17426 Total CVEs
8726 AI Analyzed
264 CISA KEV
3526 Critical
All Vendors
Showing 5601-5650 of 17426 CVEs Page 113 of 349
CVE-2026-27707
7.3
Unknown Multiple Products

Seerr is an open-source media request and discovery manager for Jellyfin, Plex, and Emby

2026-02-28
CVE-2026-27706
7.7
Unknown Multiple Products

Plane is an an open-source project management tool

2026-02-26
CVE-2026-27702
Analyzed
9.9
AWS keys

Budibase Cloud suffers from an unsafe eval() vulnerability in its view filtering, allowing authenticated users to execute arbitrary JavaScript and acc...

2026-02-26
CVE-2026-27700
Analyzed
8.2
AWS Lambda adapter

Hono is a Web application framework that provides support for any JavaScript runtime

2026-02-26
CVE-2026-27696
8.6
Unknown Multiple Products

changedetection

2026-02-25
CVE-2026-2769
8.8
Unknown Multiple Products

Use-after-free in the Storage: IndexedDB component

2026-02-25
CVE-2026-27685
Analyzed
9.1
SAP NetWeaver Enterprise

SAP NetWeaver Enterprise Portal is vulnerable to a critical deserialization flaw that allows privileged users to compromise the confidentiality, integ...

2026-03-11
CVE-2026-27681
Analyzed
9.9
SAP Business Planning

Due to insufficient authorization checks in SAP Business Planning and Consolidation and SAP Business Warehouse, an authenticated user can execute craf...

2026-04-14
CVE-2026-27671
Analyzed
9.8
SAP NetWeaver Application Server ABAP

A memory corruption vulnerability in the SAP Kernel allows unauthenticated attackers to trigger crashes or execute code via crafted RFC requests.

2026-06-09
CVE-2026-27668
8.8
Access Multiple Products

A vulnerability has been identified in RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) (All versions < V5

2026-04-15
CVE-2026-27664
7.5
Unknown Multiple Products

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26

2026-03-28
CVE-2026-27655
7.3
Microsoft Exchange Reporter

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Permissions Based on Mailboxes report

2026-04-05
CVE-2026-27654
8.2
Nginx Open Source

NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_dav_module module that might allow an attacker to trigger a buffer overflow to t...

2026-03-25
CVE-2026-27652
7.3
Unknown Multiple Products

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same sessi...

2026-02-28
CVE-2026-27650
8.8
Buffalo Wi

OS Command Injection vulnerability exists in BUFFALO Wi-Fi router products

2026-03-27
CVE-2026-27649
7.3
Unknown Multiple Products

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session...

2026-03-22
CVE-2026-27648
Analyzed
8.8
Unknown Multiple Products

in OpenHarmony v6

2026-05-19
CVE-2026-27647
7.3
Unknown Multiple Products

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same sessi...

2026-02-28
CVE-2026-27641
Analyzed
9.8
Unknown Flask-Reuploaded

A critical path traversal and extension bypass vulnerability in Flask-Reuploaded allows for arbitrary file writes and remote code execution (RCE) via...

2026-02-25
CVE-2026-27638
7.1
Unknown Multiple Products

Actual is a local-first personal finance tool

2026-02-28
CVE-2026-27637
Analyzed
9.8
HP FreeScout

A critical authentication bypass in FreeScout allows attackers to compute valid session tokens and take over any user account, including administrator...

2026-02-25
CVE-2026-27636
8.8
HP servers with

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework

2026-02-25
CVE-2026-27635
7.5
Unknown Multiple Products

Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing

2026-02-26
CVE-2026-27628
7.5
Unknown Multiple Products

pypdf is a free and open-source pure-python PDF library

2026-02-26
CVE-2026-27627
8.2
Unknown Multiple Products

Karakeep is a elf-hostable bookmark-everything app

2026-02-25
CVE-2026-27626
Analyzed
9.9
OliveTin OliveTin

OliveTin is vulnerable to unauthenticated remote code execution (RCE) via two vectors: shell argument injection and unsafe webhook processing.

