31,467 indexed
CVECVE vulnerabilities
31,467 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 801–850 of 8,161 in High · page 17 of 164
| ID | Title | Summary |
|---|---|---|
| CVE-2026-43938 | CVE-2026-43938 CVSS 8.1 | YetAnotherForum.NET (YAF.NET) is a C# ASP.NET forum. Prior to 4.0.5 and 3.2.12, the application's database logger (YAFNET.Core/Logger/DbLogger.cs) captures the… |
| CVE-2026-43937 | CVE-2026-43937 CVSS 8.8 | YetAnotherForum.NET (YAF.NET) is a C# ASP.NET forum. Prior to 4.0.5, Any admin OnPost… handler executes its side effects before the ResultFilterAttribute rewri… |
| CVE-2026-43935 | CVE-2026-43935 CVSS 8.1 | e107 is a content management system (CMS). Prior to 2.3.4, a Host Header Injection vulnerability in the password reset page allows attackers to manipulate the … |
| CVE-2026-43929 | CVE-2026-43929 CVSS 8.2 | ssrfcheck is a library that checks if a string contains a potential SSRF attack. In 1.3.0 and earlier, ssrfcheck fails to block Server-Side Request Forgery att… |
| CVE-2026-43913 | CVE-2026-43913 CVSS 8.1 | Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, Vaultwarden allows an unconfirmed organization owner to purge the entire organiz… |
| CVE-2026-43912 | CVE-2026-43912 CVSS 8.7 | Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, Vaultwarden does not enforce that a groups_users.users_organizations_uuid entry … |
| CVE-2026-43911 | CVE-2026-43911 CVSS 8.1 | Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, refresh tokens are not invalidated when the user's security_stamp is rotated by … |
| CVE-2026-43909 | CVE-2026-43909 CVSS 8.8 | OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.… |
| CVE-2026-43908 | CVE-2026-43908 CVSS 8.8 | OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.… |
| CVE-2026-43907 | CVE-2026-43907 CVSS 8.3 | OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.… |
| CVE-2026-43893 | CVE-2026-43893 CVSS 8.2 | exiftool-vendored provides cross-platform Node.js access to ExifTool. Prior to 35.19.0, exiftool-vendored starts ExifTool in -stay_open True -@ - mode, where a… |
| CVE-2026-43892 | CVE-2026-43892 CVSS 8.8 | AntSword is a cross-platform website management toolkit. Prior to 2.1.16, incomplete noxss() sanitization leads to 1-click RCE via jquery.terminal format code … |
| CVE-2026-43888 | CVE-2026-43888 CVSS 8.7 | Outline is a service that allows for collaborative documentation. Prior to 1.7.0, ZipHelper.extract computes the extraction path for each entry by passing a fu… |
| CVE-2026-43886 | CVE-2026-43886 CVSS 8.2 | Outline is a service that allows for collaborative documentation. From 0.84.0 to 1.6.1, a logic error in OAuthInterface.validateScope() uses Array.some() to va… |
| CVE-2026-43640 | CVE-2026-43640 CVSS 8.1 | Bitwarden Server prior to v2026.4.1 does not require master-password re-authentication when retrieving or rotating an organization's SCIM API key, allowing an … |
| CVE-2026-43618 | CVE-2026-43618 CVSS 8.1 | Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overfl… |
| CVE-2026-43584 | CVE-2026-43584 CVSS 8.8 | OpenClaw before 2026.4.10 contains an insufficient environment variable denylist vulnerability in its exec environment policy that allows operator-supplied ove… |
| CVE-2026-43571 | CVE-2026-43571 CVSS 8.8 | OpenClaw before 2026.4.10 contains a plugin trust bypass vulnerability that allows channel setup catalog lookups to resolve workspace plugin shadows before bun… |
| CVE-2026-43569 | CVE-2026-43569 CVSS 8.8 | OpenClaw before 2026.4.9 contains an authentication bypass vulnerability allowing untrusted workspace plugins to be auto-enabled during non-interactive onboard… |
| CVE-2026-43535 | CVE-2026-43535 CVSS 8.1 | OpenClaw before 2026.4.14 contains an authorization context reuse vulnerability in collect-mode queue batches that allows messages from different senders to in… |
| CVE-2026-43533 | CVE-2026-43533 CVSS 8.6 | OpenClaw before 2026.4.10 contains an arbitrary file read vulnerability in QQBot media tags that allows attackers to reference host-local paths outside the int… |
| CVE-2026-43531 | CVE-2026-43531 CVSS 8.8 | OpenClaw before 2026.4.9 contains an environment variable injection vulnerability allowing malicious workspace .env files to set runtime-control variables. Att… |
| CVE-2026-43530 | CVE-2026-43530 CVSS 8.8 | OpenClaw versions 2026.2.23 before 2026.4.12 contain a weakened exec approval binding vulnerability in busybox and toybox applet execution that allows attacker… |
| CVE-2026-4351 | CVE-2026-4351 CVSS 8.1 | The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal in all versions up to, and including, 2.5.9. This is due to t… |
| CVE-2026-4350 | CVE-2026-4350 CVSS 8.1 | The Perfmatters plugin for WordPress is vulnerable to arbitrary file deletion via path traversal in all versions up to, and including, 2.5.9.1. This is due to … |
