17426 Total CVEs
8726 AI Analyzed
264 CISA KEV
3526 Critical
All Vendors
Showing 6301-6350 of 17426 CVEs Page 127 of 349
CVE-2026-2446
Analyzed
9.8
WordPress plugin before

The PowerPack for LearnDash WordPress plugin before 1.3.0 lacks authorization and CSRF checks in an AJAX action, allowing unauthenticated users to cre...

2026-03-07
CVE-2026-24458
7.5
Mattermost Multiple Products

Mattermost versions 11

2026-03-17
CVE-2026-24455
Analyzed
7.5
Unknown Multiple Products

The embedded web interface of the device does not support HTTPS/TLS for authentication and uses HTTP Basic Authentication

2026-02-21
CVE-2026-24452
8
Pro Multiple Products

An OS command injection vulnerability exists in XWEB Pro version 1

2026-02-27
CVE-2026-24451
Analyzed
9.1
Intel Gitea Open Source Git Server

A vulnerability in Gitea 1.26.2 allows unauthorized data access by failing to terminate fork synchronization when a parent repository transitions from...

2026-07-07
CVE-2026-24450
8.1
LibRaw Multiple Products

An integer overflow vulnerability exists in the uncompressed_fp_dng_load_raw functionality of LibRaw Commit 8dc68e2

2026-04-08
CVE-2026-24448
Analyzed
9.8
Mitsubishi Electric MR-GM Series Routers (MR-GM5L-S1, MR-GM5A-L1)

The use of hard-coded credentials in Mitsubishi Electric MR-GM series routers allows attackers to gain unauthorized administrative access to the devic...

2026-03-11
CVE-2026-24445
7.5
Unknown Multiple Products

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests

2026-02-27
CVE-2026-24444
Analyzed
9.8
HP Multiple Products

SDMC NE6037 cable modem routers running firmware 7.1.6.0.25 and 7.1.6.1.9_B9 contain a hardcoded password vulnerability in the web management interfac...

2026-05-29
CVE-2026-24443
8.8
Unknown Multiple Products

EventSentry versions prior to 6

2026-02-26
CVE-2026-24425
Analyzed
8.8
HP callables to

Twig versions 2

2026-05-21
CVE-2026-24423
KEV
9.5
SmarterTools SmarterMail

SmarterTools SmarterMail Missing Authentication for Critical Function Vulnerability - Active in CISA KEV catalog.

2026-02-06
CVE-2026-24412
8.8
Unknown Multiple Products

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles

2026-01-24
CVE-2026-24411
7.1
Unknown Multiple Products

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles

2026-01-25
CVE-2026-24410
7.1
Unknown Multiple Products

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles

2026-01-25
CVE-2026-2441
KEV Analyzed
8.8
Google Chrome prior

Use after free in CSS in Google Chrome prior to 145

2026-02-14
CVE-2026-24409
7.1
Unknown Multiple Products

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles

2026-01-25
CVE-2026-24407
7.1
Unknown Multiple Products

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles

2026-01-25
CVE-2026-24406
8.8
Unknown Multiple Products

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles

2026-01-24
CVE-2026-24405
8.8
Unknown Multiple Products

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles

2026-01-24
CVE-2026-24404
7.1
Unknown Multiple Products

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles

2026-01-25
CVE-2026-24403
7.1
Unknown Multiple Products

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles

2026-01-25
CVE-2026-2440
7.2
WordPress is vulnerable

The SurveyJS plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2

2026-03-22
CVE-2026-24399
Analyzed
9.3
Unknown Multiple Products

ChatterMate is a no-code AI chatbot agent framework. In versions 1.0.8 and below, the chatbot accepts and executes malicious HTML/JavaScript payloads...

2026-01-24
CVE-2026-24367
8.8
Unknown Multiple Products

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shinetheme Traveler traveler allows Blind SQL In...

2026-01-24
CVE-2026-24359
8.8
Dokan Multiple Products

Authentication Bypass Using an Alternate Path or Channel vulnerability in Dokan, Inc

2026-03-27
CVE-2026-24352
Analyzed
9.8
PluXml PluXml CMS

PluXml CMS is vulnerable to session fixation, allowing unauthenticated attackers to pre-set a victim's session ID and hijack the session after the vic...

