31,200 indexed
CVECVE vulnerabilities
31,200 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 1–50 of 1,619 in KEV · page 1 of 33
| ID | Title | Summary |
|---|---|---|
| CVE-2026-9082 | Drupal Core SQL Injection Vulnerability KEVCVSS 9.8Drupal | Drupal Core contains a SQL injection vulnerability that could allow for privilege escalation and remote code execution via specially crafted requests sent with… |
| CVE-2026-8398 | Daemon Tools Lite Embedded Malicious Code Vulnerability KEVCVSS 9.8Daemon | Daemon Tools contains an unspecified vulnerability that has a high impact on confidentiality, integrity, and availability. |
| CVE-2026-7473 | Arista Extensible Operating System Incomplete Comparison with Missing Factors Vulnerability KEVCVSS 5.8Arista | Arista Extensible Operating System (EOS) contains an incomplete comparison with missing factors vulnerability when the switch incorrectly decapsulate and forwa… |
| CVE-2026-6973 | Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerability KEVCVSS 7.2Ivanti | Ivanti Endpoint Manager Mobile (EPMM) contains an improper input validation vulnerability that allows a remotely authenticated user with administrative access … |
| CVE-2026-5281 | Google Dawn Use-After-Free Vulnerability KEVCVSS 8.8Google | Google Dawn contains an use-after-free vulnerability that could allow a remote attacker who had compromised the renderer process to execute arbitrary code via … |
| CVE-2026-50751 | Check Point Security Gateway Improper Authentication Vulnerability KEVCVSS 9.3Check Point | Check Point Security Gateway contains an improper authentication vulnerability in IKEv1 key exchange that could allow an unauthenticated remote attacker to byp… |
| CVE-2026-48172 | LiteSpeed cPanel Plugin Privilege Escalation Vulnerability KEVCVSS 9.8LiteSpeed | LiteSpeed cPanel Plugin contains privilege escalation vulnerability that is exposed via the user-end cPanel plugin, which can be abused by any cPanel user acco… |
| CVE-2026-48027 | Nx Console Embedded Malicious Code Vulnerability KEVNx | Nx Console contains an embedded malicious code vulnerability that allowed a malicious version of Nx Console to be published. The compromised extension fetched … |
| CVE-2026-45498 | Microsoft Defender Denial of Service Vulnerability KEVCVSS 7.5Microsoft | Microsoft Defender contains an unspecified vulnerability that allows for denial of service. |
| CVE-2026-45321 | TanStack Unspecified Vulnerability KEVCVSS 9.6TanStack | TanStack contains an unspecified vulnerability that allowed malicious versions of the product to be published to the npm registry to publish credential-stealin… |
| CVE-2026-45247 | Mirasvit Full Page Cache Warmer Deserialization of Untrusted Data Vulnerability KEVCVSS 9.8Mirasvit | Mirasvit Full Page Cache Warmer contains a deserialization of untrusted data vulnerability that could allow unauthenticated attackers to achieve remote code ex… |
| CVE-2026-42897 | CVE-2026-42897 KEVCVSS 8.1microsoft | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform sp… |
| CVE-2026-42271 | BerriAI LiteLLM Command Injection Vulnerability KEVCVSS 8.8BerriAI | BerriAI LiteLLM contains a command injection vulnerability that could allow any authenticated user, including holders of low-privilege internal-user keys, to r… |
| CVE-2026-42208 | BerriAI LiteLLM SQL Injection Vulnerability KEVCVSS 9.8BerriAI | BerriAI LiteLLM contains a SQL injection vulnerability that allows an attacker to read data from the proxy's database and potentially modify it, leading to una… |
| CVE-2026-41940 | WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerability KEVCVSS 9.8WebPros | WebPros cPanel & WHM (WebHost Manager) and WP2 (WordPress Squared) contain an authentication bypass vulnerability in the login flow that allows unauthenticated… |
| CVE-2026-41091 | Microsoft Defender Link Following Vulnerability KEVCVSS 7.8Microsoft | Microsoft Defender contains a link following vulnerability that allows an authorized attacker to elevate privileges locally. |
