31,467 indexed
CVECVE vulnerabilities
31,467 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 651–700 of 8,161 in High · page 14 of 164
| ID | Title | Summary |
|---|---|---|
| CVE-2026-4674 | CVE-2026-4674 CVSS 8.8 | Out of bounds read in CSS in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (C… |
| CVE-2026-4673 | CVE-2026-4673 CVSS 8.8 | Heap buffer overflow in WebAudio in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML… |
| CVE-2026-46728 | CVE-2026-46728 CVSS 8.2 | Das U-Boot before 2026.04 allows FIT (Flat Image Tree) signature verification bypass because hashed-nodes is omitted from a hash. |
| CVE-2026-46727 | CVE-2026-46727 CVSS 8.1 | An issue was discovered in Ruby 4 before 4.0.5. A race condition leading to a use-after-free in the pthread-based getaddrinfo timeout handler (rb_getaddrinfo i… |
| CVE-2026-46720 | CVE-2026-46720 CVSS 8.2 | Net::Statsd::Tiny versions before 0.3.8 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Me… |
| CVE-2026-46586 | CVE-2026-46586 CVSS 8.8 | Improper Control of Generation of Code ('Code Injection'), Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') vulnerability… |
| CVE-2026-46407 | CVE-2026-46407 CVSS 8.1 | Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the backend admin/auth-token endpoint… |
| CVE-2026-4639 | CVE-2026-4639 CVSS 8.8 | Vitals ESP developed by Galaxy Software Services has a Incorrect Authorization vulnerability, allowing authenticated remote attackers to perform certain admini… |
| CVE-2026-46368 | CVE-2026-46368 CVSS 8.8 | luci-app-https-dns-proxy through 2025.12.29-5 — an optional LuCI web UI add-on for the https-dns-proxy package, distributed through the OpenWrt community packa… |
| CVE-2026-4636 | CVE-2026-4636 CVSS 8.1 | A flaw was found in Keycloak. An authenticated user with the uma_protection role can bypass User-Managed Access (UMA) policy validation. This allows the attack… |
| CVE-2026-4611 | CVE-2026-4611 CVSS 8.8 | A flaw has been found in TOTOLINK X6000R 9.4.0cu.1360_B20241207/9.4.0cu.1498_B20250826. Affected by this issue is the function setLanCfg of the file /usr/sbin/… |
| CVE-2026-45760 | CVE-2026-45760 CVSS 8.1 | (Externally Controlled Reference to a Resource in Another Sphere), (Authorization Bypass Through User-Controlled Key) vulnerability in Apache Camel K. Authoriz… |
| CVE-2026-4570 | CVE-2026-4570 CVSS 8.8 | A vulnerability was identified in SourceCodester Sales and Inventory System 1.0. Affected is an unknown function of the file /view_customers.php of the compone… |
| CVE-2026-45675 | CVE-2026-45675 CVSS 8.1openwebui | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the LDAP and OAuth authentication flows use … |
| CVE-2026-45672 | CVE-2026-45672 CVSS 8.8 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.12, the /api/v1/utils/code/execute endpoint exe… |
| CVE-2026-45671 | CVE-2026-45671 CVSS 8.0 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, any authenticated user can permanently delet… |
| CVE-2026-45665 | CVE-2026-45665 CVSS 8.1 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, a Stored Cross-Site Scripting (XSS) vulnerab… |
| CVE-2026-4566 | CVE-2026-4566 CVSS 8.8 | A flaw has been found in Belkin F9K1122 1.00.33. The affected element is the function formWISP5G of the file /goform/formWISP5G. Executing a manipulation of th… |
| CVE-2026-45659 | CVE-2026-45659 CVSS 8.8 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. |
| CVE-2026-4565 | CVE-2026-4565 CVSS 8.8 | A vulnerability was detected in Tenda AC21 16.03.08.16. Impacted is the function formSetQosBand of the file /goform/SetNetControlList. Performing a manipulatio… |
| CVE-2026-45584 | CVE-2026-45584 CVSS 8.1 | Heap-based buffer overflow in Microsoft Defender allows an unauthorized attacker to execute code over a network. |
| CVE-2026-4558 | CVE-2026-4558 CVSS 8.8 | A flaw has been found in Linksys MR9600 2.0.6.206937. Affected is the function smartConnectConfigure of the file SmartConnect.lua. Executing a manipulation of … |
| CVE-2026-45574 | CVE-2026-45574 CVSS 8.1 | epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.2, an attacker on the network path between the ePA service… |
| CVE-2026-4555 | CVE-2026-4555 CVSS 8.8 | A weakness has been identified in D-Link DIR-513 1.10. The impacted element is the function formEasySetTimezone of the file /goform/formEasySetTimezone of the … |
| CVE-2026-4554 | CVE-2026-4554 CVSS 8.8 | A security flaw has been discovered in Tenda F453 1.0.0.3. The affected element is the function FormWriteFacMac of the file /goform/WriteFacMac. The manipulati… |
