31,509 indexed
CVECVE vulnerabilities
31,509 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 1,201–1,250 of 31,509 · page 25 of 631
| ID | Title | Summary |
|---|---|---|
| CVE-2026-56208 | CVE-2026-56208 CVSS 7.6 | A heap buffer overflow vulnerability was found in libaom, the reference AV1 codec implementation. A flaw in the AV1 encoder's Look-Ahead Processing (LAP) mode … |
| CVE-2026-5617 | CVE-2026-5617 CVSS 8.8 | The Login as User plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.3. This is due to the handle_return_to_a… |
| CVE-2026-56142 | CVE-2026-56142 CVSS 9.9 | In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 privilege escalation by attaching authenticatio… |
| CVE-2026-56141 | CVE-2026-56141 CVSS 9.8 | In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 account takeover via predictable restore codes … |
| CVE-2026-5614 | CVE-2026-5614 CVSS 8.8 | A security flaw has been discovered in Belkin F9K1015 1.00.10. Impacted is the function formSetPassword of the file /goform/formSetPassword. The manipulation o… |
| CVE-2026-56138 | CVE-2026-56138 | AIL framework contains a path traversal vulnerability in the /objects/item/diff endpoint. The endpoint accepts item identifiers through the s1 and s2 query par… |
| CVE-2026-56132 | CVE-2026-56132 CVSS 6.9 | In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there … |
| CVE-2026-56131 | CVE-2026-56131 CVSS 4.9 | libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_ResumeParser from within handlers in cases of a policy violation. Thus, a use-after-fr… |
| CVE-2026-5613 | CVE-2026-5613 CVSS 8.8 | A vulnerability was identified in Belkin F9K1015 1.00.10. This issue affects the function formReboot of the file /goform/formReboot. The manipulation of the ar… |
| CVE-2026-5612 | CVE-2026-5612 CVSS 8.8 | A vulnerability was determined in Belkin F9K1015 1.00.10. This vulnerability affects the function formWlEncrypt of the file /goform/formWlEncrypt. Executing a … |
| CVE-2026-5611 | CVE-2026-5611 CVSS 8.8 | A vulnerability was found in Belkin F9K1015 1.00.10. This affects the function formCrossBandSwitch of the file /goform/formCrossBandSwitch. Performing a manipu… |
| CVE-2026-5610 | CVE-2026-5610 CVSS 8.8 | A vulnerability has been found in Belkin F9K1015 1.00.10. Affected by this issue is the function formWISP5G of the file /goform/formWISP5G. Such manipulation o… |
| CVE-2026-56099 | CVE-2026-56099 CVSS 5.3 | OpenBSD before commit 6a23123 (2026-06-18) contains an out-of-bounds read vulnerability in the mpls_do_error function within sys/netmpls/mpls_input.c that allo… |
| CVE-2026-5609 | CVE-2026-5609 CVSS 8.8 | A flaw has been found in Tenda i12 1.0.0.11(3862). Affected by this vulnerability is the function formwrlSSIDset of the file /goform/wifiSSIDset of the compone… |
| CVE-2026-56082 | CVE-2026-56082 CVSS 7.5 | Capgo (Cap-go/capgo) before 12.128.2 contains an improper access control vulnerability in the SECURITY DEFINER PostgREST RPC function public.record_build_time,… |
| CVE-2026-56081 | CVE-2026-56081 CVSS 9.1 | Cap-go before 12.128.2 contains an authentication logic flaw that lets an attacker register and control an account bound to a victim's email address before tha… |
| CVE-2026-56080 | CVE-2026-56080 CVSS 4.9 | Capgo before 12.128.2 contains a flaw in the Enforce Password Policy feature: after a Super Admin enables the policy and successfully changes their password to… |
| CVE-2026-5608 | CVE-2026-5608 CVSS 8.8 | A vulnerability was detected in Belkin F9K1122 1.00.33. Affected is the function formWlanSetup of the file /goform/formWlanSetup. The manipulation of the argum… |
| CVE-2026-56079 | CVE-2026-56079 CVSS 6.5 | Capgo before 12.128.2 contains a cross-tenant authorization bypass vulnerability in PostgREST endpoints that allows org-scoped read API keys to access other te… |
| CVE-2026-56078 | CVE-2026-56078 CVSS 8.8 | PraisonAI before 1.5.115 contains a path traversal vulnerability in MultiAgentMonitor that fails to sanitize agent IDs when building file paths. Attackers can … |
| CVE-2026-56077 | CVE-2026-56077 CVSS 6.5 | PraisonAI before 1.5.115 contains an information disclosure vulnerability in the MultiAgentLedger component that allows attackers to access sensitive data by r… |
| CVE-2026-56076 | CVE-2026-56076 CVSS 8.1 | PraisonAI before 1.5.128 contains a cross-origin agent execution vulnerability in the AGUI endpoint that allows remote attackers to trigger arbitrary agent exe… |
| CVE-2026-56075 | CVE-2026-56075 CVSS 8.8 | PraisonAI before 4.5.128 contains an arbitrary shell command execution vulnerability where the UI modules hardcode approval_mode to auto, overriding administra… |
| CVE-2026-56074 | CVE-2026-56074 CVSS 5.5 | PraisonAI before 1.5.128 caches tool approval decisions by tool name only, not by invocation arguments, allowing subsequent execute_command calls to bypass app… |
| CVE-2026-56073 | CVE-2026-56073 CVSS 9.4 | Cap-go before 12.128.2 contains an authentication bypass vulnerability in OTP verification that allows attackers to bypass email verification by modifying serv… |
