17282 Total CVEs
8582 AI Analyzed
264 CISA KEV
3488 Critical
All Vendors
Showing 10201-10250 of 17282 CVEs Page 205 of 346
CVE-2025-62406
8.1
Piwigo Multiple Products

Piwigo is a full featured open source photo gallery application for the web

2025-11-19
CVE-2025-62399
7.5
Unknown Multiple Products

Moodle’s mobile and web service authentication endpoints did not sufficiently restrict repeated password attempts, making them susceptible to brute-fo...

2025-10-23
CVE-2025-62382
7.7
Frigate Multiple Products

Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras

2025-10-16
CVE-2025-6238
8
WordPress Multiple Products

The AI Engine plugin for WordPress is vulnerable to open redirect in version 2

2025-07-06
CVE-2025-62373
Analyzed
9.8
Pipecat Pipecat

A deserialization vulnerability in the `LivekitFrameSerializer` class of the Pipecat framework allows remote attackers to execute arbitrary code via m...

2026-04-24
CVE-2025-62371
7.4
OpenSearch Multiple Products

OpenSearch Data Prepper as an open source data collector for observability data

2025-10-16
CVE-2025-62370
Analyzed
7.5
Alloy Multiple Products

Alloy Core libraries at the root of the Rust Ethereum ecosystem

2025-10-16
CVE-2025-6237
Analyzed
9.8
Unknown Multiple Products

A vulnerability in invokeai version v6.0.0a1 and below allows attackers to perform path traversal and arbitrary file deletion via the GET /api/v1/imag...

2025-09-18
CVE-2025-62368
Analyzed
9
Intel Multiple Products

Taiga is an open source project management platform. In versions 6.8.3 and earlier, a remote code execution vulnerability exists in the Taiga API due...

2025-10-28
CVE-2025-62363
7.8
Unknown Multiple Products

yt-grabber-tui is a terminal user interface application for downloading videos

2025-10-13
CVE-2025-62356
7.5
Unknown Multiple Products

A path traversal vulnerability in all versions of the Qodo Qodo Gen IDE enables a threat actor to read arbitrary local files in and outside of current...

2025-10-17
CVE-2025-62354
Analyzed
9.8
Unknown Multiple Products

Improper neutralization of special elements used in an OS command ('command injection') in Cursor allows an unauthorized attacker to execute commands...

2025-11-27
CVE-2025-62353
Analyzed
9.8
Unknown Multiple Products

A path traversal vulnerability in all versions of the Windsurf IDE enables a threat actor to read and write arbitrary local files in and outside of cu...

2025-10-17
CVE-2025-62348
7.8
Unknown Multiple Products

Salt's junos execution module contained an unsafe YAML decode/load usage

2026-01-31
CVE-2025-6232
7.8
Unknown Multiple Products

An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with el...

2025-07-17
CVE-2025-62319
Analyzed
9.8
Unknown Multiple Products

A Boolean-based SQL injection vulnerability allows unauthenticated attackers to manipulate backend configuration queries by injecting malicious SQL co...

2026-03-17
CVE-2025-6231
7.8
Unknown Multiple Products

An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with el...

2025-07-17
CVE-2025-62291
8.1
Unknown Multiple Products

In the eap-mschapv2 plugin (client-side) in strongSwan before 6

2026-01-17
CVE-2025-62290
7.2
Oracle Multiple Products

Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Block Storage)

2025-10-21
CVE-2025-62232
7.5
Sensitive Multiple Products

Sensitive data exposure via logging in basic-auth leads to plaintext usernames and passwords written to error logs and forwarded to log sinks when log...

2025-10-31
CVE-2025-62231
7.3
Unknown Multiple Products

A flaw was identified in the X

2025-10-30
CVE-2025-62230
7.3
Unknown Multiple Products

A flaw was discovered in the X

2025-10-30
CVE-2025-62229
7.3
Unknown Multiple Products

A flaw was found in the X

2025-10-30
CVE-2025-62222
8.8
Unknown Multiple Products

Improper neutralization of special elements used in a command ('command injection') in Visual Studio Code CoPilot Chat Extension allows an unauthorize...

2025-11-13
CVE-2025-62221
KEV Analyzed
7.8
Microsoft Multiple Products

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally

2025-12-10
CVE-2025-62220
Analyzed
8.8
Microsoft Multiple Products

Heap-based buffer overflow in Windows Subsystem for Linux GUI allows an unauthorized attacker to execute code over a network

2025-11-13
CVE-2025-62216
7.8
Microsoft Multiple Products

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally

2025-11-13
CVE-2025-62215
KEV
9.5
Microsoft Windows

Microsoft Windows Race Condition Vulnerability - Active in CISA KEV catalog.

2025-11-13
CVE-2025-62211
8.7
Unknown Multiple Products

Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Field Service (online) allows an authorized attac...

2025-11-13
CVE-2025-62210
8.7
Unknown Multiple Products

Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Field Service (online) allows an authorized attac...

2025-11-13
CVE-2025-62207
Analyzed
8.6
Microsoft Multiple Products

Azure Monitor Elevation of Privilege Vulnerability

2025-11-20
CVE-2025-62205
7.8
Microsoft Multiple Products

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally

2025-11-13
CVE-2025-62204
Analyzed
8
Microsoft Multiple Products

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network

2025-11-13
CVE-2025-62203
Analyzed
7.8
Microsoft Multiple Products

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally

2025-11-13
CVE-2025-62201
Analyzed
7.8
Microsoft Multiple Products

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally

2025-11-13
CVE-2025-62200
7.8
Microsoft Multiple Products

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally

2025-11-13
CVE-2025-62199
Analyzed
7.8
Microsoft Multiple Products

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally

2025-11-13
CVE-2025-62193
Analyzed
9.8
Unknown Multiple Products

Sites running NOAA PMEL Live Access Server (LAS) are vulnerable to remote code execution via specially crafted requests that include PyFerret expressi...

2026-01-16
CVE-2025-62188
7.5
Apache DolphinScheduler

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Apache DolphinScheduler

2026-04-10
CVE-2025-6218
KEV
9.5
RARLAB WinRAR

RARLAB WinRAR Path Traversal Vulnerability - Active in CISA KEV catalog.

2025-12-10
CVE-2025-62170
7.5
MMORPG Multiple Products

rAthena is an open-source cross-platform MMORPG server

2025-10-13
CVE-2025-62169
8.1
Unknown Multiple Products

OctoPrint-SpoolManager is a plugin for managing spools and all their usage metadata

2025-10-23
CVE-2025-62168
Analyzed
10
Unknown Multiple Products

Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows inf...

2025-10-17
CVE-2025-62166
7.5
Unknown Multiple Products

FreshRSS is a free, self-hostable RSS aggregator

2026-03-10
CVE-2025-62164
Analyzed
8.8
Unknown Multiple Products

vLLM is an inference and serving engine for large language models (LLMs)

2025-11-22
CVE-2025-62162
7.5
Unknown Multiple Products

cel-rust is a Common Expression Language interpreter written in Rust

2025-10-10
CVE-2025-62156
8.1
Kubernetes Multiple Products

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes

2025-10-14
CVE-2025-62155
Analyzed
8.5
Intel Multiple Products

New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system

2025-11-26
CVE-2025-6213
Analyzed
7.2
WordPress Multiple Products

The Nginx Cache Purge Preload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2

2025-07-23
CVE-2025-62093
8.5
LambertGroup Multiple Products

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Image&Video FullScreen Background l...

2025-12-11