31,509 indexed
CVECVE vulnerabilities
31,509 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 901–950 of 31,509 · page 19 of 631
| ID | Title | Summary |
|---|---|---|
| CVE-2026-6632 | CVE-2026-6632 CVSS 8.8 | A vulnerability was identified in Tenda F451 1.0.0.7_cn_svn7958. The affected element is the function fromSafeClientFilter of the file /goform/SafeClientFilter… |
| CVE-2026-6631 | CVE-2026-6631 CVSS 8.8 | A vulnerability was determined in Tenda F451 1.0.0.7_cn_svn7958. Impacted is the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter of … |
| CVE-2026-6630 | CVE-2026-6630 CVSS 8.8 | A vulnerability was found in Tenda F451 1.0.0.7_cn_svn7958. This issue affects the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer of the componen… |
| CVE-2026-6581 | CVE-2026-6581 CVSS 8.8 | A vulnerability was detected in H3C Magic B1 up to 100R004. Affected by this vulnerability is the function SetMobileAPInfoById of the file /goform/aspForm. Per… |
| CVE-2026-6563 | CVE-2026-6563 CVSS 8.8 | A vulnerability has been found in H3C Magic B1 up to 100R004. The affected element is the function SetAPWifiorLedInfoById of the file /goform/aspForm. The mani… |
| CVE-2026-6560 | CVE-2026-6560 CVSS 8.8 | A security vulnerability has been detected in H3C Magic B0 up to 100R002. This vulnerability affects the function Edit_BasicSSID of the file /goform/aspForm. S… |
| CVE-2026-6555 | CVE-2026-6555 CVSS 9.8 | The ProSolution WP Client plugin for WordPress is vulnerable to Arbitrary File Upload in versions up to, and including, 2.0.0. This is due to an array validati… |
| CVE-2026-6552 | CVE-2026-6552 CVSS 8.7gitlab | GitLab has remediated an issue in GitLab EE affecting all versions from 15.5 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain co… |
| CVE-2026-6543 | CVE-2026-6543 CVSS 8.8 | IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow allows an attacker to execute arbitrary commands with the privileges of the process running Langflow. This al… |
| CVE-2026-6542 | CVE-2026-6542 CVSS 8.1 | IBM Langflow OSS 1.0.0 through 1.8.4 could allow any user to supply a flow_id to read transaction logs and vertex build data belonging to other users, and to d… |
| CVE-2026-6518 | CVE-2026-6518 CVSS 8.8 | The CMP – Coming Soon & Maintenance Plugin by NiteoThemes plugin for WordPress is vulnerable to arbitrary file upload and remote code execution in all versions… |
| CVE-2026-6517 | CVE-2026-6517 CVSS 6.3mattermost | Mattermost Desktop App versions <=6.1 5.5.13.0 fail to restrict the allow list of domains to which NTLM credentials were forwarded to in the Mattermost Desktop… |
| CVE-2026-6512 | CVE-2026-6512 CVSS 9.1 | The InfusedWoo Pro plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.1.2. This is due to the plugin not proper… |
| CVE-2026-6510 | CVE-2026-6510 CVSS 9.8 | The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation via missing authorization in all versions up to, and including, 5.1.2. This is du… |
| CVE-2026-6508 | CVE-2026-6508 CVSS 9.8 | Origin Validation Error vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Accessing Functionality Not Properly Constra… |
| CVE-2026-6506 | CVE-2026-6506 CVSS 8.8 | The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.1.2. This is due to the infusedwoo_gdpr_u… |
| CVE-2026-6477 | CVE-2026-6477 CVSS 8.8 | Use of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreSQL libpq lo_export(), lo_read(), lo_lseek64(), and lo_tell64() functions allows… |
| CVE-2026-6475 | CVE-2026-6475 CVSS 8.8 | Symlink following in PostgreSQL pg_basebackup plain format and in pg_rewind allows an origin superuser to overwrite local files, e.g. /var/lib/postgres/.bashrc… |
| CVE-2026-6473 | CVE-2026-6473 CVSS 8.8 | Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to undersize an allocation and write out-of-… |
| CVE-2026-6456 | CVE-2026-6456 CVSS 8.8 | The Account Switcher plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.2. This is due to the `rememberLogin`… |
| CVE-2026-6448 | CVE-2026-6448 CVSS 4.9 | The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'order' parameter in… |
| CVE-2026-6445 | CVE-2026-6445 | A flaw exists in FlashArray Purity where insufficient filtering of certain data paths could expose sensitive information to an authenticated user with low priv… |
| CVE-2026-6444 | CVE-2026-6444 | A flaw exists in the FlashArray Purity management interface where an authenticated low-privileged user may, under specific conditions, access functionality bey… |
| CVE-2026-6443 | CVE-2026-6443 CVSS 9.8 | All plugins by Essentialplugin for WordPress are vulnerable to an injected backdoor in various versions. This is due to the plugin being sold to a malicious th… |
