17426 Total CVEs
8726 AI Analyzed
264 CISA KEV
3526 Critical
All Vendors
Showing 6551-6600 of 17426 CVEs Page 132 of 349
CVE-2026-22924
Analyzed
9.1
Unknown Multiple Products

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V5.0). The affected application does not properly restrict unauthenticated conn...

2026-05-13
CVE-2026-22923
7.8
Unknown Multiple Products

A vulnerability has been identified in NX (All versions < V2512)

2026-02-11
CVE-2026-22910
7.5
Unknown Multiple Products

The device is deployed with weak and publicly known default passwords for certain hidden user levels, increasing the risk of unauthorized access

2026-01-16
CVE-2026-22909
7.5
Unknown Multiple Products

Certain system functions may be accessed without proper authorization, allowing attackers to start, stop, or delete installed applications, potentiall...

2026-01-16
CVE-2026-22908
Analyzed
9.1
Unknown Multiple Products

Uploading unvalidated container images may allow remote attackers to gain full access to the system, potentially compromising its integrity and confid...

2026-01-16
CVE-2026-22907
Analyzed
9.9
Unknown Multiple Products

An attacker may gain unauthorized access to the host filesystem, potentially allowing them to read and modify system data.

2026-01-16
CVE-2026-22906
Analyzed
9.8
Unknown Unspecified Product (Configuration Management)

User credentials are stored using weak AES-ECB encryption with a hardcoded key, allowing unauthenticated attackers to recover plaintext passwords.

2026-02-09
CVE-2026-22905
Analyzed
7.5
Unknown Unspecified Product (Web Interface)

An unauthenticated remote attacker can bypass authentication by exploiting insufficient URI validation and using path traversal sequences (e

2026-02-09
CVE-2026-22904
Analyzed
9.8
Unknown Unspecified Product (Cookie Parsing Component)

Improper length handling of cookie fields, including TRACKID, allows unauthenticated remote attackers to trigger a stack buffer overflow and execute a...

2026-02-09
CVE-2026-22903
Analyzed
9.8
Unknown lighttpd Server (Modified)

A stack buffer overflow in modified lighttpd servers allows unauthenticated remote code execution via a crafted SESSIONID cookie.

2026-02-09
CVE-2026-22891
Analyzed
9.8
Unknown libbiosig

A heap-based buffer overflow in libbiosig's Intan CLP parsing allows for arbitrary code execution via a specially crafted file. This critical flaw ste...

2026-03-04
CVE-2026-22886
Analyzed
9.8
OpenMQ imqbrokerd

OpenMQ's imqbrokerd service uses a default administrative account (admin/admin) and fails to enforce password changes, allowing remote attackers full...

2026-03-04
CVE-2026-22879
Analyzed
8.1
VTK vtk-dicom

vtk vtk-dicom vtkDICOMItem::NewDataElement heap-based buffer overflow vulnerability

2026-06-27
CVE-2026-22874
Analyzed
9.6
Gitea Gitea Open Source Git Server

Gitea versions up to 1.26.2 contain a vulnerability involving incomplete SSRF protection within the webhook and migration allow-list filtering mechani...

2026-07-04
CVE-2026-22867
8.7
LaSuite Multiple Products

LaSuite Doc is a collaborative note taking, wiki and documentation platform

2026-01-16
CVE-2026-22864
Analyzed
8.1
Intel Multiple Products

Deno is a JavaScript, TypeScript, and WebAssembly runtime

2026-01-16
CVE-2026-22861
8.8
Unknown Multiple Products

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) col...

2026-01-14
CVE-2026-22860
7.5
Unknown Multiple Products

Rack is a modular Ruby web server interface

2026-02-19
CVE-2026-22850
Analyzed
8.3
WordPress Multiple Products

Koko Analytics is an open-source analytics plugin for WordPress

2026-01-20
CVE-2026-22844
Analyzed
9.9
Zoom Multiple Products

A Command Injection vulnerability in Zoom Node Multimedia Routers (MMRs) before version 5.2.1716.0 may allow a meeting participant to conduct remote c...

