17426 Total CVEs
8726 AI Analyzed
264 CISA KEV
3526 Critical
All Vendors
Showing 5701-5750 of 17426 CVEs Page 115 of 349
CVE-2026-27179
8.2
Unknown Multiple Products

MajorDoMo (aka Major Domestic Module) contains an unauthenticated SQL injection vulnerability in the commands module

2026-02-19
CVE-2026-27178
7.2
HP rendering code

MajorDoMo (aka Major Domestic Module) contains a stored cross-site scripting (XSS) vulnerability through method parameter injection into the shoutbox

2026-02-19
CVE-2026-27177
7.2
HP Multiple Products

MajorDoMo (aka Major Domestic Module) contains a stored cross-site scripting (XSS) vulnerability via the /objects/?op=set endpoint, which is intention...

2026-02-19
CVE-2026-27175
Analyzed
9.8
HP script

MajorDoMo is vulnerable to unauthenticated remote code execution via a race condition and unsanitized user input in the rc/index.php and cycle_execs.p...

2026-02-19
CVE-2026-27174
Analyzed
9.8
HP console feature

MajorDoMo allows unauthenticated remote code execution via the admin panel's PHP console due to a logic error that bypasses authentication and passes...

2026-02-19
CVE-2026-27173
Analyzed
8.7
Kubernetes Executors have

JWT tokens that were used by workers in Kubernetes Executors have been exposed to users who had read only access to Kuberentes Pods

2026-05-20
CVE-2026-27172
8.8
Apache Camel

The ConsulRegistry in the camel-consul component (class org

2026-04-29
CVE-2026-27169
8.9
Arch and generative

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI

2026-02-21
CVE-2026-27168
Analyzed
8.8
Unknown Multiple Products

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles

2026-02-21
CVE-2026-27141
7.5
Unknown Multiple Products

Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic

2026-02-28
CVE-2026-27135
7.5
Protocol Multiple Products

nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C

2026-03-19
CVE-2026-27134
Analyzed
8.1
Kubernetes Kafka cluster

Strimzi provides a way to run an Apache Kafka cluster on Kubernetes or OpenShift in various deployment configurations

2026-02-21
CVE-2026-27130
Analyzed
9.9
Dokploy Dokploy

Dokploy 0.26.6 and below contain an OS command injection vulnerability in the appName parameter, allowing authenticated attackers to execute arbitrary...

2026-05-19
CVE-2026-27114
7.5
Arch Multiple Products

NanaZip is an open source file archive Starting in version 5

2026-02-21
CVE-2026-27099
8
Jenkins Multiple Products

Jenkins 2

2026-02-19
CVE-2026-27096
8.1
WordPress Theme allows

Deserialization of Untrusted Data vulnerability in BuddhaThemes ColorFolio - Freelance Designer WordPress Theme allows Object Injection

2026-03-19
CVE-2026-27093
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Ovatheme Tripgo allows PHP Lo...

2026-03-19
CVE-2026-27067
Analyzed
9.1
Syarif Mobile Multiple Products

Unrestricted Upload of File with Dangerous Type vulnerability in Syarif Mobile App Editor allows Upload a Web Shell to a Web Server.This issue affects...

2026-03-20
CVE-2026-27065
Analyzed
9.8
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress BuilderPress allows...

2026-03-20
CVE-2026-27060
Analyzed
8.8
HP ARMember Premium

Contributor PHP Object Injection in ARMember Premium <= 7

2026-07-03
CVE-2026-27053
Analyzed
9.8
HP Broadcast Live Video

An unauthenticated PHP object injection vulnerability in the Broadcast Live Video plugin for WordPress allows remote code execution.

2026-06-16
CVE-2026-27052
7.5
HP sctv

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in villatheme Sales Countdown Ti...

2026-02-20
CVE-2026-27045
8.8
Unknown Multiple Products

Deserialization of Untrusted Data vulnerability in sbthemes WooCommerce Infinite Scroll sb-woocommerce-infinite-scroll allows Object Injection

2026-03-27
CVE-2026-27044
Analyzed
9.9
HP Total Poll Lite

Total Poll Lite is vulnerable to Remote Code Inclusion (RCI) due to improper control of code generation. This affects versions up to and including 4.1...

