31,467 indexed
CVECVE vulnerabilities
31,467 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 201–250 of 31,467 · page 5 of 630
| ID | Title | Summary |
|---|---|---|
| CVE-2026-9348 | CVE-2026-9348 CVSS 8.8 | A vulnerability was found in Edimax EW-7438RPn up to 1.31. Affected by this vulnerability is an unknown functionality of the file /goform/mp of the component w… |
| CVE-2026-9346 | CVE-2026-9346 CVSS 8.8 | A flaw has been found in Edimax EW-7438RPn up to 1.31. This impacts the function formWirelessTbl of the file /goform/formWirelessTbl of the component webs. Exe… |
| CVE-2026-9345 | CVE-2026-9345 CVSS 8.8 | A vulnerability was detected in Edimax EW-7438RPn up to 1.31. This affects the function formWizSurvey of the file /goform/formWizSurvey of the component webs. … |
| CVE-2026-9344 | CVE-2026-9344 CVSS 8.8 | A security vulnerability has been detected in Edimax EW-7438RPn up to 1.31. The impacted element is an unknown function of the file /goform/formWpsStart of the… |
| CVE-2026-9334 | CVE-2026-9334 CVSS 7.3rurban | Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeys_as_arrayref is enabled. decode_hv() collapses dupli… |
| CVE-2026-9330 | CVE-2026-9330 CVSS 8.5ibm | IBM WebSphere Application Server 9.0, and 8.5 is affected by an improper validation of user-supplied data during deserialization using the SAML Web Single Sign… |
| CVE-2026-9319 | CVE-2026-9319 CVSS 9.0ibm | IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due to deserialization of untrusted data via JAX-WS endpoints wi… |
| CVE-2026-9312 | CVE-2026-9312 CVSS 8.2github | A server-side request forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to send crafted requests… |
| CVE-2026-9311 | CVE-2026-9311 CVSS 9.0ibm | IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execution caused by the bypass of security controls. |
| CVE-2026-9309 | CVE-2026-9309 CVSS 5.4mozilla | Firefox for iOS Reader View did not properly escape HTML tags in JSON-LD metadata. A malicious page could inject markup that changed Reader View behavior and l… |
| CVE-2026-9308 | CVE-2026-9308 CVSS 5.4mozilla | Firefox for iOS Reader View replaced page content in its HTML template before replacing other internal placeholders. A malicious page could include a placehold… |
| CVE-2026-9307 | CVE-2026-9307 | A sensitive information disclosure security issue exists within the affected CompactLogix controllers. The controller's web server exposes CIP Connection IDs o… |
| CVE-2026-9295 | CVE-2026-9295 CVSS 8.8 | A security flaw has been discovered in Edimax BR-6428NS 1.10. This affects the function formWirelessTbl of the file /goform/formWirelessTbl of the component PO… |
| CVE-2026-9294 | CVE-2026-9294 CVSS 8.8 | A vulnerability was identified in Edimax BR-6428NS 1.10. The impacted element is the function formWanTcpipSetup of the file /goform/formWanTcpipSetup of the co… |
| CVE-2026-9290 | CVE-2026-9290 CVSS 7.5 | The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.17… |
| CVE-2026-9284 | CVE-2026-9284 CVSS 8.2 | The WooCommerce PayPal Payments plugin for WordPress is vulnerable to unauthorized order manipulation and information disclosure due to missing authorization c… |
| CVE-2026-9281 | CVE-2026-9281 CVSS 6.4 | The Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template Kits plugin for WordPress is vulnerable to Stored Cross-Site Scr… |
| CVE-2026-9280 | CVE-2026-9280 CVSS 6.1 | The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL Parameters in iframe Mode in all versio… |
| CVE-2026-9279 | CVE-2026-9279 | Logseq exposes an IPC handler that allows the renderer process to execute shell commands. While an allowlist restricts the command name (e.g. `git`, `pandoc`, … |
| CVE-2026-9278 | CVE-2026-9278 CVSS 5.4 | The Form Builder CP WordPress plugin before 1.2.47 does not properly sanitize a form configuration value before storing it and using it as part of a client-sid… |
| CVE-2026-9277 | CVE-2026-9277 CVSS 8.1 | shell-quote's `quote()` function did not validate object-token inputs against the operator model used by `parse()`. The `.op` field was backslash-escaped chara… |
| CVE-2026-9271 | CVE-2026-9271 CVSS 5.9 | Vulnerability Title |
| CVE-2026-9270 | CVE-2026-9270 CVSS 9.1binary | DataDog::DogStatsd versions through 0.07 for Perl allow metric injections. DataDog::DogStatsd does not properly sanitise input, allowing metric injections of … |
| CVE-2026-9269 | CVE-2026-9269 CVSS 3.5 | The Secure Copy Content Protection and Content Locking WordPress plugin before 5.1.5 does not sanitise and escape some of its settings, which could allow high … |
