVE-2026-5292 CVSS 8.8 | Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML p… |
| CVE-2026-5287 | CVE-2026-5287 CVSS 8.8 | Use after free in PDF in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Ch… |
| CVE-2026-5286 | CVE-2026-5286 CVSS 8.8 | Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security… |
| CVE-2026-5285 | CVE-2026-5285 CVSS 8.8 | Use after free in WebGL in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. … |
| CVE-2026-5282 | CVE-2026-5282 CVSS 8.1 | Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML p… |
| CVE-2026-5281 | Google Dawn Use-After-Free Vulnerability KEVCVSS 8.8Google | Google Dawn contains an use-after-free vulnerability that could allow a remote attacker who had compromised the renderer process to execute arbitrary code via … |
| CVE-2026-5280 | CVE-2026-5280 CVSS 8.8 | Use after free in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML pa… |
| CVE-2026-5279 | CVE-2026-5279 CVSS 8.8 | Object corruption in V8 in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. … |
| CVE-2026-5278 | CVE-2026-5278 CVSS 8.8 | Use after free in Web MIDI in Google Chrome on Android prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Ch… |
| CVE-2026-5275 | CVE-2026-5275 CVSS 8.8 | Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chr… |
| CVE-2026-5274 | CVE-2026-5274 CVSS 8.8 | Integer overflow in Codecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromiu… |
| CVE-2026-5272 | CVE-2026-5272 CVSS 8.8 | Heap buffer overflow in GPU in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium sec… |
| CVE-2026-5260 | CVE-2026-5260 CVSS 8.2 | A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed… |
| CVE-2026-5246 | CVE-2026-5246 CVSS 8.1 | A vulnerability was determined in Cesanta Mongoose up to 7.20. Affected is the function mg_tls_verify_cert_signature of the file mongoose.c of the component P-… |
| CVE-2026-5245 | CVE-2026-5245 CVSS 8.1 | A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts the function handle_mdns_record of the file mongoose.c of the component mDNS Record Hand… |
| CVE-2026-5214 | CVE-2026-5214 CVSS 8.8 | A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326,… |
| CVE-2026-5213 | CVE-2026-5213 CVSS 8.8 | A vulnerability was determined in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR… |
| CVE-2026-5212 | CVE-2026-5212 CVSS 8.8 | A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR… |
| CVE-2026-5211 | CVE-2026-5211 CVSS 8.8 | A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS… |