Latest Vulnerabilities

CVEs and Known Exploited Vulnerabilities tracked daily

Sort:

Showing 408 of 408 vulnerabilities

HIGH8.8

CVE-2026-15694

Tenda BE12 Pro - Remote Code Execution via SetIpBind Function

2026-07-16
HIGH8.8

CVE-2026-50666

Windows Remote Access Connection Manager - Use After Free Vulnerability

2026-07-16
HIGH8.3

CVE-2026-56181

Windows Network Address Translation (NAT) - Origin Validation Error

2026-07-16
CRITICALN/A

CVE-2026-46817

Oracle E-Business Suite - Improper Privilege Management Vulnerability

2026-07-16
CRITICALN/A

CVE-2023-4346

KNX Protocol Connection Authorization Option 1 - Overly Restrictive Access

2026-07-16
HIGH8.8

CVE-2026-15691

Tenda BE12 Pro fromSafeClientFilter Security Flaw

2026-07-15
CRITICALN/A

CVE-2026-56155

Microsoft Active Directory Federation Services Insufficient Granularity of Access Control Vulnerability

2026-07-15
CRITICALN/A

CVE-2026-56164

Microsoft SharePoint Server Missing Authentication for Critical Function Vulnerability

2026-07-15
CRITICALN/A

CVE-2026-15409

SonicWall SMA1000 Appliances Server-Side Request Forgery Vulnerability

2026-07-15
CRITICALN/A

CVE-2026-15410

SonicWall SMA1000 Appliances Code Injection Vulnerability

2026-07-15
HIGH8.8

CVE-2026-61876

LuCI versions fail to properly encode DHCPv6 lease hostnames before rendering in status tables, allowing adjacent network attackers to inject HTML mar

2026-07-14
HIGH8.8

CVE-2026-15548

A security vulnerability has been detected in Shibby Tomato up to 1.28.0000. This vulnerability affects the function sub_407220 of the file /usr/sbin/

2026-07-14
HIGH8.8

CVE-2026-49970

Laravel-Mediable before 7.0.0 contains a path traversal vulnerability in the File::sanitizePath() function that allows attackers to write uploaded fil

2026-07-14
HIGH8.8

CVE-2026-49972

Laravel-Mediable before 7.0.0 contains a file upload vulnerability that allows unauthenticated attackers to achieve remote code execution by uploading

2026-07-14
CRITICALN/A

CVE-2008-4128

Cisco IOS - Cisco IOS Cross-Site Request Forgery Vulnerability

2026-07-14
HIGH8.8

CVE-2026-1359

WordPress Genolve – AI image/video generation plugin unauthorized data modification

2026-07-13
HIGH8.8

CVE-2026-15480

Trendnet TEW-635BRM Web Server Remote Code Execution

2026-07-13
HIGH8.8

CVE-2026-15481

Trendnet TEW-635BRM Web Server Remote Code Execution

2026-07-13
HIGH8.8

CVE-2026-15483

TRENDnet TEW-821DAP Remote Code Execution

2026-07-13
HIGH8.8

CVE-2026-15484

TRENDnet TEW-821DAP Remote Code Execution

2026-07-13
HIGH8.8

CVE-2025-30007

HestiaCP Authenticated OS Command Injection

2026-07-12
HIGH8.8

CVE-2026-13756

WP Grid Builder Plugin Privilege Escalation

2026-07-12
HIGH8.8

CVE-2026-13353

WP Ultimate CSV Importer Remote Code Execution

2026-07-12
HIGH8.8

CVE-2026-14262

Simple JWT Login Plugin Authentication Bypass to Privilege Escalation

2026-07-12
HIGH8.8

CVE-2025-6784

Code Engine Plugin Remote Code Execution

2026-07-12
HIGH8.8

CVE-2025-30007

HestiaCP Authenticated OS Command Injection Vulnerability

2026-07-11
HIGH8.8

CVE-2026-13756

WP Grid Builder Privilege Escalation Vulnerability

2026-07-11
HIGH8.8

CVE-2026-13353

WP Ultimate CSV Importer Remote Code Execution Vulnerability

2026-07-11
CRITICALN/A

CVE-2026-56291

Balbooa Forms Unrestricted Upload of File with Dangerous Type Vulnerability

2026-07-11
CRITICALN/A

CVE-2026-48939

iCagenda Unrestricted Upload of File with Dangerous Type Vulnerability

2026-07-11
HIGH8.8

CVE-2026-59257

SQL Injection in n8n legacy MySQL v1 node

2026-07-10
HIGH8.8

CVE-2026-58143

Cross-Site Request Forgery in Cotonti Siena

2026-07-10
HIGH8.5

CVE-2026-55999

Heap buffer overflow in xorg-server and xwayland via PCX fonts

2026-07-10
HIGH8.5

CVE-2026-56001

Heap buffer overflow in libXfont2 BitmapScaleBitmaps

2026-07-10
HIGH8.5

CVE-2026-56003

Heap buffer overflow in libXfont2 PCF file parsing

2026-07-10
CRITICAL9.8

CVE-2026-9181

ArcGIS Server Directory Traversal Vulnerability

2026-07-08
HIGH8.8

CVE-2026-14158

WordPress Widget Logic Visual Plugin Remote Code Execution

2026-07-08
HIGH8.8

CVE-2026-14489

WordPress WHMCS Bridge Plugin Arbitrary File Upload

2026-07-08
HIGH8.6

CVE-2026-59707

LocalAI Unauthenticated Server-Side Request Forgery

2026-07-08
HIGH8.5

CVE-2026-54765

Traefik Kubernetes Gateway API Provider Hostname Resolution Bypass

2026-07-08
HIGH8.2

CVE-2026-8377

Missing Authorization in Armiya GKS Access Control System

2026-07-07
HIGH8.1

CVE-2026-59712

Leantime JSON-RPC API User Credential Disclosure

2026-07-07
HIGH8.1

CVE-2026-59713

Leantime OIDC Login CSRF Vulnerability

2026-07-07
HIGH7.7

CVE-2026-9165

Red Hat Advanced Cluster Security for Kubernetes GraphQL Query Depth Vulnerability

2026-07-07
HIGH7.5

CVE-2026-5730

Idvlabs Ontime Authorization Bypass

2026-07-07
HIGH8.8

CVE-2026-14721

Vulnerability in UTT HiPER 1250GW allows remote code execution

2026-07-06
HIGH8.2

CVE-2026-14637

Security vulnerability in kirilkirkov Ecommerce-CodeIgniter-Bootstrap

2026-07-06
HIGH7.3

CVE-2026-14635

Security flaw in kirilkirkov Ecommerce-CodeIgniter-Bootstrap

2026-07-06
HIGH7.3

CVE-2026-14640

Vulnerability in CodeAstro Apartment Visitor Management System

2026-07-06
HIGH7.3

CVE-2026-14641

Vulnerability in SourceCodester Class and Exam Timetabling System

2026-07-06
HIGH8.8

CVE-2026-14459

Argument Injection in TUBITAK BILGEM Software Technologies Research Institute

2026-07-05
HIGH8.8

CVE-2026-14460

Missing Authorization and Argument Injection in TUBITAK BILGEM Software Technologies Research Institute pardus-software

