17426 Total CVEs
8726 AI Analyzed
264 CISA KEV
3526 Critical
All Vendors
Showing 6451-6500 of 17426 CVEs Page 130 of 349
CVE-2026-23837
Analyzed
9.8
Nginx Multiple Products

MyTube is a self-hosted downloader and player for several video websites. A vulnerability present in version 1.7.65 and poetntially earlier versions a...

2026-01-20
CVE-2026-23836
Analyzed
9.9
HP Multiple Products

HotCRP is conference review software. A problem introduced in April 2024 in version 3.1 led to inadequately sanitized code generation for HotCRP formu...

2026-01-20
CVE-2026-23830
Analyzed
10
Unknown Multiple Products

SandboxJS is a JavaScript sandboxing library. Versions prior to 0.8.26 have a sandbox escape vulnerability due to `AsyncFunction` not being isolated i...

2026-01-28
CVE-2026-23819
8.8
Unknown Multiple Products

A vulnerability in the web-based management interface of Access Points running AOS-10 and AOS-8 Instant could allow an unauthenticated remote attacker...

2026-05-13
CVE-2026-23818
8.8
HP Multiple Products

A vulnerability has been identified in the graphical user interface (GUI) of HPE Aruba Networking Private 5G Core On-Prem that could allow an attacker...

2026-04-08
CVE-2026-23814
8.8
Unknown Multiple Products

A vulnerability in the command parameters of a certain AOS-CX CLI command could allow a low-privilege authenticated remote attacker to inject maliciou...

2026-03-11
CVE-2026-23813
Analyzed
9.8
HP AOS-CX switches

An unauthenticated remote attacker can bypass authentication controls on AOS-CX switches, potentially allowing them to reset the administrative passwo...

2026-03-11
CVE-2026-23800
Analyzed
10
Unknown Multiple Products

Incorrect Privilege Assignment vulnerability in Modular DS modular-connector allows Privilege Escalation.This issue affects Modular DS: from 2.5.2 bef...

2026-01-17
CVE-2026-2378
7.4
Google for Android

ArcSearch for Android versions prior to 1

2026-03-22
CVE-2026-23778
7.2
Dell PowerProtect Data

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7

2026-04-18
CVE-2026-23776
7.2
Dell PowerProtect Data

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7

2026-04-18
CVE-2026-23775
7.6
Dell PowerProtect Data

Dell PowerProtect Data Domain appliances with Data Domain Operating System (DD OS) of Feature Release versions 8

2026-04-18
CVE-2026-23774
7.2
Dell PowerProtect Data

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7

2026-04-21
CVE-2026-23772
7.3
Microsoft Servers

Dell Storage Manager - Replay Manager for Microsoft Servers, version(s) 8

2026-04-17
CVE-2026-23760
KEV
9.5
SmarterTools SmarterMail

SmarterTools SmarterMail Authentication Bypass Using an Alternate Path or Channel Vulnerability - Active in CISA KEV catalog.

2026-01-27
CVE-2026-23759
7.2
Unknown Multiple Products

Perle IOLAN STS/SCS terminal server models with firmware versions prior to 6

2026-03-19
CVE-2026-23751
Analyzed
9.8
Kofax Multiple Products

Kofax Capture, now referred to as Tungsten Capture, version 6.0.0.0 (other versions may be affected) exposes a deprecated .NET Remoting HTTP channel o...

2026-04-24
CVE-2026-23750
8.1
Pouch Multiple Products

Golioth Pouch version 0

2026-02-27
CVE-2026-23744
Analyzed
9.8
Unknown Multiple Products

MCPJam inspector is the local-first development platform for MCP servers. Versions 1.4.2 and earlier are vulnerable to remote code execution (RCE) vul...

2026-01-17
CVE-2026-23742
Analyzed
8.8
Skipper Multiple Products

Skipper is an HTTP router and reverse proxy for service composition

2026-01-17
CVE-2026-23737
7.5
Unknown Multiple Products

seroval facilitates JS value stringification, including complex structures beyond JSON

2026-01-22
CVE-2026-23736
7.3
Unknown Multiple Products

seroval facilitates JS value stringification, including complex structures beyond JSON

2026-01-22
CVE-2026-23723
7.2
Unknown Multiple Products

WeGIA is a web manager for charitable institutions

2026-01-18
CVE-2026-23722
Analyzed
9.1
HP Multiple Products

WeGIA is a Web Manager for Charitable Institutions. Prior to 3.6.2, a Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the WeGIA s...

