31,467 indexed
CVECVE vulnerabilities
31,467 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 601–650 of 8,161 in High · page 13 of 164
| ID | Title | Summary |
|---|---|---|
| CVE-2026-4904 | CVE-2026-4904 CVSS 8.8 | A vulnerability has been found in Tenda AC5 15.03.06.47. This issue affects the function formSetCfm of the file /goform/setcfm of the component POST Request Ha… |
| CVE-2026-4903 | CVE-2026-4903 CVSS 8.8 | A flaw has been found in Tenda AC5 15.03.06.47. This vulnerability affects the function formQuickIndex of the file /goform/QuickIndex of the component POST Req… |
| CVE-2026-4902 | CVE-2026-4902 CVSS 8.8 | A vulnerability was detected in Tenda AC5 15.03.06.47. This affects the function fromAddressNat of the file /goform/addressNat of the component POST Request Ha… |
| CVE-2026-4896 | CVE-2026-4896 CVSS 8.1 | The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object R… |
| CVE-2026-4892 | CVE-2026-4892 CVSS 8.4 | A heap-based out-of-bounds write vulnerability in the DHCPv6 implementation of dnsmasq allows local attackers to execute arbitrary code with root privileges vi… |
| CVE-2026-48842 | CVE-2026-48842 CVSS 8.1 | Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has Pre-authentication SQL injection in the virtuser_query plugin via a preg_replace() backslash e… |
| CVE-2026-48837 | CVE-2026-48837 CVSS 8.5 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Unlimited Elements For Elementor allows Blind SQL Injecti… |
| CVE-2026-48695 | CVE-2026-48695 CVSS 8.1 | FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the MikroTik router integration plugin. The _log() function in src… |
| CVE-2026-48694 | CVE-2026-48694 CVSS 8.1 | FastNetMon Community Edition through 1.2.9 contains a configuration injection vulnerability in the Juniper router integration plugin. In src/juniper_plugin/fas… |
| CVE-2026-48692 | CVE-2026-48692 CVSS 8.1 | FastNetMon Community Edition through 1.2.9 exposes a gRPC API server on port 50052 with no authentication mechanism. The server is initialized with grpc::Insec… |
| CVE-2026-4862 | CVE-2026-4862 CVSS 8.8 | A security vulnerability has been detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file /goform/formConfig… |
| CVE-2026-4861 | CVE-2026-4861 CVSS 8.8 | A weakness has been identified in Wavlink WL-NU516U1 260227. This vulnerability affects the function ftext of the file /cgi-bin/nas.cgi. This manipulation of t… |
| CVE-2026-4857 | CVE-2026-4857 CVSS 8.4 | IdentityIQ 8.5, all IdentityIQ 8.5 patch levels prior to 8.5p2, IdentityIQ 8.4, and all IdentityIQ 8.4 patch levels prior to 8.4p4 allow authenticated users as… |
| CVE-2026-4840 | CVE-2026-4840 CVSS 8.8 | A security flaw has been discovered in Netcore Power 15AX up to 3.0.0.6938. Affected by this issue is the function setTools of the file /bin/netis.cgi of the c… |
| CVE-2026-4828 | CVE-2026-4828 CVSS 8.2 | Improper authentication in the OAuth login functionality in Devolutions Server 2026.1.11 and earlier allows a remote attacker with valid credentials to bypass … |
| CVE-2026-4826 | CVE-2026-4826 CVSS 8.8 | A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /update_stock.php of the c… |
| CVE-2026-48242 | CVE-2026-48242 CVSS 8.1 | Open ISES Tickets before 3.44.2 contains hardcoded MySQL database connection credentials (host, username, password, database name) in import_mdb.php. The crede… |
| CVE-2026-48241 | CVE-2026-48241 CVSS 8.1 | Open ISES Tickets before 3.44.2 contains hardcoded MySQL database credentials in loader.php (a public-facing database utility) that are committed to the source… |
| CVE-2026-48235 | CVE-2026-48235 CVSS 8.2 | Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in incs/remotes.inc.php where latitude, longitude, callsign, mph, altitude, and timestam… |
| CVE-2026-4818 | CVE-2026-4818 CVSS 8.1 | In Search Guard FLX versions from 3.0.0 up to 4.0.1, there exists an issue which allows users without the necessary privileges to execute some management opera… |
| CVE-2026-4815 | CVE-2026-4815 CVSS 8.8 | A SQL Injection vulnerability has been found in Support Board v3.7.7. This vulnerability allows an attacker to retrieve, create, update and delete database via… |
| CVE-2026-48132 | CVE-2026-48132 CVSS 8.1 | The Security Gateway does not correctly validate a length value in certain IKE packets when NAT-T is used (4500/UDP). As a result, a specially crafted or malfo… |
| CVE-2026-48131 | CVE-2026-48131 CVSS 8.1 | The VPN service may mishandle an unexpected IKE fragment value received on the IKE port 500/UDP during the early stage of a connection attempt. This can cause … |