2026-07-05
HIGH8.8

CVE-2026-56645

Heap-based Buffer Overflow in Microsoft Edge (Chromium-based)

2026-07-05
HIGH8.8

CVE-2026-57974

Integer Overflow or Wraparound in Microsoft Edge (Chromium-based)

2026-07-05
HIGH8.8

CVE-2026-57981

Use After Free in Microsoft Edge (Chromium-based)

2026-07-05
CRITICAL8.8

CVE-2026-54998

Incorrect authorization in Microsoft Exchange Online

2026-07-04
CRITICAL8.8

CVE-2026-59093

Weaviate RBAC role assignment bypass

2026-07-04
CRITICAL8.8

CVE-2026-14459

TUBITAK BILGEM pardus-software argument injection

2026-07-04
CRITICAL8.8

CVE-2026-14460

TUBITAK BILGEM pardus-software missing authorization leading to argument injection

2026-07-04
CRITICAL8.8

CVE-2026-56645

Heap-based buffer overflow in Microsoft Edge (Chromium-based)

2026-07-04
HIGH8.8

CVE-2026-59093

Weaviate RBAC Role Assignment Vulnerability

2026-07-03
HIGH8.8

CVE-2026-54998

Microsoft Exchange Online Privilege Escalation

2026-07-03
HIGH7.8

CVE-2026-46680

containerd Container User Directive Vulnerability

2026-07-03
HIGH7.7

CVE-2026-59095

LobeChat Server-Side Request Forgery

2026-07-03
HIGH7.7

CVE-2026-59092

JuiceFS Authentication Bypass Vulnerability

2026-07-03
CRITICAL9.8

CVE-2026-58116

LLaMA-Factory Remote Code Execution Vulnerability

2026-07-02
HIGH8.8

CVE-2026-13777

Google Chrome on iOS Insufficient Validation of Untrusted Input

2026-07-02
HIGH8.8

CVE-2026-13783

Google Chrome Use After Free in Views

2026-07-02
HIGH8.3

CVE-2026-50521

Microsoft Edge (Chromium-based) Use After Free Vulnerability

2026-07-02
CRITICALN/A

CVE-2026-45659

Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability

2026-07-02
HIGH8.8

CVE-2026-13562

Edimax EW-7478APC Remote Code Execution

2026-07-01
HIGH8.8

CVE-2026-55607

Claude Code Worktree Traversal Vulnerability

2026-07-01
HIGH8.8

CVE-2026-13583

Edimax EW-7478APC Remote Code Execution via formUSBFolder

2026-07-01
HIGH8.8

CVE-2026-48307

Adobe ColdFusion Reflected Cross-Site Scripting

2026-07-01
HIGH8.5

CVE-2026-10129

IBM Langflow OSS SSRF Protection Bypass

2026-07-01
HIGH8.8

CVE-2026-13518

Tenda JD12L AddressNat Function Vulnerability

2026-06-30
HIGH8.8

CVE-2026-13562

Edimax EW-7478APC iNICSiteSurvey Function Vulnerability

2026-06-30
HIGH8.8

CVE-2026-40521

FrontAccounting Path Traversal Vulnerability

2026-06-30
HIGH8.8

CVE-2026-13583

Edimax EW-7478APC USBFolder Function Vulnerability

2026-06-30
CRITICALN/A

CVE-2026-48558

SimpleHelp Authentication Bypass Vulnerability

2026-06-30
CRITICAL8.8

CVE-2026-13515

Tenda JD12L formSetPPTPServer Function Remote Code Execution

2026-06-29
CRITICAL8.8

CVE-2026-13516

Tenda JD12L fromSetWifiGusetBasic Function Remote Code Execution

2026-06-29
CRITICAL8.8

CVE-2026-13517

Tenda JD12L formWifiBasicSet Function Remote Code Execution

2026-06-29
CRITICAL8.8

CVE-2026-13518

Tenda JD12L fromAddressNat Function Remote Code Execution

2026-06-29
CRITICAL8.8

CVE-2026-13519

Tenda JD12L fromNatStaticSetting Function Remote Code Execution

2026-06-29
CRITICAL9

CVE-2026-45405

Dokku git:from-archive and certs:add commands allow arbitrary file extraction

2026-06-28
CRITICAL9

CVE-2026-45406

Dokku openresty-vhosts plugin allows arbitrary file writes from git repository

2026-06-28
HIGH8.8

CVE-2026-32833

Cudy LT300 OS Command Injection

2026-06-28
HIGH8.6

CVE-2026-58049

FFmpeg RASC video decoder out-of-bounds read/write

2026-06-28
HIGH8.1

CVE-2026-8095

WordPress Frontend File Manager Plugin Authenticated Arbitrary File Deletion

2026-06-28
HIGH8.8

CVE-2026-56766

Hydra NTLM authentication stack buffer overflow

2026-06-27
HIGH8.8

CVE-2026-56768

Seahub unauthenticated share link access bypass

2026-06-27
HIGH8.5

CVE-2026-56769

Huly Platform authenticated server-side request forgery

2026-06-27
HIGH8.2

CVE-2026-57235

Nokogiri XML/HTML library out-of-bounds read

2026-06-27
HIGH7.8

CVE-2026-55693

Vim tree_count_words() function out-of-bounds write

2026-06-27
HIGH8.8

CVE-2026-56232

Capgo API Key Bypass of Access Constraints

2026-06-26
HIGH8.8

CVE-2026-12244

NSD Secondary Server Crash via Malicious AXFR

2026-06-26
HIGH8.8

CVE-2026-56766

Hydra NTLM Authentication Stack Buffer Overflow

2026-06-26
HIGH8.8

CVE-2026-56768

Seahub Share Link Authentication Bypass

2026-06-26
HIGH8.5

CVE-2026-56769

Huly Platform Authenticated Server-Side Request Forgery

2026-06-26
HIGH8.8

CVE-2026-35018

NetComm NF20MESH Routers Authenticated Remote Code Execution

2026-06-24
CRITICALN/A

CVE-2025-67038

Lantronix EDS5000 Code Injection Vulnerability

2026-06-24
CRITICALN/A

CVE-2026-34910

Ubiquiti UniFi OS Improper Input Validation Vulnerability

2026-06-24
CRITICALN/A

CVE-2026-34909

Ubiquiti UniFi OS Path Traversal Vulnerability

2026-06-24
CRITICALN/A

CVE-2026-34908

Ubiquiti UniFi OS Improper Access Control Vulnerability

2026-06-24
HIGH8.8

CVE-2026-56340

vLLM Missing Sparse Tensor Validation in Multimodal Embeddings Processing

2026-06-22
HIGH8.8

CVE-2026-56396

phpMyFAQ Missing Authorization in Admin Endpoints

2026-06-22
HIGH8.8

CVE-2026-12806

Edimax BR-6478AC V2 formWlSiteSurvey Function Vulnerability

2026-06-22
HIGH8.1

CVE-2025-71348

picklescan Malicious Pickle File Detection Bypass (torch.utils._config_module.load_config)

