CVEs from 2026
Total
14,170
critical
critical 1,106
high
high 3,897
medium
medium 3,929
low
low 413
% Critical
7.8%
% with KEV
0.4%
% with exploit
0.4%
Top products
- chrome 298
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- openclaw 166
- gcp 135
- commerce 104
- commerce_b2b 89
- magento 74
Top packages
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-44887 | critical | 9.8 | 9.8 | 4h ago | Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's web-based configuration editor allows arbitrary Python code to be injected into pialert.conf. S… | |
| CVE-2026-44888 | critical | 9.8 | 9.8 | 4h ago | Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's SaveConfigFile() endpoint writes user-supplied numeric config values (e.g., SMTP_PORT) directly… | |
| CVE-2026-8175 | critical | 9.8 | 9.8 | 10h ago | IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affecte… | |
| CVE-2026-7524 | critical | 9.8 | 9.8 | 10h ago | IBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code execution due to improper validation of symbolic links during archive extraction. | |
| CVE-2026-42758 | critical | 9.8 | 9.8 | 14h ago | Incorrect Privilege Assignment vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Privilege Escalation.This issue affects WebinarIgnition: from n/a through < 4.08.253. | |
| CVE-2026-42731 | critical | 9.8 | 9.8 | 14h ago | Incorrect Privilege Assignment vulnerability in miniOrange miniorange otp verification miniorange-otp-verification allows Privilege Escalation.This issue affects miniorange otp verification: from n/a… | |
| CVE-2026-8760 | critical | 9.8 | 9.8 | 18h ago | The Login with OTP plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.6. This is due to an incomplete fix for CVE-2024-11178: the rate-limit/lockout c… | |
| CVE-2026-8401 | critical | 9.8 | 9.8 | 23h ago | Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11. | |
| CVE-2026-8956 | critical | 9.8 | 9.8 | 23h ago | Integer overflow in the Networking: JAR component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. | |
| CVE-2026-9642 | critical | 9.8 | 9.8 | 1d ago | There is a mitigation bypass / (incomplete fix) for CVE-2025-62582 (Unauthenticated Remote Database Access) An unauthenticated remote attacker can access configured databases in a DIAView project. | |
| CVE-2026-3660 | critical | 9.8 | 9.8 | 1d ago | IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an unauthenticated remote attacker to update server property files that would allow them to gain unauthorized access to the ap… | |
| CVE-2026-7251 | critical | 9.8 | 9.8 | 1d ago | Eppendorf BioFlo 320 is vulnerable to due to VNC server using a hard-coded password. If a remote attacker knows the network address of any BioFlo 320 model with remote access enabled, they can gain f… | |
| CVE-2026-44668 | critical | 9.8 | 9.8 | 1d ago | FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, AccessControlInterceptor, the authentication gate for all Struts2 actions, unconditionally calls invocation.invo… | |
| CVE-2026-9170 | critical | 9.8 | 9.8 | 1d ago | IBM HTTP Server 8.5, and 9.0 | |
| CVE-2026-8633 | critical | 9.8 | 9.8 | 1d ago | IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to remote code executi… | |
| CVE-2026-48691 | critical | 9.8 | 9.8 | 1d ago | FastNetMon Community Edition through 1.2.9 contains an integer overflow in the BGP AS_PATH attribute encoder. In src/bgp_protocol.hpp, the IPv4UnicastAnnounce::get_attributes() function computes attr… | |
| CVE-2026-35222 | critical | 9.8 | 9.8 | 1d ago | Improperly validated order clauses lead to a SQL injection vulnerability in com_tags. | |
| CVE-2026-24212 | critical | 9.8 | 9.8 | 1d ago | NVIDIA Isaac Launchable for Linux contains a vulnerability where sensitive information is transmitted in clear text. A successful exploit of this vulnerability might lead to code execution, escalatio… | |
| CVE-2026-8855 | critical | 9.8 | 9.8 | 1d ago | IBM HTTP Server 8.5, and 9.0 is vulnerable to remote code execution and denial of service in configurations with TLS mutual authentication (client authentication). | |
