17426 Total CVEs
8726 AI Analyzed
264 CISA KEV
3526 Critical
All Vendors
Showing 7201-7250 of 17426 CVEs Page 145 of 349
CVE-2026-1929
8.8
WordPress is vulnerable

The Advanced Woo Labels plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2

2026-02-25
CVE-2026-1916
7.5
WordPress is vulnerable

The WPGSI: Spreadsheet Integration plugin for WordPress is vulnerable to unauthorized modification and loss of data due to missing capability checks a...

2026-02-25
CVE-2026-1868
Analyzed
9.9
GitLab has remediated

Insecure template expansion in GitLab AI Gateway allows attackers to cause a denial-of-service or execute arbitrary code via crafted Duo Agent definit...

2026-02-09
CVE-2026-1862
Analyzed
8.8
Google Chrome prior

Type Confusion in V8 in Google Chrome prior to 144

2026-02-04
CVE-2026-1861
Analyzed
8.8
Google Chrome prior

Heap buffer overflow in libvpx in Google Chrome prior to 144

2026-02-04
CVE-2026-1844
Analyzed
7.2
Google is vulnerable

The PixelYourSite PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pysTrafficSource' parameter and the 'pys_landing_page...

2026-02-14
CVE-2026-1843
Analyzed
7.2
WordPress is vulnerable

The Super Page Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Activity Log in all versions up to, and including, 5

2026-02-14
CVE-2026-1841
Analyzed
7.2
Google is vulnerable

The PixelYourSite – Your smart PIXEL (TAG) & API Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pysTrafficSource'...

2026-02-14
CVE-2026-1830
Analyzed
9.8
WordPress is vulnerable

The Quick Playground plugin for WordPress contains an RCE vulnerability due to insufficient authorization on REST API endpoints, allowing unauthentica...

2026-04-09
CVE-2026-1829
Analyzed
8.8
WordPress Content Visibility for Divi Builder

The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4

2026-06-03
CVE-2026-1819
Analyzed
8.8
Karel Electronics Multiple Products

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Karel Electronics Industry and Trade Inc

2026-02-04
CVE-2026-1803
Analyzed
8.1
Unknown Multiple Products

A weakness has been identified in Ziroom ZHOME A0101 1

2026-02-04
CVE-2026-1802
Analyzed
7.3
Unknown Multiple Products

A security flaw has been discovered in Ziroom ZHOME A0101 1

2026-02-04
CVE-2026-1800
7.5
WordPress is vulnerable

The Fonts Manager | Custom Fonts plugin for WordPress is vulnerable to time-based SQL Injection via the ‘fmcfIdSelectedFnt’ parameter in all versions...

2026-03-22
CVE-2026-1784
Analyzed
8.8
Red Hat OpenShift Container Platform

The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy

2026-06-03
CVE-2026-1779
8.1
WordPress is vulnerable

The User Registration & Membership plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5

2026-02-26
CVE-2026-1777
Analyzed
7.2
Intel Multiple Products

The Amazon SageMaker Python SDK before v3

2026-02-03
CVE-2026-1761
Analyzed
8.6
Unknown Multiple Products

A flaw was found in libsoup

2026-02-03
CVE-2026-1756
Analyzed
8.8
WordPress is vulnerable

The WP FOFT Loader plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'WP_FOFT_Loader_Mimes::fi...

2026-02-04
CVE-2026-1750
Analyzed
8.8
WordPress is vulnerable

The Ecwid by Lightspeed Ecommerce Shopping Cart plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 7

2026-02-15
CVE-2026-1740
Analyzed
7.3
Unknown Multiple Products

A vulnerability was found in EFM ipTIME A8004T 14

2026-02-02
CVE-2026-1731
KEV
9.5
BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)

BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) OS Command Injection Vulnerability - Active in CISA KEV catalog.

2026-02-14
CVE-2026-1730
Analyzed
8.8
WordPress Multiple Products

The OS DataHub Maps plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'OS_DataHub_Maps_Admin::...

2026-02-03
CVE-2026-1729
Analyzed
9.8
WordPress is vulnerable

The AdForest WordPress theme (<= 6.0.12) is vulnerable to authentication bypass via the sb_login_user_with_otp_fun function, allowing attackers to log...

