31,467 indexed
CVECVE vulnerabilities
31,467 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 551–600 of 8,161 in High · page 12 of 164
| ID | Title | Summary |
|---|---|---|
| CVE-2026-5204 | CVE-2026-5204 CVSS 8.8 | A vulnerability was determined in Tenda CH22 1.0.0.1. Affected is the function formWebTypeLibrary of the file /goform/webtypelibrary of the component Parameter… |
| CVE-2026-5200 | CVE-2026-5200 CVSS 8.8 | The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to Missing Authorization in v… |
| CVE-2026-5188 | CVE-2026-5188 CVSS 8.1 | An integer underflow issue exists in wolfSSL when parsing the Subject Alternative Name (SAN) extension of X.509 certificates. A malformed certificate can speci… |
| CVE-2026-5184 | CVE-2026-5184 CVSS 8.8 | A vulnerability was identified in TRENDnet TEW-713RE up to 1.02. The impacted element is an unknown function of the file /goform/setSysAdm. The manipulation of… |
| CVE-2026-5178 | CVE-2026-5178 CVSS 8.8 | A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_b20221024. Affected by this issue is the function setIptvCfg of the file /cgi-bin/cs… |
| CVE-2026-5177 | CVE-2026-5177 CVSS 8.8 | A weakness has been identified in Totolink A3300R 17.0.0cu.557_b20221024. Affected by this vulnerability is the function setWiFiBasicCfg of the file /cgi-bin/c… |
| CVE-2026-5174 | CVE-2026-5174 CVSS 8.8 | Improper input validation vulnerability in Progress Software MOVEit Automation allows Privilege Escalation. This issue affects MOVEit Automation: from 2025.1.… |
| CVE-2026-5173 | CVE-2026-5173 CVSS 8.5 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have a… |
| CVE-2026-5161 | CVE-2026-5161 CVSS 8.8 | Improper link resolution before file access ('link following') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus About allows Sym… |
| CVE-2026-5156 | CVE-2026-5156 CVSS 8.8 | A vulnerability was determined in Tenda CH22 1.0.0.1. This impacts the function formQuickIndex of the file /goform/QuickIndex of the component Parameter Handle… |
| CVE-2026-5155 | CVE-2026-5155 CVSS 8.8 | A vulnerability was found in Tenda CH22 1.0.0.1. This affects the function fromAdvSetWan of the file /goform/AdvSetWan of the component Parameter Handler. The … |
| CVE-2026-5154 | CVE-2026-5154 CVSS 8.8 | A vulnerability has been found in Tenda CH22 1.0.0.1/1.If. The impacted element is the function fromSetCfm of the file /goform/setcfm of the component Paramete… |
| CVE-2026-5153 | CVE-2026-5153 CVSS 8.8 | A flaw has been found in Tenda CH22 1.0.0.1. The affected element is the function FormWriteFacMac of the file /goform/WriteFacMac. Executing a manipulation of … |
| CVE-2026-5152 | CVE-2026-5152 CVSS 8.8 | A vulnerability was detected in Tenda CH22 1.0.0.1. Impacted is the function formCreateFileName of the file /goform/createFileName. Performing a manipulation o… |
| CVE-2026-5144 | CVE-2026-5144 CVSS 8.8 | The BuddyPress Groupblog plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.3. This is due to the group blog … |
| CVE-2026-5141 | CVE-2026-5141 CVSS 8.8 | Improper Privilege Management, Improper Access Control, Incorrect privilege assignment vulnerability in TUBITAK BILGEM Software Technologies Research Institute… |
| CVE-2026-5140 | CVE-2026-5140 CVSS 8.8 | Improper neutralization of CRLF sequences ('CRLF injection') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Update allows Auth… |
| CVE-2026-5130 | CVE-2026-5130 CVSS 8.8 | The Debugger & Troubleshooter plugin for WordPress was vulnerable to Unauthenticated Privilege Escalation in versions up to and including 1.3.2. This was due t… |
| CVE-2026-5127 | CVE-2026-5127 CVSS 8.8 | The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to Deserialization o… |
| CVE-2026-5119 | CVE-2026-5119 CVSS 5.9gnome | A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the… |
| CVE-2026-5105 | CVE-2026-5105 CVSS 8.8 | A vulnerability was detected in Totolink A3300R 17.0.0cu.557_b20221024. The affected element is the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of … |
| CVE-2026-5104 | CVE-2026-5104 CVSS 8.8 | A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_b20221024. Impacted is the function setStaticRoute of the file /cgi-bin/cstecgi.cgi.… |
| CVE-2026-5103 | CVE-2026-5103 CVSS 8.8 | A weakness has been identified in Totolink A3300R 17.0.0cu.557_b20221024. This issue affects the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi. This man… |
| CVE-2026-5102 | CVE-2026-5102 CVSS 8.8 | A security flaw has been discovered in Totolink A3300R 17.0.0cu.557_b20221024. This vulnerability affects the function setSmartQosCfg of the file /cgi-bin/cste… |
| CVE-2026-5101 | CVE-2026-5101 CVSS 8.8 | A vulnerability was identified in Totolink A3300R 17.0.0cu.557_b20221024. This affects the function setLanCfg of the file /cgi-bin/cstecgi.cgi of the component… |
| CVE-2026-5052 | CVE-2026-5052 CVSS 8.6 | Vault’s PKI engine’s ACME validation did not reject local targets when issuing http-01 and tls-alpn-01 challenges. This may lead to these requests being sent t… |