| CVE-2026-4553 | CVE-2026-4553 CVSS 8.8 | A vulnerability was identified in Tenda F453 1.0.0.3. Impacted is the function fromNatlimit of the file /goform/Natlimit of the component Parameters Handler. T… |
| CVE-2026-4552 | CVE-2026-4552 CVSS 8.8 | A vulnerability was determined in Tenda F453 1.0.0.3. This issue affects the function fromVirtualSer of the file /goform/VirtualSer of the component Parameters… |
| CVE-2026-4551 | CVE-2026-4551 CVSS 8.8 | A vulnerability was found in Tenda F453 1.0.0.3. This vulnerability affects the function fromSafeClientFilter of the file /goform/SafeClientFilter of the compo… |
| CVE-2026-45498 | Microsoft Defender Denial of Service Vulnerability KEVCVSS 7.5Microsoft | Microsoft Defender contains an unspecified vulnerability that allows for denial of service. |
| CVE-2026-45402 | CVE-2026-45402 CVSS 8.1 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, multiple endpoints accept a user-supplied fi… |
| CVE-2026-45401 | CVE-2026-45401 CVSS 8.5 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the validate_url() function in backend/open_… |
| CVE-2026-45400 | CVE-2026-45400 CVSS 8.5 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, a parsing difference between the urlparse an… |
| CVE-2026-45369 | CVE-2026-45369 CVSS 8.3 | python-utcp is the python implementation of UTCP. Prior to 1.1.3, the _substitute_utcp_args method in cli_communication_protocol.py inserts user-controlled too… |
| CVE-2026-45361 | CVE-2026-45361 CVSS 8.1apache | Apache Airflow providers-google's `ComputeEngineSSHHook` disables SSH host-key verification by default, exposing SSH traffic between an Airflow worker and a Co… |
| CVE-2026-4535 | CVE-2026-4535 CVSS 8.8 | A vulnerability has been found in Tenda FH451 1.0.0.9. This vulnerability affects the function WrlclientSet of the file /goform/WrlclientSet. Such manipulation… |
| CVE-2026-4534 | CVE-2026-4534 CVSS 8.8 | A flaw has been found in Tenda FH451 1.0.0.9. This affects the function formWrlExtraSet of the file /goform/WrlExtraSet. This manipulation of the argument GO c… |
| CVE-2026-45331 | CVE-2026-45331 CVSS 8.5 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, validate_url() in backend/open_webui/retriev… |
| CVE-2026-4533 | CVE-2026-4533 CVSS 8.8 | A vulnerability was detected in code-projects Simple Food Ordering System 1.0. Affected by this issue is some unknown functionality of the file all-tickets.php… |
| CVE-2026-45315 | CVE-2026-45315 CVSS 8.7 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the audio transcription upload endpoint take… |
| CVE-2026-45301 | CVE-2026-45301 CVSS 8.1 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.3.16, a missing permission check in all files rel… |
| CVE-2026-45298 | CVE-2026-45298 CVSS 8.6 | Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, in a default dozzle deploy (the documented quickstart, no DOZZLE_AUTH_PROVIDER set), PO… |
| CVE-2026-4529 | CVE-2026-4529 CVSS 8.8 | A vulnerability was identified in D-Link DHP-1320 1.00WWB04. This affects the function redirect_count_down_page of the component SOAP Handler. Such manipulatio… |
| CVE-2026-45253 | CVE-2026-45253 CVSS 8.4 | ptrace(PT_SC_REMOTE) failed to properly validate parameters for the syscall(2) and __syscall(2) meta-system calls. As a result, a user with the ability to deb… |
| CVE-2026-4525 | CVE-2026-4525 CVSS 8.8 | If a Vault auth mount is configured to pass through the "Authorization" header, and the "Authorization" header is used to authenticate to Vault, Vault forwarde… |
| CVE-2026-45229 | CVE-2026-45229 CVSS 8.8 | Quark Drive before 0.8.5 contains a mass assignment vulnerability in the POST /update endpoint that allows authenticated attackers to overwrite administrator c… |
| CVE-2026-45227 | CVE-2026-45227 CVSS 8.8 | Heym before 0.0.21 contains a sandbox escape vulnerability in the custom Python tool executor that allows authenticated workflow authors to bypass sandbox rest… |
| CVE-2026-45223 | CVE-2026-45223 CVSS 8.8 | Crabbox before 0.9.0 contains an authentication bypass vulnerability in the coordinator user-token verification path where the verifyUserToken() function fails… |
| CVE-2026-45216 | CVE-2026-45216 CVSS 8.8 | Incorrect Privilege Assignment vulnerability in StoreApps Smart Manager allows Privilege Escalation. This issue affects Smart Manager: from n/a through 8.85.0. |
| CVE-2026-45214 | CVE-2026-45214 CVSS 8.5 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons allows B… |
| CVE-2026-45211 | CVE-2026-45211 CVSS 8.5 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saad Iqbal APIExperts Square for WooCommerce woosquare al… |