17426 Total CVEs
8726 AI Analyzed
264 CISA KEV
3526 Critical
All Vendors
Showing 6101-6150 of 17426 CVEs Page 123 of 349
CVE-2026-25253
Analyzed
8.8
OpenClaw Multiple Products

OpenClaw (aka clawdbot or Moltbot) before 2026

2026-02-02
CVE-2026-25244
Analyzed
9.8
WebdriverIO WebdriverIO

WebdriverIO versions below 9.24.0 are vulnerable to command injection via unsanitized branch names, leading to remote code execution in test orchestra...

2026-05-19
CVE-2026-25243
8.8
Redis is an

Redis is an in-memory data structure store

2026-05-07
CVE-2026-25242
Analyzed
9.8
Gogs Gogs Git Service

Gogs Git service exposes unauthenticated file upload endpoints by default, allowing remote users to upload arbitrary files and potentially exhaust dis...

2026-02-20
CVE-2026-25232
8.8
HP Multiple Products

Gogs is an open source self-hosted Git service

2026-02-20
CVE-2026-25231
7.5
Unknown Multiple Products

FileRise is a self-hosted web file manager / WebDAV server

2026-02-10
CVE-2026-25227
Analyzed
9.1
Unknown authentik

A privilege escalation vulnerability in authentik allows authenticated users with specific viewing permissions to execute arbitrary code via the prope...

2026-02-13
CVE-2026-25223
Analyzed
7.5
Unknown Multiple Products

Fastify is a fast and low overhead web framework, for Node

2026-02-04
CVE-2026-25212
Analyzed
9.9
Percona Percona Monitoring and Management (PMM)

A privilege escalation vulnerability in Percona PMM allows authenticated users with pmm-admin rights to execute arbitrary shell commands on the underl...

2026-04-03
CVE-2026-25208
8.1
Samsung Open Source

Integer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers

2026-04-13
CVE-2026-25207
7.4
Samsung Open Source

Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers

2026-04-13
CVE-2026-25205
7.4
Samsung Open Source

Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows out-of-bounds write

2026-04-13
CVE-2026-25203
7.8
Samsung MagicINFO

Samsung MagicINFO 9 Server Incorrect Default Permissions Local Privilege Escalation Vulnerability This issue affects MagicINFO 9 Server: less than 2...

2026-04-10
CVE-2026-25202
Analyzed
9.8
Samsung Multiple Products

The database account and password are hardcoded, allowing login with the account to manipulate the database in MagicInfo9 Server.This issue affects Ma...

2026-02-02
CVE-2026-25201
Analyzed
8.8
Samsung Multiple Products

An unauthenticated user can upload arbitrary files to execute remote code, leading to privilege escalation in MagicInfo9 Server

2026-02-02
CVE-2026-25200
Analyzed
9.8
Samsung Multiple Products

A vulnerability in MagicInfo9 Server allows authorized users to upload HTML files without authentication, leading to Stored XSS, which can result in a...

2026-02-02
CVE-2026-25199
Analyzed
9.1
Apache CloudStack

The Proxmox extension for Apache CloudStack allows unauthorized cross-tenant access to virtual machines due to improper validation of the proxmox_vmid...

2026-05-09
CVE-2026-25197
Analyzed
9.1
Unknown Multiple Products

A specific API endpoint in the affected software allows authenticated users to pivot to other user profiles. By modifying the ID number in API calls,...

2026-04-04
CVE-2026-25196
8
Pro Multiple Products

An OS command injection vulnerability exists in XWEB Pro version 1

2026-02-27
CVE-2026-25195
8
Pro Multiple Products

An OS command injection vulnerability exists in XWEB Pro version 1

2026-02-27
CVE-2026-25192
Analyzed
9.4
OCPP Infrastructure WebSocket Endpoint

WebSocket endpoints in OCPP-compliant charging infrastructure lack authentication, allowing unauthenticated attackers to impersonate charging stations...