| CVE-2026-5605 | CVE-2026-5605 CVSS 8.8 | A weakness has been identified in Tenda CH22 1.0.0.1. This affects the function formWrlExtraSet of the file /goform/WrlExtraSet. Executing a manipulation of th… |
| CVE-2026-5604 | CVE-2026-5604 CVSS 8.8 | A security flaw has been discovered in Tenda CH22 1.0.0.1. The impacted element is the function formCertLocalPrecreate of the file /goform/CertLocalPrecreate o… |
| CVE-2026-56024 | CVE-2026-56024 CVSS 6.5 | Cross-Site Request Forgery (CSRF) vulnerability in Saad Iqbal WP EasyPay allows Cross Site Request Forgery. This issue affects WP EasyPay: from n/a through 4.… |
| CVE-2026-56022 | CVE-2026-56022 CVSS 5.3 | Webmin accepts basic authentication without session cookies when an attacker provides the 'User-Agent: webmin' header, allowing bypass of additional MFA requir… |
| CVE-2026-56021 | CVE-2026-56021 CVSS 5.3 | Webmin allows unauthenticated attackers to read the contents of any file ending in .conf within module directories, due to a bypassable regex pattern. |
| CVE-2026-56020 | CVE-2026-56020 CVSS 8.1 | The Webmin HTTP server (miniserv.pl) allows unauthenticated attackers to impersonate any user with a configured SSL client certificate by sending a forged HTTP… |
| CVE-2026-56012 | CVE-2026-56012 CVSS 8.5 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David Lingren Media LIbrary Assistant allows Blind SQL In… |
| CVE-2026-56009 | CVE-2026-56009 CVSS 5.9 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bricksable for Bricks Builder allows Stored XSS. This is… |
| CVE-2026-56007 | CVE-2026-56007 CVSS 5.9 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OceanWP Ocean Product Sharing allows Stored XSS. This is… |
| CVE-2026-5598 | CVE-2026-5598 | Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all (core modules). This vulnerability is associated with program fil… |
| CVE-2026-5589 | CVE-2026-5589 CVSS 6.3 | An integer underflow in bt_mesh_sol_recv() in the Bluetooth Mesh solicitation handling (subsys/bluetooth/mesh/solicitation.c) leads to an out-of-bounds write. … |
| CVE-2026-5584 | CVE-2026-5584 CVSS 9.8 | A vulnerability has been found in Fosowl agenticSeek 0.1.0. Impacted is the function PyInterpreter.execute of the file sources/tools/PyInterpreter.py of the co… |
| CVE-2026-5577 | CVE-2026-5577 CVSS 8.6 | A vulnerability has been found in Song-Li cross_browser up to ca690f0fe6954fd9bcda36d071b68ed8682a786a. This affects an unknown part of the file flask/uniquema… |
| CVE-2026-55746 | CVE-2026-55746 CVSS 7.6 | Cotonti 1.0.0 (master branch, commit f43f1fc3) is vulnerable to stored Cross-Site Scripting in the Personal File Storage (PFS) module. A folder title (pff_titl… |
| CVE-2026-55745 | CVE-2026-55745 CVSS 5.4 | Cotonti 1.0.0 (master branch, commit f43f1fc3) is vulnerable to Cross-Site Request Forgery in the Personal File Storage (PFS) module. In modules/pfs/inc/pfs.ed… |
| CVE-2026-55744 | CVE-2026-55744 CVSS 8.1 | Cotonti 1.0.0 (master branch, commit f43f1fc3) is vulnerable to Cross-Site Request Forgery in the Personal File Storage (PFS) module. In modules/pfs/inc/pfs.ma… |
| CVE-2026-55742 | CVE-2026-55742 CVSS 9.6 | Cotonti 1.0.0 (master branch, commit f43f1fc3) is vulnerable to Cross-Site Request Forgery in the administration rights handler. In system/admin/admin.rights.p… |
| CVE-2026-55741 | CVE-2026-55741 CVSS 8.8 | Cotonti 1.0.0 (master branch, commit f43f1fc3) is vulnerable to Cross-Site Request Forgery in the administration configuration handler. In system/admin/admin.c… |
| CVE-2026-55740 | CVE-2026-55740 CVSS 9.8 | Nur-Alam39 bus-ticket (no released versions; latest commit 459cabdbeb99c00225b26e46e3c2c30ae1de7bad) contains an unauthenticated SQL injection vulnerability in… |
| CVE-2026-5574 | CVE-2026-5574 CVSS 9.1 | A security vulnerability has been detected in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. Affected is the function deletefile of the component FsBrowseClean.… |
| CVE-2026-5573 | CVE-2026-5573 CVSS 9.8 | A weakness has been identified in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. This impacts an unknown function of the file /fs. Executing a manipulation of t… |
| CVE-2026-5570 | CVE-2026-5570 CVSS 9.8 | A vulnerability was determined in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. The affected element is the function index_config of the file /LoginCB. This ma… |
| CVE-2026-5569 | CVE-2026-5569 CVSS 9.8 | A vulnerability was found in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. Impacted is an unknown function of the file /Technostrobe/ of the component Endpoint… |
| CVE-2026-5567 | CVE-2026-5567 CVSS 8.8 | A flaw has been found in Tenda M3 1.0.0.10. This vulnerability affects the function setAdvPolicyData of the file /goform/setAdvPolicyData of the component Dest… |
| CVE-2026-5566 | CVE-2026-5566 CVSS 8.8 | A vulnerability was detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. This affects the function strcpy of the file /goform/formNatStaticMap. Performing a… |