31,509 indexed
CVECVE vulnerabilities
31,509 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 1,151–1,200 of 8,161 in High · page 24 of 164
| ID | Title | Summary |
|---|---|---|
| CVE-2026-39852 | CVE-2026-39852 CVSS 8.2 | Quarkus is a Java framework for building cloud-native applications. In versions prior to 3.20.6.1, 3.27.3.1, 3.33.1.1, 3.35.1.1, 3.34.7, and 3.35.2, a path nor… |
| CVE-2026-39849 | CVE-2026-39849 CVSS 8.8 | Pi-hole FTL is the core engine of the Pi-hole network-level advertisement and tracker blocker. In versions before 6.6.1, the `dns.interface` configuration fiel… |
| CVE-2026-39816 | CVE-2026-39816 CVSS 8.8 | The optional extension component TinkerpopClientService is missing the Restricted annotation with the Execute Code Required Permission in Apache NiFi 2.0.0-M1 … |
| CVE-2026-39815 | CVE-2026-39815 CVSS 8.8 | A improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiDDoS-F 7.2.1 through 7.2.2 may allow atta… |
| CVE-2026-3978 | CVE-2026-3978 CVSS 8.8 | A vulnerability was detected in D-Link DIR-513 1.10. The impacted element is an unknown function of the file /goform/formEasySetupWizard3. The manipulation of … |
| CVE-2026-3976 | CVE-2026-3976 CVSS 8.8 | A weakness has been identified in Tenda W3 1.0.0.3(2204). Impacted is the function formWifiMacFilterSet of the file /goform/WifiMacFilterSet of the component P… |
| CVE-2026-3975 | CVE-2026-3975 CVSS 8.8 | A security flaw has been discovered in Tenda W3 1.0.0.3(2204). This issue affects the function formWifiMacFilterGet of the file /goform/WifiMacFilterGet of the… |
| CVE-2026-3974 | CVE-2026-3974 CVSS 8.8 | A vulnerability was identified in Tenda W3 1.0.0.3(2204). This vulnerability affects the function formexeCommand of the file /goform/exeCommand of the componen… |
| CVE-2026-3973 | CVE-2026-3973 CVSS 8.8 | A vulnerability was determined in Tenda W3 1.0.0.3(2204). This affects the function formSetAutoPing of the file /goform/setAutoPing of the component POST Param… |
| CVE-2026-3972 | CVE-2026-3972 CVSS 8.8 | A vulnerability was found in Tenda W3 1.0.0.3(2204). Affected by this issue is the function formSetCfm of the file /goform/setcfm of the component HTTP Handler… |
| CVE-2026-3971 | CVE-2026-3971 CVSS 8.8 | A vulnerability has been found in Tenda i3 1.0.0.6(2204). Affected by this vulnerability is the function formwrlSSIDset of the file /goform/wifiSSIDset. The ma… |
| CVE-2026-3970 | CVE-2026-3970 CVSS 8.8 | A flaw has been found in Tenda i3 1.0.0.6(2204). Affected is the function formwrlSSIDget of the file /goform/wifiSSIDget. Executing a manipulation of the argum… |
| CVE-2026-39621 | CVE-2026-39621 CVSS 8.8 | Cross-Site Request Forgery (CSRF) vulnerability in spicethemes SpicePress spicepress allows Upload a Web Shell to a Web Server.This issue affects SpicePress: f… |
| CVE-2026-3953 | CVE-2026-3953 CVSS 8.8 | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Gosoft Software Industry and Trade Ltd. Co. Proticaret E-… |
| CVE-2026-39495 | CVE-2026-39495 CVSS 8.5 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NSquared Simply Schedule Appointments simply-schedule-app… |
| CVE-2026-39486 | CVE-2026-39486 CVSS 8.5 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Chill Download Monitor download-monitor allows Blind S… |
| CVE-2026-39462 | CVE-2026-39462 CVSS 8.1 | A vulnerability exists in SenseLive X3050’s web management interface in which password updates are not reliably applied due to improper handling of credential … |
| CVE-2026-39461 | CVE-2026-39461 CVSS 8.8 | libcasper(3) communicates with helper processes via UNIX domain sockets, and uses the select(2) system call to wait for data to become available. However, it … |
| CVE-2026-39432 | CVE-2026-39432 CVSS 8.2 | Missing Authorization vulnerability in Arraytics Timetics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Timetics… |
| CVE-2026-39393 | CVE-2026-39393 CVSS 8.1 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0… |
| CVE-2026-39386 | CVE-2026-39386 CVSS 8.8 | Neko is a a self-hosted virtual browser that runs in Docker and uses WebRTC In versions 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1, any authenticated user ca… |
| CVE-2026-39371 | CVE-2026-39371 CVSS 8.1 | RedwoodSDK is a server-first React framework. From 1.0.0-beta.50 to 1.0.5, erver functions exported from "use server" files could be invoked via GET requests, … |
| CVE-2026-3936 | CVE-2026-3936 CVSS 8.8 | Use after free in WebView in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTM… |
