17426 Total CVEs
8726 AI Analyzed
264 CISA KEV
3526 Critical
All Vendors
Showing 5551-5600 of 17426 CVEs Page 112 of 349
CVE-2026-27903
Analyzed
7.5
Isaacs minimatch

minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects

2026-02-26
CVE-2026-27899
8.8
Docker images for

WireGuard Portal (or wg-portal) is a web-based configuration portal for WireGuard server management

2026-02-26
CVE-2026-27897
Analyzed
10
Vociferous Vociferous

Vociferous prior to 4.4.2 contains an unauthenticated directory traversal vulnerability in the export_file route, enabling arbitrary file writes to an...

2026-03-12
CVE-2026-27894
8.8
HP files and

LDAP Account Manager (LAM) is a webfrontend for managing entries (e

2026-03-18
CVE-2026-27893
8.8
Unknown Multiple Products

vLLM is an inference and serving engine for large language models (LLMs)

2026-03-27
CVE-2026-27891
Analyzed
7.2
Arch Multiple Products

FacturaScripts is an open source accounting and invoicing software

2026-05-19
CVE-2026-27890
8.2
Unknown Multiple Products

Firebird is an open-source relational database management system

2026-04-18
CVE-2026-27885
Analyzed
7.2
Piwigo Piwigo

Piwigo is an open source photo gallery application for the web

2026-04-05
CVE-2026-27880
7.5
Unknown Multiple Products

The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cause out-of-memory crashes

2026-03-29
CVE-2026-27876
Analyzed
9.1
Grafana Enterprise plugin

A chained attack involving SQL Expressions and a Grafana Enterprise plugin enables remote arbitrary code execution (RCE) when the sqlExpressions featu...

2026-03-28
CVE-2026-27858
7.5
Attacker Multiple Products

Attacker can send a specifically crafted message before authentication that causes managesieve to allocate large amount of memory

2026-03-29
CVE-2026-27856
Analyzed
7.4
Oracle attack

Doveadm credentials are verified using direct comparison which is susceptible to timing oracle attack

2026-03-29
CVE-2026-27850
7.5
Unknown Multiple Products

Due to an improperly configured firewall rule, the router will accept any connection on the WAN port with the source port 5222, exposing all services...

2026-02-26
CVE-2026-27843
Analyzed
9.1
SenseLive X3050

A vulnerability in the SenseLive X3050 web management interface allows unauthorized modification of configuration parameters, leading to a persistent...

2026-04-24
CVE-2026-27842
Analyzed
9.8
Authentication Multiple Products

Authentication bypass issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to bypass authentication and change the device configurat...

2026-03-11
CVE-2026-27841
8.1
SenseLive Multiple Products

A vulnerability in SenseLive X3050's web management interface allows state-changing operations to be triggered without proper Cross-Site Request Forge...

2026-04-24
CVE-2026-27836
Analyzed
7.5
HP Multiple Products

phpMyFAQ is an open source FAQ web application

2026-02-28
CVE-2026-27834
Analyzed
7.2
Piwigo Piwigo

Piwigo is an open source photo gallery application for the web

2026-04-05
CVE-2026-27833
Analyzed
7.5
HP API method

Piwigo is an open source photo gallery application for the web

2026-04-04
CVE-2026-27831
7.5
DNS Multiple Products

rldns is an open source DNS server

2026-02-26
CVE-2026-2783
7.5
JavaScript Multiple Products

Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component

2026-02-26
CVE-2026-27826
8.2
Atlassian is

MCP Atlassian is a Model Context Protocol (MCP) server for Atlassian products (Confluence and Jira)

2026-03-11
CVE-2026-27825
Analyzed
9
Atlassian is

A directory traversal vulnerability in the MCP Atlassian server allows attackers to write arbitrary files to the server, potentially leading to remote...

2026-03-11
CVE-2026-27822
Analyzed
9
Unknown RustFS Console

A stored cross-site scripting (XSS) vulnerability in the RustFS Console allows attackers to steal administrator credentials and achieve full system co...

