17426 Total CVEs
8726 AI Analyzed
264 CISA KEV
3526 Critical
All Vendors
Showing 5951-6000 of 17426 CVEs Page 120 of 349
CVE-2026-25922
Analyzed
8.8
Unknown Multiple Products

authentik is an open-source identity provider

2026-02-13
CVE-2026-2592
Analyzed
7.7
WordPress is vulnerable

The Zarinpal Gateway for WooCommerce plugin for WordPress is vulnerable to Improper Access Control to Payment Status Update in all versions up to and...

2026-02-17
CVE-2026-25906
7.3
Dell Optimizer

Dell Optimizer, versions prior to 6

2026-03-04
CVE-2026-25899
7.5
Unknown Multiple Products

Fiber is an Express inspired web framework written in Go

2026-02-25
CVE-2026-25896
Analyzed
9.3
Unknown fast-xml-parser

A regex wildcard handling error in fast-xml-parser's DOCTYPE entity replacement allows attackers to shadow built-in entities, leading to Cross-Site Sc...

2026-02-21
CVE-2026-25892
7.5
HP converts to

Adminer is open-source database management software

2026-02-10
CVE-2026-25890
8.1
File Multiple Products

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files

2026-02-10
CVE-2026-25888
Analyzed
8.8
Unknown Multiple Products

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts

2026-03-06
CVE-2026-25881
Analyzed
9
SandboxJS SandboxJS

SandboxJS versions before 0.8.31 contain a sandbox escape vulnerability via prototype pollution, potentially allowing sandboxed code to achieve remote...

2026-02-10
CVE-2026-25880
Analyzed
7.8
Microsoft SumatraPDF

SumatraPDF is a multi-format reader for Windows

2026-02-10
CVE-2026-2588
Analyzed
9.1
Perl (CPAN) Crypt::NaCl::Sodium

Crypt::NaCl::Sodium for Perl contains an integer overflow on 32-bit systems when casting length pointers, potentially leading to memory corruption or...

2026-02-24
CVE-2026-25879
Analyzed
9.8
Langroid Langroid Framework

The Langroid framework is vulnerable to remote code execution due to insecure handling of SQL produced by large language models.

2026-06-02
CVE-2026-25873
Analyzed
9.8
Unknown Reward Server

The OmniGen2-RL reward server contains an unauthenticated remote code execution (RCE) vulnerability due to insecure pickle deserialization of HTTP POS...

2026-03-19
CVE-2026-2587
Analyzed
9.6
Oracle GlassFish

A remote code execution vulnerability in the GlassFish server-side template rendering mechanism allows attackers to execute arbitrary commands via mal...

2026-05-20
CVE-2026-25866
7.8
Unknown path element

MobaXterm versions prior to 26

2026-03-10
CVE-2026-25863
Analyzed
7.5
WordPress plugin through

Conditional Fields for Contact Form 7 WordPress plugin through version 2

2026-05-05
CVE-2026-2586
Analyzed
9.1
Oracle GlassFish

An authenticated remote code execution vulnerability exists in the GlassFish Administration Console, allowing users with console access to execute arb...

2026-05-20
CVE-2026-25856
Analyzed
8.8
OpenBullet OpenBullet2

OpenBullet2 through version 0

2026-06-09
CVE-2026-25855
Analyzed
8.8
OpenBullet OpenBullet2

OpenBullet2 through version 0

2026-06-09
CVE-2026-25851
Analyzed
9.4
OCPP Implementations OCPP WebSocket Endpoint

OCPP WebSocket endpoints lack authentication, allowing unauthenticated attackers to impersonate legitimate charging stations and issue unauthorized co...

2026-02-27
CVE-2026-25848
Analyzed
9.1
JetBrains Hub

JetBrains Hub versions prior to 2025.3.119807 contain an authentication bypass vulnerability that allows unauthenticated attackers to perform administ...

2026-02-10
CVE-2026-25847
8.2
PyCharm Multiple Products

In JetBrains PyCharm before 2025

2026-02-10
CVE-2026-25835
7.7
TLS seeds in

Mbed TLS before 3

2026-04-02
CVE-2026-25833
7.5
Mbed Multiple Products

Mbed TLS 3

2026-04-02
CVE-2026-25823
Analyzed
9.8
HMS Networks Ewon Flexy and Cosy+

A stack buffer overflow in HMS Networks Ewon Flexy and Cosy+ devices allows unauthenticated remote code execution or denial of service via malicious n...

