CVE search
367,127 resultsCVE-2026-55568MEDIUMGuzzle: Silent HTTPS-Proxy Downgrade to CleartextEPSS 0.1%CVE-2025-62180HIGHPega Platform versions 8.3.0 through Infinity 25.1.2 are affected by an authorization weakness that may allow authenticated users to access certain additional data via crafted URLs.EPSS 0.2%CVE-2026-27604CRITICALFOSSBilling: Improper API Role Validation (system) Enables Unauthenticated Access to Privileged Admin FunctionsEPSS 0.4%CVE-2026-28496CRITICALFOSSBilling: Server-side template injection in Twig template rendering enables information disclosure and RCEEPSS 1.9%CVE-2026-56815HIGHpwnlift before d7a9544, in a privileged deployment, contains a symlink following vulnerability in the upload handler in Components/Pages/HomEPSS 0.1%CVE-2026-35019CRITICALNetComm NF20MESH < R6B032 Hardcoded AES Key Authentication BypassEPSS 0.4%CVE-2026-35018HIGHNetComm NF20MESH < R6B032 Authenticated RCE via OS Command InjectionEPSS 0.7%CVE-2026-11772MEDIUMReflected XSS in DRIMO CMSEPSS 0.4%CVE-2026-12969MEDIUMDnsmasq: dnsmasq: out-of-bounds read in find_soa() due to missing extrabytes validationEPSS 0.2%CVE-2026-10609MEDIUMOpenshift/cluster-logging-operator: cluster logging operator creates and forwards serviceaccount tokens without verifying clf creator authorizationEPSS 0.2%CVE-2026-4610MEDIUMProfileGrid <= 5.9.9.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Message ContentEPSS 0.2%CVE-2026-54892HIGHPlug: quadratic-time decoding of nested query/body parameters enables denial of serviceEPSS 0.7%CVE-2026-10857MEDIUMReflected XSS in Akinsoft's e-CommerceEPSS 0.1%CVE-2026-56784HIGHOpenRemote < 1.25.0 IDOR via Bulk Alarm Deletion EndpointEPSS 0.3%CVE-2026-56762MEDIUMHono - Missing Cookie Name Validation in setCookie()EPSS 0.2%CVE-2026-56701HIGHGrav - XML External Entity Injection via SVG UploadEPSS 0.2%CVE-2026-56379CRITICALImageMagick - Command Injection via SVG DecoderEPSS 0.9%CVE-2026-56376MEDIUMImageMagick - Heap Use-After-Free in Meta CoderEPSS 0.2%CVE-2026-56371MEDIUMImageMagick - Memory Leak in TXT File Processing via Texture AttributeEPSS 0.3%CVE-2026-56322HIGHCapgo - Information Disclosure via Unauthenticated /updates defaultChannel ParameterEPSS 0.3%