17426 Total CVEs
8726 AI Analyzed
264 CISA KEV
3526 Critical
All Vendors
Showing 1701-1750 of 17426 CVEs Page 35 of 349
CVE-2026-5161
Analyzed
8.8
TUBITAK BILGEM Institute Pardus

Improper link resolution before file access ('link following') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus About a...

2026-04-30
CVE-2026-5156
8.8
Tenda CH22

A vulnerability was determined in Tenda CH22 1

2026-03-31
CVE-2026-5155
8.8
Tenda CH22

A vulnerability was found in Tenda CH22 1

2026-03-31
CVE-2026-5154
8.8
Tenda CH22

A vulnerability has been found in Tenda CH22 1

2026-03-31
CVE-2026-5152
8.8
Tenda CH22

A vulnerability was detected in Tenda CH22 1

2026-03-31
CVE-2026-5150
7.3
HP of the

A security vulnerability has been detected in code-projects Accounting System 1

2026-03-31
CVE-2026-5147
7.3
Unknown Multiple Products

A security flaw has been discovered in YunaiV yudao-cloud up to 2026

2026-03-31
CVE-2026-5144
8.8
WordPress is vulnerable

The BuddyPress Groupblog plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1

2026-04-11
CVE-2026-5141
Analyzed
8.8
TUBITAK BILGEM Institute Pardus

Improper Privilege Management, Improper Access Control, Incorrect privilege assignment vulnerability in TUBITAK BILGEM Software Technologies Research...

2026-04-30
CVE-2026-5140
Analyzed
8.8
TUBITAK BILGEM Institute Pardus

Improper neutralization of CRLF sequences ('CRLF injection') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus allows Au...

2026-04-30
CVE-2026-5136
Analyzed
8.8
Red Hat Red Hat Satellite

A flaw was found in Foreman

2026-07-02
CVE-2026-5130
8.8
WordPress was vulnerable

The Debugger & Troubleshooter plugin for WordPress was vulnerable to Unauthenticated Privilege Escalation in versions up to and including 1

2026-03-31
CVE-2026-5128
Analyzed
10
Arch steam-trader

ArthurFiorette steam-trader 2.1.1 is vulnerable to unauthenticated sensitive information exposure, leaking Steam account credentials and 2FA secrets v...

2026-03-31
CVE-2026-5127
8.8
WordPress is vulnerable

The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to Deserial...

2026-05-08
CVE-2026-5118
Analyzed
9.8
WordPress Divi Form Builder

The Divi Form Builder plugin for WordPress is vulnerable to privilege escalation, allowing unauthenticated users to register as administrators.

2026-05-22
CVE-2026-5113
7.2
WordPress is vulnerable

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Consent field hidden inputs in versions up to and including 2

2026-05-02
CVE-2026-5112
7.2
WordPress is vulnerable

The Gravity Forms plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to and including 2

2026-05-02
CVE-2026-5111
7.2
WordPress is vulnerable

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2

2026-05-02
CVE-2026-5110
7.2
WordPress is vulnerable

The Gravity Forms plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to and including 2

2026-05-02
CVE-2026-5109
7.2
WordPress is vulnerable

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2

2026-05-02
CVE-2026-5100
Analyzed
7.5
WordPress is vulnerable

The AWP Classifieds plugin for WordPress is vulnerable to SQL Injection via the 'regions' parameter array keys in versions up to, and including, 4

2026-05-05
CVE-2026-50884
Analyzed
8.8
Statping-ng statping-ng

Incorrect access control in statping-ng v0

2026-06-17
CVE-2026-5087
7.5
Unknown Multiple Products

PAGI::Middleware::Session::Store::Cookie versions through 0

2026-04-02
CVE-2026-5085
Analyzed
9.1
Unknown Multiple Products

Solstice::Session versions through 1440 for Perl generates session ids insecurely. The _generateSessionID method returns an MD5 digest seeded by the...

2026-04-14
CVE-2026-5081
Analyzed
9.1
Apache mod

The Apache::Session::Generate::ModUniqueId module generates insecure session IDs using predictable environment variables, allowing for potential sessi...

2026-05-07
CVE-2026-5076
Analyzed
9.8
WordPress ARMember Premium Plugin

The ARMember Premium plugin for WordPress stores plaintext password reset keys, allowing unauthenticated attackers to reset user passwords and hijack...

2026-06-03
CVE-2026-50751
KEV Analyzed
9.5
Check Point Security Gateway

Check Point Security Gateway is affected by an improper authentication vulnerability that is currently being exploited in the wild.