| CVE-2026-39987 | Marimo Remote Code Execution Vulnerability KEVCVSS 9.8Marimo | Marimo contains an pre-authorization remote code execution vulnerability, allowing an unauthenticated attacked to shell access and execute arbitrary system com… |
| CVE-2026-3910 | Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability KEVCVSS 8.8Google | Google Chromium V8 contains an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow a remote attacker to exec… |
| CVE-2026-3909 | Google Skia Out-of-Bounds Write Vulnerability KEVCVSS 8.8Google | Google Skia contains an out-of-bounds write vulnerability that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. Th… |
| CVE-2026-35616 | Fortinet FortiClient EMS Improper Access Control Vulnerability KEVCVSS 9.8Fortinet | Fortinet FortiClient EMS contains an improper access control vulnerability that may allow an unauthenticated attacker to execute unauthorized code or commands … |
| CVE-2026-35273 | Oracle PeopleSoft Enterprise PeopleTools Missing Authentication for Critical Function Vulnerability KEVCVSS 9.8Oracle | Oracle PeopleSoft Enterprise PeopleTools contains a missing authentication for critical function vulnerability which could allow an unauthenticated attacker to… |
| CVE-2026-3502 | TrueConf Client Download of Code Without Integrity Check Vulnerability KEVCVSS 7.8TrueConf | TrueConf Client contains a download of code without integrity check vulnerability. An attacker who is able to influence the update delivery path can substitute… |
| CVE-2026-34926 | Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability KEVCVSS 6.7Trend Micro | Trend Micro Apex One (on-premise) contains a directory traversal vulnerability that could allow a pre-authenticated local attacker to modify a key table on the… |
| CVE-2026-34621 | Adobe Acrobat and Reader Prototype Pollution Vulnerability KEVCVSS 8.6Adobe | Adobe Acrobat and Reader contain a prototype pollution vulnerability that allows for arbitrary code execution. |
| CVE-2026-34197 | Apache ActiveMQ Improper Input Validation Vulnerability KEVCVSS 8.8Apache | Apache ActiveMQ contains an improper input validation vulnerability that allows for code injection. |
| CVE-2026-33825 | Microsoft Defender Insufficient Granularity of Access Control Vulnerability KEVCVSS 7.8Microsoft | Microsoft Defender contains an insufficient granularity of access control vulnerability that could allow an authorized attacker to escalate privileges locally. |
| CVE-2026-33634 | Aquasecurity Trivy Embedded Malicious Code Vulnerability KEVCVSS 8.8Aquasecurity | Aquasecurity Trivy contains an embedded malicious code vulnerability that could allow an attacker to gain access to everything in the CI/CD environment, includ… |
| CVE-2026-33017 | Langflow Code Injection Vulnerability KEVCVSS 9.8Langflow | Langflow contains a code injection vulnerability that could allow building public flows without requiring authentication. |
| CVE-2026-32202 | Microsoft Windows Protection Mechanism Failure Vulnerability KEVCVSS 4.3Microsoft | Microsoft Windows Shell contains a protection mechanism failure vulnerability that allows an unauthorized attacker to perform spoofing over a network. |
| CVE-2026-32201 | Microsoft SharePoint Server Improper Input Validation Vulnerability KEVCVSS 6.5Microsoft | Microsoft SharePoint Server contains an improper input validation vulnerability that allows an unauthorized attacker to perform spoofing over a network. |
| CVE-2026-31431 | Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability KEVCVSS 7.8Linux | Linux Kernel contains an incorrect resource transfer between spheres vulnerability that could allow for privilege escalation. |
| CVE-2026-3055 | Citrix NetScaler Out-of-Bounds Read Vulnerability KEVCVSS 9.8Citrix | Citrix NetScaler ADC (formerly Citrix ADC), NetScaler Gateway (formerly Citrix Gateway) and NetScaler ADC FIPS and NDcPP contain an out-of-bounds reads vulnera… |
