31,467 indexed
CVECVE vulnerabilities
31,467 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 301–350 of 8,161 in High · page 7 of 164
| ID | Title | Summary |
|---|---|---|
| CVE-2026-7056 | CVE-2026-7056 CVSS 8.8 | A vulnerability was detected in Tenda F456 1.0.0.5. Impacted is the function fromSafeUrlFilter of the file /goform/SafeUrlFilter of the component httpd. The ma… |
| CVE-2026-7055 | CVE-2026-7055 CVSS 8.8 | A security vulnerability has been detected in Tenda F456 1.0.0.5. This issue affects the function fromVirtualSer of the file /goform/VirtualSer of the componen… |
| CVE-2026-7054 | CVE-2026-7054 CVSS 8.8 | A weakness has been identified in Tenda F456 1.0.0.5. This vulnerability affects the function fromPptpUserAdd of the file /goform/PPTPDClient of the component … |
| CVE-2026-7053 | CVE-2026-7053 CVSS 8.8 | A security flaw has been discovered in Tenda F456 1.0.0.5. This affects the function frmL7ProtForm of the file /goform/L7Prot of the component httpd. Performin… |
| CVE-2026-7035 | CVE-2026-7035 CVSS 8.8 | A vulnerability was determined in Tenda FH1202 1.2.0.14. This affects the function fromWrlclientSet of the file /goform/WrlclientSet of the component httpd. Ex… |
| CVE-2026-7034 | CVE-2026-7034 CVSS 8.8 | A vulnerability was found in Tenda FH1202 1.2.0.14(408). Affected by this issue is the function WrlExtraSet of the file /goform/WrlExtraSet of the component ht… |
| CVE-2026-7033 | CVE-2026-7033 CVSS 8.8 | A vulnerability has been found in Tenda F456 1.0.0.5. Affected by this vulnerability is the function fromSafeClientFilter of the file /goform/SafeClientFilter.… |
| CVE-2026-7032 | CVE-2026-7032 CVSS 8.8 | A flaw has been found in Tenda F456 1.0.0.5. Affected is the function SafeEmailFilter of the file /goform/SafeEmailFilter. This manipulation of the argument pa… |
| CVE-2026-7031 | CVE-2026-7031 CVSS 8.8 | A vulnerability was detected in Tenda F456 1.0.0.5. This impacts the function fromSafeMacFilter of the file /goform/SafeMacFilter. The manipulation of the argu… |
| CVE-2026-7030 | CVE-2026-7030 CVSS 8.8 | A security vulnerability has been detected in Tenda F456 1.0.0.5. This affects the function fromRouteStatic of the file /goform/RouteStatic. The manipulation o… |
| CVE-2026-7029 | CVE-2026-7029 CVSS 8.8 | A weakness has been identified in Tenda F456 1.0.0.5. The impacted element is the function fromaddressNat of the file /goform/addressNat. Executing a manipulat… |
| CVE-2026-7023 | CVE-2026-7023 CVSS 8.8 | A vulnerability was detected in ByteDance coze-studio up to 0.5.1. Affected by this vulnerability is the function ExecuteSQL of the file backend/domain/memory/… |
| CVE-2026-7019 | CVE-2026-7019 CVSS 8.8 | A vulnerability was identified in Tenda F456 1.0.0.5. The impacted element is the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulatio… |
| CVE-2026-6989 | CVE-2026-6989 CVSS 8.8 | A vulnerability has been found in Tenda F453 up to 1.0.0.3. Impacted is the function TendaTelnet of the file /goform/telnet of the component Telnet Service. Su… |
| CVE-2026-6988 | CVE-2026-6988 CVSS 8.8 | A flaw has been found in Tenda HG10 HG7_HG9_HG10re_300001138_en_xpon. This issue affects the function formRoute of the file /boaform/formRouting of the compone… |
| CVE-2026-6973 | Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerability KEVCVSS 7.2Ivanti | Ivanti Endpoint Manager Mobile (EPMM) contains an improper input validation vulnerability that allows a remotely authenticated user with administrative access … |
| CVE-2026-6963 | CVE-2026-6963 CVSS 8.8 | The WP Mail Gateway plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wmg_save_provider_config AJAX action in … |
| CVE-2026-6921 | CVE-2026-6921 CVSS 8.3 | Race in GPU in Google Chrome on Windows prior to 147.0.7727.117 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Ch… |
| CVE-2026-6912 | CVE-2026-6912 CVSS 8.8 | Improperly controlled modification of dynamically-determined object attributes in the Cognito User Pool configuration in AWS Ops Wheel before PR #165 allows re… |
| CVE-2026-6898 | CVE-2026-6898 CVSS 8.8 | The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember3_Hooks::ge… |
| CVE-2026-6897 | CVE-2026-6897 CVSS 8.8 | The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember\Features\T… |
| CVE-2026-6895 | CVE-2026-6895 CVSS 8.8 | The WishList Member plugin for WordPress is vulnerable to Missing Authorization leading to Sensitive Information Disclosure and Privilege Escalation in version… |
| CVE-2026-6859 | CVE-2026-6859 CVSS 8.8 | A flaw was found in InstructLab. The `linux_train.py` script hardcodes `trust_remote_code=True` when loading models from HuggingFace. This allows a remote atta… |
| CVE-2026-6849 | CVE-2026-6849 CVSS 8.8 | Improper neutralization of special elements used in an OS command ('OS command injection') vulnerability in TUBITAK BILGEM Software Technologies Research Insti… |
