CVE Records by CVSS Severity — CRITICAL
92 records
Records grouped by their official CVSS v3 severity band as assigned by NVD. Severity is the published CVSS value, not a Quanteta assessment.
Source data as of:
| # | CVE ID | CVSS | Severity | EPSS | KEV | Signals | Affected vendors | Published |
|---|---|---|---|---|---|---|---|---|
| 1 | CVE-2026-46595 | 10.0 v3.1 | CRITICAL | 0.0044 | — | NetworkNo privilegesNo user interactionIncorrect AuthorizationVendor advisory ref | golang | 2026-05-22 |
| 2 | CVE-2026-48316 | 10.0 v3.1 | CRITICAL | 0.0140 | — | NetworkNo privilegesNo user interactionImproper Input ValidationVendor advisory ref | adobe | 2026-07-06 |
| 3 | CVE-2026-50086 | 10.0 v3.1 | CRITICAL | 0.0022 | — | NetworkNo privilegesNo user interactionVendor advisory ref | aqara | 2026-06-12 |
| 4 | CVE-2026-50746 | 10.0 v3.1 | CRITICAL | 0.0083 | — | NetworkNo privilegesNo user interactionVendor advisory ref | ui | 2026-07-02 |
| 5 | CVE-2026-54769 | 10.0 v3.1 | CRITICAL | — | — | NetworkNo privilegesNo user interactionCode InjectionVendor advisory ref | — | 2026-07-10 |
| 6 | CVE-2026-54782 | 10.0 v3.1 | CRITICAL | 0.0025 | — | NetworkNo privilegesNo user interactionVendor advisory ref | — | 2026-07-08 |
| 7 | CVE-2026-56291 | 10.0 v4.0 | CRITICAL | — | — | NetworkNo privilegesNo user interactionUnrestricted Upload | — | 2026-07-09 |
| 8 | CVE-2026-59726 | 10.0 v3.1 | CRITICAL | — | — | NetworkNo privilegesNo user interactionOS Command InjectionMissing AuthenticationVendor advisory ref | — | 2026-07-09 |
| 9 | CVE-2025-62718 | 9.9 v3.1 | CRITICAL | 0.0119 | — | NetworkNo privilegesNo user interactionSSRFVendor advisory ref | axios | 2026-04-09 |
| 10 | CVE-2026-44774 | 9.9 v3.1 | CRITICAL | 0.0046 | — | NetworkNo user interactionVendor advisory ref | traefik | 2026-05-15 |
| 11 | CVE-2026-50747 | 9.9 v3.1 | CRITICAL | 0.0024 | — | NetworkNo user interactionSQL InjectionVendor advisory ref | ui | 2026-07-02 |
| 12 | CVE-2026-50748 | 9.9 v3.1 | CRITICAL | 0.0079 | — | NetworkNo user interactionImproper Input ValidationVendor advisory ref | ui | 2026-07-02 |
| 13 | CVE-2026-54402 | 9.9 v3.1 | CRITICAL | 0.0079 | — | NetworkNo user interactionImproper Input ValidationCommand InjectionVendor advisory ref | ui | 2026-07-02 |
| 14 | CVE-2026-59827 | 9.9 v3.1 | CRITICAL | — | — | NetworkNo user interactionInsecure DeserializationVendor advisory ref | — | 2026-07-09 |
| 15 | CVE-2020-26867 | 9.8 v3.1 | CRITICAL | 0.0372 | — | NetworkNo privilegesNo user interactionInsecure DeserializationVendor advisory ref | arcinfo | 2020-10-12 |
| 16 | CVE-2021-42237 | 9.8 v3.1 | CRITICAL | 0.9790 | Yes | CISA KEVEPSS highNetworkNo privilegesNo user interactionInsecure Deserialization | sitecore | 2021-11-05 |
