17426 Total CVEs
8726 AI Analyzed
264 CISA KEV
3526 Critical
All Vendors
Showing 6051-6100 of 17426 CVEs Page 122 of 349
CVE-2026-25555
Analyzed
9.8
OpenBullet2 OpenBullet2

OpenBullet2 contains an authentication bypass vulnerability in its API key middleware, allowing unauthenticated attackers to access the admin console...

2026-06-09
CVE-2026-25550
Analyzed
9.8
Seagull Software BarTender

Seagull Software BarTender contains an unauthenticated remote code execution vulnerability in its .NET Remoting service, allowing attackers to execute...

2026-06-05
CVE-2026-25548
Analyzed
9.1
HP code

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A critical Remote Code Execution (RCE) vulnerabili...

2026-02-19
CVE-2026-25546
Analyzed
7.8
Unknown MCP (Model Context Protocol) Server

Godot MCP is a Model Context Protocol (MCP) server for interacting with the Godot game engine

2026-02-05
CVE-2026-25544
Analyzed
9.8
Payload CMS Payload

Payload CMS is vulnerable to blind SQL injection in JSON and richText field queries. Unauthenticated attackers can extract sensitive data and achieve...

2026-02-07
CVE-2026-2554
8.1
WordPress is vulnerable

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct...

2026-05-03
CVE-2026-25539
Analyzed
9.1
SiYuan SiYuan

SiYuan's /api/file/copyFile endpoint fails to validate the 'dest' parameter, allowing authenticated users to write files to arbitrary locations, poten...

2026-02-05
CVE-2026-25536
7.1
Protocol Multiple Products

MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients

2026-02-06
CVE-2026-25534
Analyzed
9.1
Spinnaker Clouddriver / Orca

Spinnaker Clouddriver and Orca components suffer from a URL validation bypass due to improper handling of underscores in Java URL objects, leading to...

2026-03-18
CVE-2026-25529
8.1
SMTP Multiple Products

Postal is an open source SMTP server

2026-03-13
CVE-2026-25526
Analyzed
9.8
Intel JinJava

JinJava is vulnerable to arbitrary Java execution via a sandbox bypass in the ForTag component, allowing unauthorized class instantiation and file acc...

2026-02-05
CVE-2026-25524
8.1
Magento Long Term

Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platfor...

2026-04-21
CVE-2026-25520
Analyzed
10
Docker SandboxJS

SandboxJS is vulnerable to a sandbox escape via unwrapped function return values. Attackers can access the host's Function constructor to execute arbi...

2026-02-07
CVE-2026-25519
Analyzed
8.1
OpenSlides OpenSlides

OpenSlides is a free, web based presentation and assembly system for managing and projecting agenda, motions and elections of an assembly

2026-02-05
CVE-2026-25510
Analyzed
9.9
HP CMS Skeleton

An authenticated user with file editor permissions in CI4MS can achieve Remote Code Execution (RCE) by uploading and executing arbitrary PHP code via...

2026-02-04
CVE-2026-25506
7.7
Unknown Multiple Products

MUNGE is an authentication service for creating and validating user credentials

2026-02-11
CVE-2026-25505
Analyzed
9.8
Intel Bambuddy

Bambuddy versions prior to 0.1.7 contain a hardcoded JWT secret key and lack authentication checks on many API routes, allowing unauthenticated access...

2026-02-05
CVE-2026-25503
7.1
Unknown Multiple Products

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles

2026-02-04
CVE-2026-25502
Analyzed
7.8
Unknown Multiple Products

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles

2026-02-04
CVE-2026-2550
Analyzed
9.8
EFM (iptime) A6004MX

A critical unrestricted file upload vulnerability in the iptime A6004MX router allows remote attackers to execute arbitrary code via the commit_vpncli...

2026-02-17
CVE-2026-2549
Analyzed
7.3
Infor LibrarySystem

A vulnerability has been found in zhanghuanhao LibrarySystem 图书馆管理系统 up to 1

2026-02-17
CVE-2026-25478
7.4
Asynchronous Multiple Products

Litestar is an Asynchronous Server Gateway Interface (ASGI) framework

2026-02-10
CVE-2026-25476
7.5
HP Multiple Products

OpenEMR is a free and open source electronic health records and medical practice management application

2026-02-26
CVE-2026-25474
7.5
Telegram webhook mode

OpenClaw is a personal AI assistant

2026-02-20
CVE-2026-25471
8.1
Unknown Multiple Products

Authentication Bypass Using an Alternate Path or Channel vulnerability in Themepaste Admin Safety Guard allows Password Recovery Exploitation

2026-03-19
CVE-2026-25470
Analyzed
10
WordPress ACPT (Pro) - Custom Post Types Plugin

An improper code injection vulnerability in the ACPT (Pro) plugin for WordPress allows unauthenticated remote attackers to execute arbitrary code.