| CVE-2026-43490 | CVE-2026-43490 CVSS 8.8 | In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate inherited ACE SID length smb_inherit_dacl() walks the parent directory DA… |
| CVE-2026-4347 | CVE-2026-4347 CVSS 8.1 | The MW WP Form plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation via the 'generate_user_filepath' function a… |
| CVE-2026-43466 | CVE-2026-43466 CVSS 8.2 | In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix DMA FIFO desync on error CQE SQ recovery In case of a TX error CQE, a reco… |
| CVE-2026-43452 | CVE-2026-43452 CVSS 8.2 | In the Linux kernel, the following vulnerability has been resolved: netfilter: x_tables: guard option walkers against 1-byte tail reads When the last byte of… |
| CVE-2026-4342 | CVE-2026-4342 CVSS 8.8 | A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to ar… |
| CVE-2026-43403 | CVE-2026-43403 CVSS 8.8 | In the Linux kernel, the following vulnerability has been resolved: nsfs: tighten permission checks for ns iteration ioctls Even privileged services should n… |
| CVE-2026-43391 | CVE-2026-43391 CVSS 8.8 | In the Linux kernel, the following vulnerability has been resolved: nsfs: tighten permission checks for handle opening Even privileged services should not ne… |
| CVE-2026-43377 | CVE-2026-43377 CVSS 8.1 | In the Linux kernel, the following vulnerability has been resolved: ksmbd: Don't log keys in SMB3 signing and encryption key generation When KSMBD_DEBUG_AUTH… |
| CVE-2026-43365 | CVE-2026-43365 CVSS 8.2 | In the Linux kernel, the following vulnerability has been resolved: xfs: fix undersized l_iclog_roundoff values If the superblock doesn't list a log stripe u… |
| CVE-2026-43362 | CVE-2026-43362 CVSS 8.1 | In the Linux kernel, the following vulnerability has been resolved: smb: client: fix in-place encryption corruption in SMB2_write() SMB2_write() places write… |
| CVE-2026-43334 | CVE-2026-43334 CVSS 8.8 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SMP: force responder MITM requirements before building the pairing response sm… |
| CVE-2026-43322 | CVE-2026-43322 CVSS 8.8 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: Fix UAF in le_read_features_complete This fixes the following backtr… |
| CVE-2026-43291 | CVE-2026-43291 CVSS 8.3 | In the Linux kernel, the following vulnerability has been resolved: net: nfc: nci: Fix parameter validation for packet data Since commit 9c328f54741b ("net: … |
| CVE-2026-43284 | CVE-2026-43284 CVSS 8.8 | In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSG_SPLICE_PAGES can attach pages f… |
| CVE-2026-43283 | CVE-2026-43283 CVSS 8.8 | In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ec_bhf: Fix dma_free_coherent() dma handle dma_free_coherent() in error pa… |
| CVE-2026-43274 | CVE-2026-43274 CVSS 8.4 | In the Linux kernel, the following vulnerability has been resolved: mailbox: mchp-ipc-sbi: fix out-of-bounds access in mchp_ipc_get_cluster_aggr_irq() The cl… |
| CVE-2026-4326 | CVE-2026-4326 CVSS 8.8 | The Vertex Addons for Elementor plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. This is due to improper … |
| CVE-2026-43249 | CVE-2026-43249 CVSS 8.8 | In the Linux kernel, the following vulnerability has been resolved: 9p/xen: protect xen_9pfs_front_free against concurrent calls The xenwatch thread can race… |
| CVE-2026-43239 | CVE-2026-43239 CVSS 8.8 | In the Linux kernel, the following vulnerability has been resolved: smb: client: prevent races in ->query_interfaces() It was possible for two query interfac… |
| CVE-2026-43233 | CVE-2026-43233 CVSS 8.2 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_h323: fix OOB read in decode_choice() In decode_choice(), the bou… |
| CVE-2026-43232 | CVE-2026-43232 CVSS 8.8 | In the Linux kernel, the following vulnerability has been resolved: net: wan: farsync: Fix use-after-free bugs caused by unfinished tasklets When the FarSync… |
| CVE-2026-43215 | CVE-2026-43215 CVSS 8.8 | In the Linux kernel, the following vulnerability has been resolved: cifs: Fix locking usage for tcon fields We used to use the cifs_tcp_ses_lock to protect a… |
| CVE-2026-43190 | CVE-2026-43190 CVSS 8.2 | In the Linux kernel, the following vulnerability has been resolved: netfilter: xt_tcpmss: check remaining length before reading optlen Quoting reporter: In… |
| CVE-2026-43187 | CVE-2026-43187 CVSS 8.8 | In the Linux kernel, the following vulnerability has been resolved: xfs: delete attr leaf freemap entries when empty Back in commit 2a2b5932db6758 ("xfs: fix… |
| CVE-2026-4318 | CVE-2026-4318 CVSS 8.8 | A vulnerability was determined in UTT HiPER 810G up to 1.7.7-171114. Affected is the function strcpy of the file /goform/formApLbConfig. This manipulation of t… |