| CVE-2026-48126 | CVE-2026-48126 CVSS 8.2 | Algernon is a small self-contained pure-Go web server. Prior to 1.17.8, when algernon is started with --domain (or --letsencrypt, which silently turns on --dom… |
| CVE-2026-4802 | CVE-2026-4802 CVSS 8.0 | A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-cont… |
| CVE-2026-4781 | CVE-2026-4781 CVSS 8.8 | A flaw has been found in SourceCodester Sales and Inventory System 1.0. The affected element is an unknown function of the file update_purchase.php of the comp… |
| CVE-2026-4780 | CVE-2026-4780 CVSS 8.8 | A vulnerability was detected in SourceCodester Sales and Inventory System 1.0. Impacted is an unknown function of the file update_out_standing.php of the compo… |
| CVE-2026-4779 | CVE-2026-4779 CVSS 8.8 | A security vulnerability has been detected in SourceCodester Sales and Inventory System 1.0. This issue affects some unknown processing of the file update_cust… |
| CVE-2026-47784 | CVE-2026-47784 CVSS 8.1 | In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by sasl_server_userdb_chec… |
| CVE-2026-47783 | CVE-2026-47783 CVSS 8.1 | In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username … |
| CVE-2026-4758 | CVE-2026-4758 CVSS 8.8 | The WP Job Portal plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'WPJOBPORTALcustomfields::remov… |
| CVE-2026-4747 | CVE-2026-4747 CVSS 8.8 | Each RPCSEC_GSS data packet is validated by a routine which checks a signature in the packet. This routine copies a portion of the packet into a stack buffer,… |
| CVE-2026-4740 | CVE-2026-4740 CVSS 8.2 | A flaw was found in Open Cluster Management (OCM), the technology underlying Red Hat Advanced Cluster Management (ACM). Improper validation of Kubernetes clien… |
| CVE-2026-47358 | CVE-2026-47358 CVSS 8.6 | Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via external URL resolution in uploaded IaC templates when running in server m… |
| CVE-2026-47357 | CVE-2026-47357 CVSS 8.6 | Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via the remote_url parameter in the remote directory scan endpoint (POST /v1/{… |
| CVE-2026-47356 | CVE-2026-47356 CVSS 8.6 | Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via the webhook_url parameter in the file scan endpoint (POST /v1/{iac}/{iacVe… |
| CVE-2026-4722 | CVE-2026-4722 CVSS 8.8 | Privilege escalation in the IPC component. This vulnerability was fixed in Firefox 149 and Thunderbird 149. |
| CVE-2026-4718 | CVE-2026-4718 CVSS 8.1 | Undefined behavior in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. |
| CVE-2026-47114 | CVE-2026-47114 CVSS 8.8 | IINA before 1.4.3 contains a user-assisted command execution vulnerability that allows remote attackers to execute arbitrary commands by supplying malicious mp… |
| CVE-2026-47107 | CVE-2026-47107 CVSS 8.1 | Windmill prior to 1.703.2 contains an incorrect default permissions vulnerability in nsjail sandbox configuration files where /etc is bind-mounted without read… |
| CVE-2026-47102 | CVE-2026-47102 CVSS 8.8litellm | LiteLLM prior to 1.83.10 allows a user to modify their own user_role via the /user/update endpoint. While the endpoint correctly restricts users to updating on… |
| CVE-2026-47101 | CVE-2026-47101 CVSS 8.8litellm | LiteLLM prior to 1.83.14 allows an authenticated internal_user to create API keys with access to routes that their role does not permit. When generating a key,… |
| CVE-2026-4690 | CVE-2026-4690 CVSS 8.6 | Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, … |
| CVE-2026-4687 | CVE-2026-4687 CVSS 8.6 | Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 14… |
| CVE-2026-4680 | CVE-2026-4680 CVSS 8.8 | Use after free in FedCM in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. … |
| CVE-2026-4679 | CVE-2026-4679 CVSS 8.8 | Integer overflow in Fonts in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. … |
| CVE-2026-4678 | CVE-2026-4678 CVSS 8.8 | Use after free in WebGPU in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.… |
| CVE-2026-4677 | CVE-2026-4677 CVSS 8.8 | Inappropriate implementation in WebAudio in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory read via a craft… |
| CVE-2026-4676 | CVE-2026-4676 CVSS 8.8 | Use after free in Dawn in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chr… |
| CVE-2026-4675 | CVE-2026-4675 CVSS 8.8 | Heap buffer overflow in WebGL in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML pag… |