2026-03-26
CVE-2026-27040
8.8
AA Multiple Products

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AA-Team WZone woozone allows Path Traversal

2026-03-27
CVE-2026-27039
8.5
AA Multiple Products

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team WZone woozone allows Blind SQL Injection

2026-03-27
CVE-2026-27028
Analyzed
9.4
Unknown OCPP WebSocket Endpoint

Unauthenticated attackers can perform station impersonation and manipulate backend data due to a lack of proper authentication on OCPP WebSocket endpo...

2026-02-27
CVE-2026-27013
7.6
Unknown Multiple Products

Fabric

2026-02-20
CVE-2026-27012
Analyzed
9.8
HP OpenSTAManager

An authentication bypass in OpenSTAManager allows attackers to arbitrarily modify user groups, leading to full administrative privilege escalation.

2026-03-04
CVE-2026-2701
Analyzed
9.1
HP Affected Software

An authenticated file upload vulnerability allows attackers to upload and execute malicious files, leading to remote code execution on the server.

2026-04-03
CVE-2026-27002
Analyzed
9.8
Docker tool sandbox

OpenClaw's Docker tool sandbox is vulnerable to configuration injection, allowing dangerous Docker options that can lead to container escape and host...

2026-02-21
CVE-2026-27001
7.8
Unknown Multiple Products

OpenClaw is a personal AI assistant

2026-02-21
CVE-2026-26999
7.5
Traefik Multiple Products

Traefik is an HTTP reverse proxy and load balancer

2026-03-07
CVE-2026-26996
7.5
Unknown Multiple Products

minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects

2026-02-21
CVE-2026-26990
8.8
HP Multiple Products

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool

2026-02-20
CVE-2026-2699
Analyzed
9.8
Citrix ShareFile Storage Zones Controller (SZC)

Citrix ShareFile Storage Zones Controller (SZC) contains a flaw allowing unauthenticated attackers to access restricted configuration pages, leading t...

2026-04-03
CVE-2026-26988
Analyzed
9.1
HP LibreNMS

LibreNMS contains an SQL injection vulnerability in the ajax_table.php endpoint due to improper sanitization of IPv6 address parameters, allowing unau...

2026-02-21
CVE-2026-26985
8.1
Arch and Imaging

LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging r...

2026-02-26
CVE-2026-26984
8.7
Arch and Imaging

LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging r...

2026-02-26
CVE-2026-26980
Analyzed
9.4
Ghost Foundation Ghost CMS

Ghost CMS is vulnerable to unauthenticated arbitrary database reads, allowing attackers to extract sensitive information directly from the underlying...

2026-02-20
CVE-2026-26975
8.8
Unknown Multiple Products

Music Assistant is an open-source media library manager that integrates streaming services with connected speakers

2026-02-20
CVE-2026-26965
8.8
Unknown Multiple Products

FreeRDP is a free implementation of the Remote Desktop Protocol

2026-02-26
CVE-2026-26959
7.8
Microsoft Multiple Products

ADB Explorer is a fluent UI for ADB on Windows

2026-02-20
CVE-2026-26956
Analyzed
9.8
Node.js (vm2) vm2

A full sandbox escape vulnerability in vm2 version 3.10.4 allows attackers to access the host process object and execute arbitrary host commands.

2026-05-05
CVE-2026-26955
8.8
Unknown Multiple Products

FreeRDP is a free implementation of the Remote Desktop Protocol

2026-02-26
CVE-2026-26954
Analyzed
10
SandboxJS SandboxJS

SandboxJS versions prior to 0.8.34 allow attackers to escape the JavaScript sandbox by obtaining arrays containing Function objects, leading to arbitr...

2026-03-14
CVE-2026-26944
8.8
Dell PowerProtect Data

Dell PowerProtect Data Domain, versions 7

2026-04-21
CVE-2026-26943
7.2
Dell PowerProtect Data

Dell PowerProtect Data Domain, versions 7

2026-04-21
CVE-2026-26938
8.6
Template Multiple Products

Improper Neutralization of Special Elements Used in a Template Engine (CWE-1336) exists in Workflows in Kibana which could allow an attacker to read a...

2026-02-27
CVE-2026-26930
Analyzed
7.2
SmarterMail SmarterMail

SmarterTools SmarterMail before 9526 allows XSS via MAPI requests

2026-02-17