325 items
Unread (2116) All Dismissed
CRITICAL
CVE-2026-3660 (CVSS 9.8) — IBM Engineering Lifecycle Management 7.0.3 ( through ) Interim Fix 021, 7.1.0 ( through ) Interim Fi...
NVD CVE-2026-3660 10d ago
CRITICAL
CVE-2026-8633 (CVSS 9.8) — IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSpher...
NVD CVE-2026-8633 10d ago
CRITICAL
CVE-2026-48904 (CVSS 9.8) — An improper access check allows privelege escalation through the com_users group editing webservice ...
NVD CVE-2026-48904 10d ago
CRITICAL
CVE-2026-48899 (CVSS 9.8) — An improper access check allows privilege escalation through the com_users batch task.
NVD CVE-2026-48899 10d ago
CRITICAL
CVE-2026-48898 (CVSS 9.8) — An improper access check allows privilege escalation through the com_users batch task.
NVD CVE-2026-48898 10d ago
CRITICAL
CVE-2026-48691 (CVSS 9.8) — FastNetMon Community Edition through 1.2.9 contains an integer overflow in the BGP AS_PATH attribute...
NVD CVE-2026-48691 10d ago
CRITICAL
CVE-2026-40383 (CVSS 9.8) — An improper validation of user-supplied input leads to a local file inclusion vulnerability.
NVD CVE-2026-40383 10d ago
CRITICAL
CVE-2026-35223 (CVSS 9.8) — An improper access check allows unauthorized access to com_config webservice endpoints.
NVD CVE-2026-35223 10d ago
CRITICAL
CVE-2026-35222 (CVSS 9.8) — Improperly validated order clauses lead to a SQL injection vulnerability in com_tags.
NVD CVE-2026-35222 10d ago
CRITICAL
CVE-2026-35221 (CVSS 9.8) — Improperly built filter clauses lead to a SQL injection vulnerability in the search query for com_fi...
NVD CVE-2026-35221 10d ago
CRITICAL
CVE-2026-48687 (CVSS 9.8) — FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the Jun...
NVD CVE-2026-48687 10d ago
CRITICAL
CVE-2026-48686 (CVSS 9.8) — FastNetMon Community Edition through 1.2.9 contains a stack-based buffer overflow in the BGP NLRI (N...
NVD CVE-2026-48686 10d ago
CRITICAL
CVE-2026-45247: Mirasvit Full Page Cache Warmer Deserialization of Untrusted Data Vulnerability (Mirasvit Mirasvit Full Page Cache Warmer)
CISA KEV CVE-2026-45247actively-exploited +2 3d ago
CRITICAL
CVE-2026-45247 (CVSS 9.8) — Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection...
NVD 10d ago
INFO
CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog
The Hacker News 1d ago
CRITICAL
CVE-2026-9543 (CVSS 9.8) — A vulnerability has been found in Totolink N300RH 6.1c.1353_B20190305. Affected is the function setP...
NVD CVE-2026-9543 10d ago
CRITICAL
CVE-2026-7374 (CVSS 9.9) — A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated Op...
NVD CVE-2026-7374 10d ago
CRITICAL
CVE-2026-42496 (CVSS 9.1) — Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside...
NVD CVE-2026-42496 10d ago
CRITICAL
CVE-2026-8376 (CVSS 9.8) — Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a ...
NVD CVE-2026-8376 11d ago
CRITICAL
CVE-2026-48172: LiteSpeed cPanel Plugin Privilege Escalation Vulnerability (LiteSpeed cPanel Plugin)
CISA KEV CVE-2026-48172actively-exploited +2 11d ago
CRITICAL
CVE-2026-48172 (CVSS 9.8) — LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exp...
NVD 15d ago
INFO
LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root
The Hacker News 13d ago
CRITICAL
CVE-2026-9478 (CVSS 9.8) — A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function set...
NVD CVE-2026-9478 11d ago
CRITICAL
CVE-2026-9477 (CVSS 9.8) — A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the ...
NVD CVE-2026-9477 11d ago
CRITICAL
CVE-2026-9476 (CVSS 9.8) — A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects t...
NVD CVE-2026-9476 11d ago
CRITICAL
CVE-2026-9475 (CVSS 9.8) — A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. This affects the function se...
NVD CVE-2026-9475 11d ago
CRITICAL
CVE-2026-9458 (CVSS 9.8) — A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the ...
NVD CVE-2026-9458 11d ago
CRITICAL
CVE-2026-9457 (CVSS 9.8) — A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the ...
NVD CVE-2026-9457 11d ago
CRITICAL
CVE-2026-9456 (CVSS 9.8) — A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setOpenV...