| CVE-2026-35221 | critical | 9.8 | 9.8 | 1d ago | Improperly built filter clauses lead to a SQL injection vulnerability in the search query for com_finder. | |
| CVE-2026-40383 | critical | 9.8 | 9.8 | 1d ago | An improper validation of user-supplied input leads to a local file inclusion vulnerability. | |
| CVE-2026-48899 | critical | 9.8 | 9.8 | 1d ago | An improper access check allows privilege escalation through the com_users batch task. | |
| CVE-2026-48904 | critical | 9.8 | 9.8 | 1d ago | An improper access check allows privelege escalation through the com_users group editing webservice endpoint. | |
| CVE-2026-48898 | critical | 9.8 | 9.8 | 1d ago | An improper access check allows privilege escalation through the com_users batch task. | |
| CVE-2026-48686 | critical | 9.8 | 9.8 | 1d ago | FastNetMon Community Edition through 1.2.9 contains a stack-based buffer overflow in the BGP NLRI (Network Layer Reachability Information) decoder. The function decode_bgp_subnet_encoding_ipv4_raw() … | |
| CVE-2026-45247 | critical | 9.8 | 9.8 | 1d ago | Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution by supplying … | |
| CVE-2026-9543 | critical | 9.8 | 9.8 | 1d ago | A vulnerability has been found in Totolink N300RH 6.1c.1353_B20190305. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipul… | |
| CVE-2026-8094 | critical | 9.8 | 9.8 | 2d ago | Important: firefox security update | |
| CVE-2026-48689 | critical | 9.8 | 9.8 | 2d ago | FastNetMon Community Edition through 1.2.9 contains an off-by-one heap-based buffer overflow in the dynamic_binary_buffer_t class (src/dynamic_binary_buffer.hpp). Five methods (append_dynamic_buffer,… | |
| CVE-2026-48687 | critical | 9.8 | 9.8 | 2d ago | FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the Juniper router integration plugin. The _log() function in src/juniper_plugin/fastnetmon_juniper.php (l… | |
| CVE-2026-8376 | critical | 9.8 | 9.8 | 2d ago | Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perl_study_chunk in regcomp_study.c checked the size of th… | |
| CVE-2026-9477 | critical | 9.8 | 9.8 | 2d ago | A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setAccessDeviceCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interf… | |
| CVE-2026-9478 | critical | 9.8 | 9.8 | 2d ago | A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setParentalRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing… | |
| CVE-2026-9476 | critical | 9.8 | 9.8 | 2d ago | A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interfa… | |
| CVE-2026-9475 | critical | 9.8 | 9.8 | 2d ago | A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setIpQosRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. This manipu… | |
| CVE-2026-9458 | critical | 9.8 | 9.8 | 2d ago | A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such… | |
| CVE-2026-9457 | critical | 9.8 | 9.8 | 2d ago | A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi of the component Web Management Interf… | |
| CVE-2026-9456 | critical | 9.8 | 9.8 | 2d ago | A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setOpenVpnCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation … | |
| CVE-2026-9455 | critical | 9.8 | 9.8 | 2d ago | A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function UploadOpenVpnCert of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. T… | |
| CVE-2026-9454 | critical | 9.8 | 9.8 | 2d ago | A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setOpenVpnCertGenerationCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Int… | |
| CVE-2026-9436 | critical | 9.8 | 9.8 | 3d ago | A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setL2tpServerCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Execut… | |
| CVE-2026-9435 | critical | 9.8 | 9.8 | 3d ago | A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setQosCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Perfor… | |
