31,509 indexed
CVECVE vulnerabilities
31,509 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 1,151–1,200 of 31,509 · page 24 of 631
| ID | Title | Summary |
|---|---|---|
| CVE-2026-5726 | CVE-2026-5726 CVSS 8.4 | ASDA-Soft Stack-based Buffer Overflow Vulnerability |
| CVE-2026-5722 | CVE-2026-5722 CVSS 9.8 | The MoreConvert Pro plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.9.14. This is due to the guest waitlist… |
| CVE-2026-5720 | CVE-2026-5720 CVSS 9.1 | miniupnpd contains an integer underflow vulnerability in SOAPAction header parsing that allows remote attackers to cause a denial of service or information dis… |
| CVE-2026-5718 | CVE-2026-5718 CVSS 8.1 | The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file upload in versions up to, and including, 1.3.9.7… |
| CVE-2026-5714 | CVE-2026-5714 CVSS 6.4 | The Enable Media Replace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘location_dir’ parameter in all versions up to, and includin… |
| CVE-2026-5713 | CVE-2026-5713 | The "profiling.sampling" module (Python 3.15+) and "asyncio introspection capabilities" (3.14+, "python -m asyncio ps" and "python -m asyncio pstree") features… |
| CVE-2026-5712 | CVE-2026-5712 CVSS 8.8 | This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the requestor or assignee of a work item to edit the definit… |
| CVE-2026-5709 | CVE-2026-5709 CVSS 8.8 | Unsanitized input in the FileBrowser API in AWS Research and Engineering Studio (RES) version 2024.10 through 2025.12.01 might allow a remote authenticated act… |
| CVE-2026-5708 | CVE-2026-5708 CVSS 8.8 | Unsanitized control of user-modifiable attributes in the session creation component in AWS Research and Engineering Studio (RES) prior to version 2026.03 could… |
| CVE-2026-5707 | CVE-2026-5707 CVSS 8.8 | Unsanitized input in an OS command in the virtual desktop session name handling in AWS Research and Engineering Studio (RES) version 2025.03 through 2025.12.01… |
| CVE-2026-5687 | CVE-2026-5687 CVSS 8.8 | A weakness has been identified in Tenda CX12L 16.03.53.12. This issue affects the function fromNatStaticSetting of the file /goform/NatStaticSetting. This mani… |
| CVE-2026-5686 | CVE-2026-5686 CVSS 8.8 | A security flaw has been discovered in Tenda CX12L 16.03.53.12. This vulnerability affects the function fromRouteStatic of the file /goform/RouteStatic. The ma… |
| CVE-2026-5685 | CVE-2026-5685 CVSS 8.8 | A vulnerability was identified in Tenda CX12L 16.03.53.12. This affects the function fromAddressNat of the file /goform/addressNat. The manipulation of the arg… |
| CVE-2026-5684 | CVE-2026-5684 CVSS 8.0 | A vulnerability was determined in Tenda CX12L 16.03.53.12. Affected by this issue is the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFi… |
| CVE-2026-5683 | CVE-2026-5683 CVSS 8.0 | A vulnerability was found in Tenda CX12L 16.03.53.12. Affected by this vulnerability is the function fromP2pListFilter of the file /goform/P2pListFilter. Perfo… |
| CVE-2026-5663 | CVE-2026-5663 CVSS 9.8 | A security flaw has been discovered in OFFIS DCMTK up to 3.7.0. This impacts the function executeOnReception/executeOnEndOfStudy of the file dcmnet/apps/stores… |
| CVE-2026-5652 | CVE-2026-5652 CVSS 9.0 | An insecure direct object reference vulnerability in the Users API component of Crafty Controller allows a remote, authenticated attacker to perform user modif… |
| CVE-2026-56355 | CVE-2026-56355 CVSS 3.7 | GNU Savannah Administration Savane through 3.17 uses untrusted data as part of authorization. |
| CVE-2026-56347 | CVE-2026-56347 CVSS 6.1 | AVideo TopMenu plugin through version 26.0 contains a stored cross-site scripting vulnerability in menu item rendering due to missing output encoding of icon c… |
| CVE-2026-56346 | CVE-2026-56346 CVSS 6.5 | AVideo through version 25.0 contains an authentication bypass vulnerability in the decryptMessage.json.php endpoint that allows unauthenticated users to decryp… |
| CVE-2026-56345 | CVE-2026-56345 CVSS 8.1 | AVideo through 29.0 contains an authorization bypass vulnerability in the Meet plugin's uploadRecordedVideo.json.php endpoint that derives the target users_id … |
| CVE-2026-56342 | CVE-2026-56342 CVSS 6.8 | AVideo through version 27.0 contains a server-side request forgery vulnerability in plugin/Live/test.php that allows authenticated administrators to read arbit… |
| CVE-2026-56341 | CVE-2026-56341 CVSS 7.5 | AVideo through version 26.0 contains multiple unauthenticated list.json.php endpoints in payment plugins lacking authorization checks, exposing PayPal tokens, … |
| CVE-2026-56340 | CVE-2026-56340 CVSS 8.8 | vLLM versions >= 0.10.2 and < 0.13.0 are missing sparse tensor validation in multimodal embeddings processing. Because PyTorch disables sparse tensor invariant… |
| CVE-2026-56332 | CVE-2026-56332 CVSS 4.7 | Capgo before 12.128.2 contains an open redirect vulnerability in the confirm-signup endpoint that allows attackers to redirect users to arbitrary external webs… |