2026-06-22
HIGH8.1

CVE-2025-71357

picklescan Malicious Pickle File Detection Bypass (idlelib.pyshell.ModifiedInterpreter.runcommand)

2026-06-22
HIGH8.2

CVE-2017-20252

Joomla NextGen Editor SQL Injection Vulnerability

2026-06-21
HIGH8.2

CVE-2017-20253

Joomla! Component My Projects SQL Injection Vulnerability

2026-06-21
HIGH8.2

CVE-2017-20254

Joomla! Component User Bench SQL Injection Vulnerability

2026-06-21
HIGH8.2

CVE-2017-20255

Joomla! Component JB Visa SQL Injection Vulnerability

2026-06-21
HIGH8.2

CVE-2017-20256

Joomla Survey Force Deluxe SQL Injection Vulnerability

2026-06-21
CRITICALN/A

CVE-2026-20253

Splunk Enterprise Missing Authentication for Critical Function Vulnerability

2026-06-19
HIGH8.8

CVE-2016-20075

WordPress Ultimate Product Catalog - Arbitrary File Upload Vulnerability

2026-06-16
HIGH8.8

CVE-2026-12186

GL.iNet GL-MT3000 - Remote Code Execution via replace_country function

2026-06-16
HIGH8.8

CVE-2026-12187

GL.iNet GL-MT3000 - Unspecified Vulnerability in /u file

2026-06-16
CRITICALN/A

CVE-2026-54420

LiteSpeed cPanel Plugin - UNIX Symbolic Link (Symlink) Following Vulnerability

2026-06-16
CRITICALN/A

CVE-2026-20262

Cisco Catalyst SD-WAN Manager - Directory or Path Traversal Vulnerability

2026-06-16
HIGH8.8

CVE-2026-12174

D-Link DCS-935L snprintf Buffer Overflow

2026-06-15
HIGH8.8

CVE-2026-12186

GL.iNet GL-MT3000 replace_country Weakness

2026-06-15
HIGH8.8

CVE-2026-12187

GL.iNet GL-MT3000 Unknown Function Vulnerability

2026-06-15
HIGH8.8

CVE-2026-12192

GALAYOU Y4 Web Server Buffer Overflow

2026-06-15
HIGH8

CVE-2026-12218

Yealink SIP-T46U StartReportInformation Vulnerability

2026-06-15
CRITICAL8.8

CVE-2026-53821

OpenClaw WebSocket Client-Declared Operator Scopes Vulnerability

2026-06-14
CRITICAL8.8

CVE-2026-53822

OpenClaw Command Injection Vulnerability

2026-06-14
CRITICAL8.8

CVE-2026-53828

OpenClaw Authorization Bypass in Native Command Handling

2026-06-14
CRITICAL8.8

CVE-2026-53836

OpenClaw PowerShell Encoded-Command Allowlist Bypass

2026-06-14
CRITICAL8.8

CVE-2026-12174

D-Link DCS-935L snprintf Buffer Overflow

2026-06-14
HIGH8.8

CVE-2026-53806

OpenClaw Shell Option Parsing Vulnerability

2026-06-13
HIGH8.8

CVE-2026-53807

OpenClaw Telegram Interactive Callbacks Authorization Bypass

2026-06-13
HIGH8.8

CVE-2026-53810

OpenClaw Marketplace Runtime Extension Code Execution Vulnerability

2026-06-13
HIGH8.8

CVE-2026-53811

OpenClaw Matrix allowFrom Privilege Escalation Vulnerability

2026-06-13
CRITICALN/A

CVE-2026-35273

Oracle PeopleSoft Enterprise PeopleTools Missing Authentication for Critical Function Vulnerability

2026-06-13
HIGH8.8

CVE-2026-49498

Ghidra SQL Injection Vulnerability in PostgresFunctionDatabase

2026-06-12
HIGH8.8

CVE-2026-52754

Ghidra PKIAuthenticationModule Authentication Bypass

2026-06-12
HIGH8.8

CVE-2026-20251

Splunk Enterprise and Cloud Platform Vulnerability

2026-06-12
HIGH8.8

CVE-2026-6893

Dracut DHCP Remote Attacker Flaw

2026-06-12
CRITICALN/A

CVE-2026-10520

Ivanti Sentry OS Command Injection Vulnerability

2026-06-12
HIGH8.8

CVE-2026-46746

Improper input sanitization in SINEC INS allows remote code execution.

2026-06-11
HIGH8.8

CVE-2026-32193

Path traversal in Microsoft Azure Kubernetes Service allows privilege escalation.

2026-06-11
HIGH8.8

CVE-2026-40371

Improper permissions in Microsoft Dynamics 365 (on-premises) allows privilege escalation.

2026-06-11
HIGH8.7

CVE-2026-41031

Stored Cross-Site Scripting in Vinna Process Monitor allows remote code execution.

2026-06-11
HIGH8.4

CVE-2026-41098

Cross-Site Scripting in Azure Stack Edge allows spoofing attacks.

2026-06-11
HIGH8.8

CVE-2026-11503

Tenda CX12L Router Remote Code Execution Vulnerability

2026-06-10
HIGH8.8

CVE-2026-11504

Tenda CX12L Router Remote Code Execution Vulnerability

2026-06-10
CRITICALN/A

CVE-2026-11645

Google Chromium V8 Out-of-Bounds Read and Write Vulnerability

2026-06-10
CRITICALN/A

CVE-2026-7473

Arista Extensible Operating System Incomplete Comparison with Missing Factors Vulnerability

