31,200 indexed
CVECVE vulnerabilities
31,200 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 51–100 of 1,619 in KEV · page 2 of 33
| ID | Title | Summary |
|---|---|---|
| CVE-2026-20963 | Microsoft SharePoint Deserialization of Untrusted Data Vulnerability KEVCVSS 9.8Microsoft | Microsoft SharePoint contains a deserialization of untrusted data vulnerability that allows an unauthorized attacker to execute code over a network. |
| CVE-2026-20805 | Microsoft Windows Information Disclosure Vulnerability KEVCVSS 5.5Microsoft | Microsoft Windows Desktop Windows Manager contains an information disclosure vulnerability that allows an authorized attacker to disclose information locally. |
| CVE-2026-20700 | Apple Multiple Buffer Overflow Vulnerability KEVCVSS 7.8Apple | Apple iOS, macOS, tvOS, watchOS, and visionOS contain an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow… |
| CVE-2026-20245 | Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output Vulnerability KEVCVSS 7.8Cisco | Cisco Catalyst SD-WAN Manager formerly SD-WAN vManage contains an improper encoding or escaping of output vulnerability. This vulnerability could allow an auth… |
| CVE-2026-20182 | CVE-2026-20182 KEVCVSS 10.0cisco | May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the was disclosed in Februar… |
| CVE-2026-20133 | Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability KEVCVSS 7.5Cisco | Cisco Catalyst SD-WAN Manager contains an exposure of sensitive information to an unauthorized actor vulnerability that could allow remote attackers to view se… |
| CVE-2026-20131 | Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management Deserialization of Untrusted Data Vulnerability KEVCVSS 10.0Cisco | Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management contain a deserialization of untrusted data v… |
| CVE-2026-20128 | Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability KEVCVSS 7.5Cisco | Cisco Catalyst SD-WAN Manager contains a storing passwords in a recoverable format vulnerability that allows an authenticated, local attacker to gain DCA user … |
| CVE-2026-20127 | CVE-2026-20127 KEVCVSS 10.0cisco | A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vMana… |
| CVE-2026-20122 | Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability KEVCVSS 5.4Cisco | Cisco Catalyst SD-WAN Manager contains an incorrect use of privileged APIs vulnerability due to improper file handling on the API interface of an affected syst… |
| CVE-2026-20045 | Cisco Unified Communications Products Code Injection Vulnerability KEVCVSS 9.8Cisco | Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communicatio… |
| CVE-2026-1731 | BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) OS Command Injection Vulnerability KEVCVSS 9.8BeyondTrust | BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)contain an OS command injection vulnerability. Successful exploitation could allow an unauthe… |
| CVE-2026-1603 | Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability KEVCVSS 7.5Ivanti | Ivanti Endpoint Manager (EPM) contains an authentication bypass using an alternate path or channel vulnerability that could allow a remote unauthenticated atta… |
| CVE-2026-1340 | Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability KEVCVSS 9.8Ivanti | Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution. |
| CVE-2026-1281 | Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability KEVCVSS 9.8Ivanti | Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution. |
| CVE-2026-11645 | Google Chromium V8 Out-of-Bounds Read and Write Vulnerability KEVCVSS 8.8Google | Google Chromium V8 out-of-bounds read and write vulnerability that could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML … |
| CVE-2026-10520 | Ivanti Sentry OS Command Injection Vulnerability KEVCVSS 10.0Ivanti | Ivanti Sentry (formerly known as MobileIron Sentry) contains an OS command injection vulnerability which could allow a remote unauthenticated user to achieve r… |
