31,467 indexed
CVECVE vulnerabilities
31,467 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 101–150 of 31,467 · page 3 of 630
| ID | Title | Summary |
|---|---|---|
| CVE-2026-9747 | CVE-2026-9747 CVSS 6.5mongodb | Adding fromRouter:true and runtimeConstants.userRoles could cause aggregations to crash mongodb server. |
| CVE-2026-9746 | CVE-2026-9746 CVSS 6.5mongodb | When using $changestreams and $_requestReshardingResumeToken with the exchange option the server hits an invariant which causes the server to crash. There are … |
| CVE-2026-9743 | CVE-2026-9743 CVSS 6.5mongodb | In MongoDB Server 8.0, an aggregation stage can leave its _subPipeline field null during processing of certain pipelines. If a getMore is subsequently issued o… |
| CVE-2026-9742 | CVE-2026-9742 CVSS 7.5mongodb | When OIDC authentication is enabled in configuration, clients may set specific values in the "mechanism" parameter of the "authenticate" command that lead to s… |
| CVE-2026-9741 | CVE-2026-9741 CVSS 6.5mongodb | A bug in query analysis processing of the $vectorSearch aggregation stage for Queryable Encryption (QE) or Client-Side Field Level Encryption (CSFLE) results … |
| CVE-2026-9740 | CVE-2026-9740 CVSS 7.5mongodb | A vulnerability in MongoDB Server's BSON validation logic allows an unauthenticated user to crash the mongod process by sending a specially crafted message. Th… |
| CVE-2026-9735 | CVE-2026-9735 CVSS 5.5mongodb | MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metric logging is… |
| CVE-2026-9732 | CVE-2026-9732 CVSS 4.3 | The EmergencyWP – Dead Man's switch & legacy deliverance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including,… |
| CVE-2026-9730 | CVE-2026-9730 CVSS 4.3 | The Remove NoFollow Commenter URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to mi… |
| CVE-2026-9723 | CVE-2026-9723 CVSS 4.3 | The Google Plus One Bottom plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.0.2. This is due to missing… |
| CVE-2026-9722 | CVE-2026-9722 CVSS 4.3 | The Laiser Tag plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing or incorrec… |
| CVE-2026-9719 | CVE-2026-9719 CVSS 4.3 | The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and… |
| CVE-2026-9704 | CVE-2026-9704 CVSS 6.8redhat | A flaw was found in Keycloak. An authenticated user with low privileges can exploit this vulnerability by sending an oversized subject_token JSON Web Token (JW… |
| CVE-2026-9698 | CVE-2026-9698 CVSS 9.8perl | DBI versions before 1.648 for Perl saved errors in a limited-sized buffer. Error messages that were returned when RaiseError, PrintError or HandleError were s… |
| CVE-2026-9694 | CVE-2026-9694 CVSS 2.6gitlab | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain… |
| CVE-2026-9692 | CVE-2026-9692 CVSS 5.3 | Mojolicious::Sessions::Storable versions through 0.05 for Perl generate session ids insecurely. The default session id generator returns a SHA-1 hash seeded w… |
| CVE-2026-9691 | CVE-2026-9691 CVSS 9.8 | Unauthenticated PHP Object Injection in Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.1 versions. |
| CVE-2026-9689 | CVE-2026-9689 CVSS 4.2redhat | A flaw was found in Keycloak, an open-source identity and access management solution. When a client application is configured to accept broad redirect Uniform … |
| CVE-2026-9669 | CVE-2026-9669 | bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught the resulting OSError and retried with the same decompressor,… |
| CVE-2026-9662 | CVE-2026-9662 CVSS 8.1 | The Recover Exit For WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to and including 1.0.3. This is due to insuffici… |
| CVE-2026-9658 | CVE-2026-9658 CVSS 7.3 | Plack::Middleware::Security::Common versions before 0.13.1 for Perl did not block header injections in request paths. The header injection rule was ineffectiv… |
| CVE-2026-9648 | CVE-2026-9648 CVSS 9.1 | The crypton-x509-validation Haskell library fails to enforce X.509 NameConstraints, allowing TLS clients to accept certificates whose Subject Alternative Names… |
| CVE-2026-9646 | CVE-2026-9646 CVSS 6.1 | A reflected cross-site scripting issue exists in URL handling. |
| CVE-2026-9645 | CVE-2026-9645 CVSS 9.9 | Exposed methods allow authenticated users to create and execute arbitrary JavaScript code on the server. The scripts execute with full access, enabling complet… |
| CVE-2026-9642 | CVE-2026-9642 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. |
| CVE-2026-9641 | CVE-2026-9641 CVSS 5.3 | Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations. The default algorithm is HMAC-SHA1, which should only … |