2026-06-10
CRITICALN/A

CVE-2026-20245

Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output Vulnerability

2026-06-10
HIGH8.8

CVE-2026-11498

Tenda HG7HG9 and HG10 Remote Code Execution Vulnerability

2026-06-09
HIGH8.8

CVE-2026-11503

Tenda CX12L Remote Code Execution Vulnerability

2026-06-09
HIGH8.8

CVE-2026-11504

Tenda CX12L Remote Code Execution Vulnerability

2026-06-09
CRITICALN/A

CVE-2026-42271

BerriAI LiteLLM Command Injection Vulnerability

2026-06-09
CRITICALN/A

CVE-2026-50751

Check Point Security Gateway Improper Authentication Vulnerability

2026-06-09
HIGH8.8

CVE-2026-11413

JingDong JD Cloud Box AX6600 set_macfilter Function Vulnerability

2026-06-08
HIGH8.8

CVE-2026-11498

Tenda HG7HG9 and HG10 asp_voip_OtherSet Function Vulnerability

2026-06-08
HIGH7.5

CVE-2026-49494

Comodo Internet Security Inspect.sys IPv6 Integer Underflow

2026-06-08
HIGH7.5

CVE-2023-54350

WordPress Augmented-Reality Plugin Remote Code Execution

2026-06-08
HIGH7.5

CVE-2026-3238

Samba WINS Server Active Directory Domain Controller Flaw

2026-06-08
HIGH8.8

CVE-2026-49492

Markdown Preview Enhanced: External File and Link Opening Vulnerability

2026-06-07
HIGH8.8

CVE-2026-49493

Markdown Preview Enhanced: Code Injection via Bitfield Fenced Code Blocks

2026-06-07
HIGH8.8

CVE-2026-5411

WP Captcha PRO (Advanced Google reCAPTCHA) Plugin: Arbitrary File Upload

2026-06-07
HIGH8.8

CVE-2026-7654

Admin Columns Plugin for WordPress: PHP Object Injection leading to RCE

2026-06-07
HIGH8.8

CVE-2026-11413

JingDong JD Cloud Box AX6600: Remote Code Execution via set_macfilter function

2026-06-07
HIGH8.8

CVE-2026-5228

Kurt Software Studio WriteUp Mobile App Improper Access Control

2026-06-06
HIGH8.8

CVE-2026-10988

Google Chrome Views Use After Free Vulnerability

2026-06-06
HIGH8.8

CVE-2026-10989

Google Chrome V8 Inappropriate Implementation Vulnerability

2026-06-06
HIGH8.8

CVE-2026-10995

Google Chrome TabStrip Heap Buffer Overflow Vulnerability

2026-06-06
CRITICALN/A

CVE-2026-28318

SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability

2026-06-06
HIGH8.8

CVE-2026-35083

Remote attacker with user privileges can gain full system access as root via stack buffer overflow

2026-06-05
HIGH8.8

CVE-2026-49190

Unauthorized application installation due to insufficient permission evaluation in system opcodes

2026-06-05
HIGH8.8

CVE-2026-49194

Debugging routine allows direct interactive shell access, bypassing device login

2026-06-05
HIGH8.8

CVE-2026-35082

Remote attacker with user privileges can access arbitrary local files due to insufficient input validation

2026-06-05
HIGH8.6

CVE-2026-20230

Vulnerability in Cisco Unified Communications Manager and Session Management Edition

2026-06-05
HIGH8.8

CVE-2026-30652

Vivotek FD8136 Cameras Remote Buffer Overflow in /cgi-bin/dido/setdo.cgi

2026-06-04
HIGH8.8

CVE-2026-1829

WordPress Content Visibility for Divi Builder Plugin Remote Code Execution

2026-06-04
HIGH8.8

CVE-2026-35082

Arbitrary Local File Access via ugw-logread method with User Privileges

2026-06-04
HIGH8.8

CVE-2026-35083

Stack Buffer Overflow Leading to Root Access with User Privileges

2026-06-04
CRITICALN/A

CVE-2026-45247

Mirasvit Full Page Cache Warmer Deserialization of Untrusted Data Vulnerability

2026-06-04
HIGH8.8

CVE-2026-10259

H3C Magic B0 - Remote Code Execution Vulnerability

2026-06-03
HIGH8.8

CVE-2026-10270

D-Link DI-7001 MINI - Remote Code Execution Vulnerability

2026-06-03
HIGH8.8

CVE-2026-7770

IBM i Access Family - Remote Code Execution Vulnerability

2026-06-03
CRITICALN/A

CVE-2025-48595

Android Framework - Android Framework Integer Overflow Vulnerability

2026-06-03
CRITICALN/A

CVE-2022-0492

Linux Kernel - Linux Kernel Improper Authentication Vulnerability

2026-06-03
HIGH8.8

CVE-2026-10179

TRENDnet TEW-432BRP formSetWlanEncrypt Function Vulnerability

2026-06-02
HIGH8.8

CVE-2026-10181

TRENDnet TEW-432BRP formSysCmd Function Vulnerability

2026-06-02
HIGH8.8

CVE-2026-10183

TRENDnet TEW-432BRP formWlanSetup Function Vulnerability

2026-06-02
HIGH8.8

CVE-2026-10188

Tenda W12 cgistaKickOff Function Vulnerability

2026-06-02
CRITICALN/A

CVE-2024-21182

Oracle WebLogic Server Unspecified Vulnerability

2026-06-02
HIGH8.8

CVE-2026-10119

TRENDnet TEW-432BRP 3.10B20 MAC Filter Vulnerability

2026-06-01
HIGH8.8

CVE-2026-10120

TRENDnet TEW-432BRP 3.10B20 Firewall Rule Vulnerability

2026-06-01
HIGH8.8

CVE-2026-10121

TRENDnet TEW-432BRP 3.10B20 URL Filter Vulnerability

2026-06-01
HIGH8.8

CVE-2026-10122

TRENDnet TEW-432BRP 3.10B20 Protocol Filter Vulnerability

2026-06-01
HIGH8.8

CVE-2026-10123

TRENDnet TEW-432BRP 3.10B20 Domain Filter Vulnerability

2026-06-01
HIGH8.8

CVE-2026-10062

TRENDnet TEW-432BRP formSetRoute Function Vulnerability

2026-05-31
HIGH8.8

CVE-2026-10063

TRENDnet TEW-432BRP formWPS Function Vulnerability

2026-05-31
HIGH8.8

CVE-2018-25388

HaPe PKH Arbitrary File Upload Vulnerability

2026-05-31
HIGH8.8

CVE-2026-10066

Shibby Tomato tomatoups.cgi Function Vulnerability

2026-05-31
HIGH8.8

CVE-2026-10067

Shibby Tomato multimon.cgi Stack-Based Buffer Overflow

2026-05-31
HIGH8.8

CVE-2026-9227

GutenBee – Gutenberg Blocks plugin for WordPress Arbitrary File Upload

2026-05-30
HIGH8.8

CVE-2026-6226

Frontend Admin by DynamiApps plugin for WordPress Unauthenticated Privilege Escalation