2026-01-17
CVE-2026-23720
7.8
Unknown Multiple Products

A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512)

2026-02-11
CVE-2026-23719
7.8
Unknown Multiple Products

A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512)

2026-02-11
CVE-2026-23718
7.8
Unknown Multiple Products

A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512)

2026-02-11
CVE-2026-23717
7.8
Unknown Multiple Products

A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512)

2026-02-11
CVE-2026-23716
7.8
Unknown Multiple Products

A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512)

2026-02-11
CVE-2026-23715
7.8
Unknown Multiple Products

A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512)

2026-02-11
CVE-2026-23703
7.8
FinalCode Multiple Products

The installer of FinalCode Client provided by Digital Arts Inc

2026-02-26
CVE-2026-23702
8
Pro Multiple Products

An OS command injection vulnerability exists in XWEB Pro version 1

2026-02-27
CVE-2026-2370
8.1
GitLab has remediated

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14

2026-03-30
CVE-2026-23699
7.2
Unknown Multiple Products

AP180 series with firmware versions prior to AP_RGOS 11

2026-01-22
CVE-2026-23696
Analyzed
9.9
Unknown Multiple Products

Windmill CE and EE versions 1.276.0 through 1.603.2 contain an SQL injection vulnerability in the folder ownership management functionality that allow...

2026-04-08
CVE-2026-23693
Analyzed
10
WordPress plugin versions

The ElementsKit Lite plugin for WordPress exposes a REST endpoint without authentication, allowing unauthenticated attackers to use the site as an ope...

2026-02-24
CVE-2026-23689
Analyzed
7.7
SAP SAP NetWeaver

Due to an uncontrolled resource consumption (Denial of Service) vulnerability, an authenticated attacker with regular user privileges and network acce...

2026-02-10
CVE-2026-23687
Analyzed
8.8
SAP NetWeaver Application

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and s...

2026-02-10
CVE-2026-23678
8.8
Unknown Multiple Products

Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior contain a command injection vulnerability in the traceroute diagnostic...

2026-02-25
CVE-2026-23673
7.8
Microsoft Multiple Products

Out-of-bounds read in Windows Resilient File System (ReFS) allows an authorized attacker to elevate privileges locally

2026-03-11
CVE-2026-23672
7.8
Microsoft Multiple Products

Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability

2026-03-11
CVE-2026-23669
8.8
Microsoft Multiple Products

Use after free in Windows Print Spooler Components allows an authorized attacker to execute code over a network

2026-03-11
CVE-2026-23665
7.8
Microsoft Virtual Machines

Heap-based buffer overflow in Azure Linux Virtual Machines allows an authorized attacker to elevate privileges locally

2026-03-11
CVE-2026-23660
7.8
Microsoft Portal Windows

Improper access control in Azure Portal Windows Admin Center allows an authorized attacker to elevate privileges locally

2026-03-11
CVE-2026-23659
8.6
Microsoft Data Factory

Exposure of sensitive information to an unauthorized actor in Azure Data Factory allows an unauthorized attacker to disclose information over a networ...

2026-03-20
CVE-2026-23658
8.6
Microsoft DevOps allows

Insufficiently protected credentials in Azure DevOps allows an unauthorized attacker to elevate privileges over a network

2026-03-20
CVE-2026-23657
7.8
Microsoft Office Word

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally

2026-04-15
CVE-2026-23654
8.8
GitHub Repo

Dependency on vulnerable third-party component in GitHub Repo: zero-shot-scfoundation allows an unauthorized attacker to execute code over a network

2026-03-11
CVE-2026-2365
7.2
WordPress is vulnerable

The Fluent Forms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `fluentform_step_form_save_data` AJAX action in all ver...

2026-03-05
CVE-2026-23648
7.8
Glory Multiple Products

Glory RBG-100 recycler systems using the ISPK-08 software component contain multiple system binaries with overly permissive file permissions

2026-02-18