2026-06-09
CVE-2026-50748
Analyzed
9.9
Ubiquiti UniFi Access Application

Improper input validation in the UniFi Access Application allows low-privileged network attackers to perform command injection and execute arbitrary c...

2026-07-03
CVE-2026-50747
Analyzed
9.9
Ubiquiti UniFi Talk Application

Authenticated SQL injection vulnerabilities in the UniFi Talk Application allow low-privileged network attackers to escalate privileges on the host de...

2026-07-03
CVE-2026-50746
Analyzed
10
Ubiquiti UniFi Connect Application

An improper access control vulnerability in the UniFi Connect Application allows unauthenticated network attackers to execute arbitrary commands on th...

2026-07-03
CVE-2026-50741
Analyzed
8.8
Revive Adserver

Bypass to the fix for CVE-2026-34916

2026-06-26
CVE-2026-50733
Analyzed
8.8
Markdown Preview Enhanced Markdown Preview Enhanced

Markdown Preview Enhanced before 0

2026-06-07
CVE-2026-5067
Analyzed
9.8
Zephyr HTTP Server

A memory corruption vulnerability in the Zephyr HTTP server WebSocket upgrade path allows unauthenticated remote attackers to trigger denial of servic...

2026-06-09
CVE-2026-5065
Analyzed
8.8
IBM Controller

IBM Controller 11

2026-05-28
CVE-2026-50637
Analyzed
8.2
CPAN (Metrics::Any) Metrics::Any::Adapter::Statsd

Metrics::Any::Adapter::Statsd versions before 0

2026-06-12
CVE-2026-50636
Analyzed
8.8
Oracle Multiple Products

The RemoteControl API methods invite_participants and remind_participants pass a caller-supplied token-ID array into TokenDynamic::findUninvited(), wh...

2026-06-10
CVE-2026-50635
Analyzed
8.8
LimeSurvey LimeSurvey

LimeSurvey constructs account password-reset links from the client-supplied HTTP Host header without validating it

2026-06-10
CVE-2026-50633
Analyzed
8.1
Apache CXF

A JNDI Injection vulnerability has been discovered in Apache CXF's JCA integration module, which can allow for code execution, if an attacker is able...

2026-06-14
CVE-2026-50632
Analyzed
8.1
Apache CXF

A further incomplete fix for a previous advisory CVE-2026-44417 (Untrusted JMS configuration can lead to RCE) for Apache CXF has been identified, whic...

2026-06-14
CVE-2026-5063
7.2
WordPress plugin for

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via POST parameter key names in...

2026-05-04
CVE-2026-5059
Analyzed
9.8
AWS CLI Command

The aws-mcp-server is vulnerable to remote code execution via AWS CLI command injection, allowing attackers to execute arbitrary system commands witho...

2026-04-11
CVE-2026-5058
Analyzed
9.8
AWS aws-mcp-server

The aws-mcp-server is vulnerable to remote code execution via command injection due to improper validation of user-supplied input in the allowed comma...

2026-04-11
CVE-2026-50574
Analyzed
8.3
Unknown yt-dlp

yt-dlp is a command-line audio/video downloader

2026-06-24
CVE-2026-50570
Analyzed
8.5
Kubernetes Fission

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes

2026-06-12
CVE-2026-50566
Analyzed
9.9
Kubernetes Fission Framework

An RBAC flaw in Fission allows tenants to run privileged containers under high-privilege service accounts, enabling container-sandbox escape and clust...

2026-06-11
CVE-2026-50564
Analyzed
9.9
Kubernetes Fission (Kubernetes Framework)

Fission prior to 1.24.0 contains a vulnerability in its Environment CRD that allows for privilege escalation by propagating insecure podspec fields wi...

2026-06-11
CVE-2026-50563
Analyzed
9.9
Kubernetes Fission Framework

A privilege management flaw in Fission’s Container Executor allows tenants to supply arbitrary pod specifications, creating potential for unauthorized...

2026-06-11
CVE-2026-50556
Analyzed
8.6
Google Angular

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages

2026-06-23
CVE-2026-50555
Analyzed
8.6
Google Angular

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages

2026-06-23
CVE-2026-50551
Analyzed
9.9
SiYuan SiYuan

A stored cross-site scripting (XSS) vulnerability in the SiYuan Attribute View allows for remote code execution (RCE) within the Electron desktop clie...

2026-06-25