17282 Total CVEs
8582 AI Analyzed
264 CISA KEV
3488 Critical
All Vendors
Showing 10801-10850 of 17282 CVEs Page 217 of 346
CVE-2025-59603
7.8
Unknown Multiple Products

Memory Corruption when processing invalid user address with nonstandard buffer address

2026-03-03
CVE-2025-59600
7.8
Unknown Multiple Products

Memory Corruption when adding user-supplied data without checking available buffer space

2026-03-03
CVE-2025-59588
Analyzed
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PenciDesign Soledad allows PH...

2025-09-22
CVE-2025-59580
Analyzed
8.8
GoodLayers Goodlayers Multiple Products

Incorrect Privilege Assignment vulnerability in GoodLayers Goodlayers Core goodlayers-core allows Privilege Escalation

2025-10-23
CVE-2025-59579
7.5
PressTigers Simple Multiple Products

Insertion of Sensitive Information Into Sent Data vulnerability in PressTigers Simple Job Board simple-job-board allows Retrieve Embedded Sensitive Da...

2025-10-23
CVE-2025-59578
7.5
Unknown Multiple Products

Insertion of Sensitive Information Into Sent Data vulnerability in wpdesk ShopMagic shopmagic-for-woocommerce allows Retrieve Embedded Sensitive Data

2025-10-22
CVE-2025-59572
Analyzed
8.8
Unknown Multiple Products

Cross-Site Request Forgery (CSRF) vulnerability in purethemes WorkScout-Core allows Cross Site Request Forgery

2025-09-22
CVE-2025-59570
Analyzed
7.6
Unknown Multiple Products

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFunnels Mail Mint allows SQL Injection

2025-09-22
CVE-2025-59566
7.6
AmentoTech Workreap Multiple Products

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AmentoTech Workreap (theme's plugin) workreap allows P...

2025-10-22
CVE-2025-59564
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove EduMall edumall all...

2025-10-23
CVE-2025-59563
Analyzed
8.8
WordPress Sonaar

Subscriber Privilege Escalation in Sonaar <= 4

2026-06-18
CVE-2025-59558
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Billey billey allow...

2025-10-23
CVE-2025-59557
Analyzed
9.3
Unknown Multiple Products

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThemeMove Learts Addons learts-addons allows SQL...

2025-10-23
CVE-2025-59555
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Medizin medizin all...

2025-10-23
CVE-2025-59550
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in designervily Xcare xcare allo...

2025-10-23
CVE-2025-5955
Analyzed
8.1
WordPress Multiple Products

The Service Finder SMS System plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2

2025-09-19
CVE-2025-59545
Analyzed
9
Microsoft Multiple Products

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, the Prompt modu...

2025-09-23
CVE-2025-59543
Analyzed
9
Intel Chamilo LMS

Chamilo LMS prior to 1.11.34 is vulnerable to stored XSS in the course description field, enabling authenticated trainers to capture administrator ses...

2026-03-07
CVE-2025-59542
Analyzed
9
Infor Chamilo LMS

Chamilo LMS prior to 1.11.34 contains a stored XSS vulnerability in the learning path Settings field, allowing low-privileged trainers to hijack admin...

2026-03-07
CVE-2025-59541
8.1
Unknown Multiple Products

Chamilo is a learning management system

2026-03-06
CVE-2025-5954
Analyzed
9.8
WordPress Multiple Products

The Service Finder SMS System plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2....

2025-08-01
CVE-2025-59538
Analyzed
7.5
Kubernetes Multiple Products

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes

2025-10-01
CVE-2025-59537
Analyzed
7.5
Kubernetes Multiple Products

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes

2025-10-01
CVE-2025-59534
Analyzed
7.3
CryptoLib Multiple Products

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications...

2025-09-23
CVE-2025-59531
Analyzed
7.5
Kubernetes Multiple Products

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes

2025-10-01
CVE-2025-59530
7.5
Unknown Multiple Products

quic-go is an implementation of the QUIC protocol in Go

2025-10-10
CVE-2025-5953
Analyzed
8.8
WordPress Multiple Products

The WP Human Resource Management plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization in the ajax_insert_employee()...

2025-07-05
CVE-2025-59528
Analyzed
10
Unknown Multiple Products

Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5, Flowise is vulnerable to remote code execut...

2025-09-22
CVE-2025-59527
7.5
Unknown Multiple Products

Flowise is a drag & drop user interface to build a customized large language model flow

2025-09-22
CVE-2025-59518
8
Unknown Multiple Products

In LemonLDAP::NG before 2

2025-09-17
CVE-2025-59517
7.8
Microsoft Multiple Products

Improper access control in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally

2025-12-10
CVE-2025-59516
7.8
Microsoft Multiple Products

Missing authentication for critical function in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally

2025-12-10
CVE-2025-59514
7.8
Microsoft Multiple Products

Improper privilege management in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally

2025-11-13
CVE-2025-59512
7.8
Unknown Multiple Products

Improper access control in Customer Experience Improvement Program (CEIP) allows an authorized attacker to elevate privileges locally

2025-11-13
CVE-2025-59511
7.8
Microsoft Multiple Products

External control of file name or path in Windows WLAN Service allows an authorized attacker to elevate privileges locally

2025-11-13
CVE-2025-59505
7.8
Microsoft Multiple Products

Double free in Windows Smart Card allows an authorized attacker to elevate privileges locally

2025-11-13
CVE-2025-59503
Analyzed
9.9
Microsoft Multiple Products

Server-side request forgery (ssrf) in Azure Compute Gallery allows an authorized attacker to elevate privileges over a network.

2025-10-23
CVE-2025-59500
Analyzed
7.7
Microsoft Multiple Products

Improper access control in Azure Notification Service allows an authorized attacker to elevate privileges over a network

2025-10-23
CVE-2025-59499
8.8
Unknown Multiple Products

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges...

2025-11-13
CVE-2025-5949
Analyzed
8.8
WordPress Multiple Products

The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6

2025-11-01
CVE-2025-59489
Analyzed
7.4
Apple Multiple Products

Unity Runtime before 2025-10-02 on Android, Windows, macOS, and Linux allows argument injection that can result in loading of library code from an uni...

2025-10-03
CVE-2025-59484
8.3
Unknown Multiple Products

The use of a broken or risky cryptographic algorithm was discovered in firmware version 3

2025-09-23
CVE-2025-59481
8.7
Unknown Multiple Products

A vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command that may allow an authenticated attacker with at least res...

2025-10-15
CVE-2025-5948
Analyzed
9.8
WordPress Multiple Products

The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.0....

2025-09-19
CVE-2025-59478
7.5
Unknown Multiple Products

When a BIG-IP AFM denial-of-service (DoS) protection profile is configured on a virtual server, undisclosed requests can cause the Traffic Management...

2025-10-16
CVE-2025-5947
Analyzed
9.8
WordPress Multiple Products

The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via authentication bypass in all versions up to, and including,...

2025-08-01
CVE-2025-59467
7.5
UCRM Argentina Multiple Products

A Cross-Site Scripting (XSS) vulnerability in the UCRM Argentina AFIP invoices Plugin (v1

2026-01-06
CVE-2025-59465
7.5
HP Multiple Products

A malformed `HTTP/2 HEADERS` frame with oversized, invalid `HPACK` data can cause Node

2026-01-21
CVE-2025-59461
Analyzed
7.6
Unknown Multiple Products

A remote unauthenticated attacker may use the unauthenticated C++ API to access or modify sensitive data and disrupt services

2025-10-27