2026-05-30
HIGH8.8

CVE-2026-10002

Google Chrome PDFium Use-After-Free Vulnerability

2026-05-30
HIGH8.8

CVE-2026-9887

Google Chrome Proxy Use-After-Free Vulnerability

2026-05-30
CRITICALN/A

CVE-2026-0257

Palo Alto Networks PAN-OS Authentication Bypass Vulnerability

2026-05-30
HIGH8.8

CVE-2026-5065

IBM Controller Hard-Coded Credentials Vulnerability

2026-05-29
HIGH8.8

CVE-2026-8179

IBM Aspera High-Speed Transfer Privilege Escalation

2026-05-29
HIGH8.8

CVE-2026-7802

WordPress Frontend Admin Authorization Bypass

2026-05-29
HIGH8.8

CVE-2026-9009

WordPress Crawlomatic Plugin Remote Code Execution

2026-05-29
HIGH8.8

CVE-2026-9227

WordPress GutenBee Plugin Arbitrary File Upload

2026-05-29
HIGH8.8

CVE-2026-46368

luci-app-https-dns-proxy through 2025.12.29-5

2026-05-28
HIGH8.8

CVE-2026-44832

Snipe-IT Privilege Escalation Vulnerability

2026-05-28
CRITICALN/A

CVE-2026-48027

Nx Console - Nx Console Embedded Malicious Code Vulnerability

2026-05-28
CRITICALN/A

CVE-2026-45321

TanStack - TanStack Unspecified Vulnerability

2026-05-28
CRITICALN/A

CVE-2026-8398

Daemon Tools Lite - Daemon Tools Lite Embedded Malicious Code Vulnerability

2026-05-28
HIGH8.8

CVE-2026-9442

Edimax BR-6478AC formiNICSiteSurvey Function Vulnerability

2026-05-27
HIGH8.8

CVE-2026-9443

Edimax BR-6478AC formL2TPSetup Function Vulnerability

2026-05-27
HIGH8.8

CVE-2026-9459

Edimax EW-7438RPn formConnectionSetting Function Vulnerability

2026-05-27
HIGH8.8

CVE-2026-9460

Edimax EW-7438RPn formAccept Function Vulnerability

2026-05-27
CRITICALN/A

CVE-2026-48172

LiteSpeed cPanel Plugin Privilege Escalation Vulnerability

2026-05-27
HIGH8.8

CVE-2026-47114

IINA User-Assisted Command Execution Vulnerability

2026-05-23
HIGH8.8

CVE-2026-47101

LiteLLM API Key Privilege Escalation

2026-05-23
HIGH8.8

CVE-2026-47102

LiteLLM User Role Modification Vulnerability

2026-05-23
HIGH8.8

CVE-2026-9018

Easy Elements for Elementor Privilege Escalation

2026-05-23
CRITICALN/A

CVE-2026-9082

Drupal Core SQL Injection Vulnerability

2026-05-23
HIGH8.8

CVE-2026-24425

Twig sandbox bypass vulnerability

2026-05-22
HIGH8.8

CVE-2026-47114

IINA user-assisted command execution vulnerability

2026-05-22
HIGH8.8

CVE-2026-47101

LiteLLM API key creation with unauthorized access

2026-05-22
CRITICALN/A

CVE-2025-34291

Langflow Langflow - Langflow Origin Validation Error Vulnerability

2026-05-22
CRITICALN/A

CVE-2026-34926

Trend Micro Apex One - Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability

2026-05-22
HIGH8.8

CVE-2026-7498

Cross-site scripting vulnerability in Basamak Information Technology Consulting and Or

2026-05-20
HIGH8.8

CVE-2026-6456

Privilege Escalation in WordPress Account Switcher plugin

2026-05-20
HIGH8.8

CVE-2026-7467

Privilege Escalation in WordPress Read More & Accordion plugin

2026-05-20
HIGH8.8

CVE-2026-7522

Local File Inclusion in WordPress Advanced Database Cleaner – Premium plugin

2026-05-20
HIGH8.8

CVE-2026-5200

Missing Authorization in WordPress AcyMailing plugin

2026-05-20
HIGH8.8

CVE-2026-45495

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

2026-05-19
HIGH8.8

CVE-2026-8775

Edimax BR-6428NS formL2TPSetup Function Vulnerability

2026-05-19
HIGH8.8

CVE-2026-8776

Edimax BR-6428NS formPPTPSetup Function Vulnerability

2026-05-19
HIGH8.8

CVE-2026-7498

Basamak Information Technology Consulting and Or Cross-Site Scripting Vulnerability

2026-05-19
HIGH8.4

CVE-2018-25322

Allok Fast AVI MPEG Splitter Stack-Based Buffer Overflow

2026-05-19
HIGH8.8

CVE-2020-37227

HS Brand Logo Slider 2.1 Unrestricted File Upload

2026-05-18
HIGH8.8

CVE-2021-47976

TextPattern CMS 4.9.0-dev Remote Code Execution

2026-05-18
HIGH8.8

CVE-2021-47979

WordPress Plugin Backup and Restore 1.0.3 Arbitrary File Deletion

2026-05-18
HIGH8.8

CVE-2026-8719

AI Engine WordPress Plugin Privilege Escalation

2026-05-18
HIGH8.4

CVE-2018-25322

Allok Fast AVI MPEG Splitter 1.2 Stack-Based Buffer Overflow

2026-05-18
HIGH8.8

CVE-2026-6228

WordPress Frontend Admin Plugin Privilege Escalation

2026-05-17
HIGH8.8

CVE-2021-47964

Schlix CMS Remote Code Execution

2026-05-17
HIGH8.8

CVE-2020-37227

HS Brand Logo Slider Unrestricted File Upload

2026-05-17
HIGH8.8

CVE-2021-47976

TextPattern CMS Remote Code Execution

2026-05-17
HIGH8.8

CVE-2021-47979

WordPress Backup and Restore Plugin Arbitrary File Deletion

2026-05-17
CRITICALN/A

CVE-2026-42897

Microsoft Exchange Server Cross-Site Scripting Vulnerability

2026-05-16
HIGH8.8

CVE-2026-3425

WordPress RTMKit Addons for Elementor Plugin Local File Inclusion

2026-05-15
HIGH8.7

CVE-2026-32643

BIG-IP and BIG-IQ Systems Privilege Escalation via Certificate Manager Role

2026-05-15
HIGH8.7

CVE-2026-32673

BIG-IP Scripted Monitors Privilege Escalation

2026-05-15
HIGH8.7

CVE-2026-34176

BIG-IP Appliance Mode Remote Command Injection

2026-05-15
CRITICALN/A

CVE-2026-20182

Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability

2026-05-15
HIGH8.8

CVE-2026-6001

Authorization bypass in ABIS Technology Ltd. Co. BAPSİS allows exploitation of trusted identifiers.

2026-05-14
HIGH8.8

CVE-2026-2465

Incorrect Authorization vulnerability in E-Kalite Software Hardware Engineering Design and Internet Services Industry and Trade Ltd. Co. Turboard FOR-

2026-05-14
HIGH8.8

CVE-2026-30810

Server-Side Request Forgery in Pandora FMS allows Privilege Escalation via API Checker extension.