| CVE-2026-9638 | CVE-2026-9638 CVSS 7.5 | Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable… |
| CVE-2026-9632 | CVE-2026-9632 CVSS 8.8 | A flaw has been found in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected by this issue is the function strcpy of the file /goform/formGroupConfig of the c… |
| CVE-2026-9631 | CVE-2026-9631 CVSS 8.8 | A vulnerability was detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected by this vulnerability is the function strcpy of the file /goform/formConfi… |
| CVE-2026-9629 | CVE-2026-9629 CVSS 6.4 | The Canvas plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' parameter in all versions up to, and including, 2.5.2 due to insuffi… |
| CVE-2026-9628 | CVE-2026-9628 CVSS 8.8 | A weakness has been identified in UTT HiPER 1200GW up to 2.5.3-170306. Affected is an unknown function of the file /goform/formPptpClientConfig of the componen… |
| CVE-2026-9627 | CVE-2026-9627 CVSS 8.8 | A security flaw has been discovered in UTT HiPER 1200GW up to 2.5.3-170306. This impacts the function strcpy of the file /goform/setSysAdm of the component Web… |
| CVE-2026-9617 | CVE-2026-9617 CVSS 6.8dalibo | PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a table and placing malicious code inside a column i… |
| CVE-2026-9614 | CVE-2026-9614 CVSS 8.8 | An Improper Access Control vulnerability in Ivanti Neurons for ITSM (cloud and on-premises) allows a remote authenticated attacker to gain administrative acces… |
| CVE-2026-9599 | CVE-2026-9599 CVSS 4.3 | The Tectite Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorre… |
| CVE-2026-9595 | CVE-2026-9595 CVSS 5.3webpack.js | Impact: When a user-configured proxy on webpack-dev-server has a broad context (e.g. /) and ws: true, it also intercepts the dev server's own HMR WebSocket and… |
| CVE-2026-9594 | CVE-2026-9594 CVSS 4.4 | The WP Maps – Google Maps,OpenStreetMap,Mapbox,Store Locator,Listing,Directory & Filters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via … |
| CVE-2026-9591 | CVE-2026-9591 | Cross-site request forgery (CSRF) in NewsItemApiController in SimplCommerce prior to commit 6233d73e allows an unauthenticated remote attacker to create or mod… |
| CVE-2026-9590 | CVE-2026-9590 CVSS 5.3devolutions | Improper access control in the permission validation component in Devolutions Server 2026.1.19 and earlier allows an authenticated user with entry edit privile… |
| CVE-2026-9549 | CVE-2026-9549 CVSS 4.8checkmk | Stored cross-site scripting in the service discovery active check output in Checkmk <2.5.0p5, <2.4.0p31, <2.3.0p48, and all 2.2.0 versions allows an administra… |
| CVE-2026-9543 | CVE-2026-9543 CVSS 9.8 | A vulnerability has been found in Totolink N300RH 6.1c.1353_B20190305. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the componen… |
| CVE-2026-9522 | CVE-2026-9522 CVSS 5.4devolutions | Improper access control in the PAM account discovery feature in Devolutions Server 2026.1.19 and earlier allows an authenticated user without administrative pr… |
| CVE-2026-9516 | CVE-2026-9516 CVSS 7.5rurban | Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed input when a decode filter callback throws. To skip a leading 3-… |
| CVE-2026-9507 | CVE-2026-9507 | A session fixation vulnerability has been identified in osTicket v1.18.2. This security flaw allows an attacker to hijack a victim’s account by keeping the ini… |
| CVE-2026-9506 | CVE-2026-9506 | This vulnerability exists in Bagisto due to improper validation of user-supplied input in the ImageCacheController component. An unauthenticated remote attacke… |
| CVE-2026-9490 | CVE-2026-9490 CVSS 5.5acer | A security vulnerability has been identified in Acer Care Center where the ACCSvc service creates a Named Pipe with a weak Security Descriptor. This vulnerabil… |
| CVE-2026-9482 | CVE-2026-9482 CVSS 8.8 | A vulnerability has been found in Edimax EW-7438RPn 1.31. This impacts the function formSDHCP of the file /goform/formSDHCP. Such manipulation of the argument … |
| CVE-2026-9481 | CVE-2026-9481 CVSS 8.8 | A flaw has been found in Edimax EW-7438RPn 1.31. This affects the function formStats of the file /goform/formStats. This manipulation of the argument submit-ur… |
| CVE-2026-9480 | CVE-2026-9480 CVSS 8.8 | A vulnerability was detected in Edimax EW-7438RPn 1.31. The impacted element is the function formrefresh of the file /goform/formrefresh. The manipulation of t… |
| CVE-2026-9479 | CVE-2026-9479 CVSS 8.8 | A security vulnerability has been detected in Edimax EW-7438RPn 1.31. The affected element is the function formLogout of the file /goform/formLogout. The manip… |