31,467 indexed
CVECVE vulnerabilities
31,467 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 351–400 of 31,467 · page 8 of 630
| ID | Title | Summary |
|---|---|---|
| CVE-2026-8878 | CVE-2026-8878 CVSS 7.5securly | Version 3.0.7 of the Securly Chrome Extension exposes multiple publicly accessible endpoints that allow unauthenticated access to sensitive data. The exposed i… |
| CVE-2026-8876 | CVE-2026-8876 CVSS 7.3securly | Version 3.0.7 of the Securly Chrome Extension contains hardcoded, plaintext AES passphrases in securly.min.js. These keys decrypt crisis alert keyword data and… |
| CVE-2026-8874 | CVE-2026-8874 CVSS 7.1securly | Version 3.0.7 of the Securly Chrome Extension downloads JSON files containing crisis alert keywords and filtering rules over unencrypted HTTP via the Fetch API… |
| CVE-2026-8863 | CVE-2026-8863 CVSS 7.8 | Multiple Microsoft-sigend UEFI SHIM bootloaders are vulnerable to SecureBoot bypass. An attacker with administrative privileges or the ability to modify the bo… |
| CVE-2026-8856 | CVE-2026-8856 CVSS 9.1 | IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service in configurations where an attacker has write access to parts of the server configuration. |
| CVE-2026-8855 | CVE-2026-8855 CVSS 9.8 | IBM HTTP Server 8.5, and 9.0 is vulnerable to remote code execution and denial of service in configurations with TLS mutual authentication (client authenticati… |
| CVE-2026-8853 | CVE-2026-8853 CVSS 4.4 | The MW WP Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'memo' parameter in all versions up to, and including, 5.1.3 due to in… |
| CVE-2026-8851 | CVE-2026-8851 CVSS 8.1 | SOGo versions 5.12.7 and prior contains a SQL injection vulnerability in the Access Control List management functionality that allows authenticated users to ex… |
| CVE-2026-8841 | CVE-2026-8841 CVSS 6.4 | The Extra Settings for RocketChat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rocketchat' shortcode's 'title' attribute in versi… |
| CVE-2026-8839 | CVE-2026-8839 CVSS 5.3 | The MapPress Maps for WordPress plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 2.… |
| CVE-2026-8838 | CVE-2026-8838 CVSS 9.8 | Unsafe use of Python's eval() on server-received data in the vector_in() function in amazon-redshift-python-driver before 2.1.14 allows a rogue server or man-i… |
| CVE-2026-8836 | CVE-2026-8836 CVSS 9.8 | A vulnerability was found in lwIP up to 2.2.1. Affected is the function snmp_parse_inbound_frame of the file src/apps/snmp/snmp_msg.c of the component snmpv3 U… |
| CVE-2026-8834 | CVE-2026-8834 CVSS 8.0 | IBM HTTP Server 8.5, and 9.0 contains a buffer overflow vulnerability. A privileged user, authenticated to the Administration Server, could exploit this vulner… |
| CVE-2026-8833 | CVE-2026-8833 CVSS 5.4checkmk | Improper neutralization of HTML-encoded characters in the URL validation function in Checkmk <2.5.0p5, <2.4.0p31, <2.3.0p48, and all 2.2.0 versions allows an a… |
| CVE-2026-8830 | CVE-2026-8830 CVSS 4.3redhat | A flaw was found in Keycloak. An authenticated user can bypass configured WebAuthn policies during credential registration by manipulating client-side JavaScri… |
| CVE-2026-8829 | CVE-2026-8829 CVSS 7.5oalders | HTML::Entities versions before 3.84 for Perl read freed heap memory in _decode_entities. The XS routine backing HTML::Entities::_decode_entities cached a poin… |
| CVE-2026-8828 | CVE-2026-8828 | A lack of authorization validation in version 1.0.0 or later of the ChromaDB Rust project allows any authenticated users to arbitrarily read, write, update, or… |
| CVE-2026-8811 | CVE-2026-8811 | SEPPmail versions before 15.0.5 allow improper handling of attachment filenames during encrypted PDF generation. An attacker can exploit this to create new fil… |
| CVE-2026-8806 | CVE-2026-8806 | Expected Behavior Violation vulnerability in Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP all versions allows a remote attack… |
| CVE-2026-8805 | CVE-2026-8805 | Integer Overflow or Wraparound vulnerability in the EtherNet/IP function of Mitsubishi Electric MELSEC iQ-F Series FX5-EIP EtherNet/IP module FX5-EIP versions … |
| CVE-2026-8796 | CVE-2026-8796 CVSS 8.1 | Sereal::Decoder versions before 5.005 for Perl allow heap out-of-bounds read via crafted input. In Perl/Decoder/srl_decoder.c, srl_read_object() and srl_read_… |
| CVE-2026-8795 | CVE-2026-8795 CVSS 7.8 | A YAML injection vulnerability exists in the Windows.Collectors.Remapping artifact of Rapid7 Velociraptor before version 0.76.6. The hostname field in client_i… |
| CVE-2026-8788 | CVE-2026-8788 CVSS 7.3 | Net::Statsd::Lite versions through 0.10.0 for Perl allowed metric injections. The values from the set_add method were not checked for newlines, colons or pipe… |
| CVE-2026-8776 | CVE-2026-8776 CVSS 8.8 | A vulnerability has been found in Edimax BR-6428NS 1.10. This vulnerability affects the function formPPTPSetup of the file /goform/formPPTPSetup of the compone… |