| CVE-2026-6848 | CVE-2026-6848 CVSS 8.1 | A flaw was found in Red Hat Quay. When Red Hat Quay requests password re-verification for sensitive operations, such as token generation or robot account creat… |
| CVE-2026-6832 | CVE-2026-6832 CVSS 8.1get-hermes | Hermes WebUI contains an arbitrary file deletion vulnerability in the /api/session/delete endpoint that allows authenticated attackers to delete files outside … |
| CVE-2026-6823 | CVE-2026-6823 CVSS 8.2 | HKUDS OpenHarness prior to PR #147 remediation contains an insecure default configuration vulnerability where remote channels inherit allow_from = ["*"] permit… |
| CVE-2026-6819 | CVE-2026-6819 CVSS 8.8 | HKUDS OpenHarness prior to PR #156 remediation exposes plugin lifecycle commands including /plugin install, /plugin enable, /plugin disable, and /reload-plugin… |
| CVE-2026-6785 | CVE-2026-6785 CVSS 8.1 | Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence… |
| CVE-2026-6769 | CVE-2026-6769 CVSS 8.8 | Privilege escalation in the Debugger component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. |
| CVE-2026-6761 | CVE-2026-6761 CVSS 8.8 | Privilege escalation in the Networking component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. |
| CVE-2026-6750 | CVE-2026-6750 CVSS 8.8 | Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150… |
| CVE-2026-6741 | CVE-2026-6741 CVSS 8.8 | The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including … |
| CVE-2026-6692 | CVE-2026-6692 CVSS 8.8 | The Slider Revolution plugin for WordPress is vulnerable to Arbitrary File Upload in versions 7.0.0 to 7.0.10 via the '_get_media_url' and '_check_file_path' f… |
| CVE-2026-6638 | CVE-2026-6638 CVSS 8.8 | SQL injection in PostgreSQL logical replication ALTER SUBSCRIPTION ... REFRESH PUBLICATION allows a subscriber table creator to execute arbitrary SQL with the … |
| CVE-2026-6637 | CVE-2026-6637 CVSS 8.8 | Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged database user to execute arbitrary code as the operating system user running the dat… |
| CVE-2026-6632 | CVE-2026-6632 CVSS 8.8 | A vulnerability was identified in Tenda F451 1.0.0.7_cn_svn7958. The affected element is the function fromSafeClientFilter of the file /goform/SafeClientFilter… |
| CVE-2026-6631 | CVE-2026-6631 CVSS 8.8 | A vulnerability was determined in Tenda F451 1.0.0.7_cn_svn7958. Impacted is the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter of … |
| CVE-2026-6630 | CVE-2026-6630 CVSS 8.8 | A vulnerability was found in Tenda F451 1.0.0.7_cn_svn7958. This issue affects the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer of the componen… |
| CVE-2026-6581 | CVE-2026-6581 CVSS 8.8 | A vulnerability was detected in H3C Magic B1 up to 100R004. Affected by this vulnerability is the function SetMobileAPInfoById of the file /goform/aspForm. Per… |
| CVE-2026-6563 | CVE-2026-6563 CVSS 8.8 | A vulnerability has been found in H3C Magic B1 up to 100R004. The affected element is the function SetAPWifiorLedInfoById of the file /goform/aspForm. The mani… |
| CVE-2026-6560 | CVE-2026-6560 CVSS 8.8 | A security vulnerability has been detected in H3C Magic B0 up to 100R002. This vulnerability affects the function Edit_BasicSSID of the file /goform/aspForm. S… |
| CVE-2026-6543 | CVE-2026-6543 CVSS 8.8 | IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow allows an attacker to execute arbitrary commands with the privileges of the process running Langflow. This al… |
| CVE-2026-6542 | CVE-2026-6542 CVSS 8.1 | IBM Langflow OSS 1.0.0 through 1.8.4 could allow any user to supply a flow_id to read transaction logs and vertex build data belonging to other users, and to d… |
| CVE-2026-6518 | CVE-2026-6518 CVSS 8.8 | The CMP – Coming Soon & Maintenance Plugin by NiteoThemes plugin for WordPress is vulnerable to arbitrary file upload and remote code execution in all versions… |
| CVE-2026-6506 | CVE-2026-6506 CVSS 8.8 | The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.1.2. This is due to the infusedwoo_gdpr_u… |
| CVE-2026-6477 | CVE-2026-6477 CVSS 8.8 | Use of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreSQL libpq lo_export(), lo_read(), lo_lseek64(), and lo_tell64() functions allows… |
| CVE-2026-6475 | CVE-2026-6475 CVSS 8.8 | Symlink following in PostgreSQL pg_basebackup plain format and in pg_rewind allows an origin superuser to overwrite local files, e.g. /var/lib/postgres/.bashrc… |
| CVE-2026-6473 | CVE-2026-6473 CVSS 8.8 | Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to undersize an allocation and write out-of-… |
| CVE-2026-6456 | CVE-2026-6456 CVSS 8.8 | The Account Switcher plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.2. This is due to the `rememberLogin`… |