| CVE-2026-6442 | CVE-2026-6442 CVSS 8.3 | Improper validation of bash commands in Snowflake Cortex Code CLI versions prior to 1.0.25 allowed subsequent commands to execute outside the sandbox. An attac… |
| CVE-2026-6437 | CVE-2026-6437 CVSS 6.5amazon | Improper neutralization of argument delimiters in the volume handling component in AWS EFS CSI Driver (aws-efs-csi-driver) before v3.0.1 allows remote authenti… |
| CVE-2026-6428 | CVE-2026-6428 CVSS 7.6 | SQL Injection in reports/catalogue_out.pl in Koha Community Koha through 22.11.37, 23.x, 24.x before 24.11.16, 25.05.x before 25.05.11, 25.11.x before 25.11.05… |
| CVE-2026-6419 | CVE-2026-6419 CVSS 8.8 | The WishList Member plugin for WordPress is vulnerable to Privilege Escalation via Missing Authorization in versions up to and including 3.30.1. This is due to… |
| CVE-2026-6406 | CVE-2026-6406 CVSS 8.8 | The Docker CLI --use-api-socket flag bypasses Enhanced Container Isolation (ECI) restrictions in Docker Desktop. When ECI is enabled, Docker socket mounts from… |
| CVE-2026-6388 | CVE-2026-6388 CVSS 9.1 | A flaw was found in ArgoCD Image Updater. This vulnerability allows an attacker, with permissions to create or modify an ImageUpdater resource in a multi-tenan… |
| CVE-2026-6379 | CVE-2026-6379 CVSS 8.6 | The WP Photo Album Plus WordPress plugin before 9.1.11.001 does not properly sanitize and escape a parameter before using it in a SQL query, allowing unauthent… |
| CVE-2026-6376 | CVE-2026-6376 | A weakness in SpiceJet’s public booking retrieval page permits full passenger booking details to be accessed using only a PNR and last name, with no authentica… |
| CVE-2026-6375 | CVE-2026-6375 | A vulnerability in SpiceJet’s booking API allows unauthenticated users to query passenger name records (PNRs) without any access controls. Because PNR identifi… |
| CVE-2026-6369 | CVE-2026-6369 CVSS 5.5canonical | An improper access control vulnerability in the canonical-livepatch snap client prior to version 10.15.0 allows a local unprivileged user to obtain a sensitive… |
| CVE-2026-6363 | CVE-2026-6363 CVSS 8.8 | Type Confusion in V8 in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML p… |
| CVE-2026-6361 | CVE-2026-6361 CVSS 8.3 | Heap buffer overflow in PDFium in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gest… |
| CVE-2026-6360 | CVE-2026-6360 CVSS 8.8 | Use after free in FileSystem in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially exploit object corruption via a crafted HTML pag… |
| CVE-2026-6359 | CVE-2026-6359 CVSS 8.8 | Use after free in Video in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to perform out o… |
| CVE-2026-6358 | CVE-2026-6358 CVSS 8.8 | Use after free in XR in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML p… |
| CVE-2026-6356 | CVE-2026-6356 CVSS 9.6 | A vulnerability in the web application allows standard users to escalate their privileges to those of a super administrator through parameter manipulation, ena… |
| CVE-2026-6350 | CVE-2026-6350 CVSS 9.8 | MailGates/MailAudit developed by Openfind has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's e… |
| CVE-2026-6349 | CVE-2026-6349 CVSS 9.8 | The iSherlock developed by HGiga has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and exec… |
| CVE-2026-6348 | CVE-2026-6348 CVSS 8.8 | WinMatrix agent developed by Simopro Technology has a Missing Authentication vulnerability, allowing authenticated local attackers to execute arbitrary code wi… |
| CVE-2026-6346 | CVE-2026-6346 CVSS 8.7 | Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to sanitize sensitive configuration fields before including them in support pa… |
| CVE-2026-6338 | CVE-2026-6338 | A HTTP request smuggling and desynchronization vulnerability affects Kong Gateway Enterprise 3.4, 3.10, 3.11, 3.12, 3.13, and 3.14 series. The vulnerability is… |
| CVE-2026-6318 | CVE-2026-6318 CVSS 8.8 | Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.… |
| CVE-2026-6317 | CVE-2026-6317 CVSS 8.8 | Use after free in Cast in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security… |
| CVE-2026-6316 | CVE-2026-6316 CVSS 8.8 | Use after free in Forms in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. … |
| CVE-2026-6315 | CVE-2026-6315 CVSS 8.8 | Use after free in Permissions in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestu… |
| CVE-2026-6314 | CVE-2026-6314 CVSS 8.3 | Out of bounds write in GPU in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the GPU process to potentially perform a sand… |