17426 Total CVEs
8726 AI Analyzed
264 CISA KEV
3526 Critical
All Vendors
Showing 6601-6650 of 17426 CVEs Page 133 of 349
CVE-2026-22733
8.2
Spring Multiple Products

Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires authen...

2026-03-20
CVE-2026-22732
Analyzed
9.1
Spring Spring Security

Spring Security may fail to write HTTP response headers in certain servlet applications. This failure can bypass critical security protections like HS...

2026-03-20
CVE-2026-22731
8.2
Spring Multiple Products

Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires authen...

2026-03-20
CVE-2026-22730
8.8
Spring Multiple Products

A critical SQL injection vulnerability in Spring AI's MariaDBFilterExpressionConverter allows attackers to bypass metadata-based access controls and e...

2026-03-18
CVE-2026-22729
8.6
Spring Multiple Products

A JSONPath injection vulnerability in Spring AI's AbstractFilterExpressionConverter allows authenticated users to bypass metadata-based access control...

2026-03-18
CVE-2026-22727
7.5
Capi Multiple Products

Unprotected internal endpoints in Cloud Foundry Capi Release 1

2026-03-19
CVE-2026-22720
8
VMware Aria Operations

VMware Aria Operations contains a stored cross-site scripting vulnerability

2026-02-26
CVE-2026-22719
KEV Analyzed
8.1
VMware Aria Operations

VMware Aria Operations contains a command injection vulnerability

2026-02-26
CVE-2026-22709
Analyzed
9.8
Docker Multiple Products

vm2 is an open source vm/sandbox for Node.js. In vm2 prior to version 3.10.2, `Promise.prototype.then` `Promise.prototype.catch` callback sanitization...

2026-01-27
CVE-2026-22704
Analyzed
8
HP Multiple Products

HAX CMS helps manage microsite universe with PHP or NodeJs backends

2026-01-10
CVE-2026-22700
7.5
Unknown Multiple Products

RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography (ECC) support, including types and traits for representing various elliptic...

2026-01-10
CVE-2026-22699
7.5
Unknown Multiple Products

RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography (ECC) support, including types and traits for representing various elliptic...

2026-01-10
CVE-2026-22697
Analyzed
7.5
CryptoLib Multiple Products

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications...

2026-01-10
CVE-2026-2269
7.2
WordPress is vulnerable

The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Server-Side Request For...

2026-03-03
CVE-2026-22688
Analyzed
9.9
Unknown Multiple Products

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, there is a command inject...

2026-01-10
CVE-2026-22687
8.1
WeKnora Multiple Products

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval

2026-01-10
CVE-2026-22686
Analyzed
10
Unknown Multiple Products

Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.7.0, there is a critical sandbox escape vulnerability in...

2026-01-14
CVE-2026-22685
Analyzed
8.8
DevToys Multiple Products

DevToys is a desktop app for developers

2026-01-10
CVE-2026-22683
8.8
Windmill Multiple Products

Windmill versions 1

2026-04-08
CVE-2026-22679
Analyzed
9.8
Arch Multiple Products

Weaver (Fanwei) E-cology 10.0 versions prior to 20260312 contain an unauthenticated remote code execution vulnerability in the /papi/esearch/data/devo...

2026-04-08
CVE-2026-22676
7.8
Unknown Multiple Products

Barracuda RMM versions prior to 2025

2026-04-17
CVE-2026-22665
Analyzed
8.1
Canon prompts

prompts

2026-04-04
CVE-2026-22664
Analyzed
7.7
Fal Multiple Products

prompts

2026-04-04
CVE-2026-22663
Analyzed
7.5
Unknown prompts (npm package)

prompts

2026-04-04
CVE-2026-22661
Analyzed
8.1
Arch prompts

prompts

2026-04-04
CVE-2026-22643
8.3
Unknown Multiple Products

In Grafana, an excessively long dashboard title or panel name will cause Chromium browsers to become unresponsive due to Improper Input Validation vul...