| CVE-2026-9434 | critical | 9.8 | 9.8 | 3d ago | A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setWiFiWpsCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. … | |
| CVE-2026-9433 | critical | 9.8 | 9.8 | 3d ago | A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setMacFilterRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. T… | |
| CVE-2026-9432 | critical | 9.8 | 9.8 | 3d ago | A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setWiFiAdvancedCfg of the file /cgi-bin/cstecgi.cgi of the component Web Managemen… | |
| CVE-2026-9408 | critical | 9.8 | 9.8 | 3d ago | A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. Affected by this issue is the function setStaticDhcpRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interf… | |
| CVE-2026-9407 | critical | 9.8 | 9.8 | 3d ago | A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. Affected by this vulnerability is the function setFirewallType of the file /cgi-bin/cstecgi.cgi of the component We… | |
| CVE-2026-9406 | critical | 9.8 | 9.8 | 3d ago | A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function setRemoteCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a m… | |
| CVE-2026-9405 | critical | 9.8 | 9.8 | 3d ago | A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. This impacts the function setGameSpeedCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Perf… | |
| CVE-2026-9404 | critical | 9.8 | 9.8 | 3d ago | A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulat… | |
| CVE-2026-9388 | critical | 9.8 | 9.8 | 3d ago | A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface.… | |
| CVE-2026-9387 | critical | 9.8 | 9.8 | 3d ago | A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component Web Management Interfa… | |
| CVE-2026-9386 | critical | 9.8 | 9.8 | 3d ago | A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipu… | |
| CVE-2026-9385 | critical | 9.8 | 9.8 | 3d ago | A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Th… | |
| CVE-2026-9384 | critical | 9.8 | 9.8 | 3d ago | A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. … | |
| CVE-2026-40412 | critical | 9.8 | 9.8 | 5d ago | Unrestricted upload of file with dangerous type in Azure Orbital Spatio allows an unauthorized attacker to execute code over a network. | |
| CVE-2026-33843 | critical | 9.8 | 9.8 | 5d ago | Authentication bypass using an alternate path or channel in Microsoft Azure Active Directory B2C allows an unauthorized attacker to elevate privileges over a network. | |
| CVE-2026-47280 | critical | 9.8 | 9.8 | 5d ago | Improper authentication in Azure Resource Manager (ARM) allows an unauthorized attacker to elevate privileges over a network. | |
| CVE-2026-23652 | critical | 9.8 | 9.8 | 5d ago | Improper neutralization of special elements used in a command ('command injection') in Microsoft Power Pages allows an unauthorized attacker to execute code over a network. | |
| CVE-2026-32253 | critical | 9.8 | 9.8 | 5d ago | Sunshine is a self-hosted game stream host for Moonlight. In versions prior to 2026.516.143833, the client-certificate authentication can be bypassed because of how OpenSSL verification results are h… | |
| CVE-2026-44930 | critical | 9.8 | 9.8 | 5d ago | An LDAP injection vulnerability in the LDAP Certificate repository of the XKMS server in Apache CXF may allow an attacker to retrieve arbitrary certificates from the repository. Users are recommende… | |
| CVE-2026-6960 | critical | 9.8 | 9.8 | 6d ago | The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'bookingpress_validate_submitted_booking_form_func' function in all versio… | |
| CVE-2026-48207 | critical | 9.8 | 9.8 | 6d ago | Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restoration and global-name resol… | |
| CVE-2026-5118 | critical | 9.8 | 9.8 | 6d ago | The Divi Form Builder plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.2. This is due to the plugin accepting a user-controlled 'role' parameter from P… | |