2026-02-28
CVE-2026-24343
8.8
Apache HertzBeat

Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in Apache HertzBeat

2026-02-11
CVE-2026-24322
Analyzed
7.7
SAP Solution Tools

SAP Solution Tools Plug-In (ST-PI) contains a function module that does not perform the necessary authorization checks for authenticated users, allowi...

2026-02-10
CVE-2026-24307
Analyzed
9.3
Unknown Multiple Products

Improper validation of specified type of input in M365 Copilot allows an unauthorized attacker to disclose information over a network.

2026-01-23
CVE-2026-24306
Analyzed
9.8
Microsoft Multiple Products

Improper access control in Azure Front Door (AFD) allows an unauthorized attacker to elevate privileges over a network.

2026-01-23
CVE-2026-24305
Analyzed
9.3
Microsoft Multiple Products

Azure Entra ID Elevation of Privilege Vulnerability

2026-01-23
CVE-2026-24304
Analyzed
9.9
Microsoft Multiple Products

Improper access control in Azure Resource Manager allows an authorized attacker to elevate privileges over a network.

2026-01-23
CVE-2026-24303
Analyzed
9.6
Microsoft Partner Center

Improper access control in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network.

2026-04-24
CVE-2026-24302
Analyzed
8.6
Microsoft Arc Elevation

Azure Arc Elevation of Privilege Vulnerability

2026-02-06
CVE-2026-24300
Analyzed
9.8
Microsoft Front Door

A critical elevation of privilege vulnerability in Azure Front Door allows attackers to gain unauthorized access levels. Successful exploitation could...

2026-02-06
CVE-2026-24294
7.8
Microsoft Multiple Products

Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally

2026-03-11
CVE-2026-24293
7.8
Microsoft Multiple Products

Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally

2026-03-11
CVE-2026-24292
7.8
Unknown Multiple Products

Use after free in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally

2026-03-11
CVE-2026-24291
7.8
Microsoft Multiple Products

Incorrect permission assignment for critical resource in Windows Accessibility Infrastructure (ATBroker

2026-03-11
CVE-2026-24290
7.8
Microsoft Multiple Products

Improper access control in Windows Projected File System allows an authorized attacker to elevate privileges locally

2026-03-11
CVE-2026-24289
7.8
Microsoft Multiple Products

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally

2026-03-11
CVE-2026-24287
7.8
Microsoft Multiple Products

External control of file name or path in Windows Kernel allows an authorized attacker to elevate privileges locally

2026-03-11
CVE-2026-24283
8.8
Microsoft Multiple Products

Heap-based buffer overflow in Windows File Server allows an authorized attacker to elevate privileges locally

2026-03-11
CVE-2026-2428
7.5
WordPress is vulnerable

The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in all versions up to, and inclu...

2026-02-27
CVE-2026-24270
Analyzed
9.8
NVIDIA AIStore framework

The NVIDIA AIStore framework contains an authentication bypass vulnerability that could lead to unauthorized access, privilege escalation, and data ta...

2026-07-02
CVE-2026-24260
Analyzed
8.5
NVIDIA Container Toolkit

NVIDIA Container Toolkit for Linux contains a vulnerability where an attacker could cause a time-of-check time-of-use race condition

2026-07-02
CVE-2026-24222
8.6
NVIDIA NeMoClaw contains

NVIDIA NeMoClaw contains a vulnerability in the sandbox environment initialization component, where a remote attacker could cause improper access cont...

2026-04-29
CVE-2026-24218
Analyzed
8.1
NVIDIA DGX OS

NVIDIA DGX OS contains a vulnerability in the factory provisioning process, where the cloning of a base image causes identical SSH host keys to be de...

2026-05-21
CVE-2026-24217
Analyzed
8.8
NVIDIA contains

NVIDIA BioNeMo Core for Linux contains a vulnerability where a user could cause a path traversal by loading a malicious file

2026-05-21