17426 Total CVEs
8726 AI Analyzed
264 CISA KEV
3526 Critical
All Vendors
Showing 5801-5850 of 17426 CVEs Page 117 of 349
CVE-2026-26336
7.5
Hyland Multiple Products

Hyland Alfresco allows unauthenticated attackers to read arbitrary files from protected directories (like WEB-INF) via the "/share/page/resource/" end...

2026-02-20
CVE-2026-26332
Analyzed
9.8
Node.js (vm2) vm2

A vulnerability involving `SuppressedError` in the vm2 library allows attackers to escape the sandbox and execute arbitrary code on the host system.

2026-05-05
CVE-2026-26331
8.8
Unknown Multiple Products

yt-dlp is a command-line audio/video downloader

2026-02-24
CVE-2026-26324
7.5
Unknown Multiple Products

OpenClaw is a personal AI assistant

2026-02-20
CVE-2026-26323
8.8
GitHub login from

OpenClaw is a personal AI assistant

2026-02-21
CVE-2026-26322
7.6
Unknown Multiple Products

OpenClaw is a personal AI assistant

2026-02-20
CVE-2026-26321
7.5
Unknown Multiple Products

OpenClaw is a personal AI assistant

2026-02-20
CVE-2026-26319
7.5
Unknown Multiple Products

OpenClaw is a personal AI assistant

2026-02-20
CVE-2026-26318
8.8
Infor Multiple Products

systeminformation is a System and OS information library for node

2026-02-20
CVE-2026-26316
7.5
Unknown Multiple Products

OpenClaw is a personal AI assistant

2026-02-20
CVE-2026-2631
Analyzed
9.8
WordPress plugin before

The Datalogics Ecommerce Delivery plugin for WordPress before 2.6.60 contains an unauthenticated REST endpoint vulnerability allowing remote attackers...

2026-03-12
CVE-2026-26306
7.8
Microsoft Multiple Products

The installer for OM Workspace (Windows Edition) Ver 2

2026-03-25
CVE-2026-26305
7.5
Unknown Multiple Products

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests

2026-02-27
CVE-2026-2630
8.8
Tenable Multiple Products

A Command Injection vulnerability exists where an authenticated, remote attacker could execute arbitrary code on the underlying server where Tenable S...

2026-02-18
CVE-2026-26290
7.3
Unknown Multiple Products

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same sessi...

2026-02-28
CVE-2026-2629
7.3
Infor Multiple Products

A weakness has been identified in jishi node-sonos-http-api up to 3776f0ee2261c924c7b7204de121a38100a08ca7

2026-02-18
CVE-2026-26289
8.2
Infor Multiple Products

PowerSYSTEM Center REST API endpoint for device account export allows an authenticated user with limited permissions to expose sensitive information n...

2026-05-13
CVE-2026-26288
Analyzed
9.4
Unknown OCPP Charging Infrastructure

A lack of authentication in WebSocket endpoints allows unauthenticated attackers to impersonate charging stations, manipulate data, and issue unauthor...

2026-03-07
CVE-2026-26286
8.5
Unknown Multiple Products

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines,...

2026-02-21
CVE-2026-26280
8.4
Infor Multiple Products

systeminformation is a System and OS information library for node

2026-02-20
CVE-2026-2628
Analyzed
9.8
Microsoft All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login (WordPress Plugin)

The All-in-One Microsoft 365 SSO Login plugin for WordPress allows unauthenticated attackers to bypass authentication and gain full administrative acc...

2026-03-03
CVE-2026-26279
Analyzed
9.1
Froxlor Froxlor

A typo in Froxlor's input validation enables an authenticated administrator to achieve root-level remote code execution via shell command injection.

2026-03-04
CVE-2026-26278
7.5
Unknown Multiple Products

fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback

2026-02-20
CVE-2026-26275
7.5
SUSE of Rust

httpsig-hyper is a hyper extension for http message signatures

2026-02-20
CVE-2026-26273
Analyzed
9.8
Known Known (Social Publishing Platform)

A broken authentication vulnerability in Known allows unauthenticated attackers to retrieve password reset tokens from hidden HTML fields, enabling fu...