| CVE-2026-6279 | critical | 9.8 | 9.8 | 7d ago | The Avada Builder (fusion-builder) plugin for WordPress is vulnerable to Unauthenticated Remote Code Execution via PHP Function Injection in versions up to and including 3.15.2. This is due to the `w… | |
| CVE-2026-8631 | critical | 9.8 | 9.8 | 7d ago | A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of privileges and/or arbitrary code execution v… | |
| CVE-2026-9141 | critical | 9.8 | 9.8 | 7d ago | Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains an authentication bypass vulnerability in the embedded web configuration interface that allows unauthenticated attackers to access intern… | |
| CVE-2026-9139 | critical | 9.8 | 9.8 | 7d ago | Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a hard-coded credential vulnerability in the embedded web configuration interface where authentication is implemented entirely in client-… | |
| CVE-2026-3593 | critical | 9.8 | 9.8 | 7d ago | A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1. BI… | |
| CVE-2026-33278 | critical | 9.8 | 9.8 | 8d ago | NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution as a result of deep copying … | |
| CVE-2026-7637 | critical | 9.8 | 9.8 | 8d ago | The Boost plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.0.3 via deserialization of untrusted input in the STYXKEY-BOOST_USER_LOCATION cookie. This mak… | |
| CVE-2026-24214 | critical | 9.8 | 9.8 | 8d ago | NVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker could cause an integer overflow. A successful exploit of this vulnerability might lead to code execution,… | |
| CVE-2026-24213 | critical | 9.8 | 9.8 | 8d ago | NVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker could cause an out-of-bounds read. A successful exploit of this vulnerability might lead to code executio… | |
| CVE-2026-24207 | critical | 9.8 | 9.8 | 8d ago | NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an authentication bypass. A successful exploit of this vulnerability might lead to code execution, escalation of … | |
| CVE-2026-24206 | critical | 9.8 | 9.8 | 8d ago | NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an authentication bypass. A successful exploit of this vulnerability might lead to escalation of privileges, deni… | |
| CVE-2026-24163 | critical | 9.8 | 9.8 | 8d ago | NVIDIA TRT-LLM for any platform contains a vulnerability in RPC testing, where an attacker could cause an unsafe deserialization. A successful exploit of this vulnerability might lead to code execut… | |
| CVE-2026-24142 | critical | 9.8 | 9.8 | 8d ago | NVIDIA TRT-LLM for any platform contains a deserialization vulnerability and unsafe serialized handle. A successful exploit of this vulnerability might lead to code execution, data tampering, and i… | |
| CVE-2026-7284 | critical | 9.8 | 9.8 | 8d ago | The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to privilege escalation via user registration in all versions up to, and including, 1.4.4. This is due … | |
| CVE-2026-6555 | critical | 9.8 | 9.8 | 8d ago | The ProSolution WP Client plugin for WordPress is vulnerable to Arbitrary File Upload in versions up to, and including, 2.0.0. This is due to an array validation mismatch where only the first file in… | |
| CVE-2026-31607 | critical | 9.8 | 9.8 | 8d ago | In the Linux kernel, the following vulnerability has been resolved: usbip: validate number_of_packets in usbip_pack_ret_submit() When a USB/IP client receives a RET_SUBMIT response, usbip_pack_ret_… | |
| CVE-2026-8495 | critical | 9.8 | 9.8 | 8d ago | This module enables you to export entity date fields as iCal feeds. The module doesn't sufficiently check entity or field access or sanitize user inputs when generating iCal feeds. This vulnerabili… | |
| CVE-2026-33642 | critical | 9.8 | 9.8 | 8d ago | Kitty is a cross-platform GPU based terminal. In versions 0.46.2 and below, the handle_compose_command() function in kitty/graphics.c performs bounds validation on composition offsets using unsigned … | |