2026-01-16
CVE-2026-22638
8.3
Unknown Multiple Products

A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect

2026-01-16
CVE-2026-22627
8.8
Fortinet FortiSwitchAXFixed

A buffer copy without checking size of input ('classic buffer overflow') vulnerability in Fortinet FortiSwitchAXFixed 1

2026-03-11
CVE-2026-22623
7.2
Unknown Multiple Products

Due to insufficient input parameter validation on the interface, authenticated users of certain HIKSEMI NAS products can execute arbitrary commands on...

2026-01-31
CVE-2026-2262
7.5
WordPress is vulnerable

The Easy Appointments plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3

2026-04-18
CVE-2026-22619
Analyzed
7.8
Intel Intelligent Power Protector (IPP)

Eaton Intelligent Power Protector (IPP) is affected by insecure library loading in its executable, which could lead to arbitrary code execution by an...

2026-04-17
CVE-2026-22600
Analyzed
9.1
Unknown Multiple Products

OpenProject is an open-source, web-based project management software. A Local File Read (LFR) vulnerability exists in the work package PDF export func...

2026-01-10
CVE-2026-2260
7.2
D-Link DCS

A vulnerability was found in D-Link DCS-931L up to 1

2026-02-10
CVE-2026-22595
8.1
Ghost Multiple Products

Ghost is a Node

2026-01-10
CVE-2026-22594
8.1
Ghost Multiple Products

Ghost is a Node

2026-01-10
CVE-2026-22593
8.4
Unknown Multiple Products

EVerest is an EV charging software stack

2026-03-27
CVE-2026-22589
Analyzed
7.5
Spree Multiple Products

Spree is an open source e-commerce solution built with Ruby on Rails

2026-01-10
CVE-2026-22567
7.6
Unknown Multiple Products

Improper validation of user-supplied input in the ZIA Admin UI could allow an authenticated administrator to initiate backend functions through specif...

2026-02-24
CVE-2026-22566
7.5
Unknown Multiple Products

An Improper Access Control vulnerability could allow a malicious actor with access to the UniFi Play network to obtain UniFi Play WiFi credentials

2026-04-14
CVE-2026-22564
Analyzed
9.8
Unknown Multiple Products

An Improper Access Control vulnerability could allow a malicious actor with access to the UniFi Play network to enable SSH to make unauthorized change...

2026-04-14
CVE-2026-22563
Analyzed
9.8
Unknown Multiple Products

A series of Improper Input Validation vulnerabilities could allow a Command Injection by a malicious actor with access to the UniFi Play network. Af...

2026-04-14
CVE-2026-22562
Analyzed
9.8
Unknown Multiple Products

A malicious actor with access to the UniFi Play network could exploit a Path Traversal vulnerability found in the device firmware to write files on th...

2026-04-14
CVE-2026-22559
8.8
Network Multiple Products

An Improper Input Validation vulnerability in UniFi Network Server may allow unauthorized access to an account if the account owner is socially engine...

2026-03-25
CVE-2026-22558
7.7
Unknown Multiple Products

An Authenticated NoSQL Injection vulnerability found in UniFi Network Application could allow a malicious actor with authenticated access to the netwo...

2026-03-20
CVE-2026-22557
Analyzed
10
Ubiquiti UniFi Network Application

A path traversal vulnerability in UniFi Network Application allows network-based attackers to access and manipulate sensitive system files. This can l...

2026-03-20
CVE-2026-22555
Analyzed
8.1
Intel Gitea Open Source Git Server

Gitea versions before 1

2026-07-04
CVE-2026-22554
Analyzed
7.8
Unknown Multiple Products

MediaArea MediaInfoLib Channel Splitting heap-based buffer overflow vulnerability

2026-05-21
CVE-2026-22553
Analyzed
9.8
All MasterSCADA BUK-TS

All versions of InSAT MasterSCADA BUK-TS are vulnerable to OS command injection via the MMadmServ web interface, leading to remote code execution (RCE...

2026-02-25
CVE-2026-22552
Analyzed
9.4
Unknown WebSocket Endpoints

OCPP WebSocket endpoints lack authentication, allowing unauthenticated attackers to impersonate charging stations. This enables unauthorized control o...

2026-03-06
CVE-2026-22550
Analyzed
7.2
Unknown Multiple Products

OS command injection vulnerability exists in WRC-X1500GS-B and WRC-X1500GSA-B

2026-02-03