| CVE-2026-8775 | CVE-2026-8775 CVSS 8.8 | A flaw has been found in Edimax BR-6428NS 1.10. This affects the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler… |
| CVE-2026-8762 | CVE-2026-8762 | Rejected reason: After analysis, the originally reported behaviour was determined not to constitute a security vulnerability. The findings were parser-strictne… |
| CVE-2026-8757 | CVE-2026-8757 CVSS 9.1 | A vulnerability was found in adenhq hive up to 0.11.0. This affects the function _read_events_tail of the file core/framework/server/routes_sessions.py of the … |
| CVE-2026-8751 | CVE-2026-8751 CVSS 9.8 | A security flaw has been discovered in h2oai h2o-3 up to 7402. This affects the function importBinaryModel of the file h2o-core/src/main/java/hex/Model.java of… |
| CVE-2026-8722 | CVE-2026-8722 CVSS 6.5team | Net::Async::Statsd::Client versions through 0.005 for Perl allow metric injections. The metric names are not checked for newlines, colons or pipes. Metrics ge… |
| CVE-2026-8721 | CVE-2026-8721 CVSS 9.8 | Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs. Password parameters in PKCS12.xs are declared char *, which rou… |
| CVE-2026-8719 | CVE-2026-8719 CVSS 8.8 | The AI Engine – The Chatbot, AI Framework & MCP for WordPress plugin for WordPress is vulnerable to Privilege Escalation in version 3.4.9. This is due to missi… |
| CVE-2026-8714 | CVE-2026-8714 CVSS 6.5tp-link | A denial-of-service vulnerability exists in the RTSP server component of TP-Link Tapo C520WS v2 due to improper handling of syntactically invalid input. Craft… |
| CVE-2026-8713 | CVE-2026-8713 CVSS 9.1 | The Avada (Fusion) Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the maybe_delete_files fun… |
| CVE-2026-8711 | CVE-2026-8711 CVSS 8.1f5 | NGINX JavaScript has a vulnerability when the js_fetch_proxy directive is configured with at least one client-controlled NGINX variable (for example, $http_*, … |
| CVE-2026-8697 | CVE-2026-8697 CVSS 8.8tp-link | Due to improper enforcement of authentication rate-limiting on a debug SSH service in Archer C64 v1, the SSH service allows unlimited authentication attempts a… |
| CVE-2026-8696 | CVE-2026-8696 CVSS 9.8 | radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_pids_list() function within the GDB client core that allows remote attackers to cause a denia… |
| CVE-2026-8695 | CVE-2026-8695 CVSS 9.8 | radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_threads_list() function that allows remote attackers to trigger memory corruption by sending … |
| CVE-2026-8694 | CVE-2026-8694 CVSS 5.3ironmansoftware | Improper access control in Devolutions PowerShell Universal 2026.1.7 and earlier allows an unauthenticated remote attacker to obtain the OpenAPI specification … |
| CVE-2026-8686 | CVE-2026-8686 CVSS 9.1 | Missing bounds validation in the MQTT v5.0 property parser in coreMQTT before 5.0.1 allows an MQTT broker to cause a denial of service by sending a crafted pac… |
| CVE-2026-8683 | CVE-2026-8683 CVSS 6.5mattermost | Mattermost Desktop App versions <=6.1 5.5.13.0 fail to account for attempting to open extremely long URLs in the Mattermost Desktop App which allows a maliciou… |
| CVE-2026-8677 | CVE-2026-8677 CVSS 6.4 | The Prime Elementor Addons – Lightweight Elementor Widgets for Faster Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Widget HTML T… |
| CVE-2026-8676 | CVE-2026-8676 CVSS 8.8 | An attacker is able to downgrade the security of a Bluetooth LE connection by deleting an existing bond, spoofing the bonded device and creating a new bond. |
| CVE-2026-8673 | CVE-2026-8673 CVSS 5.9avantra | Unprotected transport of credentials vulnerability in syslink software AG Avantra on Linux, Windows allows Sniffing Attacks. This issue affects Avantra: befor… |
| CVE-2026-8672 | CVE-2026-8672 CVSS 5.1avantra | Use of default password vulnerability in syslink software AG Avantra on Linux, Windows allows Try Common or Default Usernames and Passwords. This issue affect… |
| CVE-2026-8671 | CVE-2026-8671 CVSS 7.5avantra | Insertion of sensitive information into log file vulnerability in syslink software AG Avantra on Linux, Windows allows Resource Leak Exposure. This issue affe… |
| CVE-2026-8670 | CVE-2026-8670 CVSS 9.6avantra | Insufficient session expiration vulnerability in syslink software AG Avantra on Linux, Windows allows Reusing Session IDs (aka Session Replay). This issue aff… |
| CVE-2026-8668 | CVE-2026-8668 | A static credential embedded in Chef 360 prior to v1.7.0 permitted unauthenticated access to internal message queues. Queue messages contained tenant-specific… |
| CVE-2026-8657 | CVE-2026-8657 CVSS 8.2 | Versions of the package jsondiffpatch before 0.7.6 are vulnerable to Prototype Pollution via the jsondiffpatch.patch() and jsondiffpatch/formatters/jsonpatch.p… |
| CVE-2026-8653 | CVE-2026-8653 CVSS 6.5 | The MasterStudy LMS Pro Plus plugin for WordPress is vulnerable to generic SQL Injection via the 'columns' parameter in all versions up to, and including, 4.8.… |
| CVE-2026-8644 | CVE-2026-8644 CVSS 9.1ibm | IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing. |