NVD CVE-2026-9456 11d ago
CRITICAL
CVE-2026-9455 (CVSS 9.8) — A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the funct...
NVD CVE-2026-9455 11d ago
CRITICAL
CVE-2026-9454 (CVSS 9.8) — A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the functi...
NVD CVE-2026-9454 11d ago
CRITICAL
CVE-2026-9436 (CVSS 9.8) — A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function ...
NVD CVE-2026-9436 11d ago
CRITICAL
CVE-2026-9435 (CVSS 9.8) — A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the fu...
NVD CVE-2026-9435 11d ago
CRITICAL
CVE-2026-9434 (CVSS 9.8) — A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the ...
NVD CVE-2026-9434 11d ago
CRITICAL
CVE-2026-9433 (CVSS 9.8) — A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the funct...
NVD CVE-2026-9433 11d ago
CRITICAL
CVE-2026-9432 (CVSS 9.8) — A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affe...
NVD CVE-2026-9432 11d ago
CRITICAL
CVE-2026-9408 (CVSS 9.8) — A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. Affected by this issue is the ...
NVD CVE-2026-9408 12d ago
CRITICAL
CVE-2026-9407 (CVSS 9.8) — A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. Affected by this...
NVD CVE-2026-9407 12d ago
CRITICAL
CVE-2026-9406 (CVSS 9.8) — A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function set...
NVD CVE-2026-9406 12d ago
CRITICAL
CVE-2026-9405 (CVSS 9.8) — A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. This impacts the functi...
NVD CVE-2026-9405 12d ago
CRITICAL
CVE-2026-9404 (CVSS 9.8) — A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. This affects the function se...
NVD CVE-2026-9404 12d ago
CRITICAL
CVE-2026-9388 (CVSS 9.8) — A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the ...
NVD CVE-2026-9388 12d ago
CRITICAL
CVE-2026-9387 (CVSS 9.8) — A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. The affected element is...
NVD CVE-2026-9387 12d ago
CRITICAL
CVE-2026-9386 (CVSS 9.8) — A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function set...
NVD CVE-2026-9386 12d ago
CRITICAL
CVE-2026-9385 (CVSS 9.8) — A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the funct...
NVD CVE-2026-9385 12d ago
CRITICAL
CVE-2026-9384 (CVSS 9.8) — A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the fu...
NVD CVE-2026-9384 12d ago
CRITICAL
CVE-2018-25350 (CVSS 9.8) — userSpice 4.3.24 contains a username enumeration vulnerability that allows unauthenticated attackers...
NVD CVE-2018-25350 13d ago
CRITICAL
CVE-2026-47280 (CVSS 10) — Improper authentication in Azure Resource Manager (ARM) allows an unauthorized attacker to elevate p...
NVD CVE-2026-47280 14d ago
CRITICAL
CVE-2026-42901 (CVSS 10) — Origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges ...
NVD CVE-2026-42901 14d ago
CRITICAL
CVE-2026-41104 (CVSS 10) — Deserialization of untrusted data in Microsoft Planetary Computer Pro allows an unauthorized attacke...
NVD CVE-2026-41104 14d ago
CRITICAL
CVE-2026-41090 (CVSS 9.3) — Improper neutralization of special elements used in a command ('command injection') in Microsoft Cop...
NVD CVE-2026-41090 14d ago
CRITICAL
CVE-2026-40412 (CVSS 10) — Unrestricted upload of file with dangerous type in Azure Orbital Spatio allows an unauthorized attac...
NVD CVE-2026-40412 14d ago
CRITICAL
CVE-2026-40411 (CVSS 9.9) — Improper input validation in Azure Virtual Network Gateway allows an authorized attacker to execute ...
NVD CVE-2026-40411 14d ago
CRITICAL
CVE-2026-33843 (CVSS 9.1) — Authentication bypass using an alternate path or channel in Microsoft Azure Active Directory B2C all...
NVD CVE-2026-33843 14d ago
CRITICAL CISA KEV Wed, 03 Jun 2026 00:00:00 UTC
CVE-2026-45247: Mirasvit Full Page Cache Warmer Deserialization of Untrusted Data Vulnerability (Mirasvit Mirasvit Full Page Cache Warmer)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
TL;DR
Mirasvit Full Page Cache Warmer contains a deserialization of untrusted data vulnerability that could allow unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie. Due: 2026-06-06. Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigat…
CVE-2026-45247actively-exploited
Read full story ↗
Related coverage (2)
CVE-2026-45247 (CVSS 9.8) — Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection...
NVD 10d ago
CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog
The Hacker News 1d ago