17426 Total CVEs
8726 AI Analyzed
264 CISA KEV
3526 Critical
All Vendors
Showing 6151-6200 of 17426 CVEs Page 124 of 349
CVE-2026-25130
Analyzed
9.6
F5 Multiple Products

Cybersecurity AI (CAI) is a framework for AI Security. In versions up to and including 0.5.10, the CAI (Cybersecurity AI) framework contains multiple...

2026-01-31
CVE-2026-25128
7.5
Unknown Multiple Products

fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback

2026-01-31
CVE-2026-25126
7.1
PolarLearn Multiple Products

PolarLearn is a free and open-source learning program

2026-01-30
CVE-2026-25121
Analyzed
7.5
Chainguard apko

apko allows users to build and publish OCI container images built from apk packages

2026-02-05
CVE-2026-25116
7.6
Runtipi Multiple Products

Runtipi is a personal homeserver orchestrator

2026-01-30
CVE-2026-25114
7.5
Unknown Multiple Products

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests

2026-02-27
CVE-2026-25113
7.5
Unknown Multiple Products

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests

2026-02-27
CVE-2026-25111
8
Pro Multiple Products

An OS command injection vulnerability exists in XWEB Pro version 1

2026-02-27
CVE-2026-2511
7.5
WordPress is vulnerable

The JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress is vulnerable to SQL Injection via the `multiformid` parameter in the `s...

2026-03-28
CVE-2026-25109
8
Pro Multiple Products

An OS command injection vulnerability exists in XWEB Pro version 1

2026-02-27
CVE-2026-25108
KEV Analyzed
8.8
Unknown Multiple Products

FileZen contains an OS command injection vulnerability

2026-02-13
CVE-2026-25105
8
Pro Multiple Products

An OS command injection vulnerability exists in XWEB Pro version 1

2026-02-27
CVE-2026-25089
Analyzed
9.8
Fortinet FortiSandbox

An OS command injection vulnerability in FortiSandbox allows unauthenticated attackers to execute unauthorized commands via specifically crafted HTTP...

2026-06-10
CVE-2026-25087
7
Apache Arrow

Use After Free vulnerability in Apache Arrow C++

2026-02-18
CVE-2026-25086
7.7
Under Multiple Products

Under certain conditions, an attacker could bind to the same port used by WebCTRL

2026-03-21
CVE-2026-25085
8.6
Pro Multiple Products

A vulnerability exists in Copeland XWEB Pro version 1

2026-02-27
CVE-2026-25084
Analyzed
9.8
ZLAN ZLAN5143D

The ZLAN5143D device is vulnerable to authentication bypass, allowing attackers to access internal URLs directly and gain unauthorized administrative...

2026-02-12
CVE-2026-25083
8.3
Unknown Multiple Products

GROWI OpenAI thread/message API endpoints do not perform authorization

2026-03-17
CVE-2026-25076
7.3
Unknown Multiple Products

Anchore Enterprise versions before 5

2026-03-15
CVE-2026-25075
7.5
Unknown Multiple Products

strongSwan versions 4

2026-03-24
CVE-2026-2507
7.5
Unknown Multiple Products

When BIG-IP AFM or BIG-IP DDoS is provisioned, undisclosed traffic can cause TMM to terminate

2026-02-19
CVE-2026-25060
Analyzed
8.1
OpenList Multiple Products

OpenList Frontend is a UI component for OpenList

2026-02-03
CVE-2026-25059
Analyzed
8.8
OpenList Multiple Products

OpenList Frontend is a UI component for OpenList

2026-02-03
CVE-2026-25058
7.5
Unknown Multiple Products

Vexa is an open-source, self-hostable meeting bot API and meeting transcription API

2026-04-21
CVE-2026-25057
Analyzed
9.1
MarkUs MarkUs

MarkUs versions before 2.9.1 allow instructors to perform path traversal via malicious zip file uploads, enabling arbitrary file writes to the server...