2026-03-21
CVE-2026-25191
7.8
FinalCode path

The installer of FinalCode Client provided by Digital Arts Inc

2026-02-26
CVE-2026-25190
7.8
Microsoft path in

Untrusted search path in Windows GDI allows an unauthorized attacker to execute code locally

2026-03-11
CVE-2026-25189
7.8
Microsoft Multiple Products

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally

2026-03-11
CVE-2026-25188
8.8
Microsoft Multiple Products

Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to elevate privileges over an adjacent network

2026-03-11
CVE-2026-25187
7.8
Unknown Multiple Products

Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally

2026-03-11
CVE-2026-25177
8.8
Unknown Multiple Products

Improper restriction of names for files and other resources in Active Directory Domain Services allows an authorized attacker to elevate privileges ov...

2026-03-11
CVE-2026-25176
7.8
Microsoft Multiple Products

Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally

2026-03-11
CVE-2026-25175
7.8
Microsoft Multiple Products

Out-of-bounds read in Windows NTFS allows an authorized attacker to elevate privileges locally

2026-03-11
CVE-2026-25174
7.8
Microsoft Multiple Products

Out-of-bounds read in Windows Extensible File Allocation allows an authorized attacker to elevate privileges locally

2026-03-11
CVE-2026-25173
8
Microsoft Multiple Products

Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network

2026-03-11
CVE-2026-25172
8.8
Microsoft Multiple Products

Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network

2026-03-11
CVE-2026-25166
7.8
Microsoft Multiple Products

Deserialization of untrusted data in Windows System Image Manager allows an authorized attacker to execute code locally

2026-03-11
CVE-2026-25165
7.8
Microsoft Multiple Products

Null pointer dereference in Windows Performance Counters allows an authorized attacker to elevate privileges locally

2026-03-11
CVE-2026-25164
8.1
HP Multiple Products

OpenEMR is a free and open source electronic health records and medical practice management application

2026-02-26
CVE-2026-25161
Analyzed
8.8
Unknown Alist

Alist is a file list program that supports multiple storages, powered by Gin and Solidjs

2026-02-05
CVE-2026-25160
Analyzed
9.1
Alist Alist

Alist versions prior to 3.57.0 disable TLS certificate verification by default, exposing all outgoing storage driver communications to Man-in-the-Midd...

2026-02-05
CVE-2026-2516
Analyzed
7
Unknown path

A vulnerability was identified in Unidocs ezPDF DRM Reader and ezPDF Reader 2

2026-02-16
CVE-2026-25157
Analyzed
7.7
OpenClaw OpenClaw

OpenClaw is a personal AI assistant

2026-02-05
CVE-2026-25156
7.3
HotCRP Multiple Products

HotCRP is conference review software

2026-01-31
CVE-2026-25153
7.7
Unknown Multiple Products

Backstage is an open framework for building developer portals, and @backstage/plugin-techdocs-node provides common node

2026-01-31
CVE-2026-25150
Analyzed
9.3
Builder.io Qwik City

A prototype pollution vulnerability in the Qwik City middleware's formToObj() function allows unauthenticated attackers to manipulate Object.prototype...

2026-02-04
CVE-2026-25147
Analyzed
7.1
HP Multiple Products

OpenEMR is a free and open source electronic health records and medical practice management application

2026-02-28
CVE-2026-25146
Analyzed
9.6
OpenEMR OpenEMR

OpenEMR leaks gateway_api_key secrets in plaintext to the client, enabling unauthorized financial transactions and account takeovers of payment gatewa...

2026-03-04
CVE-2026-25143
Analyzed
7.8
Chainguard melange

melange allows users to build apk packages using declarative pipelines

2026-02-05
CVE-2026-25142
Analyzed
10
Docker Multiple Products

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.27, SanboxJS does not properly restrict __lookupGetter__ which can be used to obtain protot...

2026-02-03
CVE-2026-25140
Analyzed
7.5
Chainguard apko

apko allows users to build and publish OCI container images built from apk packages

2026-02-05
CVE-2026-25137
Analyzed
9.1
Unknown Multiple Products

The NixOs Odoo package is an open source ERP and CRM system. From 21.11 to before 25.11 and 26.05, every NixOS based Odoo setup publicly exposes the d...

2026-02-03
CVE-2026-25136
8.1
Unknown Multiple Products

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies

2026-02-26
CVE-2026-25131
8.8
HP endpoint

OpenEMR is a free and open source electronic health records and medical practice management application

2026-02-25