2026-02-14
CVE-2026-2627
Analyzed
7.8
Microsoft shared

A security flaw has been discovered in Softland FBackup up to 9

2026-02-18
CVE-2026-26268
Analyzed
8
Anysphere Cursor

Cursor is a code editor built for programming with AI

2026-02-14
CVE-2026-26267
7.5
Unknown Multiple Products

soroban-sdk is a Rust SDK for Soroban contracts

2026-02-20
CVE-2026-26266
Analyzed
9.3
AliasVault AliasVault Web Client

A stored cross-site scripting (XSS) vulnerability in AliasVault Web Client allows attackers to execute malicious JavaScript in the victim's browser vi...

2026-03-04
CVE-2026-26265
7.5
Unknown Multiple Products

Discourse is an open source discussion platform

2026-02-27
CVE-2026-26263
8.1
Arch engine

GLPI is a free asset and IT management software package

2026-04-07
CVE-2026-2626
8.1
WordPress plugin before

The divi-booster WordPress plugin before 5

2026-03-12
CVE-2026-26239
Analyzed
8.1
QNAP File Station 5

A buffer overflow vulnerability has been reported to affect File Station 5

2026-06-14
CVE-2026-26234
8.8
Visu Multiple Products

JUNG Smart Visu Server 1

2026-02-12
CVE-2026-26231
Analyzed
8.5
Gitea Gitea Open Source Git Server

Gitea versions up to and including 1

2026-07-04
CVE-2026-26219
Analyzed
9.1
LG newbee-mall

The newbee-mall application uses unsalted MD5 hashing for password storage, allowing attackers who obtain the database to rapidly recover plaintext cr...

2026-02-13
CVE-2026-26218
Analyzed
9.8
Unknown newbee-mall

The newbee-mall application utilizes pre-seeded administrator accounts with predictable default passwords, allowing unauthenticated attackers to gain...

2026-02-13
CVE-2026-26217
8.6
Docker API deployment

Crawl4AI versions prior to 0

2026-02-13
CVE-2026-26216
Analyzed
10
Docker API deployment

Crawl4AI versions prior to 0.8.0 allow unauthenticated remote code execution via the `/crawl` endpoint by exploiting the `hooks` parameter to import a...

2026-02-13
CVE-2026-26214
7.4
Samsung HttpClient with

Galaxy FDS Android SDK (XiaoMi/galaxy-fds-sdk-android) version 3

2026-02-14
CVE-2026-26210
Analyzed
9.8
KTransformers Multiple Products

KTransformers through 0.5.3 contains an unsafe deserialization vulnerability in the balance_serve backend mode where the scheduler RPC server binds a...

2026-04-24
CVE-2026-2621
7.3
Unknown Multiple Products

A security vulnerability has been detected in Sciyon Koyuan Thermoelectricity Heat Network Management System 3

2026-02-18
CVE-2026-26209
7.5
Unknown Multiple Products

cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) serialization format

2026-03-24
CVE-2026-26208
Analyzed
7.8
Microsoft ADB Explorer

ADB Explorer is a fluent UI for ADB on Windows

2026-02-14
CVE-2026-26202
7.5
Unknown Multiple Products

Penpot is an open-source design tool for design and code collaboration

2026-02-20
CVE-2026-26200
7.8
F5 is software

HDF5 is software for managing data

2026-02-20
CVE-2026-2620
7.3
Warning Multiple Products

A weakness has been identified in Huace Monitoring and Early Warning System 2

2026-02-18
CVE-2026-26198
Analyzed
9.8
Ormar Ormar ORM

Ormar ORM aggregate queries lack sanitization in `min()` and `max()` methods, allowing unauthenticated attackers to inject raw SQL and extract entire...

2026-02-24
CVE-2026-26193
7.3
Intel Multiple Products

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline

2026-02-21
CVE-2026-26192
7.3
Intel Multiple Products

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline

2026-02-20