2026-02-25
CVE-2026-27625
Analyzed
8.1
Unknown Multiple Products

Stirling-PDF is a locally hosted web application that performs various operations on PDF files

2026-03-21
CVE-2026-27624
7.2
STUN Multiple Products

Coturn is a free open source implementation of TURN and STUN Server

2026-02-25
CVE-2026-27623
Analyzed
7.5
Valkey Valkey

Valkey is a distributed key-value database

2026-02-24
CVE-2026-27616
7.3
Unknown Multiple Products

Vikunja is an open-source self-hosted task management platform

2026-02-26
CVE-2026-27614
Analyzed
9.3
Bugsink Bugsink

An unauthenticated stored cross-site scripting (XSS) vulnerability in Bugsink allows attackers to execute arbitrary JavaScript in an administrator's b...

2026-02-25
CVE-2026-27607
8.1
Unknown Multiple Products

RustFS is a distributed object storage system built in Rust

2026-02-25
CVE-2026-27604
Analyzed
10
FOSSBilling FOSSBilling

An authorization bypass in the FOSSBilling API allows unauthenticated attackers to invoke administrative system functions by accessing restricted endp...

2026-06-24
CVE-2026-27597
Analyzed
10
Enclave enclave-vm

A security boundary escape vulnerability in the Enclave JavaScript sandbox core allows attackers to bypass restrictions and achieve remote code execut...

2026-02-25
CVE-2026-27593
Analyzed
9.3
Unknown Statamic CMS

Statamic CMS contains a flaw in its password reset feature that allows attackers to capture reset tokens. By knowing a user's email, an attacker can h...

2026-02-25
CVE-2026-27591
Analyzed
9.9
HP framework

Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Prior to 1.0.477, 1.1.12, and 1.2.12, Winter CMS all...

2026-03-12
CVE-2026-27579
7.4
Infor Multiple Products

CollabPlatform is a full-stack, real-time doc collaboration platform

2026-02-22
CVE-2026-27574
Analyzed
9.9
Redis OneUptime

A sandbox escape in OneUptime allows users with low privileges or anonymous access to execute arbitrary code and gain full access to cluster credentia...

2026-02-22
CVE-2026-27572
7.5
Wasmtime Multiple Products

Wasmtime is a runtime for WebAssembly

2026-02-26
CVE-2026-27566
7.1
Unknown Multiple Products

OpenClaw versions prior to 2026

2026-03-19
CVE-2026-27542
Analyzed
9.8
WordPress Woocommerce Wholesale Lead Capture

The Woocommerce Wholesale Lead Capture plugin is vulnerable to incorrect privilege assignment, which allows attackers to escalate their privileges wit...

2026-03-19
CVE-2026-27540
Analyzed
9
HP Woocommerce Wholesale Lead Capture

The Woocommerce Wholesale Lead Capture plugin allows for the unrestricted upload of files with dangerous types, enabling attackers to upload and execu...

2026-03-19
CVE-2026-2754
7.5
Infor Multiple Products

Navtor NavBox exposes sensitive configuration and operational data due to missing authentication on HTTP API endpoints

2026-03-08
CVE-2026-2753
7.5
Infor Multiple Products

An Absolute Path Traversal vulnerability exists in Navtor NavBox

2026-03-08
CVE-2026-27520
7.5
Binardat Multiple Products

Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 store a user password in a client-side cookie as a Base64-encoded valu...

2026-02-25
CVE-2026-27519
7.5
Binardat Multiple Products

Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior use RC4 with a hard-coded key embedded in client-side JavaScript

2026-02-25
CVE-2026-27516
8.1
Binardat Multiple Products

Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior expose user passwords in plaintext within the administrative interface...

2026-02-25
CVE-2026-27515
Analyzed
9.1
Binardat 10G08-0800GSM Network Switch

Binardat network switches generate predictable numeric session identifiers in their web management interface. This flaw allows attackers to guess acti...

2026-02-25
CVE-2026-2751
Analyzed
8.3
Linux Multiple Products

Blind SQL Injection via unsanitized array keys in Service Dependencies deletion

2026-02-28
CVE-2026-27509
8
Unitree Multiple Products

Unitree Go2 firmware versions V1

2026-02-28