31,467 indexed
CVECVE vulnerabilities
31,467 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 701–750 of 8,161 in High · page 15 of 164
| ID | Title | Summary |
|---|---|---|
| CVE-2026-45055 | CVE-2026-45055 CVSS 8.1 | CubeCart is an ecommerce software solution. Prior to 6.7.2, CubeCart 6.6.x – 6.7.1 builds CC_STORE_URL directly from the Host request header at bootstrap, with… |
| CVE-2026-45035 | CVE-2026-45035 CVSS 8.8 | Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.233, Tabby registers itself as the handler for the tabby:// URL scheme on al… |
| CVE-2026-45006 | CVE-2026-45006 CVSS 8.8 | OpenClaw before 2026.4.23 contains an improper access control vulnerability in the gateway tool's config.apply and config.patch operations that allows compromi… |
| CVE-2026-44966 | CVE-2026-44966 CVSS 8.3shepherdwind | Velocity.js is a JavaScript implementation of the Apache Velocity template engine. In 2.1.5 and earlier, a prototype pollution vulnerability was discovered in … |
| CVE-2026-4493 | CVE-2026-4493 CVSS 8.8 | A vulnerability was determined in Tenda A18 Pro 02.03.02.28. The impacted element is the function sub_423B50 of the file /goform/setMacFilterCfg of the compone… |
| CVE-2026-44926 | CVE-2026-44926 CVSS 8.8 | InfoScale CmdServer before 7.4.2 mishandles access control. |
| CVE-2026-44925 | CVE-2026-44925 CVSS 8.8 | Cross-Site Request Forgery (CSRF) vulnerability in InfoScale v.9.1.3 Operations Manager (VIOM) allows an attacker to force the user with an active session into… |
| CVE-2026-4492 | CVE-2026-4492 CVSS 8.8 | A vulnerability was found in Tenda A18 Pro 02.03.02.28. The affected element is the function set_qosMib_list of the file /goform/formSetQosBand. Performing a m… |
| CVE-2026-4491 | CVE-2026-4491 CVSS 8.8 | A vulnerability has been found in Tenda A18 Pro 02.03.02.28. Impacted is the function fromSetIpMacBind of the file /goform/SetIpMacBind. Such manipulation of t… |
| CVE-2026-44900 | CVE-2026-44900 CVSS 8.1 | epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.1, in SignedPublicKeysTrustValidatorImpl.isTrusted(), the… |
| CVE-2026-4490 | CVE-2026-4490 CVSS 8.8 | A flaw has been found in Tenda A18 Pro 02.03.02.28. This issue affects the function setSchedWifi of the file /goform/openSchedWifi. This manipulation causes st… |
| CVE-2026-4489 | CVE-2026-4489 CVSS 8.8 | A vulnerability was detected in Tenda A18 Pro 02.03.02.28. This vulnerability affects the function form_fast_setting_wifi_set of the file /goform/fast_setting_… |
| CVE-2026-4488 | CVE-2026-4488 CVSS 8.8 | A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected is the function strcpy of the file /goform/setSysAdm. Such manipulation … |
| CVE-2026-44871 | CVE-2026-44871 CVSS 8.8 | Command injection vulnerabilities exist in the command line interface (CLI) service accessed by the PAPI protocol of AOS-8 and AOS-10 Operating Systems. Succes… |
| CVE-2026-44870 | CVE-2026-44870 CVSS 8.8 | Command injection vulnerabilities exist in the command line interface (CLI) service accessed by the PAPI protocol of AOS-8 and AOS-10 Operating Systems. Succes… |
| CVE-2026-4487 | CVE-2026-4487 CVSS 8.8 | A vulnerability was determined in UTT HiPER 1200GW up to 2.5.3-170306. This impacts the function strcpy of the file /goform/websHostFilter. This manipulation c… |
| CVE-2026-44869 | CVE-2026-44869 CVSS 8.8 | Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabi… |
| CVE-2026-44868 | CVE-2026-44868 CVSS 8.8 | Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabi… |
| CVE-2026-44867 | CVE-2026-44867 CVSS 8.8 | Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabi… |
| CVE-2026-44866 | CVE-2026-44866 CVSS 8.8 | Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabi… |
| CVE-2026-4486 | CVE-2026-4486 CVSS 8.8 | A vulnerability was found in D-Link DIR-513 1.10. This affects the function formEasySetPassword of the file /goform/formEasySetPassword of the component Web Se… |
| CVE-2026-44843 | CVE-2026-44843 CVSS 8.2 | LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.85 and 1.3.3, LangChain contains older runtime code paths that deserial… |
| CVE-2026-4484 | CVE-2026-4484 CVSS 8.8 | The Masteriyo LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.6. This is due to the plugin allowing a … |
| CVE-2026-44832 | CVE-2026-44832 CVSS 8.8 | Snipe-IT is an IT asset/license management system. Prior to 8.4.1, aAn authenticated user with only users.edit permission can escalate their own privileges to … |
