31,467 indexed
CVECVE vulnerabilities
31,467 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 501–550 of 31,467 · page 11 of 630
| ID | Title | Summary |
|---|---|---|
| CVE-2026-8382 | CVE-2026-8382 CVSS 5.3 | The Advanced Custom Fields (ACF®) plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.8.1. This is due to the pl… |
| CVE-2026-8365 | CVE-2026-8365 CVSS 8.8 | The Blocksy theme for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution via the 'blocksy_meta' REST API field and the V200 datab… |
| CVE-2026-8358 | CVE-2026-8358 | LibreOffice Calc can import tracked changes from a spreadsheet document. A heap buffer overflow existed when a document reused the same change identifier for t… |
| CVE-2026-8357 | CVE-2026-8357 | LibreOffice Calc compiles cell formulas when opening a spreadsheet. A heap buffer overflow existed when compiling a very long formula made up of many opening t… |
| CVE-2026-8356 | CVE-2026-8356 | LibreOffice can import presentations in the legacy binary PPT format. A stack buffer overflow existed when importing a colour-replacement record. Two fixed-siz… |
| CVE-2026-8350 | CVE-2026-8350 CVSS 8.8 | Concrete CMS 9.5.0 and below is vulnerable to missing authorization in the bulk_user_assignment.php which can lead to privilege escalation to Administrative Gr… |
| CVE-2026-8346 | CVE-2026-8346 CVSS 8.8 | A vulnerability was detected in D-Link DIR-816 1.10CNB05_R1B011D88210. This affects the function portForward. Performing a manipulation of the argument ip_addr… |
| CVE-2026-8345 | CVE-2026-8345 CVSS 8.8 | A security vulnerability has been detected in D-Link DIR-816 1.10CNB05_R1B011D88210. Affected by this issue is the function sub_445E7C of the file /goform/sing… |
| CVE-2026-8344 | CVE-2026-8344 CVSS 8.8 | A weakness has been identified in D-Link DIR-816 1.10CNB05_R1B011D88210. Affected by this vulnerability is the function sub_445E7C of the file /goform/formDMZ.… |
| CVE-2026-8335 | CVE-2026-8335 | A missing authentication check on the Aix‑DB "/llm/process_llm_out" endpoint allows unauthenticated clients to execute arbitrary "SELECT" SQL queries and retri… |
| CVE-2026-8328 | CVE-2026-8328 | The ftpcp() function in Lib/ftplib.py was not updated when CVE-2021-4189 was fixed. While makepasv() was patched to replace server-supplied PASV host address… |
| CVE-2026-8305 | CVE-2026-8305 CVSS 9.8 | A vulnerability was detected in OpenClaw up to 2026.1.24. The impacted element is the function handleBlueBubblesWebhookRequest of the file extensions/bluebubbl… |
| CVE-2026-8296 | CVE-2026-8296 | In affected versions of Octopus Server with certain access levels it was possible to embed a Cross-Site Scripting Payload via artifacts. |
| CVE-2026-8293 | CVE-2026-8293 CVSS 7.5 | The Really Simple Security WordPress plugin before 9.5.10.1 does not enforce the second-factor challenge in two of its two-factor authentication REST endpoint… |
| CVE-2026-8264 | CVE-2026-8264 CVSS 8.8 | A weakness has been identified in Tenda AC6 15.03.06.23. Affected by this vulnerability is the function formWifiApScan of the file /goform/WifiApScan of the co… |
| CVE-2026-8263 | CVE-2026-8263 CVSS 9.8 | A security flaw has been discovered in Tenda AC6 15.03.06.49_multi_TDE01. Affected is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet of th… |
| CVE-2026-8260 | CVE-2026-8260 CVSS 8.8 | A vulnerability was found in D-Link DCS-935L up to 1.10.01. The impacted element is the function SetDeviceSettings of the file /web/cgi-bin/hnap/hnap_service o… |
| CVE-2026-8234 | CVE-2026-8234 CVSS 8.8 | A security vulnerability has been detected in EFM ipTIME A8004T 14.18.2. This vulnerability affects the function formWifiBasicSet of the file /goform/WifiBasic… |
| CVE-2026-8230 | CVE-2026-8230 CVSS 8.8 | A flaw has been found in Wavlink NU516U1 240425. The impacted element is the function sys_login1 of the file /cgi-bin/login.cgi. Executing a manipulation of th… |
| CVE-2026-8229 | CVE-2026-8229 CVSS 8.8 | A vulnerability was detected in Wavlink NU516U1 240425. The affected element is the function WifiBasic of the file /cgi-bin/wireless.cgi. Performing a manipula… |
| CVE-2026-8228 | CVE-2026-8228 CVSS 8.8 | A security vulnerability has been detected in Wavlink NU516U1 240425. Impacted is the function advance of the file /cgi-bin/wireless.cgi. Such manipulation of … |
| CVE-2026-8227 | CVE-2026-8227 CVSS 8.8 | A weakness has been identified in Wavlink NU516U1 240425. This issue affects the function wzdapMesh of the file /cgi-bin/adm.cgi. This manipulation causes os c… |
| CVE-2026-8206 | CVE-2026-8206 CVSS 9.8 | The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions… |
| CVE-2026-8201 | CVE-2026-8201 CVSS 8.8 | A use-after-free vulnerability exists in MongoDB's Field-Level Encryption (FLE) query analysis component, affecting client-side uses of mongocryptd and crypt_s… |