2026-01-21
CVE-2026-22828
8.1
Fortinet FortiAnalyzer Cloud

A heap-based buffer overflow vulnerability in Fortinet FortiAnalyzer Cloud 7

2026-04-15
CVE-2026-22818
Analyzed
8.2
Intel Multiple Products

Hono is a Web application framework that provides support for any JavaScript runtime

2026-01-14
CVE-2026-22817
Analyzed
8.2
Intel Multiple Products

Hono is a Web application framework that provides support for any JavaScript runtime

2026-01-14
CVE-2026-22812
Analyzed
8.8
Intel Multiple Products

OpenCode is an open source AI coding agent

2026-01-13
CVE-2026-22810
Analyzed
8.2
Unknown Multiple Products

Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks

2026-05-19
CVE-2026-22807
8.8
Unknown Multiple Products

vLLM is an inference and serving engine for large language models (LLMs)

2026-01-22
CVE-2026-22806
Analyzed
9.1
Kubernetes Multiple Products

vCluster Platform provides a Kubernetes platform for managing virtual clusters, multi-tenancy, and cluster sharing. Prior to versions 4.6.0, 4.5.4, 4....

2026-01-30
CVE-2026-22804
Analyzed
8
Unknown Multiple Products

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities

2026-01-13
CVE-2026-22797
Analyzed
9.9
Unknown Multiple Products

An issue was discovered in OpenStack keystonemiddleware 10.5 through 10.7 before 10.7.2, 10.8 and 10.9 before 10.9.1, and 10.10 through 10.12 before 1...

2026-01-20
CVE-2026-22794
Analyzed
9.6
Unknown Multiple Products

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.93, the server uses the Origin value from the request headers...

2026-01-13
CVE-2026-22793
Analyzed
9.6
Intel Multiple Products

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe option parsin...

2026-01-22
CVE-2026-22792
Analyzed
9.6
Intel Multiple Products

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe HTML renderin...

2026-01-22
CVE-2026-22790
8.8
Unknown Multiple Products

EVerest is an EV charging software stack

2026-03-27
CVE-2026-2279
7.2
WordPress is vulnerable

The myLinksDump plugin for WordPress is vulnerable to SQL Injection via the 'sort_by' and 'sort_order' parameters in all versions up to, and including...

2026-03-22
CVE-2026-22788
8.2
Unknown Multiple Products

WebErpMesv2 is a Resource Management and Manufacturing execution system Web for industry

2026-01-13
CVE-2026-22783
Analyzed
9.6
Unknown Multiple Products

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to 2.4.24, the DFIR-IRIS data...

2026-01-13
CVE-2026-22778
Analyzed
9.8
Unknown Multiple Products

vLLM is an inference and serving engine for large language models (LLMs). From 0.8.3 to before 0.14.1, when an invalid image is sent to vLLM's multimo...

2026-02-03
CVE-2026-22777
7.5
Unknown Multiple Products

ComfyUI-Manager is an extension designed to enhance the usability of ComfyUI

2026-01-10
CVE-2026-22775
Analyzed
7.5
Svelte Multiple Products

Svelte devalue is a JavaScript library that serializes values into strings when JSON

2026-01-16
CVE-2026-22774
Analyzed
7.5
Svelte Multiple Products

Svelte devalue is a JavaScript library that serializes values into strings when JSON

2026-01-16
CVE-2026-22771
Analyzed
8.8
Kubernetes Multiple Products

Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway

2026-01-13
CVE-2026-22769
KEV Analyzed
10
Dell RecoverPoint for

Dell RecoverPoint for Virtual Machines contains hardcoded credentials that allow unauthenticated remote attackers to gain root-level access and establ...

2026-02-18
CVE-2026-22766
7.2
Dell Wyse Management

Dell Wyse Management Suite, versions prior to WMS 5

2026-02-25
CVE-2026-22765
8.8
Dell Wyse Management

Dell Wyse Management Suite, versions prior to WMS 5

2026-02-25
CVE-2026-22753
7.5
HP Multiple Products

Vulnerability in Spring Spring Security

2026-04-23
CVE-2026-22750
7.5
Cloud Multiple Products

When configuring SSL bundles in Spring Cloud Gateway by using the configuration property spring

2026-04-11
CVE-2026-22742
8.6
BedrockProxyChatModel Multiple Products

Spring AI's spring-ai-bedrock-converse contains a Server-Side Request Forgery (SSRF) vulnerability in BedrockProxyChatModel when processing multimodal...

2026-03-27
CVE-2026-22739
8.6
Config directories

Vulnerability in Spring Cloud when substituting the profile parameter from a request made to the Spring Cloud Config Server configured to the native f...

2026-03-24
CVE-2026-22738
Analyzed
9.8
Spring Spring AI

Spring AI versions prior to 1.0.5 and 1.1.4 are vulnerable to SpEL injection in SimpleVectorStore when user-supplied input is used as a filter express...

2026-03-27
CVE-2026-22734
8.6
Cloud Multiple Products

Cloud Foundry UUA is vulnerable to a bypass that allows an attacker to obtain a token for any user and gain access to UAA-protected systems

2026-04-17