| CVE-2026-9266 | CVE-2026-9266 | A Missing Required Cryptographic Step vulnerability has been identified in Moxa's embedded Linux firmware for industrial computers and controllers. This vulner… |
| CVE-2026-9265 | CVE-2026-9265 | Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in print_attribute UTF8STRING path. print_attribute() copies a UTF8STRING ASN.1 a… |
| CVE-2026-9264 | CVE-2026-9264 CVSS 9.3 | A cross-site scripting (XSS) vulnerability in SketchUp 2026's Dynamic Components feature allows remote code execution and local file exfiltration through malic… |
| CVE-2026-9262 | CVE-2026-9262 CVSS 6.5canon | Use of a non-secure protocol as the default FTP configuration in Canon EOS Network Setting Tool Version 1.5.0 or earlier |
| CVE-2026-9261 | CVE-2026-9261 CVSS 6.8canon | Use of weak SSH cryptographic algorithms in Canon EOS Network Setting Tool Version 1.5.0 or earlier |
| CVE-2026-9260 | CVE-2026-9260 CVSS 6.2canon | Use of hard-coded cryptographic keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier |
| CVE-2026-9259 | CVE-2026-9259 CVSS 6.5canon | Improper validation of server certificates in Canon EOS Network Setting Tool Version 1.5.0 or earlier |
| CVE-2026-9258 | CVE-2026-9258 CVSS 6.5canon | Improper validation of SSH host keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier |
| CVE-2026-9256 | CVE-2026-9256 CVSS 8.1f5 | NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when a rewrite directive uses a regex pa… |
| CVE-2026-9255 | CVE-2026-9255 CVSS 7.8amazon | Missing input source validation in the tool authorization prompt in Kiro CLI before 1.28.0 allows a local attacker to execute arbitrary tools, including shell … |
| CVE-2026-9234 | CVE-2026-9234 CVSS 4.3 | The JTL-Connector for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.4.1. This is due to missing c… |
| CVE-2026-9213 | CVE-2026-9213 CVSS 8.1netgear | A vulnerability in the affected NETGEAR gaming routers allows attackers with the ability to intercept and tamper with traffic between the router and the Intern… |
| CVE-2026-9212 | CVE-2026-9212 CVSS 8.0netgear | Insufficient authentication and input validation in the listed NETGEAR models allow users connected to the local network to execute commands impacting the prod… |
| CVE-2026-9211 | CVE-2026-9211 CVSS 8.8netgear | An unauthenticated user on the local network can gain control of the router and make unauthorized changes to its operation. |
| CVE-2026-9210 | CVE-2026-9210 CVSS 4.5netgear | Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorize… |
| CVE-2026-9208 | CVE-2026-9208 CVSS 8.8tanium | Tanium addressed an unauthorized code execution vulnerability in Connect. |
| CVE-2026-9207 | CVE-2026-9207 CVSS 8.8 | Tanium addressed an unauthorized code execution vulnerability in Connect. |
| CVE-2026-9204 | CVE-2026-9204 CVSS 5.3gitlab | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certai… |
| CVE-2026-9199 | CVE-2026-9199 CVSS 4.3 | The Equalize Digital Accessibility Checker – WCAG, ADA, EAA and Section 508 compliance plugin for WordPress is vulnerable to authorization bypass in all versio… |
| CVE-2026-9197 | CVE-2026-9197 CVSS 4.9 | The Smart Slider 3 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.5.1.36 via the replaceHTMLImage function. … |
| CVE-2026-9187 | CVE-2026-9187 CVSS 5.3 | The Abandoned Contact Form 7 plugin for WordPress is vulnerable to unauthorized arbitrary post deletion in versions up to, and including, 2.2. This is due to a… |
| CVE-2026-9185 | CVE-2026-9185 CVSS 7.5 | The 6Storage Rentals plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 2.22.0 via the … |
| CVE-2026-9170 | CVE-2026-9170 CVSS 9.8ibm | IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service and a potential remote code execution due to improper input validation. |
| CVE-2026-9158 | CVE-2026-9158 | In Eclipse 4diac FORTE versions 3.0.0 to 3.1.0, a specially crafted DELETE connection command to the management interface can lead to a dangling pointer. This … |
| CVE-2026-9157 | CVE-2026-9157 CVSS 8.4 | Improper input validation, Unrestricted upload of file with dangerous type vulnerability in Gmission Web Fax allows Remote Code Inclusion. This issue affects … |
| CVE-2026-9151 | CVE-2026-9151 | An OS command injection vulnerability exists in the VPN module of TP-Link Archer AX12 v1, AX17 v1. AX18 v1, and AX1300 v1.6 routers. This vulnerability allows … |