| 17 | CVE-2022-26258 | 9.8 v3.1 | CRITICAL | 0.8110 | Yes | CISA KEVEPSS highNetworkNo privilegesNo user interactionOS Command Injection | dlink | 2022-03-28 |
| 18 | CVE-2026-12116 | 9.8 v3.1 | CRITICAL | — | — | NetworkNo privilegesNo user interactionVendor advisory ref | — | 2026-07-09 |
| 19 | CVE-2026-13019 | 9.8 v3.1 | CRITICAL | 0.0041 | — | NetworkNo privilegesNo user interaction | esri | 2026-07-07 |
| 20 | CVE-2026-14245 | 9.8 v3.1 | CRITICAL | 0.0059 | — | NetworkNo privilegesNo user interactionMissing AuthorizationVendor advisory ref | — | 2026-07-09 |
| 21 | CVE-2026-14454 | 9.8 v3.1 | CRITICAL | 0.0019 | — | NetworkNo privilegesNo user interactionVendor advisory ref | — | 2026-07-08 |
| 22 | CVE-2026-14739 | 9.8 v3.1 | CRITICAL | 0.0040 | — | NetworkNo privilegesNo user interactionOut-of-bounds WriteVendor advisory ref | — | 2026-07-07 |
| 23 | CVE-2026-14894 | 9.8 v3.1 | CRITICAL | — | — | NetworkNo privilegesNo user interactionUnrestricted UploadVendor advisory ref | — | 2026-07-10 |
| 24 | CVE-2026-15158 | 9.8 v3.1 | CRITICAL | 0.0100 | — | NetworkNo privilegesNo user interactionUnrestricted UploadVendor advisory ref | — | 2026-07-09 |
| 25 | CVE-2026-24781 | 9.8 v3.1 | CRITICAL | 0.0115 | — | NetworkNo privilegesNo user interactionCode InjectionVendor advisory ref | vm2_project | 2026-05-04 |
| 26 | CVE-2026-28780 | 9.8 v3.1 | CRITICAL | 0.0132 | — | NetworkNo privilegesNo user interactionHeap OverflowOut-of-bounds WriteVendor advisory ref | apache | 2026-05-05 |
| 27 | CVE-2026-29063 | 9.8 v3.1 | CRITICAL | 0.0098 | — | NetworkNo privilegesNo user interactionVendor advisory ref | immutable-js | 2026-03-06 |
| 28 | CVE-2026-33815 | 9.8 v3.1 | CRITICAL | 0.0060 | — | NetworkNo privilegesNo user interactionOut-of-bounds WriteVendor advisory ref | jackc | 2026-04-07 |
| 29 | CVE-2026-33816 | 9.8 v3.1 | CRITICAL | 0.0056 | — | NetworkNo privilegesNo user interactionOut-of-bounds WriteVendor advisory ref | jackc | 2026-04-07 |
| 30 | CVE-2026-37270 | 9.8 v3.1 | CRITICAL | 0.0021 | — | NetworkNo privilegesNo user interactionImproper AuthenticationHard-coded Credentials | — | 2026-07-07 |
| 31 | CVE-2026-37271 | 9.8 v3.1 | CRITICAL | 0.0020 | — | NetworkNo privilegesNo user interactionImproper Authentication | — | 2026-07-07 |
| 32 | CVE-2026-43125 | 9.8 v3.1 | CRITICAL | 0.0043 | — | NetworkNo privilegesNo user interactionOut-of-bounds Write | linux | 2026-05-06 |
| 33 | CVE-2026-44024 | 9.8 v3.1 | CRITICAL | 0.0111 | — | NetworkNo privilegesNo user interactionPath TraversalVendor advisory ref | — | 2026-07-08 |
| 34 | CVE-2026-49875 | 9.8 v3.1 | CRITICAL | 0.0049 | — | NetworkNo privilegesNo user interactionXXEVendor advisory ref | apache | 2026-06-12 |
| 35 | CVE-2026-51843 | 9.8 v3.1 | CRITICAL | 0.0036 | — | NetworkNo privilegesNo user interactionStack Overflow | tenda | 2026-06-19 |
| 36 | CVE-2026-51844 | 9.8 v3.1 | CRITICAL | 0.0036 | — | NetworkNo privilegesNo user interactionStack Overflow | tenda | 2026-06-19 |
| 37 | CVE-2026-51845 | 9.8 v3.1 | CRITICAL | 0.0036 | — | NetworkNo privilegesNo user interactionStack Overflow | tenda | 2026-06-19 |
| 38 | CVE-2026-51846 | 9.8 v3.1 | CRITICAL | 0.0056 | — | NetworkNo privilegesNo user interactionStack Overflow | tenda | 2026-06-19 |
| 39 | CVE-2026-52200 | 9.8 v3.1 | CRITICAL | 0.0024 | — | NetworkNo privilegesNo user interactionCode Injection | — | 2026-07-08 |
| 40 | CVE-2026-56140 | 9.8 v3.1 | CRITICAL | 0.0031 | — | NetworkNo privilegesNo user interactionImproper Input ValidationVendor advisory ref | apache | 2026-07-06 |
| 41 | CVE-2026-58025 | 9.8 v3.1 | CRITICAL | 0.0034 | — | NetworkNo privilegesNo user interactionCode InjectionInsecure Deserialization | mediawiki | 2026-07-01 |
| 42 | CVE-2026-58123 | 9.8 v3.1 | CRITICAL | — | — | NetworkNo privilegesNo user interactionMissing AuthenticationVendor advisory ref | — | 2026-07-09 |
| 43 | CVE-2026-5955 | 9.8 v3.1 | CRITICAL | 0.0044 | — | NetworkNo privilegesNo user interactionSQL Injection | — | 2026-07-09 |
| 44 | CVE-2026-7840 | 9.8 v3.1 | CRITICAL | 0.0144 | — | NetworkNo privilegesNo user interactionOut-of-bounds Write | uvnc | 2026-07-01 |
| 45 | CVE-2026-8307 | 9.8 v3.1 | CRITICAL | 0.0027 | — | NetworkNo privilegesNo user interactionSQL Injection | — | 2026-07-08 |
| 46 | CVE-2026-9862 | 9.8 v3.1 | CRITICAL | 0.0086 | — | NetworkNo privilegesNo user interactionOS Command InjectionVendor advisory ref | forta | 2026-06-15 |
| 47 | CVE-2026-12294 | 9.6 v3.1 | CRITICAL | 0.0036 | — | NetworkNo privilegesVendor advisory ref | mozilla | 2026-06-16 |
| 48 | CVE-2026-12295 | 9.6 v3.1 | CRITICAL | 0.0039 | — | NetworkNo privilegesVendor advisory ref | mozilla | 2026-06-16 |
| 49 | CVE-2026-12296 | 9.6 v3.1 | CRITICAL | 0.0039 | — | NetworkNo privilegesVendor advisory ref | mozilla | 2026-06-16 |
| 50 | CVE-2026-12297 | 9.6 v3.1 | CRITICAL | 0.0039 | — | NetworkNo privilegesMemory CorruptionVendor advisory ref | mozilla | 2026-06-16 |
| 51 | CVE-2026-15062 | 9.6 v3.1 | CRITICAL | 0.0028 | — | NetworkNo user interactionSQL InjectionVendor advisory ref | — | 2026-07-08 |
| 52 | CVE-2026-15113 | 9.6 v3.1 | CRITICAL | 0.0016 | — | NetworkNo privilegesUse After FreeVendor advisory ref | 2026-07-08 | |
| 53 | CVE-2026-33211 | 9.6 v3.1 | CRITICAL | 0.0057 | — | NetworkNo user interactionPath TraversalVendor advisory ref | linuxfoundation | 2026-03-24 |