| CVE-2026-8605 | critical | 9.8 | 9.8 | 8d ago | In ScadaBR version 1.2.0, a Use of Hard-Coded Credentials vulnerability could allow an attacker to access the SCADA system as admin. | |
| CVE-2026-8603 | critical | 9.8 | 9.8 | 8d ago | In ScadaBR version 1.2.0, an OS Command Injection vulnerability could allow an attacker to execute commands as root on the SCADA system. | |
| CVE-2026-36829 | critical | 9.8 | 9.8 | 8d ago | An authentication bypass vulnerability exists in the embedded HTTP server of Panabit PAP-XM320 up to and including v7.7. The server validates session cookies using a filesystem existence check based … | |
| CVE-2026-37281 | critical | 9.8 | 9.8 | 8d ago | An OS command injection vulnerability in the /stream-to-vlc Express route in hitarth-gg Zenshin before 2.7.0 allows remote attackers to execute arbitrary commands via the url parameter. | |
| CVE-2026-31072 | critical | 9.8 | 9.8 | 8d ago | The JSONSerializer and CBORSerializer in APScheduler (all versions including 3.10.x and 4.0.0a5) are vulnerable to Remote Code Execution (RCE) via Insecure Deserialization. The unmarshal_object funct… | |
| CVE-2026-31070 | critical | 9.8 | 9.8 | 8d ago | The LalanaChami Pharmacy Management System (commit 5c3d028) allows unauthenticated remote attackers to escalate privileges by self-assigning an administrative role during registration. The /api/user/… | |
| CVE-2026-30118 | critical | 9.8 | 9.8 | 8d ago | scalar/astro v0.1.13 was discovered to contain a Server-Side Request Forgery (SSRF) in the scalar_url query parameter of the Scalar Proxy endpoint. This vulnerability allows unauthenticated attackers… | |
| CVE-2026-30117 | critical | 9.8 | 9.8 | 8d ago | scalar/astro v0.1.13 was discovered to contain an arbitrary file upload vulnerability in the the scalar_url query parameter of the Scalar Proxy endpoint. This vulnerability allows attackers to execut… | |
| CVE-2026-44159 | critical | 9.8 | 9.8 | 8d ago | Tyler Identity Local (TID-L) uses documented, default administrative credentials. Users are not required to change the credentials before deployment. TID-L has not been distributed since December 202… | |
| CVE-2026-47323 | critical | 9.8 | 9.8 | 8d ago | Camel-CXF and Camel-Knative Message Header Injection via Missing Inbound Filtering The CXF and Knative HeaderFilterStrategy implementations (CxfRsHeaderFilterStrategy in camel-cxf-rest, CxfHeaderFil… | |
| CVE-2026-4883 | critical | 9.8 | 9.8 | 8d ago | The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'piotnetforms_ajax_form_builder' function in all versions up to, and including… | |
| CVE-2026-43493 | critical | 9.8 | 9.8 | 8d ago | In the Linux kernel, the following vulnerability has been resolved: crypto: pcrypt - Fix handling of MAY_BACKLOG requests MAY_BACKLOG requests can return EBUSY. Handle them by checking for that va… | |
| CVE-2026-45434 | critical | 9.8 | 9.8 | 9d ago | Improper Authentication vulnerability in Apache OFBiz via Password-Change Logic Flaw Leading to Remote Code Execution This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgr… | |
| CVE-2026-4885 | critical | 9.8 | 9.8 | 9d ago | The Piotnet Addons for Elementor Pro plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'pafe_ajax_form_builder' function in all versions up to, an… | |
| CVE-2026-8838 | critical | 9.8 | 9.8 | 9d ago | Unsafe use of Python's eval() on server-received data in the vector_in() function in amazon-redshift-python-driver before 2.1.14 allows a rogue server or man-in-the-middle actor to execute arbitrary … | |
| CVE-2026-25244 | critical | 9.8 | 9.8 | 9d ago | WebdriverIO BrowserStack Service has a Command Injection issue | |
| CVE-2026-8836 | critical | 9.8 | 9.8 | 9d ago | A vulnerability was found in lwIP up to 2.2.1. Affected is the function snmp_parse_inbound_frame of the file src/apps/snmp/snmp_msg.c of the component snmpv3 USM Handler. Performing a manipulation of… | |
| CVE-2026-45495 | critical | 9.8 | 9.8 | 9d ago | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |