17426 Total CVEs
8726 AI Analyzed
264 CISA KEV
3526 Critical
All Vendors
Showing 5501-5550 of 17426 CVEs Page 111 of 349
CVE-2026-28058
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Dixon dixon allows P...

2026-03-06
CVE-2026-28057
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Mandala mandala allo...

2026-03-06
CVE-2026-28056
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX MCKinney's Politics...

2026-03-06
CVE-2026-28054
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Legal Stone legal-st...

2026-03-06
CVE-2026-28053
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Miller christine-mil...

2026-03-06
CVE-2026-28052
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Peter Mason petermas...

2026-03-06
CVE-2026-28051
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Yacht Rental yacht-r...

2026-03-06
CVE-2026-28049
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Police Department po...

2026-03-06
CVE-2026-28047
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in magentech Victo victo allows...

2026-03-06
CVE-2026-28045
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX N7 | Golf Club Sport...

2026-03-06
CVE-2026-2803
7.5
Infor Multiple Products

Information disclosure, mitigation bypass in the Settings UI component

2026-02-26
CVE-2026-28012
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Gridiron gridiron al...

2026-03-06
CVE-2026-28010
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Scientia scientia al...

2026-03-06
CVE-2026-2801
7.5
Unknown Multiple Products

Incorrect boundary conditions in the JavaScript: WebAssembly component

2026-02-26
CVE-2026-28007
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Coinpress coinpress...

2026-03-06
CVE-2026-27981
7.4
Unknown Multiple Products

HomeBox is a home inventory and organization system

2026-03-04
CVE-2026-27980
7.5
Unknown Multiple Products

Next

2026-03-19
CVE-2026-2798
Analyzed
8.8
Unknown Multiple Products

Use-after-free in the DOM: Core & HTML component

2026-02-25
CVE-2026-27979
7.5
Unknown Multiple Products

Next

2026-03-19
CVE-2026-27976
8.8
Arch Multiple Products

Zed, a code editor, has an extension installer allows tar/gzip downloads

2026-02-26
CVE-2026-27966
Analyzed
9.8
Langflow Langflow

Langflow's CSV Agent node improperly enables dangerous code execution by default, allowing unauthenticated attackers to achieve remote code execution...

2026-02-27
CVE-2026-27962
Analyzed
9.1
Unknown Authlib

A JWK Header Injection vulnerability in Authlib's JWS implementation allows unauthenticated attackers to forge arbitrary JWT tokens by embedding a mal...

2026-03-17
CVE-2026-27961
8.8
Unknown Multiple Products

Agenta is an open-source LLMOps platform

2026-02-26
CVE-2026-27960
Analyzed
9.8
Intel OpenCTI Platform

OpenCTI contains a privilege escalation vulnerability allowing unauthenticated attackers to query the API as any user, including the default administr...

2026-05-06
CVE-2026-27959
7.5
Unknown Multiple Products

Koa is middleware for Node

2026-02-26
CVE-2026-27957
Analyzed
8.8
Coolify Coolify

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases

2026-07-01
CVE-2026-27952
8.8
Unknown Multiple Products

Agenta is an open-source LLMOps platform

2026-02-26
CVE-2026-27944
Analyzed
9.8
Nginx UI is

Nginx UI prior to 2.3.3 allows unauthenticated access to the backup endpoint, exposing encryption keys in response headers and enabling full system ba...

2026-03-06
CVE-2026-27941
Analyzed
9.9
Google Cloud service

OpenLIT GitHub Actions workflows are vulnerable to unauthorized code execution via forked pull requests, leading to the potential theft of sensitive s...

2026-02-26
CVE-2026-27940
7.8
Unknown Multiple Products

llama

2026-03-13
CVE-2026-2794
7.5
Google Multiple Products

Information disclosure due to uninitialized memory in Firefox and Firefox Focus for Android

2026-02-26
CVE-2026-27939
Analyzed
8.8
Unknown Multiple Products

Statmatic is a Laravel and Git powered content management system (CMS)

2026-02-28
CVE-2026-27938
7.7
WordPress sites

WPGraphQL provides a GraphQL API for WordPress sites

2026-02-26
CVE-2026-27932
7.5
LG Multiple Products

joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption (JOSE) standards

2026-03-04
CVE-2026-27928
8.7
Microsoft Multiple Products

Improper input validation in Windows Hello allows an unauthorized attacker to bypass a security feature over a network

2026-04-15
CVE-2026-27927
7.8
Microsoft Multiple Products

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Projected File System allows an authorized atta...

2026-04-15
CVE-2026-27924
7.8
Window Multiple Products

Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally

2026-04-15
CVE-2026-27923
7.8
Window Multiple Products

Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally

2026-04-15
CVE-2026-27920
7.8
Microsoft Multiple Products

Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally

2026-04-15
CVE-2026-27919
7.8
Microsoft Multiple Products

Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally

2026-04-15
CVE-2026-27918
7.8
Microsoft Multiple Products

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Shell allows an authorized attacker to elevate...

2026-04-15
CVE-2026-27916
7.8
Microsoft Multiple Products

Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally

2026-04-15
CVE-2026-27915
7.8
Microsoft Multiple Products

Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally

2026-04-15
CVE-2026-27914
7.8
Microsoft Management Console

Improper access control in Microsoft Management Console allows an authorized attacker to elevate privileges locally

2026-04-15
CVE-2026-27912
8
Microsoft Multiple Products

Improper authorization in Windows Kerberos allows an authorized attacker to elevate privileges over an adjacent network

2026-04-15
CVE-2026-27911
7.8
Microsoft Multiple Products

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attack...

2026-04-15
CVE-2026-27910
7.8
Microsoft Multiple Products

Improper handling of insufficient permissions or privileges in Windows Installer allows an authorized attacker to elevate privileges locally

2026-04-15
CVE-2026-27909
7.8
Microsoft Windows Search

Use after free in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally

2026-04-15
CVE-2026-27907
7.8
Microsoft Multiple Products

Integer underflow (wrap or wraparound) in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally

2026-04-15
CVE-2026-27904
Analyzed
7.5
Isaacs minimatch

minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects

2026-02-26