| CVE-2026-0300 | Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability KEVCVSS 9.8Palo Alto Networks | Palo Alto Networks PAN-OS contains an out-of-bounds write vulnerability in the User-ID Authentication Portal (aka Captive Portal) service that can allow an una… |
| CVE-2026-0257 | Palo Alto Networks PAN-OS Authentication Bypass Vulnerability KEVCVSS 9.1Palo Alto Networks | Palo Alto Networks PAN-OS contains an authentication bypass vulnerability that allows attackers to bypass security restrictions and establish an unauthorized V… |
| CVE-2025-9377 | TP-Link Archer C7(EU) and TL-WR841N/ND(MS) OS Command Injection Vulnerability KEVCVSS 7.2TP-Link | TP-Link Archer C7(EU) and TL-WR841N/ND(MS) contain an OS command injection vulnerability that exists in the Parental Control page. The impacted products could … |
| CVE-2025-9242 | WatchGuard Firebox Out-of-Bounds Write Vulnerability KEVCVSS 9.8WatchGuard | WatchGuard Firebox contains an out-of-bounds write vulnerability in the OS iked process that may allow a remote unauthenticated attacker to execute arbitrary c… |
| CVE-2025-8876 | N-able N-Central Command Injection Vulnerability KEVCVSS 8.8N-able | N-able N-Central contains a command injection vulnerability via improper sanitization of user input. |
| CVE-2025-8875 | N-able N-Central Insecure Deserialization Vulnerability KEVCVSS 7.8N-able | N-able N-Central contains an insecure deserialization vulnerability that could lead to command execution. |
| CVE-2025-8110 | Gogs Path Traversal Vulnerability KEVCVSS 8.8Gogs | Gogs contains a path traversal vulnerability affecting improper Symbolic link handling in the PutContents API that could allow for code execution. |
| CVE-2025-8088 | RARLAB WinRAR Path Traversal Vulnerability KEVCVSS 8.8RARLAB | RARLAB WinRAR contains a path traversal vulnerability affecting the Windows version of WinRAR. This vulnerability could allow an attacker to execute arbitrary … |
| CVE-2025-7775 | Citrix NetScaler Memory Overflow Vulnerability KEVCVSS 9.8Citrix | Citrix NetScaler ADC and NetScaler Gateway contain a memory overflow vulnerability that could allow for remote code execution and/or denial of service. |
| CVE-2025-68645 | Synacor Zimbra Collaboration Suite (ZCS) PHP Remote File Inclusion Vulnerability KEVCVSS 8.8Synacor | Synacor Zimbra Collaboration Suite (ZCS) contains a PHP remote file inclusion vulnerability that could allow for remote attackers to craft requests to the /h/r… |
| CVE-2025-68613 | n8n Improper Control of Dynamically-Managed Code Resources Vulnerability KEVCVSS 8.8n8n | n8n contains an improper control of dynamically managed code resources vulnerability in its workflow expression evaluation system that allows for remote code e… |
| CVE-2025-68461 | RoundCube Webmail Cross-site Scripting Vulnerability KEVCVSS 6.1Roundcube | RoundCube Webmail contains a cross-site scripting vulnerability via the animate tag in an SVG document. |
| CVE-2025-66644 | Array Networks ArrayOS AG OS Command Injection Vulnerability KEVCVSS 9.8Array Networks | Array Networks ArrayOS AG contains an OS command injection vulnerability that could allow an attacker to execute arbitrary commands. |
| CVE-2025-66376 | Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability KEVCVSS 6.1Synacor | Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability in the Classic UI where attackers could abuse Cascading Style Sheets (CS… |
| CVE-2025-6558 | Google Chromium ANGLE and GPU Improper Input Validation Vulnerability KEVCVSS 8.8Google | Google Chromium contains an improper input validation vulnerability in ANGLE and GPU. This vulnerability could allow a remote attacker to potentially perform a… |
| CVE-2025-6554 | Google Chromium V8 Type Confusion Vulnerability KEVCVSS 8.1Google | Google Chromium V8 contains a type confusion vulnerability that could allow a remote attacker to perform arbitrary read/write via a crafted HTML page. This vul… |
| CVE-2025-6543 | Citrix NetScaler ADC and Gateway Buffer Overflow Vulnerability KEVCVSS 9.8Citrix | Citrix NetScaler ADC and Gateway contain a buffer overflow vulnerability leading to unintended control flow and Denial of Service. NetScaler must be configured… |