2026-05-14
HIGH8.8

CVE-2026-31222

Insecure deserialization vulnerability in snorkel library Trainer.load() method.

2026-05-14
HIGH8.8

CVE-2026-31223

Critical insecure deserialization vulnerability in snorkel library BaseLabeler.load() method.

2026-05-14
CRITICAL9.8

CVE-2026-40636

Dell ECS and ObjectScale Hard-Coded Credentials Vulnerability

2026-05-13
HIGH8.8

CVE-2026-45006

OpenClaw Improper Access Control in Gateway Tool

2026-05-13
HIGH8.8

CVE-2026-7256

Zyxel WRE6505 Command Injection Vulnerability

2026-05-13
HIGH8.8

CVE-2026-6001

ABIS Technology BAPSİS Authorization Bypass

2026-05-13
HIGH8.4

CVE-2026-34963

barebox EFI PE Loader Memory-Safety Vulnerabilities

2026-05-13
HIGH8.8

CVE-2021-47935

Sentry 8.2.0 Remote Code Execution

2026-05-12
HIGH8.8

CVE-2021-47937

e107 CMS 2.3.0 Remote Code Execution

2026-05-12
HIGH8.8

CVE-2021-47938

ImpressCMS 1.4.2 Remote Code Execution

2026-05-12
HIGH8.8

CVE-2021-47939

Evolution CMS 3.1.6 Remote Code Execution

2026-05-12
HIGH8.8

CVE-2021-47943

TextPattern CMS 4.8.7 Remote Code Execution

2026-05-12
HIGH8.8

CVE-2026-8234

EFM ipTIME A8004T 14.18.2 Vulnerability in formWifiBasicSet

2026-05-11
HIGH8.8

CVE-2021-47935

Sentry 8.2.0 Remote Code Execution Vulnerability

2026-05-11
HIGH8.8

CVE-2021-47937

e107 CMS 2.3.0 Remote Code Execution Vulnerability

2026-05-11
HIGH8.8

CVE-2021-47938

ImpressCMS 1.4.2 Remote Code Execution Vulnerability

2026-05-11
HIGH8.8

CVE-2021-47939

Evolution CMS 3.1.6 Remote Code Execution Vulnerability

2026-05-11
HIGH8.8

CVE-2026-5127

WordPress User Frontend Plugin Deserialization Vulnerability

2026-05-10
HIGH8.8

CVE-2026-39816

Apache NiFi Missing Restricted Annotation in TinkerpopClientService

2026-05-10
HIGH8.8

CVE-2026-8234

EFM ipTIME A8004T formWifiBasicSet Security Vulnerability

2026-05-10
HIGH8.1

CVE-2022-50994

DrayTek Vigor 2960 OS Command Injection

2026-05-10
HIGH8.1

CVE-2026-7807

SmarterTools SmarterMail Local File Inclusion

2026-05-10
CRITICALN/A

CVE-2026-42208

BerriAI LiteLLM - SQL Injection Vulnerability

2026-05-09
HIGH8.8

CVE-2026-20034

Cisco Unity Connection Web-based Management Interface Arbitrary Code Execution

2026-05-08
HIGH8.8

CVE-2026-41934

Vvveb Authenticated Remote Code Execution in Admin Code Editor

2026-05-08
HIGH8.8

CVE-2026-7927

Google Chrome Type Confusion in Runtime Arbitrary Code Execution

2026-05-08
HIGH8.8

CVE-2026-43584

OpenClaw Insufficient Environment Variable Denylist Vulnerability

2026-05-08
CRITICALN/A

CVE-2026-6973

Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerability

2026-05-08
HIGH8.8

CVE-2023-54345

Frappe Framework ERPNext Sandbox Escape Vulnerability

2026-05-07
HIGH8.8

CVE-2023-54348

ERPGo SaaS CSV Injection Vulnerability

2026-05-07
HIGH8.8

CVE-2026-42434

OpenClaw Sandbox Escape Vulnerability

2026-05-07
HIGH8.8

CVE-2026-42435

OpenClaw Insufficient Shell-Wrapper Detection Vulnerability

2026-05-07
CRITICALN/A

CVE-2026-0300

Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability

2026-05-07
HIGH8.8

CVE-2026-2052

Remote Code Execution in Widget Options WordPress Plugin

2026-05-04
HIGH8.8

CVE-2026-7607

Firmware Update Vulnerability in TRENDnet TEW-821DAP

2026-05-04
HIGH8.8

CVE-2026-7489

SQL Injection in Sunnet CTMS

2026-05-04
HIGH8.8

CVE-2026-7674

Remote Code Execution in Shenzhen Libituo Technology LBT-T300-HW1

2026-05-04
HIGH8.8

CVE-2026-7675

Remote Code Execution in Shenzhen Libituo Technology LBT-T300-HW1

2026-05-04
CRITICAL8.8

CVE-2026-2052

The Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets plugin for WordPress is vulnerable to Remote Code Executio

2026-05-03
CRITICAL8.8

CVE-2026-7489

CTMS developed by Sunnet has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify,

2026-05-03
CRITICAL8.8

CVE-2026-7641

The Import and export users and customers plugin for WordPress is vulnerable to Privilege Escalation in all versions up to and including 2.0.8 via the

2026-05-03
CRITICAL8.8

CVE-2026-7607

A security vulnerability has been detected in TRENDnet TEW-821DAP 1.12B01. Impacted is the function auto_update_firmware of the component Firmware Udp

2026-05-03
HIGH7.3

CVE-2026-7598

A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauth_password of the file src/userauth.c.

2026-05-03
HIGH8.8

CVE-2026-6389

IBM Turbonomic prometurbo agent - Excessive Cluster-Wide Permissions

2026-05-02
HIGH8.8

CVE-2026-6543

IBM Langflow Desktop - Arbitrary Command Execution

2026-05-02
HIGH8.8

CVE-2026-7551

HKUDS OpenHarness - Remote Code Execution via /bridge Slash Command

2026-05-02
HIGH8.2

CVE-2026-40912

Traefik - High Severity Authentication Bypass

2026-05-02
CRITICALN/A

CVE-2026-31431

Linux Kernel - Incorrect Resource Transfer Between Spheres Vulnerability

2026-05-02
HIGH8.8

CVE-2026-34965

Cockpit CMS - Authenticated remote code execution vulnerability

2026-05-01
HIGH8.8

CVE-2026-7466

AgentFlow - Arbitrary code execution vulnerability

2026-05-01
HIGH8.8

CVE-2018-25308

BuddyPress Xprofile Custom Fields Type - Remote code execution vulnerability

2026-05-01
HIGH8.8

CVE-2026-6849

TUBITAK BILGEM Software Technologies Research Institute Pardus - OS command injection vulnerability

2026-05-01
CRITICALN/A

CVE-2026-41940

WebPros cPanel & WHM and WP2 (WordPress Squared) - Missing Authentication for Critical Function

2026-05-01
CRITICAL8.8

CVE-2026-41404

OpenClaw incomplete scope-clearing vulnerability in trusted-proxy authentication mode that allows operator.admin privileges

2026-04-30
CRITICAL8.8

CVE-2026-42422

OpenClaw before 2026.4.8 contains a role bypass vulnerability in the device.token.rotate function that allows minting tokens for unapproved roles.