| CVE-2026-5046 | CVE-2026-5046 CVSS 8.8 | A flaw has been found in Tenda FH1201 1.2.0.14(408). Affected is the function formWrlExtraSet of the file /goform/WrlExtraSet of the component Parameter Handle… |
| CVE-2026-5045 | CVE-2026-5045 CVSS 8.8 | A vulnerability was detected in Tenda FH1201 1.2.0.14(408). This impacts the function WrlclientSet of the file /goform/WrlclientSet of the component Parameter … |
| CVE-2026-5044 | CVE-2026-5044 CVSS 8.8 | A security vulnerability has been detected in Belkin F9K1122 1.00.33. This affects the function formSetSystemSettings of the file /goform/formSetSystemSettings… |
| CVE-2026-5043 | CVE-2026-5043 CVSS 8.8 | A weakness has been identified in Belkin F9K1122 1.00.33. The impacted element is the function formSetPassword of the file /goform/formSetPassword of the compo… |
| CVE-2026-5042 | CVE-2026-5042 CVSS 8.8 | A security flaw has been discovered in Belkin F9K1122 1.00.33. The affected element is the function formCrossBandSwitch of the file /goform/formCrossBandSwitch… |
| CVE-2026-5039 | CVE-2026-5039 CVSS 8.8 | TP-Link TL-WR841N v13 uses DES-CBC encryption in the TDDPv2 debug protocol with a cryptographic key derived from default web management credentials, making the… |
| CVE-2026-5036 | CVE-2026-5036 CVSS 8.8 | A vulnerability was found in Tenda 4G06 04.06.01.29. This vulnerability affects the function fromDhcpListClient of the file /goform/DhcpListClient of the compo… |
| CVE-2026-5027 | CVE-2026-5027 CVSS 8.8 | The 'POST /api/v2/files' endpoint does not sanitize the 'filename' parameter from the multipart form data, allowing an attacker to write files to arbitrary loc… |
| CVE-2026-5024 | CVE-2026-5024 CVSS 8.8 | A vulnerability was found in D-Link DIR-513 1.10. This issue affects the function formSetEmail of the file /goform/formSetEmail. Performing a manipulation of t… |
| CVE-2026-5021 | CVE-2026-5021 CVSS 8.8 | A flaw has been found in Tenda F453 1.0.0.3. This affects the function fromPPTPUserSetting of the file /goform/PPTPUserSetting of the component httpd. This man… |
| CVE-2026-5004 | CVE-2026-5004 CVSS 8.8 | A vulnerability was determined in Wavlink WL-WN579X3-C 231124. This impacts the function sub_4019FC of the file /cgi-bin/firewall.cgi of the component UPNP Han… |
| CVE-2026-4984 | CVE-2026-4984 CVSS 8.2 | The Twilio integration webhook handler accepts any POST request without validating Twilio's 'X-Twilio-Signature'. When processing media messages, it fetches u… |
| CVE-2026-4976 | CVE-2026-4976 CVSS 8.8 | A vulnerability was found in Totolink LR350 9.3.5u.6369_B20220309. This vulnerability affects the function setWiFiGuestCfg of the file /cgi-bin/cstecgi.cgi. Th… |
| CVE-2026-4975 | CVE-2026-4975 CVSS 8.8 | A vulnerability has been found in Tenda AC15 15.03.05.19. This affects the function formSetCfm of the file /goform/setcfm of the component POST Request Handler… |
| CVE-2026-4974 | CVE-2026-4974 CVSS 8.8 | A flaw has been found in Tenda AC7 15.03.06.44. Affected by this issue is the function fromSetSysTime of the file /goform/SetSysTimeCfg of the component POST R… |
| CVE-2026-4961 | CVE-2026-4961 CVSS 8.8 | A vulnerability was identified in Tenda AC6 15.03.05.16. Affected by this vulnerability is the function formQuickIndex of the file /goform/QuickIndex of the co… |
| CVE-2026-4960 | CVE-2026-4960 CVSS 8.8 | A vulnerability was determined in Tenda AC6 15.03.05.16. Affected is the function fromWizardHandle of the file /goform/WizardHandle of the component POST Reque… |
| CVE-2026-4946 | CVE-2026-4946 CVSS 8.8 | Ghidra versions prior to 12.0.3 improperly process annotation directives embedded in automatically extracted binary data, resulting in arbitrary command execut… |
| CVE-2026-4935 | CVE-2026-4935 CVSS 8.6 | The OttoKit: All-in-One Automation Platform WordPress plugin before 1.1.23 does not properly sanitize user input before using it in a SQL statement, which coul… |
| CVE-2026-4931 | CVE-2026-4931 CVSS 8.6 | Smart contract Marginal v1 performs unsafe downcast, allowing attackers to settle a large debt position for a negligible asset cost. |
| CVE-2026-4924 | CVE-2026-4924 CVSS 8.2 | Improper authentication in the two-factor authentication (2FA) feature in Devolutions Server 2026.1.11 and earlier allows a remote attacker with valid crede… |
| CVE-2026-4922 | CVE-2026-4922 CVSS 8.1 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.0 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have a… |
| CVE-2026-4906 | CVE-2026-4906 CVSS 8.8 | A vulnerability was determined in Tenda AC5 15.03.06.47. The affected element is the function decodePwd of the file /goform/WizardHandle of the component POST … |
| CVE-2026-4905 | CVE-2026-4905 CVSS 8.8 | A vulnerability was found in Tenda AC5 15.03.06.47. Impacted is the function formWifiWpsOOB of the file /goform/WifiWpsOOB of the component POST Request Handle… |