2026-06-18
CVE-2026-25449
Analyzed
9.8
HP Traveler

The Traveler theme/plugin by Shinetheme is vulnerable to PHP Object Injection via deserialization of untrusted data, potentially leading to remote cod...

2026-03-19
CVE-2026-25447
Analyzed
9.1
HP Widget Wrangler

Widget Wrangler is vulnerable to Code Injection due to improper control of code generation. This affects versions up to and including 2.3.9.

2026-03-26
CVE-2026-25445
8.8
Membership Software Multiple Products

Deserialization of Untrusted Data vulnerability in Membership Software WishList Member X allows Object Injection

2026-03-20
CVE-2026-25443
7.5
Dotstore Fraud Multiple Products

Missing Authorization vulnerability in Dotstore Fraud Prevention For Woocommerce allows Exploiting Incorrectly Configured Access Control Security Leve...

2026-03-20
CVE-2026-2544
Analyzed
7.3
Unknown LuLu UI

A security flaw has been discovered in yued-fe LuLu UI up to 3

2026-02-16
CVE-2026-2542
Analyzed
7
Total path

A weakness has been identified in Total VPN 0

2026-02-16
CVE-2026-25418
7.6
Unknown Multiple Products

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bitpressadmin Bit Form bit-form allows SQL Injec...

2026-02-20
CVE-2026-25414
8.8
Unknown Multiple Products

Incorrect Privilege Assignment vulnerability in iqonicdesign WPBookit Pro wpbookit-pro allows Privilege Escalation

2026-03-27
CVE-2026-25406
8.8
Themeum Tutor LMS Pro Multiple Products

Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeum Tutor LMS Pro tutor-pro allows Authentication Abuse

2026-03-27
CVE-2026-25400
8.8
Unknown Multiple Products

Deserialization of Untrusted Data vulnerability in thememount Apicona apicona allows Object Injection

2026-03-27
CVE-2026-2538
Analyzed
7
Arch path

A security flaw has been discovered in Flos Freeware Notepad2 4

2026-02-16
CVE-2026-25378
7.6
Nelio Software Nelio Multiple Products

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing...

2026-02-20
CVE-2026-25369
7.1
Flexmls Multiple Products

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Flexmls Flexmls® IDX allows Reflected XSS

2026-03-17
CVE-2026-25366
Analyzed
9.9
HP allows Code

The Woody ad snippets plugin for WordPress is vulnerable to code injection. Attackers can exploit the insert-php component to execute arbitrary code o...

2026-03-26
CVE-2026-25360
8.8
Unknown Multiple Products

Deserialization of Untrusted Data vulnerability in rascals Vex vex allows Object Injection

2026-03-27
CVE-2026-25359
8.8
Unknown Multiple Products

Deserialization of Untrusted Data vulnerability in rascals Pendulum pendulum allows Object Injection

2026-03-27
CVE-2026-25358
8.8
Unknown Multiple Products

Deserialization of Untrusted Data vulnerability in rascals Meloo meloo allows Object Injection

2026-03-27
CVE-2026-2533
Analyzed
7.3
HP Self-service Washing Machine 4

A flaw has been found in Tosei Self-service Washing Machine 4

2026-02-16
CVE-2026-25312
7.5
EventPrime Multiple Products

Missing Authorization vulnerability in EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels

2026-03-19
CVE-2026-25293
Analyzed
9.6
Unknown Multiple Products

Buffer overflow due to incorrect authorization in PLC FW

2026-05-05
CVE-2026-25277
Analyzed
8.8
Unknown Strongbox

Memory corruption while using Strongbox due to buffer overflow

2026-06-02
CVE-2026-25276
Analyzed
8.8
Unknown Strongbox

Memory corruption while using Strongbox due to missing bounds check

2026-06-02
CVE-2026-25271
Analyzed
7.8
Qualcomm Snapdragon

Memory Corruption when processing asynchronous input parameters due to improper handling of modified values between check and use

2026-07-07
CVE-2026-25268
Analyzed
8.8
Qualcomm Snapdragon

Memory Corruption when processing invalid HT40 channel layouts during dynamic channel switching operations

2026-07-07