| 54 | CVE-2026-39821 | 9.6 v3.1 | CRITICAL | 0.0048 | — | NetworkNo user interactionVendor advisory ref | golang | 2026-05-22 |
| 55 | CVE-2026-50084 | 9.6 v3.1 | CRITICAL | 0.0021 | — | NetworkNo user interactionMissing AuthorizationVendor advisory ref | aqara | 2026-06-12 |
| 56 | CVE-2025-27462 | 9.4 v4.0 | CRITICAL | — | — | No privilegesNo user interactionVendor advisory ref | — | 2026-07-09 |
| 57 | CVE-2025-27463 | 9.4 v4.0 | CRITICAL | — | — | No privilegesNo user interactionVendor advisory ref | — | 2026-07-09 |
| 58 | CVE-2025-27464 | 9.4 v4.0 | CRITICAL | — | — | No privilegesNo user interactionVendor advisory ref | — | 2026-07-09 |
| 59 | CVE-2025-58146 | 9.4 v4.0 | CRITICAL | — | — | No privilegesNo user interactionImproper Input ValidationVendor advisory ref | — | 2026-07-09 |
| 60 | CVE-2025-58151 | 9.4 v4.0 | CRITICAL | — | — | No privilegesNo user interactionRace Condition (TOCTOU)Vendor advisory ref | — | 2026-07-09 |
| 61 | CVE-2026-23556 | 9.4 v4.0 | CRITICAL | — | — | No privilegesNo user interactionVendor advisory ref | — | 2026-07-09 |
| 62 | CVE-2026-23559 | 9.4 v4.0 | CRITICAL | — | — | No privilegesNo user interactionVendor advisory ref | — | 2026-07-09 |
| 63 | CVE-2026-23560 | 9.4 v4.0 | CRITICAL | — | — | No privilegesNo user interactionVendor advisory ref | — | 2026-07-09 |
| 64 | CVE-2026-23561 | 9.4 v4.0 | CRITICAL | — | — | No privilegesNo user interactionVendor advisory ref | — | 2026-07-09 |
| 65 | CVE-2026-23562 | 9.4 v4.0 | CRITICAL | — | — | No privilegesNo user interactionVendor advisory ref | — | 2026-07-09 |
| 66 | CVE-2026-42486 | 9.4 v4.0 | CRITICAL | — | — | No privilegesNo user interactionVendor advisory ref | — | 2026-07-09 |
| 67 | CVE-2026-2342 | 9.3 v3.1 | CRITICAL | 0.0039 | — | NetworkNo privilegesXSS | — | 2026-07-09 |
| 68 | CVE-2026-44990 | 9.3 v3.1 | CRITICAL | 0.0037 | — | NetworkNo privilegesXSSVendor advisory ref | — | 2026-06-12 |
| 69 | CVE-2026-47646 | 9.3 v3.1 | CRITICAL | 0.0045 | — | NetworkNo privilegesXSSVendor advisory ref | microsoft | 2026-07-09 |
| 70 | CVE-2026-50090 | 9.3 v3.1 | CRITICAL | 0.0025 | — | NetworkNo privilegesVendor advisory ref | aqara | 2026-06-12 |
| 71 | CVE-2026-54527 | 9.3 v4.0 | CRITICAL | 0.0028 | — | NetworkXSSVendor advisory ref | — | 2026-07-08 |
| 72 | CVE-2026-54760 | 9.3 v4.0 | CRITICAL | — | — | NetworkNo privilegesNo user interactionPath TraversalSQL InjectionVendor advisory ref | — | 2026-07-10 |
| 73 | CVE-2026-55615 | 9.2 v4.0 | CRITICAL | — | — | NetworkNo privilegesNo user interactionInjectionVendor advisory ref | — | 2026-07-10 |