| CVE-2026-44827 | CVE-2026-44827 CVSS 8.8 | Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, diffusers 0.37.0 allows remote code execution without the trust_remote_code=True … |
| CVE-2026-4480 | CVE-2026-4480 CVSS 9.0redhat | A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" … |
| CVE-2026-4478 | CVE-2026-4478 CVSS 8.1 | A vulnerability was identified in Yi Technology YI Home Camera 2 2.1.1_20171024151200. This impacts an unknown function of the file home/web/ipc of the compone… |
| CVE-2026-4475 | CVE-2026-4475 CVSS 8.8 | A vulnerability has been found in Yi Technology YI Home Camera 2 2.1.1_20171024151200. The affected element is an unknown function of the file home/web/ipc. Su… |
| CVE-2026-44729 | CVE-2026-44729 CVSS 8.7 | Twenty is an open source CRM. In 1.18.0 and earlier, the file serving endpoints in Twenty CRM at /files/* and /file/:fileFolder/:id serve uploaded files using … |
| CVE-2026-44728 | CVE-2026-44728 CVSS 8.2 | Babel is a compiler for writing next generation JavaScript. From 7.12.0 to before 7.29.4 and 8.0.0-alpha.13, using Babel to compile code that was specifically … |
| CVE-2026-44706 | CVE-2026-44706 CVSS 8.5 | Chatwoot is a customer engagement suite. From 2.2.0 to before 4.11.2, a SQL injection vulnerability exists in the conversation and contact filter APIs. When fi… |
| CVE-2026-44669 | CVE-2026-44669 CVSS 8.7 | FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting (XSS) via attachmen… |
| CVE-2026-44667 | CVE-2026-44667 CVSS 8.7 | FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting (XSS) via attachmen… |
| CVE-2026-4465 | CVE-2026-4465 CVSS 8.8 | A flaw has been found in D-Link DIR-513 1.10. The impacted element is an unknown function of the file /goform/formSysCmd. Executing a manipulation of the argum… |
| CVE-2026-4464 | CVE-2026-4464 CVSS 8.8 | Integer overflow in ANGLE in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (C… |
| CVE-2026-44633 | CVE-2026-44633 CVSS 8.1 | Live Helper Chat is an open-source application that enables live support websites. In 4.84v, the Live Helper Chat REST API chat update endpoint allows a REST u… |
| CVE-2026-4463 | CVE-2026-4463 CVSS 8.8 | Heap buffer overflow in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML pag… |
| CVE-2026-4462 | CVE-2026-4462 CVSS 8.8 | Out of bounds read in Blink in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.… |
| CVE-2026-4461 | CVE-2026-4461 CVSS 8.8 | Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML… |
| CVE-2026-4460 | CVE-2026-4460 CVSS 8.8 | Out of bounds read in Skia in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. … |
| CVE-2026-4459 | CVE-2026-4459 CVSS 8.8 | Out of bounds read and write in WebAudio in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafte… |
| CVE-2026-44586 | CVE-2026-44586 CVSS 8.3 | SiYuan is an open-source personal knowledge management system. From 2.1.12 to before 3.7.0. SiYuan's Bazaar marketplace renders package author metadata from th… |
| CVE-2026-4458 | CVE-2026-4458 CVSS 8.8 | Use after free in Extensions in Google Chrome prior to 146.0.7680.153 allowed an attacker who convinced a user to install a malicious extension to potentially … |
| CVE-2026-44578 | CVE-2026-44578 CVSS 8.6 | Next.js is a React framework for building full-stack web applications. From 13.4.13 to before 15.5.16 and 16.2.5, self-hosted applications using the built-in N… |
| CVE-2026-44574 | CVE-2026-44574 CVSS 8.1 | Next.js is a React framework for building full-stack web applications. From 15.4.0 to before 15.5.16 and 16.2.5, applications that rely on middleware to protec… |
| CVE-2026-44570 | CVE-2026-44570 CVSS 8.3 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.19, authorization controls surrounding the memo… |
| CVE-2026-4457 | CVE-2026-4457 CVSS 8.8 | Type Confusion in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromi… |
| CVE-2026-44565 | CVE-2026-44565 CVSS 8.1 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.10, when uploading an audio file, the name of t… |
| CVE-2026-4456 | CVE-2026-4456 CVSS 8.8 | Use after free in Digital Credentials API in Google Chrome prior to 146.0.7680.153 allowed a remote attacker who had compromised the renderer process to potent… |
| CVE-2026-44554 | CVE-2026-44554 CVSS 8.1 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the POST /api/v1/retrieval/process/web endpo… |