| CVE-2026-28318 | SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability KEVCVSS 7.5SolarWinds | SolarWinds Serv-U contains an uncontrolled resource consumption vulnerability that allows specially crafted POST requests using the Content-Encoding: deflate h… |
| CVE-2026-25108 | Soliton Systems K.K FileZen OS Command Injection Vulnerability KEVCVSS 8.8Soliton Systems K.K | Soliton Systems K.K FileZen contains an OS command injection vulnerability when an user logs-in to the affected product and sends a specially crafted HTTP requ… |
| CVE-2026-24858 | Fortinet Multiple Products Authentication Bypass Using an Alternate Path or Channel Vulnerability KEVCVSS 9.8Fortinet | Fortinet FortiAnalyzer, FortiManager, FortiOS, and FortiProxy contain an authentication bypass using an alternate path or channel that could allow an attacker … |
| CVE-2026-24423 | SmarterTools SmarterMail Missing Authentication for Critical Function Vulnerability KEVCVSS 9.8SmarterTools | SmarterTools SmarterMail contains a missing authentication for critical function vulnerability in the ConnectToHub API method. This could allow the attacker to… |
| CVE-2026-2441 | Google Chromium CSS Use-After-Free Vulnerability KEVCVSS 8.8Google | Google Chromium CSS contains a use-after-free vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. … |
| CVE-2026-24061 | GNU InetUtils Argument Injection Vulnerability KEVCVSS 9.8GNU | GNU InetUtils contains an argument injection vulnerability in telnetd that could allow for remote authentication bypass via a "-f root" value for the USER envi… |
| CVE-2026-23760 | SmarterTools SmarterMail Authentication Bypass Using an Alternate Path or Channel Vulnerability KEVCVSS 9.8SmarterTools | SmarterTools SmarterMail contains an authentication bypass using an alternate path or channel vulnerability in the password reset API. The force-reset-password… |
| CVE-2026-22769 | Dell RecoverPoint for Virtual Machines (RP4VMs) Use of Hard-coded Credentials Vulnerability KEVCVSS 10.0Dell | Dell RecoverPoint for Virtual Machines (RP4VMs) contains an use of hard-coded credentials vulnerability that could allow an unauthenticated remote attacker to … |
| CVE-2026-22719 | Broadcom VMware Aria Operations Command Injection Vulnerability KEVCVSS 8.1Broadcom | Broadcom VMware Aria Operations formerly known as vRealize Operations (vROps) contains a command injection vulnerability that allows an unauthenticated attacke… |
| CVE-2026-21643 | Fortinet FortiClient EMS SQL Injection Vulnerability KEVCVSS 9.8Fortinet | Fortinet FortiClient EMS contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized code or commands via specifi… |
| CVE-2026-21533 | Microsoft Windows Improper Privilege Management Vulnerability KEVCVSS 7.8Microsoft | Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges… |
| CVE-2026-21525 | Microsoft Windows NULL Pointer Dereference Vulnerability KEVCVSS 6.2Microsoft | Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally. |
| CVE-2026-21519 | Microsoft Windows Type Confusion Vulnerability KEVCVSS 7.8Microsoft | Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally. |
| CVE-2026-21514 | Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability KEVCVSS 7.8Microsoft | Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privilege… |
| CVE-2026-21513 | Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability KEVCVSS 8.8Microsoft | Microsoft MSHTML Framework contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a … |
| CVE-2026-21510 | Microsoft Windows Shell Protection Mechanism Failure Vulnerability KEVCVSS 8.8Microsoft | Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a net… |
| CVE-2026-21509 | Microsoft Office Security Feature Bypass Vulnerability KEVCVSS 7.8Microsoft | Microsoft Office contains a security feature bypass vulnerability in which reliance on untrusted inputs in a security decision in Microsoft Office could allow … |
| CVE-2026-21385 | Qualcomm Multiple Chipsets Memory Corruption Vulnerability KEVCVSS 7.8Qualcomm | Multiple Qualcomm chipsets contain a memory corruption vulnerability while using alignments for memory allocation. |