17426 Total CVEs
8726 AI Analyzed
264 CISA KEV
3526 Critical
All Vendors
Showing 1451-1500 of 17426 CVEs Page 30 of 349
CVE-2026-54836
Analyzed
9.3
YMC YMC Filter

YMC Filter is vulnerable to SQL injection, allowing unauthenticated attackers to execute arbitrary SQL commands via specially crafted input.

2026-06-26
CVE-2026-54835
Analyzed
7.5
Rustaurius Five Star Restaurant Menu

Unauthenticated Broken Access Control in Five Star Restaurant Menu <= 2

2026-06-28
CVE-2026-54834
Analyzed
7.5
Object Object Cache 4 everyone

Unauthenticated Sensitive Data Exposure in Object Cache 4 everyone <= 2

2026-06-28
CVE-2026-54833
Analyzed
7.4
Unknown Enable CORS

Unauthenticated Backdoor in Enable CORS <= 2

2026-06-28
CVE-2026-54832
Analyzed
7.5
WordPress Gutenverse Companion

Unauthenticated Broken Access Control in Gutenverse Companion <= 2

2026-06-28
CVE-2026-54831
Analyzed
9.3
WordPress GeoDirectory

GeoDirectory versions 2.8.162 and earlier are susceptible to an unauthenticated SQL injection vulnerability, enabling database manipulation by remote...

2026-06-27
CVE-2026-5483
8.5
Red Hat Openshift AI

A flaw was found in odh-dashboard in Red Hat Openshift AI

2026-04-11
CVE-2026-54827
Analyzed
9.3
WordPress Real Estate 7

Real Estate 7 contains an unauthenticated SQL injection vulnerability in versions 3.5.9 and earlier, allowing remote attackers to manipulate database...

2026-06-27
CVE-2026-54826
Analyzed
7.6
PSM SupportCandy

Subscriber Insecure Direct Object References (IDOR) in SupportCandy <= 3

2026-06-28
CVE-2026-54825
Analyzed
9.3
WordPress wpDataTables

The wpDataTables plugin for WordPress contains an unauthenticated SQL injection vulnerability that enables remote attackers to manipulate database que...

2026-06-27
CVE-2026-54824
Analyzed
7.5
WordPress Ads by WPQuads

Unauthenticated Sensitive Data Exposure in Ads by WPQuads <= 3

2026-06-28
CVE-2026-54823
Analyzed
9.9
HP Widget Options

A critical vulnerability in the MarketingFire Widget Options plugin allows contributor-level users to execute arbitrary code on the server.

2026-06-26
CVE-2026-54822
Analyzed
8.5
SALESmanago SALESmanago & Leadoo

Subscriber SQL Injection in SALESmanago & Leadoo <= 3

2026-06-26
CVE-2026-54820
Analyzed
9.3
WordPress JetBooking

An unauthenticated SQL injection vulnerability in the JetBooking plugin for WordPress allows remote attackers to execute arbitrary SQL queries and acc...

2026-06-27
CVE-2026-54818
Analyzed
8.5
VeronaLabs Slimstat Analytics

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VeronaLabs Slimstat Analytics allows Blind SQL I...

2026-06-18
CVE-2026-54813
Analyzed
8.5
Brainstorm Force SureDash

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Brainstorm Force SureDash allows Blind SQL Injec...

2026-06-18
CVE-2026-54805
Analyzed
8.8
Falang Falang Multilanguage

Subscriber Privilege Escalation in Falang multilanguage <= 1

2026-06-18
CVE-2026-5478
8.1
WordPress is vulnerable

The Everest Forms plugin for WordPress is vulnerable to Arbitrary File Read and Deletion in all versions up to, and including, 3

2026-04-21
CVE-2026-54763
Analyzed
7.8
Traefik Traefik

Traefik is an HTTP reverse proxy and load balancer

2026-07-07
CVE-2026-54759
Analyzed
8.7
SiYuan SiYuan Note

SiYuan is an open-source personal knowledge management system

2026-06-25
CVE-2026-54673
Analyzed
8.2
Unknown electron-builder

electron-updater allows for automatic updates for Electron apps

2026-07-01
CVE-2026-54672
Analyzed
7.8
Unknown electron-builder

electron-updater allows for automatic updates for Electron apps

2026-07-01
CVE-2026-5465
8.8
WordPress is vulnerable

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to...