2026-02-10
CVE-2026-25056
8.8
Merge Multiple Products

n8n is an open source workflow automation platform

2026-02-06
CVE-2026-25055
8.1
Unknown Multiple Products

n8n is an open source workflow automation platform

2026-02-06
CVE-2026-25037
8
Pro Multiple Products

An OS command injection vulnerability exists in XWEB Pro version 1

2026-02-27
CVE-2026-25027
Analyzed
7.5
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Unicamp unicamp all...

2026-02-05
CVE-2026-25022
Analyzed
8.5
Iqonic Design Multiple Products

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Iqonic Design KiviCare kivicare-clinic-managemen...

2026-02-04
CVE-2026-25007
8.5
Element Invader Multiple Products

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Element Invader ElementInvader Addons for Elemen...

2026-03-27
CVE-2026-25001
8.5
Unknown Multiple Products

Improper Control of Generation of Code ('Code Injection') vulnerability in Saad Iqbal Post Snippets post-snippets allows Remote Code Inclusion

2026-03-26
CVE-2026-24981
8.8
NooTheme Visionary Multiple Products

Deserialization of Untrusted Data vulnerability in NooTheme Visionary Core noo-visionary-core allows Object Injection

2026-03-27
CVE-2026-24978
8.8
NooTheme Jobica Core Multiple Products

Deserialization of Untrusted Data vulnerability in NooTheme Jobica Core jobica-core allows Object Injection

2026-03-27
CVE-2026-24977
8.5
NooTheme Organici Multiple Products

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NooTheme Organici Library noo-organici-library a...

2026-03-27
CVE-2026-24976
8.8
NooTheme Organici Multiple Products

Deserialization of Untrusted Data vulnerability in NooTheme Organici Library noo-organici-library allows Object Injection

2026-03-27
CVE-2026-24974
8.8
NooTheme CitiLights Multiple Products

Deserialization of Untrusted Data vulnerability in NooTheme CitiLights noo-citilights allows Object Injection

2026-03-27
CVE-2026-24959
8.5
JoomSky JS Help Desk Multiple Products

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoomSky JS Help Desk js-support-ticket allows Bl...

2026-02-21
CVE-2026-24954
Analyzed
8.8
Unknown Multiple Products

Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Object Injection

2026-02-04
CVE-2026-24950
7.5
Unknown Multiple Products

Authorization Bypass Through User-Controlled Key vulnerability in themeplugs Authorsy authorsy allows Exploiting Incorrectly Configured Access Control...

2026-02-21
CVE-2026-2495
7.5
WordPress is vulnerable

The WPNakama – Team and multi-Client Collaboration, Editorial and Project Management plugin for WordPress is vulnerable to SQL Injection via the 'orde...

2026-02-18
CVE-2026-24941
7.5
Job Multiple Products

Missing Authorization vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels

2026-02-21
CVE-2026-24930
8.4
Unknown Multiple Products

UAF concurrency vulnerability in the graphics module

2026-02-06
CVE-2026-2493
7.5
Infor Multiple Products

IceWarp collaboration Directory Traversal Information Disclosure Vulnerability

2026-03-17
CVE-2026-24926
8.4
Unknown Multiple Products

Out-of-bounds write vulnerability in the camera module

2026-02-06
CVE-2026-24925
7.3
Unknown Multiple Products

Heap-based buffer overflow vulnerability in the image module

2026-02-06
CVE-2026-24913
8.8
MATCHA Multiple Products

SQL Injection vulnerability exists in MATCHA INVOICE 2

2026-04-08
CVE-2026-24908
Analyzed
9.9
Infor OpenEMR

An SQL injection vulnerability in the OpenEMR Patient REST API allows authenticated users to execute arbitrary queries and access protected health inf...

2026-02-26
CVE-2026-24902
Analyzed
7.1
Unknown Multiple Products

TrustTunnel is an open-source VPN protocol with a server-side request forgery and and private network restriction bypass in versions prior to 0

2026-01-30
CVE-2026-24901
8.1
Infor Multiple Products

Outline is a service that allows for collaborative documentation

2026-03-18