| 74 | CVE-2026-56292 | 9.2 v4.0 | CRITICAL | — | — | NetworkNo privilegesNo user interactionSQL Injection | — | 2026-07-09 |
| 75 | CVE-2026-14261 | 9.1 v3.1 | CRITICAL | — | — | NetworkNo privilegesNo user interactionVendor advisory ref | — | 2026-07-09 |
| 76 | CVE-2026-14740 | 9.1 v3.1 | CRITICAL | 0.0041 | — | NetworkNo privilegesNo user interactionOut-of-bounds ReadVendor advisory ref | — | 2026-07-07 |
| 77 | CVE-2026-33186 | 9.1 v3.1 | CRITICAL | 0.0156 | — | NetworkNo privilegesNo user interactionImproper AuthorizationVendor advisory ref | grpc | 2026-03-20 |
| 78 | CVE-2026-38971 | 9.1 v3.1 | CRITICAL | 0.0045 | — | NetworkNo privilegesNo user interactionOut-of-bounds Read | ardupilot | 2026-07-02 |
| 79 | CVE-2026-39830 | 9.1 v3.1 | CRITICAL | 0.0053 | — | NetworkNo privilegesNo user interactionMemory CorruptionVendor advisory ref | golang | 2026-05-22 |
| 80 | CVE-2026-39832 | 9.1 v3.1 | CRITICAL | 0.0040 | — | NetworkNo privilegesNo user interactionInsecure DeserializationVendor advisory ref | golang | 2026-05-22 |
| 81 | CVE-2026-42508 | 9.1 v3.1 | CRITICAL | 0.0049 | — | NetworkNo privilegesNo user interactionVendor advisory ref | golang | 2026-05-22 |
| 82 | CVE-2026-50083 | 9.1 v3.1 | CRITICAL | 0.0025 | — | NetworkNo privilegesNo user interactionHard-coded CredentialsVendor advisory ref | aqara | 2026-06-12 |
| 83 | CVE-2026-50091 | 9.1 v3.1 | CRITICAL | 0.0025 | — | NetworkNo privilegesNo user interactionHard-coded CredentialsVendor advisory ref | aqara | 2026-06-12 |
| 84 | CVE-2026-54003 | 9.1 v4.0 | CRITICAL | — | — | NetworkNo privilegesNo user interactionVendor advisory ref | — | 2026-07-09 |
| 85 | CVE-2026-54400 | 9.1 v3.1 | CRITICAL | 0.0026 | — | NetworkNo user interactionVendor advisory ref | ui | 2026-07-02 |
| 86 | CVE-2026-58122 | 9.1 v3.1 | CRITICAL | — | — | NetworkNo privilegesNo user interactionVendor advisory ref | — | 2026-07-09 |
| 87 | CVE-2026-58473 | 9.1 v3.1 | CRITICAL | 0.0037 | — | NetworkNo privilegesNo user interactionMissing AuthenticationMissing AuthorizationVendor advisory ref | — | 2026-07-07 |
| 88 | CVE-2026-59826 | 9.1 v3.1 | CRITICAL | — | — | NetworkNo user interactionCode InjectionVendor advisory ref | — | 2026-07-09 |
| 89 | CVE-2026-7839 | 9.1 v3.1 | CRITICAL | 0.0037 | — | NetworkNo privilegesNo user interactionHard-coded Credentials | uvnc | 2026-07-01 |
| 90 | CVE-2026-9074 | 9.1 v3.1 | CRITICAL | 0.0044 | — | NetworkNo privilegesNo user interactionSQL Injection | — | 2026-07-08 |
| 91 | CVE-2026-3564 | 9.0 v3.1 | CRITICAL | 0.0036 | — | NetworkNo privilegesNo user interaction | — | 2026-03-17 |
| 92 | CVE-2026-55116 | 9.0 v3.1 | CRITICAL | 0.0022 | — | NetworkNo privilegesNo user interactionVendor advisory ref | ui | 2026-07-02 |