2026-02-12
CVE-2026-1720
8.8
WordPress is vulnerable

The WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation plugin for WordPress is vulnerable to unauthorized arbitrar...

2026-03-06
CVE-2026-1719
Analyzed
7.5
WordPress is vulnerable

The Gravity Bookings Premium plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2

2026-05-06
CVE-2026-1714
8.6
WordPress is vulnerable

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution plugin for WordPress is vulnerable to Email Relay Abu...

2026-02-18
CVE-2026-1709
Analyzed
9.4
Keylime Keylime Registrar

The Keylime registrar fails to enforce client-side TLS authentication. This allows unauthenticated attackers to perform administrative operations, inc...

2026-02-07
CVE-2026-1707
7.4
Unknown Multiple Products

pgAdmin versions 9

2026-02-06
CVE-2026-1701
7.3
Unknown Multiple Products

A security vulnerability has been detected in itsourcecode Student Management System 1

2026-01-31
CVE-2026-1699
Analyzed
10
GitHub Multiple Products

In the Eclipse Theia Website repository, the GitHub Actions workflow .github/workflows/preview.yml used pull_request_target trigger while checking out...

2026-01-31
CVE-2026-1689
7.3
Tenda Multiple Products

A vulnerability was detected in Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon

2026-01-31
CVE-2026-1688
7.3
Unknown Multiple Products

A security vulnerability has been detected in itsourcecode Directory Management System 1

2026-01-31
CVE-2026-1687
7.3
Tenda Multiple Products

A weakness has been identified in Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon

2026-01-31
CVE-2026-1686
Analyzed
8.8
TOTOLINK Multiple Products

A security flaw has been discovered in Totolink A3600R 5

2026-01-31
CVE-2026-1679
7.3
Unknown Multiple Products

The eswifi socket offload driver copies user-provided payloads into a fixed buffer without checking available space; oversized sends overflow `eswifi-...

2026-03-29
CVE-2026-1678
Analyzed
9.4
Zephyr Project Zephyr RTOS

A buffer management flaw in dns_unpack_name() allows unauthenticated attackers to trigger an out-of-bounds write via malicious DNS responses when CONF...

2026-03-05
CVE-2026-1670
Analyzed
9.8
Unknown Multiple Products

An unauthenticated API endpoint exposure allows remote attackers to modify the "forgot password" recovery email address, facilitating account takeover...

2026-02-18
CVE-2026-1662
7.5
GitLab has remediated

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14

2026-02-26
CVE-2026-1648
7.2
WordPress is vulnerable

The Performance Monitor plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1

2026-03-22
CVE-2026-1637
8.8
Tenda Multiple Products

A vulnerability was identified in Tenda AC21 16

2026-01-30
CVE-2026-1633
Analyzed
10
Synectix LAN 232 TRIO

The Synectix LAN 232 TRIO serial to ethernet adapter exposes its web management interface without authentication, allowing unauthenticated users to mo...

2026-02-04
CVE-2026-1632
Analyzed
9.1
MOMA Seismic Station

MOMA Seismic Station exposes its web management interface without authentication, allowing unauthenticated attackers to modify configurations, steal d...

2026-02-04
CVE-2026-1620
8.8
WordPress is vulnerable

The Livemesh Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 9

2026-04-16
CVE-2026-1619
8.3
Universal Software Multiple Products

Authorization Bypass Through User-Controlled Key vulnerability in Universal Software Inc

2026-02-14
CVE-2026-1618
Analyzed
8.8
Universal Software Multiple Products

Authentication Bypass Using an Alternate Path or Channel vulnerability in Universal Software Inc

2026-02-14
CVE-2026-1616
Analyzed
7.5
Nginx Multiple Products

The $uri$args concatenation in nginx configuration file present in Open Security Issue Management (OSIM) prior v2025

2026-01-30
CVE-2026-1615
Analyzed
9.8
All jsonpath (Node.js/Browser Package)

All versions of the jsonpath library are vulnerable to arbitrary code injection via unsafe evaluation of user-supplied JSON Path expressions.

2026-02-09
CVE-2026-1610
8.1
Tenda Multiple Products

A vulnerability was found in Tenda AX12 Pro V2 16

2026-01-30
CVE-2026-1605
7.5
Unknown Multiple Products

In Eclipse Jetty, versions 12

2026-03-07