| CVE-2025-64446 | Fortinet FortiWeb Path Traversal Vulnerability KEVCVSS 9.8Fortinet | Fortinet FortiWeb contains a relative path traversal vulnerability that may allow an unauthenticated attacker to execute administrative commands on the system … |
| CVE-2025-64328 | Sangoma FreePBX OS Command Injection Vulnerability KEVCVSS 7.2Sangoma | Sangoma FreePBX Endpoint Manager contains an OS command injection vulnerability that could allow for a post-authentication command injection by an authenticate… |
| CVE-2025-62221 | Microsoft Windows Use After Free Vulnerability KEVCVSS 7.8Microsoft | Microsoft Windows Cloud Files Mini Filter Driver contains a use after free vulnerability that can allow an authorized attacker to elevate privileges locally. |
| CVE-2025-62215 | Microsoft Windows Race Condition Vulnerability KEVCVSS 7.0Microsoft | Microsoft Windows Kernel contains a race condition vulnerability that allows a local attacker with low-level privileges to escalate privileges. Successful expl… |
| CVE-2025-6218 | RARLAB WinRAR Path Traversal Vulnerability KEVCVSS 7.8RARLAB | RARLAB WinRAR contains a path traversal vulnerability allowing an attacker to execute code in the context of the current user. |
| CVE-2025-6205 | Dassault Systèmes DELMIA Apriso Missing Authorization Vulnerability KEVCVSS 9.1Dassault Systèmes | Dassault Systèmes DELMIA Apriso contains a missing authorization vulnerability that could allow an attacker to gain privileged access to the application. |
| CVE-2025-6204 | Dassault Systèmes DELMIA Apriso Code Injection Vulnerability KEVCVSS 8.0Dassault Systèmes | Dassault Systèmes DELMIA Apriso contains a code injection vulnerability that could allow an attacker to execute arbitrary code. |
| CVE-2025-61932 | Motex LANSCOPE Endpoint Manager Improper Verification of Source of a Communication Channel Vulnerability KEVCVSS 9.8Motex | Motex LANSCOPE Endpoint Manager contains an improper verification of source of a communication channel vulnerability allowing an attacker to execute arbitrary … |
| CVE-2025-61884 | Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability KEVCVSS 7.5Oracle | Oracle E-Business Suite contains a server-side request forgery (SSRF) vulnerability in the Runtime component of Oracle Configurator. This vulnerability is remo… |
| CVE-2025-61882 | Oracle E-Business Suite Unspecified Vulnerability KEVCVSS 9.8Oracle | Oracle E-Business Suite contains an unspecified vulnerability in the BI Publisher Integration component. The vulnerability allows unauthenticated attacker with… |
| CVE-2025-61757 | Oracle Fusion Middleware Missing Authentication for Critical Function Vulnerability KEVCVSS 9.8Oracle | Oracle Fusion Middleware contains a missing authentication for critical function vulnerability, allowing unauthenticated remote attackers to take over Identity… |
| CVE-2025-60710 | Microsoft Windows Link Following Vulnerability KEVCVSS 7.8Microsoft | Microsoft Windows contains a link following vulnerability that allows for privilege escalation |
| CVE-2025-59718 | Fortinet Multiple Products Improper Verification of Cryptographic Signature Vulnerability KEVCVSS 9.8Fortinet | Fortinet FortiOS, FortiSwitchMaster, FortiProxy, and FortiWeb contain an improper verification of cryptographic signature vulnerability that may allow an unaut… |
| CVE-2025-59689 | Libraesva Email Security Gateway Command Injection Vulnerability KEVCVSS 6.1Libraesva | Libraesva Email Security Gateway (ESG) contains a command injection vulnerability which allows command injection via a compressed e-mail attachment. |
| CVE-2025-59374 | ASUS Live Update Embedded Malicious Code Vulnerability KEVCVSS 9.8ASUS | ASUS Live Update contains an embedded malicious code vulnerability client were distributed with unauthorized modifications introduced through a supply chain co… |
| CVE-2025-59287 | Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability KEVCVSS 9.8Microsoft | Microsoft Windows Server Update Service (WSUS) contains a deserialization of untrusted data vulnerability that allows for remote code execution. |