2026-02-25
CVE-2026-27819
7.2
Arch Multiple Products

Vikunja is an open-source self-hosted task management platform

2026-02-26
CVE-2026-27811
8.8
Apache and Keepalived

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers

2026-03-18
CVE-2026-27806
7.8
Unknown Multiple Products

Fleet is open source device management software

2026-04-09
CVE-2026-27803
8.3
Unknown Multiple Products

Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs

2026-03-05
CVE-2026-27802
8.3
Unknown Multiple Products

Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs

2026-03-05
CVE-2026-27800
7.4
Arch Multiple Products

Zed, a code editor, has a Zip Slip (Path Traversal) vulnerability exists in its extension archive extraction functionality prior to version 0

2026-02-26
CVE-2026-27785
8.8
Specific Multiple Products

Specific firmware versions of Milesight AIOT camera firmware contain hard-coded credentials

2026-04-28
CVE-2026-27784
7.8
Nginx Open Source

The 32-bit implementation of NGINX Open Source has a vulnerability in the ngx_http_mp4_module module, which might allow an attacker to over-read or ov...

2026-03-25
CVE-2026-27780
Analyzed
9.8
Gitea Gitea Open Source Git Server

Gitea versions before 1.26.0 fail to handle errors correctly during pre-receive hook processing, allowing attackers to bypass branch-protection checks...

2026-07-07
CVE-2026-27778
7.5
Unknown Multiple Products

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests

2026-03-07
CVE-2026-27776
7.2
Unknown Multiple Products

IM-LogicDesigner module of intra-mart Accel Platform contains insecure deserialization issue

2026-02-28
CVE-2026-27772
Analyzed
9.4
Unknown OCPP WebSocket Endpoint

WebSocket endpoints lack authentication, allowing unauthenticated attackers to impersonate charging stations and manipulate backend data via the Open...

2026-02-27
CVE-2026-27771
Analyzed
8.2
Intel Gitea Open Source Git Server

Gitea versions up to and including 1

2026-07-04
CVE-2026-27767
Analyzed
9.4
OCPP Implementations OCPP WebSocket Endpoint

Unauthenticated attackers can perform station impersonation and manipulate backend data due to a lack of authentication on OCPP WebSocket endpoints.

2026-02-27
CVE-2026-27764
7.3
Unknown Multiple Products

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session...

2026-03-08
CVE-2026-27760
8.1
HP code injection

OpenCATS prior to commit 3002a29 contains a PHP code injection vulnerability in the installer AJAX endpoint that allows unauthenticated attackers to e...

2026-04-29
CVE-2026-27757
7.1
Unknown Multiple Products

SODOLA SL902-SWTGW124AS firmware versions through 200

2026-02-28
CVE-2026-27755
Analyzed
9.8
SODOLA SL902-SWTGW124AS Firmware

SODOLA SL902-SWTGW124AS firmware generates predictable MD5-based session identifiers, allowing attackers to forge authenticated sessions and bypass th...

2026-02-28
CVE-2026-27751
Analyzed
9.8
SODOLA SL902-SWTGW124AS Firmware

SODOLA SL902-SWTGW124AS firmware contains hardcoded default credentials, allowing remote attackers to gain full administrative control over the device...

2026-02-28
CVE-2026-27750
7.8
Optimizer Multiple Products

Avira Internet Security contains a time-of-check time-of-use (TOCTOU) vulnerability in the Optimizer component

2026-03-07
CVE-2026-27749
Analyzed
7.8
AMD Internet Security

Avira Internet Security contains a deserialization of untrusted data vulnerability in the System Speedup component

2026-03-07
CVE-2026-27748
Analyzed
7.8
AMD Internet Security

Avira Internet Security contains an improper link resolution vulnerability in the Software Updater component

2026-03-07
CVE-2026-27745
8.8
Unknown Multiple Products

The SPIP interface_traduction_objets plugin versions prior to 2

2026-02-26
CVE-2026-27732
8.1
HP Multiple Products

WWBN AVideo is an open source video platform

2026-02-26
CVE-2026-27730
8.6
Unknown Multiple Products

esm

2026-02-26
CVE-2026-27728
Analyzed
9.9
Linux OneUptime

An OS command injection vulnerability in OneUptime allows authenticated users to execute arbitrary commands on the Probe server via the monitor destin...

2026-02-26