| CVE-2026-56330 | CVE-2026-56330 CVSS 3.5 | Capgo before 12.128.2 contains an open redirect vulnerability in stripe_portal and stripe_checkout endpoints that accept unvalidated callbackUrl, successUrl, a… |
| CVE-2026-56325 | CVE-2026-56325 CVSS 3.1 | Capgo before 12.128.2 uses ILIKE pattern matching instead of exact matching for app_id lookup in the preview subdomain resolver, allowing underscore characters… |
| CVE-2026-56319 | CVE-2026-56319 CVSS 4.3 | Capgo before 12.128.2 contains an information disclosure vulnerability in the GET /statistics/app/:app_id endpoint that allows app-limited API keys to distingu… |
| CVE-2026-56317 | CVE-2026-56317 | Nuxt before 4.4.7 (and the 3.x branch before 3.21.7) contains a cross-site scripting vulnerability in the NoScript component that writes slot content to innerH… |
| CVE-2026-56307 | CVE-2026-56307 CVSS 4.3 | Cap-go before 12.128.12 contains a broken cursor pagination vulnerability in the /private/devices endpoint on the Cloudflare/workerd path that allows authentic… |
| CVE-2026-56304 | CVE-2026-56304 CVSS 6.5 | picklescan before 1.0.1 contains an unsafe pickle deserialization vulnerability allowing unauthenticated attackers to create arbitrary zero-byte files via logg… |
| CVE-2026-56295 | CVE-2026-56295 CVSS 6.3 | Capgo before 12.128.2 contains an authorization bypass vulnerability in webhook management endpoints that allows non-expiring API keys to bypass the require_ap… |
| CVE-2026-56294 | CVE-2026-56294 CVSS 4.8 | capacitor-native-biometric before 12.128.2 contains an authentication bypass vulnerability where the onAuthenticationSucceeded() method fails to validate Crypt… |
| CVE-2026-5629 | CVE-2026-5629 CVSS 8.8 | A vulnerability was detected in Belkin F9K1015 1.00.10. The affected element is the function formSetFirewall of the file /goform/formSetFirewall. The manipulat… |
| CVE-2026-56282 | CVE-2026-56282 CVSS 5.3 | Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /replication endpoint that exposes internal PostgreSQL replicatio… |
| CVE-2026-5628 | CVE-2026-5628 CVSS 8.8 | A security vulnerability has been detected in Belkin F9K1015 1.00.10. Impacted is the function formSetSystemSettings of the file /goform/formSetSystemSettings … |
| CVE-2026-56276 | CVE-2026-56276 | Flowise before 3.1.2 contains a mass assignment vulnerability in the PUT /api/v1/user endpoint that allows authenticated users to directly modify the credentia… |
| CVE-2026-56267 | CVE-2026-56267 | Flowise before 3.0.13 contains an information exposure vulnerability in the POST /api/v1/account/forgot-password endpoint that returns full user objects includ… |
| CVE-2026-56235 | CVE-2026-56235 CVSS 5.3 | Cap-go capgo before 12.128.2 contains an authorization bypass in several Supabase PostgREST RPC functions (get_app_metrics, get_global_metrics, get_total_metri… |
| CVE-2026-56228 | CVE-2026-56228 CVSS 4.9 | Capgo before 12.128.2 fails to enforce a maximum value on the minimum password length field in its password policy configuration. An authenticated organization… |
| CVE-2026-56227 | CVE-2026-56227 CVSS 5.4 | Capgo before 12.128.2 contains a server-side request forgery vulnerability in webhook URL validation that allows loopback and internal addresses. Organization … |
| CVE-2026-56218 | CVE-2026-56218 CVSS 5.3 | Capgo before 12.128.2 fails to strip EXIF metadata including GPS geolocation data from uploaded images, allowing information disclosure. Attackers can download… |
| CVE-2026-56216 | CVE-2026-56216 CVSS 8.8 | Capgo before 12.128.2 contains a scope escalation vulnerability in the POST /functions/v1/apikey endpoint that allows app-limited API keys to mint unrestricted… |
| CVE-2026-56215 | CVE-2026-56215 CVSS 8.3 | Capgo before 12.128.12 allows authenticated users to modify their mutable public.users.email to arbitrary addresses, which the SSO provisioning endpoint trusts… |
| CVE-2026-56214 | CVE-2026-56214 CVSS 7.5 | Capgo before 12.128.2 contains an information disclosure vulnerability in Supabase PostgREST RPC endpoints is_trial_org and is_paying_org that allows unauthent… |
| CVE-2026-56213 | CVE-2026-56213 CVSS 5.3 | Capgo before 12.128.2 contains an authorization bypass vulnerability in the public.upsert_version_meta SECURITY DEFINER function exposed via PostgREST RPC, all… |
| CVE-2026-56212 | CVE-2026-56212 CVSS 3.8 | Capgo before 12.128.2 contains an authentication logic flaw: a user with permission to manage team or organization security settings can enable mandatory two-f… |
| CVE-2026-56211 | CVE-2026-56211 CVSS 7.1 | A remote code execution vulnerability was found in libaom, the reference AV1 codec implementation. Insufficient bounds validation in the AV1 encoder's SVC (Sca… |
| CVE-2026-56210 | CVE-2026-56210 CVSS 7.1 | A heap-buffer-overflow read vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC (Scalable Video Coding… |
| CVE-2026-56209 | CVE-2026-56209 CVSS 7.1 | An arbitrary address write vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC (Scalable Video Coding)… |