17426 Total CVEs
8726 AI Analyzed
264 CISA KEV
3526 Critical
All Vendors
Showing 7001-7050 of 17426 CVEs Page 141 of 349
CVE-2026-2097
8.8
Unknown Multiple Products

Agentflow developed by Flowring has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute web shell ba...

2026-02-10
CVE-2026-20967
8.8
Operations Multiple Products

Improper input validation in System Center Operations Manager allows an authorized attacker to elevate privileges over a network

2026-03-11
CVE-2026-20963
KEV Analyzed
8.8
Microsoft Multiple Products

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network

2026-01-14
CVE-2026-20960
Analyzed
8
Microsoft Multiple Products

Improper authorization in Microsoft Power Apps allows an authorized attacker to execute code over a network

2026-01-17
CVE-2026-2096
Analyzed
9.8
Agentflow Agentflow

Agentflow by Flowring contains a missing authentication vulnerability, allowing unauthenticated remote attackers to read, modify, or delete database c...

2026-02-10
CVE-2026-20953
Analyzed
8.4
Microsoft Multiple Products

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally

2026-01-14
CVE-2026-20952
Analyzed
8.4
Microsoft Multiple Products

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally

2026-01-14
CVE-2026-2095
Analyzed
9.8
Agentflow Agentflow

Agentflow by Flowring suffers from an authentication bypass vulnerability, allowing unauthenticated attackers to obtain arbitrary user tokens and impe...

2026-02-10
CVE-2026-20947
Analyzed
8.8
Microsoft Multiple Products

Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to e...

2026-01-14
CVE-2026-20944
Analyzed
8.4
Microsoft Multiple Products

Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to execute code locally

2026-01-14
CVE-2026-2094
8.8
Docpedia Multiple Products

Docpedia developed by Flowring has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, mo...

2026-02-10
CVE-2026-20931
8
Microsoft Multiple Products

External control of file name or path in Windows Telephony Service allows an authorized attacker to elevate privileges over an adjacent network

2026-01-14
CVE-2026-20930
7.8
Microsoft Multiple Products

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attack...

2026-04-15
CVE-2026-2093
7.5
Docpedia Multiple Products

Docpedia developed by Flowring has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read d...

2026-02-10
CVE-2026-2092
7.7
Infor Multiple Products

A flaw was found in Keycloak

2026-03-18
CVE-2026-20916
8.1
Unknown Multiple Products

An authenticated iControl REST user with low privileges can create or modify arbitrary files through an undisclosed iControl REST endpoint on the BIG-...

2026-05-15
CVE-2026-20911
Analyzed
9.8
Linux LibRaw

A heap-based buffer overflow exists in LibRaw's `HuffTable::initval` functionality, which can be triggered by a malicious file.

2026-04-08
CVE-2026-20910
8
Pro Multiple Products

An OS command injection vulnerability exists in XWEB Pro version 1

2026-02-27
CVE-2026-20902
8
Pro Multiple Products

An OS command injection vulnerability exists in XWEB Pro version 1

2026-02-27
CVE-2026-2090
7.3
Record Multiple Products

A vulnerability was determined in SourceCodester Online Class Record System 1

2026-02-08
CVE-2026-20896
Analyzed
9.8
Docker Gitea Open Source Git Server

A default configuration error in Gitea Docker images allows unauthenticated attackers to spoof user identities via reverse-proxy authentication header...

2026-07-04
CVE-2026-20895
7.3
Unknown Multiple Products

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same sessi...

2026-02-28
CVE-2026-20893
7.8
AuthConductor Multiple Products

Origin validation error issue exists in Fujitsu Security Solution AuthConductor Client Basic V2 2

2026-01-08
CVE-2026-2089
Analyzed
7.3
HP Multiple Products

A vulnerability was found in SourceCodester Online Class Record System 1

2026-02-08
CVE-2026-20889
Analyzed
9.8
LibRaw LibRaw

A heap-based buffer overflow exists in LibRaw's `x3f_thumb_loader` functionality, which can be triggered by a malicious file.

2026-04-08
CVE-2026-20884
8.1
LibRaw Multiple Products

An integer overflow vulnerability exists in the deflate_dng_load_raw functionality of LibRaw Commit 8dc68e2

2026-04-08
CVE-2026-20882
7.5
Unknown Multiple Products

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests

2026-03-08
CVE-2026-2088
Analyzed
7.3
HP Multiple Products

A vulnerability has been found in PHPGurukul Beauty Parlour Management System 1

2026-02-08
CVE-2026-2087
Analyzed
7.3
HP Multiple Products

A flaw has been found in SourceCodester Online Class Record System 1

2026-02-08
CVE-2026-20868
Analyzed
8.8
Microsoft Multiple Products

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network

2026-01-14
CVE-2026-20864
7.8
Unknown Multiple Products

Heap-based buffer overflow in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally

2026-01-15
CVE-2026-20861
7.8
Microsoft Multiple Products

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attack...

2026-01-15
CVE-2026-20860
7.8
Microsoft Multiple Products

Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevat...

2026-01-15
CVE-2026-2086
8.8
UTT Multiple Products

A vulnerability was detected in UTT HiPER 810G up to 1

2026-02-08
CVE-2026-20859
7.8
Microsoft Multiple Products

Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally

2026-01-15
CVE-2026-20858
7.8
Microsoft Multiple Products

Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally

2026-01-15
CVE-2026-20857
7.8
Microsoft Multiple Products

Untrusted pointer dereference in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally

2026-01-15
CVE-2026-20856
8.1
Microsoft Multiple Products

Improper input validation in Windows Server Update Service allows an unauthorized attacker to execute code over a network

2026-01-14
CVE-2026-2085
7.2
D-Link DWR

A security vulnerability has been detected in D-Link DWR-M921 1

2026-02-08
CVE-2026-20843
Analyzed
7.8
Microsoft Multiple Products

Improper access control in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally

2026-01-15
CVE-2026-20841
8.8
Microsoft Multiple Products

Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute...

2026-02-11
CVE-2026-20840
7.8
Microsoft Multiple Products

Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally

2026-01-15
CVE-2026-2084
7.2
D-Link DIR

A weakness has been identified in D-Link DIR-823X 250416

2026-02-08
CVE-2026-20837
Analyzed
7.8
Microsoft Multiple Products

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally

2026-01-15
CVE-2026-20832
Analyzed
7.8
Microsoft Multiple Products

Windows Remote Procedure Call Interface Definition Language (IDL) Elevation of Privilege Vulnerability

2026-01-14
CVE-2026-20831
7.8
Microsoft Multiple Products

Time-of-check time-of-use (toctou) race condition in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges...

2026-01-14
CVE-2026-2083
Analyzed
7.3
HP Multiple Products

A security flaw has been discovered in code-projects Social Networking Site 1

2026-02-08
CVE-2026-20826
7.8
Microsoft Multiple Products

Concurrent execution using shared resource with improper synchronization ('race condition') in Tablet Windows User Interface (TWINUI) Subsystem allows...

2026-01-14
CVE-2026-20822
Analyzed
7.8
Microsoft Multiple Products

Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally

2026-01-14
CVE-2026-20820
Analyzed
7.8
Microsoft Multiple Products

Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally

2026-01-14