2026-04-07
CVE-2026-5464
7.2
Google Analytics Dashboard

The ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) plugin for WordPress is vulnerable to unauthorized arbitrary plugin...

2026-04-24
CVE-2026-54639
Analyzed
8.8
Style Dictionary Style Dictionary

Style Dictionary, a build system for creating cross-platform styles, has a prototype pollution vulnerability starting in version 4

2026-06-24
CVE-2026-5463
Analyzed
8.6
Unknown Multiple Products

Command injection vulnerability in console

2026-04-03
CVE-2026-54592
Analyzed
7.5
Unknown Oj (Optimized JSON)

Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem

2026-07-01
CVE-2026-54588
Analyzed
9.6
Unknown poweradmin

Poweradmin fails to validate the HTTP_HOST header, allowing unauthenticated attackers to poison redirect URIs and hijack user authentication tokens, l...

2026-06-24
CVE-2026-54555
Analyzed
7.8
RTK-AI RTK

rtk filters and compresses command outputs before they reach your LLM context

2026-06-24
CVE-2026-54513
Analyzed
8.1
FasterXML jackson-databind

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor

2026-06-24
CVE-2026-54512
Analyzed
8.1
FasterXML jackson-databind

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor

2026-06-24
CVE-2026-54424
Analyzed
8.4
Microsoft Parsec

An Incorrect Use of Privileged APIs vulnerability in Unity Parsec on Windows hosts leads to a potential Elevation of Privilege

2026-07-04
CVE-2026-54420
KEV Analyzed
8.5
Linux cPanel plugin

LiteSpeed cPanel plugin before 2

2026-06-14
CVE-2026-54414
Analyzed
9.8
HP FileRise

FileRise is vulnerable to path traversal via the shared-folder upload endpoint, allowing an attacker with a valid upload link to overwrite system file...

2026-06-20
CVE-2026-54413
Analyzed
8.2
Unknown iso14229

driftregion iso14229 through 0

2026-06-15
CVE-2026-54412
Analyzed
8.2
LiamBindle MQTT-C

LiamBindle MQTT-C through version 1

2026-06-15
CVE-2026-54410
Analyzed
8.6
Unknown nanoMODBUS

nanoMODBUS through v1

2026-06-15
CVE-2026-54408
Analyzed
8.6
Ubiquiti UniFi Protect Application

A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Protect Application to bypass authe...

2026-07-03
CVE-2026-54407
Analyzed
8.6
Ubiquiti UniFi Protect Application

A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Protect Application to bypass authe...

2026-07-03
CVE-2026-54406
Analyzed
8.7
Ubiquiti UniFi Network Application

A malicious actor with access to the network and high privileges could exploit a Path Traversal vulnerability found in self-hosted instances of UniFi...

2026-07-03
CVE-2026-54404
Analyzed
8.8
Ubiquiti UniFi OS Server

A malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnerabilities found in UniFi O...

2026-07-03
CVE-2026-54403
Analyzed
8.6
Ubiquiti UniFi OS Server

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in certain devices running UniFi OS to bypass authenti...

2026-07-03
CVE-2026-54402
Analyzed
9.9
Ubiquiti UniFi OS Server

An improper input validation vulnerability in the Ubiquiti UniFi OS Server allows authenticated low-privilege network users to execute arbitrary comma...

2026-07-03
CVE-2026-54400
Analyzed
9.1
Ubiquiti UniFi Access Application

An Improper Access Control vulnerability in the Ubiquiti UniFi Access Application allows an authenticated attacker with high privileges to escalate th...

2026-07-03
CVE-2026-54371
Analyzed
7.1
N/A (Project: attr) attr

attr before version 2

2026-06-30
CVE-2026-54369
Analyzed
7.1
ACL ACL

acl before version 2

2026-06-30
CVE-2026-5436
8.1
WordPress is vulnerable

The MW WP Form plugin for WordPress is vulnerable to Arbitrary File Move/Read in all versions up to and including 5

2026-04-09
CVE-2026-54353
Analyzed
8.5
Budibase Budibase

Budibase is an open-source low-code platform

2026-06-27
CVE-2026-54352
Analyzed
9.6
Budibase Budibase

An improper path validation vulnerability in the Budibase PWA upload process allows authenticated builders to perform arbitrary file reads on the serv...

2026-06-27
CVE-2026-54351
Analyzed
8.2
Budibase Budibase

Budibase is an open-source low-code platform

2026-06-27