2026-03-14
CVE-2026-25819
7.5
Unknown Multiple Products

HMS Networks Ewon Flexy with firmware before 15

2026-03-14
CVE-2026-25818
Analyzed
9.1
HMS Networks Ewon Flexy and Cosy+

HMS Networks Ewon Flexy and Cosy+ devices suffer from weak entropy in authentication cookies, enabling attackers to brute-force encryption parameters...

2026-03-14
CVE-2026-25817
8.8
Unknown Multiple Products

HMS Networks Ewon Flexy with firmware before 15

2026-03-14
CVE-2026-25808
7.5
Unknown Multiple Products

Hollo is a federated single-user microblogging software designed to be federated through ActivityPub

2026-02-10
CVE-2026-25807
8.8
Unknown Multiple Products

ZAI Shell is an autonomous SysOps agent designed to navigate, repair, and secure complex environments

2026-02-10
CVE-2026-25803
Analyzed
9.8
Unknown 3DP-MANAGER

3DP-MANAGER automatically creates an administrative account with default credentials (admin/admin) upon initialization. Attackers can use these creden...

2026-02-07
CVE-2026-25802
Analyzed
7.6
Intel New API LLM Gateway

New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system

2026-02-24
CVE-2026-2580
Analyzed
7.5
Google Maps

The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to time-based SQL Injectio...

2026-03-23
CVE-2026-25794
8.2
Unknown Multiple Products

ImageMagick is free and open-source software used for editing and manipulating digital images

2026-02-24
CVE-2026-25791
7.5
Unknown Multiple Products

Sliver is a command and control framework that uses a custom Wireguard netstack

2026-02-10
CVE-2026-2579
7.5
WordPress is vulnerable

The WowStore – Store Builder & Product Blocks for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the ‘search’ parameter in all ve...

2026-03-17
CVE-2026-25787
Analyzed
9.1
Unknown Multiple Products

Affected devices do not properly validate and sanitize Technology Object (TO) name rendered on the "Motion Control Diagnostics" page of the web interf...

2026-05-13
CVE-2026-25786
Analyzed
9.1
Unknown Multiple Products

Affected devices do not properly validate and sanitize PLC/station name rendered on the "communication" parameters page of the web interface. This co...

2026-05-13
CVE-2026-25785
Analyzed
9.8
Path Lanscope Endpoint Manager (On-Premises)

A path traversal vulnerability in Lanscope Endpoint Manager allows attackers to tamper with arbitrary files. This flaw can be leveraged to execute arb...

2026-02-25
CVE-2026-25781
Analyzed
8.4
Unknown Multiple Products

in OpenHarmony v6

2026-05-19
CVE-2026-25778
7.3
Unknown Multiple Products

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same sessi...

2026-02-28
CVE-2026-25776
Analyzed
9.8
Movable Type Movable Type

Six Apart Movable Type contains a code injection vulnerability that allows an authenticated attacker to execute arbitrary Perl scripts on the server.

2026-04-09
CVE-2026-25775
Analyzed
9.8
SenseLive X3050 Multiple Products

A vulnerability in SenseLive X3050’s remote management service allows firmware retrieval and update operations to be performed without authentication...

2026-04-24
CVE-2026-25773
Analyzed
8.1
Focalboard Focalboard

** UNSUPPORTED WHEN ASSIGNED ** Focalboard version 8

2026-04-04
CVE-2026-25770
Analyzed
9.1
Wazuh Wazuh Manager

Wazuh Manager is vulnerable to privilege escalation where an authenticated node can overwrite the manager's configuration file to achieve Root Remote...

2026-03-18
CVE-2026-2577
Analyzed
10
SAP WhatsApp bridge

The Nanobot WhatsApp bridge component exposes an unauthenticated WebSocket server on all network interfaces, allowing remote attackers to hijack sessi...

2026-02-17
CVE-2026-25769
Analyzed
9.1
Arch Wazuh Manager

Wazuh deployments in cluster mode are vulnerable to Remote Code Execution via deserialization of untrusted data if a worker node is compromised.

2026-03-18
CVE-2026-25762
Analyzed
7.5
Unknown Multiple Products

AdonisJS is a TypeScript-first web framework

2026-02-07
CVE-2026-25761
8.8
GitHub Action or

Super-linter is a combination of multiple linters to run as a GitHub Action or standalone

2026-02-10
CVE-2026-2576
7.5
WordPress plugin for

The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the 'payment...

2026-02-18