| CVE-2026-8192 | CVE-2026-8192 CVSS 8.8 | A security flaw has been discovered in Wavlink NU516U1 M16U1_V240425. This vulnerability affects the function wzdap of the file /cgi-bin/adm.cgi. Performing a … |
| CVE-2026-8191 | CVE-2026-8191 CVSS 8.8 | A vulnerability was identified in Wavlink NU516U1 M16U1_V240425. This affects the function wifi_region of the file /cgi-bin/adm.cgi. Such manipulation of the a… |
| CVE-2026-8190 | CVE-2026-8190 CVSS 8.8 | A vulnerability was determined in Wavlink NU516U1 M16U1_V240425. Affected by this issue is the function wan of the file /cgi-bin/adm.cgi. This manipulation of … |
| CVE-2026-8189 | CVE-2026-8189 CVSS 8.8 | A vulnerability was found in Wavlink NU516U1 M16U1_V240425. Affected by this vulnerability is the function wzdrepeater of the file /cgi-bin/adm.cgi. The manipu… |
| CVE-2026-8188 | CVE-2026-8188 CVSS 8.8 | A vulnerability has been found in Wavlink NU516U1 M16U1_V240425. Affected is the function change_wifi_password of the file /cgi-bin/adm.cgi. The manipulation o… |
| CVE-2026-8181 | CVE-2026-8181 CVSS 9.8 | The Burst Statistics – Privacy-Friendly WordPress Analytics (Google Analytics Alternative) plugin for WordPress is vulnerable to Authentication Bypass in versi… |
| CVE-2026-8180 | CVE-2026-8180 CVSS 7.5ibm | IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera … |
| CVE-2026-8179 | CVE-2026-8179 CVSS 8.8ibm | IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera … |
| CVE-2026-8178 | CVE-2026-8178 CVSS 8.1 | An issue exists in Amazon Redshift JDBC Driver versions prior to 2.2.2. Under certain conditions, the driver could load and execute arbitrary classes when proc… |
| CVE-2026-8176 | CVE-2026-8176 CVSS 7.5 | The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation to Administrator in versions up … |
| CVE-2026-8175 | CVE-2026-8175 CVSS 9.8ibm | IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera … |
| CVE-2026-8153 | CVE-2026-8153 CVSS 9.8 | OS command injection in Dashboard Server interface in Universal Robots PolyScope versions prior to 5.25.1 allows unauthenticated attacker to craft commands tha… |
| CVE-2026-8138 | CVE-2026-8138 CVSS 8.8 | A vulnerability was found in Tenda CX12L 16.03.53.12. This issue affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg”. The manipulation… |
| CVE-2026-8137 | CVE-2026-8137 CVSS 8.8 | A vulnerability has been found in Totolink X5000R 9.1.0u.6369_B20230113. This vulnerability affects the function sub_458E40 of the file /boafrm/formDdns. The m… |
| CVE-2026-8118 | CVE-2026-8118 CVSS 6.5 | The Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin for WordPress is vulnerable to Arbitrary File Read in versions 1.7.1058 through … |
| CVE-2026-8111 | CVE-2026-8111 CVSS 8.8 | SQL injection in the web console of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to achieve remote code execution. |
| CVE-2026-8100 | CVE-2026-8100 | Impact A security issue has been identified in Chef 360 that could allow unauthorized access to protected API endpoints under specific conditions. This issue … |
| CVE-2026-8094 | CVE-2026-8094 CVSS 9.8 | Other issue in the WebRTC component. This vulnerability was fixed in Firefox ESR 140.10.2 and Thunderbird 140.10.2. |
| CVE-2026-8093 | CVE-2026-8093 CVSS 8.1 | Memory safety bugs present in Firefox 150.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these cou… |
| CVE-2026-8092 | CVE-2026-8092 CVSS 8.1 | Memory safety bugs present in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1. Some of these bugs showed evidence of memory corruption and we pr… |
| CVE-2026-8091 | CVE-2026-8091 CVSS 9.8 | Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150, Thunderbird 150, Firefox ESR 140.10.1, Thund… |
| CVE-2026-8078 | CVE-2026-8078 CVSS 4.8checkmk | Stored cross-site scripting in the global settings change log in Checkmk <2.5.0p5, <2.4.0p31, <2.3.0p48, and all 2.2.0 versions allows an administrator who can… |
| CVE-2026-8071 | CVE-2026-8071 CVSS 8.8 | The Anti-Spam by CleanTalk. Spam protection WordPress plugin before 6.79 does not properly sanitize content within a custom shortcode used in its email-encodin… |
| CVE-2026-8053 | CVE-2026-8053 CVSS 8.8 | An issue in MongoDB Server's time-series collection implementation allows an authenticated user with database write privileges to trigger an out-of-bounds memo… |
| CVE-2026-8050 | CVE-2026-8050 CVSS 7.5 | In SignalRGB versions prior to 1.3.7.0, seven of the thirteen IOCTL handlers dereference the SystemBuffer pointer without first verifying that it is non-NULL. … |
| CVE-2026-8049 | CVE-2026-8049 CVSS 5.3 | In SignalRGB versions prior to 1.3.7.0, the \\.\SignalIo device object is created without an explicit SDDL security descriptor and without FILE_DEVICE_SECURE_O… |