| CVE-2026-39355 | CVE-2026-39355 CVSS 8.8 | Genealogy is a family tree PHP application. Prior to 5.9.1, a critical broken access control vulnerability in the genealogy application allows any authenticate… |
| CVE-2026-39344 | CVE-2026-39344 CVSS 8.1 | ChurchCRM is an open-source church management system. Prior to 7.1.0, there is a Reflected Cross-Site Scripting (XSS) vulnerability on the login page, which is… |
| CVE-2026-39342 | CVE-2026-39342 CVSS 8.8 | ChurchCRM is an open-source church management system. Prior to 7.1.0, the searchwhat parameter via QueryView.php with the QueryID=15 is vulnerable to a SQL inj… |
| CVE-2026-39341 | CVE-2026-39341 CVSS 8.1 | ChurchCRM is an open-source church management system. Prior to 7.1.0, the application is vulnerable to time-based SQL injection due to an improper input valida… |
| CVE-2026-39340 | CVE-2026-39340 CVSS 8.1 | ChurchCRM is an open-source church management system. Prior to 7.1.0, a SQL injection vulnerability exists in PropertyTypeEditor.php, part of the administratio… |
| CVE-2026-39334 | CVE-2026-39334 CVSS 8.8 | ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /SettingsIndividual.php in Churc… |
| CVE-2026-39333 | CVE-2026-39333 CVSS 8.7 | ChurchCRM is an open-source church management system. Prior to 7.1.0, he FindFundRaiser.php endpoint reflects user-supplied input (DateStart and DateEnd) into … |
| CVE-2026-39332 | CVE-2026-39332 CVSS 8.7 | ChurchCRM is an open-source church management system. Prior to 7.1.0, a reflected Cross-Site Scripting (XSS) vulnerability in GeoPage.php allows any authentica… |
| CVE-2026-39331 | CVE-2026-39331 CVSS 8.1 | ChurchCRM is an open-source church management system. Prior to 7.1.0, an authenticated API user can modify any family record's state without proper authorizati… |
| CVE-2026-39330 | CVE-2026-39330 CVSS 8.8 | ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /PropertyAssign.php in ChurchCRM… |
| CVE-2026-39329 | CVE-2026-39329 CVSS 8.8 | ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was identified in /EventNames.php in ChurchCRM. Authentica… |
| CVE-2026-39328 | CVE-2026-39328 CVSS 8.9 | ChurchCRM is an open-source church management system. Prior to 7.1.0, a stored cross-site scripting vulnerability exists in ChurchCRM's person profile editing … |
| CVE-2026-39327 | CVE-2026-39327 CVSS 8.8 | ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /MemberRoleChange.php in ChurchC… |
| CVE-2026-39326 | CVE-2026-39326 CVSS 8.8 | ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /PropertyTypeEditor.php in Churc… |
| CVE-2026-39322 | CVE-2026-39322 CVSS 8.8 | PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, POST /api/v1/auth/sign-in creates a valid session for banned accounts be… |
| CVE-2026-39319 | CVE-2026-39319 CVSS 8.8 | ChurchCRM is an open-source church management system. Prior to 7.1.0, a second order SQL injection vulnerability was found in the endpoint /FundRaiserEditor.ph… |
| CVE-2026-39318 | CVE-2026-39318 CVSS 8.8 | ChurchCRM is an open-source church management system. Versions prior to 7.1.0 have an SQL injection vulnerability in the endpoints `/GroupPropsFormRowOps.php`,… |
| CVE-2026-39310 | CVE-2026-39310 CVSS 8.6 | Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the … |
| CVE-2026-3931 | CVE-2026-3931 CVSS 8.8 | Heap buffer overflow in Skia in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. … |
| CVE-2026-39307 | CVE-2026-39307 CVSS 8.1 | PraisonAI is a multi-agent teams system. Prior to 1.5.113, The PraisonAI templates installation feature is vulnerable to a "Zip Slip" Arbitrary File Write atta… |
| CVE-2026-3926 | CVE-2026-3926 CVSS 8.8 | Out of bounds read in V8 in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chr… |
| CVE-2026-3923 | CVE-2026-3923 CVSS 8.8 | Use after free in WebMIDI in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Ch… |
| CVE-2026-3922 | CVE-2026-3922 CVSS 8.8 | Use after free in MediaStream in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.… |
| CVE-2026-3921 | CVE-2026-3921 CVSS 8.8 | Use after free in TextEncoding in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page… |
| CVE-2026-3920 | CVE-2026-3920 CVSS 8.8 | Out of bounds memory access in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTM… |
| CVE-2026-3919 | CVE-2026-3919 CVSS 8.8 | Use after free in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced a user to install a malicious extension to potentially e… |
| CVE-2026-3918 | CVE-2026-3918 CVSS 8.8 | Use after free in WebMCP in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chr… |