2026-04-30
CRITICAL8.8

CVE-2026-41378

OpenClaw before 2026.3.31 contains a privilege escalation vulnerability allowing paired nodes with role=node to dispatch node.event agent requests.

2026-04-30
CRITICAL8.8

CVE-2026-7288

A vulnerability has been found in D-Link DIR-825M 1.1.12 affecting the function sub_4151FC of the file /boafrm/formVpnConfigSetup.

2026-04-30
CRITICAL8.8

CVE-2026-7289

A vulnerability was found in D-Link DIR-825M 1.1.12 affecting the function sub_414BA8 of the file /boafrm/formWanConfigSetup.

2026-04-30
HIGH8.8

CVE-2026-6741

LatePoint WordPress Plugin Privilege Escalation Vulnerability

2026-04-29
HIGH8.8

CVE-2026-41463

ProjeQtor ZipSlip Path Traversal Vulnerability

2026-04-29
HIGH8.8

CVE-2026-7096

Tenda HG3 2.0 formgponConf Function Vulnerability

2026-04-29
CRITICALN/A

CVE-2024-1708

ConnectWise ScreenConnect Path Traversal Vulnerability

2026-04-29
CRITICALN/A

CVE-2026-32202

Microsoft Windows Protection Mechanism Failure Vulnerability

2026-04-29
HIGH8.8

CVE-2026-7068

D-Link DIR-825 Router NMBD_process Remote Code Execution

2026-04-28
HIGH8.8

CVE-2026-7029

Tenda F456 Router addressNat Function Weakness

2026-04-28
HIGH8.8

CVE-2026-7034

Tenda FH1202 Router WrlExtraSet Function Vulnerability

2026-04-28
HIGH8.8

CVE-2026-7053

Tenda F456 Router HTTP Daemon L7Prot Flaw

2026-04-28
HIGH8.8

CVE-2026-7057

Tenda F456 Router HTTP Daemon setcfm Unknown Flaw

2026-04-28
HIGH8.8

CVE-2026-6988

Tenda HG10 Router Remote Code Execution

2026-04-27
HIGH8.8

CVE-2026-7019

Tenda F456 Router P2pListFilter Vulnerability

2026-04-27
HIGH8.8

CVE-2026-7029

Tenda F456 Router Address NAT Bypass

2026-04-27
HIGH8.8

CVE-2026-7030

Tenda F456 Router Static Route Manipulation

2026-04-27
HIGH8.8

CVE-2026-7031

Tenda F456 Router SafeMacFilter Bypass

2026-04-27
HIGH8.8

CVE-2026-6988

A flaw has been found in Tenda HG10 HG7_HG9_HG10re_300001138_en_xpon. This issue affects the function formRoute of the file /boaform/formRouting of th

2026-04-26
HIGH8.8

CVE-2026-7019

A vulnerability was identified in Tenda F456 1.0.0.5. The impacted element is the function fromP2pListFilter of the file /goform/P2pListFilter. The ma

2026-04-26
HIGH7.3

CVE-2026-6977

A security vulnerability has been detected in vanna-ai vanna up to 2.0.2. The affected element is an unknown function of the component Legacy Flask AP

2026-04-26
HIGH7.3

CVE-2026-6980

A vulnerability has been found in Divyanshu-hash GitPilot-MCP up to 9ed9f153ba4158a2ad230ee4871b25130da29ffd. This impacts the function repo_path of t

2026-04-26
HIGH7.3

CVE-2026-6987

A vulnerability was detected in PicoClaw up to 0.2.4. Impacted is an unknown function of the file /api/gateway/restart of the component Web Launcher M

2026-04-26
CRITICALN/A

CVE-2025-29635

D-Link DIR-823X Command Injection Vulnerability

2026-04-25
CRITICALN/A

CVE-2024-7399

Samsung MagicINFO 9 Server Path Traversal Vulnerability

2026-04-25
CRITICALN/A

CVE-2024-57728

SimpleHelp Path Traversal Vulnerability

2026-04-25
CRITICALN/A

CVE-2024-57726

SimpleHelp Missing Authorization Vulnerability

2026-04-25
MEDIUMN/A

N/A-0000-0000

No Further Top Critical Vulnerabilities Identified

2026-04-25
CRITICAL8.8

CVE-2026-6859

InstructLab Remote Code Execution via Hardcoded Trust

2026-04-24
CRITICAL8.8

CVE-2026-41349

OpenClaw Agentic Consent Bypass Vulnerability

2026-04-24
CRITICAL8.7

CVE-2026-41468

Beghelli Sicuro24 AngularJS Sandbox Escape Vulnerability

2026-04-24
CRITICAL8.6

CVE-2026-34413

Xerte Online Toolkits Missing Authentication Vulnerability

2026-04-24
CRITICALN/A

CVE-2026-39987

Marimo Remote Code Execution Vulnerability

2026-04-24
HIGH8.8

CVE-2026-6859

InstructLab - Remote Code Execution via Hardcoded Trust

2026-04-23
HIGH8.7

CVE-2026-41468

Beghelli Sicuro24 SicuroWeb - AngularJS Sandbox Escape leading to RCE

2026-04-23
HIGH8.6

CVE-2026-34413

Xerte Online Toolkits - Missing Authentication in elFinder Connector

2026-04-23
HIGH8.5

CVE-2026-41455

WeKan - Server-Side Request Forgery via Webhook Integration

2026-04-23
CRITICALN/A

CVE-2026-33825

Microsoft Defender - Insufficient Granularity of Access Control Vulnerability

2026-04-23
HIGH8.8

CVE-2026-6249

Vvveb CMS Remote Code Execution via Media Upload

2026-04-22
HIGH8.8

CVE-2026-5967

ThreatSonar Anti-Ransomware Privilege Escalation

2026-04-22
HIGH8.8

CVE-2026-34427

Vvveb Admin User Profile Privilege Escalation

2026-04-22
HIGH8.8

CVE-2026-41445

KissFFT Integer Overflow in kiss_fftndr_alloc()

2026-04-22
HIGH8.7

CVE-2026-34291

Oracle HTTP Server Core Vulnerability

2026-04-22
CRITICALN/A

CVE-2026-20122

Cisco Catalyst SD-WAN Manger - Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability

2026-04-21
CRITICALN/A

CVE-2026-20133

Cisco Catalyst SD-WAN Manager - Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability

2026-04-21
CRITICALN/A

CVE-2025-2749

Kentico Kentico Xperience - Kentico Xperience Path Traversal Vulnerability

2026-04-21
CRITICALN/A

CVE-2023-27351

PaperCut NG/MF - PaperCut NG/MF Improper Authentication Vulnerability

2026-04-21
CRITICALN/A

CVE-2025-48700

Synacor Zimbra Collaboration Suite (ZCS) - Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability

2026-04-21
CRITICAL8.8

CVE-2026-6518

CMP – Coming Soon & Maintenance Plugin for WordPress: Arbitrary File Upload and Remote Code Execution

2026-04-19
CRITICAL8.8

CVE-2026-3464

WP Customer Area plugin for WordPress: Arbitrary File Read and Deletion

2026-04-19
HIGH8.3

CVE-2026-40516

OpenHarness: Server-Side Request Forgery (SSRF)

2026-04-19
HIGH7.8

CVE-2026-40527

radare2: Command Injection via Crafted ELF Binaries

2026-04-19
HIGH7.5

CVE-2026-6507

dnsmasq: Out-of-Bounds Write via Specially Crafted BOOTREPLY

2026-04-19
CRITICAL8.8

CVE-2026-6518

CMP – Coming Soon & Maintenance Plugin for WordPress: Arbitrary File Upload and RCE

2026-04-18
CRITICAL8.8

CVE-2026-1620

Livemesh Addons for Elementor plugin for WordPress: Local File Inclusion

2026-04-18
CRITICAL8.8

CVE-2025-14868

Career Section plugin for WordPress: CSRF leading to Path Traversal and Arbitrary File Deletion

2026-04-18
CRITICAL8.8

CVE-2026-3464

WP Customer Area plugin for WordPress: Arbitrary File Read and Deletion

2026-04-18
HIGH7.5

CVE-2026-6507

dnsmasq: Remote Out-of-bounds Write via BOOTREPLY

2026-04-18
HIGH8.8

CVE-2026-40502

OpenHarness prior to commit dd1d235 contains a command injection vulnerability that allows remote gateway users with chat access to invoke sensitive a

2026-04-17
HIGH8.8

CVE-2026-6348

WinMatrix agent developed by Simopro Technology has a Missing Authentication vulnerability, allowing authenticated local attackers to execute arbitrar

2026-04-17
HIGH8.8

CVE-2023-3634

In products of the MSE6 product-family by Festo a remote authenticated, low privileged attacker could use functions of undocumented test mode which co

2026-04-17
HIGH8.8

CVE-2026-5617

The Login as User plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.3. This is due to the handle_re

2026-04-17
CRITICALN/A

CVE-2026-34197

Apache ActiveMQ - Apache ActiveMQ Improper Input Validation Vulnerability

2026-04-17
HIGH8.8

CVE-2026-25654

Siemens SINEC NMS Authorization Bypass

2026-04-15
HIGH8.8

CVE-2026-27668

Siemens RUGGEDCOM CROSSBOW SAM-P Privilege Escalation

2026-04-15
HIGH8.8

CVE-2026-40040

Pachno Unrestricted File Upload Vulnerability

2026-04-15
CRITICALN/A

CVE-2009-0238

Microsoft Office Remote Code Execution

2026-04-15
CRITICALN/A

CVE-2026-32201

Microsoft SharePoint Server Improper Input Validation

2026-04-15
CRITICALN/A

CVE-2025-60710

Microsoft Windows - Microsoft Windows Link Following Vulnerability

2026-04-14
CRITICALN/A

CVE-2023-36424

Microsoft Windows - Microsoft Windows Out-of-Bounds Read Vulnerability

2026-04-14
CRITICALN/A

CVE-2023-21529

Microsoft Exchange Server - Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability

2026-04-14
CRITICALN/A

CVE-2026-21643

Fortinet FortiClient EMS - Fortinet SQL Injection Vulnerability

2026-04-14
CRITICALN/A

CVE-2026-34621

Adobe Acrobat and Reader - Adobe Acrobat and Reader Prototype Pollution Vulnerability

2026-04-14
CRITICAL8.8

CVE-2026-6120

Tenda F451 Router fromDhcpListClient Vulnerability

2026-04-13
CRITICAL8.8

CVE-2026-6121

Tenda F451 Router WrlclientSet Vulnerability

2026-04-13
CRITICAL8.8

CVE-2026-6122

Tenda F451 Router L7 Protocol Form Vulnerability

2026-04-13
CRITICAL8.8

CVE-2026-6123

Tenda F451 Router Address NAT Vulnerability

2026-04-13
CRITICAL8.8

CVE-2026-6124

Tenda F451 Router Safe MAC Filter Vulnerability

2026-04-13
CRITICAL8.8

CVE-2026-5144

BuddyPress Groupblog plugin for WordPress Privilege Escalation

2026-04-12
CRITICAL8.8

CVE-2026-35643

OpenClaw Unvalidated WebView JavascriptInterface Arbitrary Instruction Injection

2026-04-12
CRITICAL8.8

CVE-2026-6120

Tenda F451 Router Remote Code Execution Vulnerability

2026-04-12
CRITICAL8.8

CVE-2026-35663

OpenClaw Privilege Escalation for Non-Admin Operators

2026-04-12
CRITICAL8.6

CVE-2026-34621

Adobe Acrobat Reader Improperly Controlled Modification of Object Prototype Attributes

2026-04-12
HIGH8.8

CVE-2026-35638

OpenClaw Control UI Unauthenticated Privilege Escalation

2026-04-11
HIGH8.8

CVE-2026-39911

Hashgraph Guardian Unsandboxed JavaScript Execution

2026-04-11
HIGH8.8

CVE-2026-33785

Juniper Junos OS MX Series Missing Authorization Privilege Escalation

2026-04-11
HIGH8.7

CVE-2025-13914

Juniper Apstra SSH Key Exchange Without Entity Authentication

2026-04-11
HIGH8.2

CVE-2023-54359

WordPress adivaha Travel Plugin Time-Based Blind SQL Injection

2026-04-11
CRITICAL8.8

CVE-2026-3243

WordPress Advanced Members for ACF Plugin Arbitrary File Deletion

2026-04-10
CRITICAL8.8

CVE-2026-4326

WordPress Vertex Addons for Elementor Plugin Missing Authorization

2026-04-10
CRITICAL8.8

CVE-2026-5815

D-Link DIR-645 Router Remote Code Execution Vulnerability

2026-04-10
CRITICAL8.8

CVE-2026-5830

Tenda AC15 Router Remote Code Execution Vulnerability

2026-04-10
HIGH8.1

CVE-2026-5436

WordPress MW WP Form Plugin Arbitrary File Move/Read

2026-04-10