17426 Total CVEs
8726 AI Analyzed
264 CISA KEV
3526 Critical
All Vendors
Showing 1851-1900 of 17426 CVEs Page 38 of 349
CVE-2026-49493
Analyzed
8.8
Markdown Preview Enhanced Markdown Preview Enhanced

Markdown Preview Enhanced before 0

2026-06-07
CVE-2026-49492
Analyzed
8.8
Markdown Preview Enhanced Markdown Preview Enhanced

Markdown Preview Enhanced before 0

2026-06-07
CVE-2026-49490
Analyzed
8.1
OpenCATS OpenCATS

OpenCATS from version 0

2026-06-01
CVE-2026-49489
Analyzed
8.5
HP to perform

OpenCATS through 0

2026-06-01
CVE-2026-49468
Analyzed
9.5
BerriAI LiteLLM

A critical vulnerability in the LiteLLM proxy server, prior to version 1.84.0, exposes the AI gateway to potential unauthorized access or exploitation...

2026-06-23
CVE-2026-4946
8.8
Unknown Multiple Products

Ghidra versions prior to 12

2026-03-30
CVE-2026-49448
Analyzed
9.8
Unknown authentik

An authentication bypass vulnerability in the authentik Source stage allows unauthenticated attackers to bypass security checks by sending an empty PO...

2026-06-03
CVE-2026-49443
Analyzed
8.8
Unknown authentik

authentik is an open-source identity provider

2026-06-03
CVE-2026-4944
Analyzed
8.8
Unknown Multiple Products

vllm-project/vllm version 0

2026-05-29
CVE-2026-49402
Analyzed
8.1
Deno Land Deno

Deno is a JavaScript, TypeScript, and WebAssembly runtime

2026-06-24
CVE-2026-49368
Analyzed
8.7
YouTrack Multiple Products

In JetBrains YouTrack before 2026

2026-05-30
CVE-2026-4935
8.6
WordPress plugin before

The OttoKit: All-in-One Automation Platform WordPress plugin before 1

2026-05-09
CVE-2026-49340
Analyzed
8.1
Unknown gonic

gonic is a music streaming server / free-software subsonic server API implementation

2026-06-21
CVE-2026-49298
Analyzed
8.8
Kubernetes Airflow

A bug in Apache Airflow's KubernetesExecutor caused JWT tokens used by worker pods to authenticate against the Execution API to be passed to the worke...

2026-06-03
CVE-2026-49297
Analyzed
8.1
Google Apache Airflow Google provider

Apache Airflow's Google provider operators `GCSToSFTPOperator` and `GCSTimeSpanFileTransformOperator` joined GCS object names returned by the bucket l...

2026-07-07
CVE-2026-49291
Analyzed
8.1
MCP mcp-memory-service

mcp-memory-service is a semantic memory layer for AI applications

2026-06-21
CVE-2026-49286
Analyzed
8.1
HP PhpWeasyPrint

PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page

2026-06-21
CVE-2026-49269
Analyzed
8.6
Apple M1 GPU

Apple M1 GPUs retain register file data between compute shader dispatches from different processes

2026-06-25
CVE-2026-49261
Analyzed
10
MariaDB MariaDB Server

A command injection vulnerability in MariaDB server allows shell command execution via the joiner node name when the `wsrep_notify_cmd` configuration...

2026-06-12
CVE-2026-49260
Analyzed
8.2
HP PhpWeasyPrint

PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page

2026-06-21
CVE-2026-49257
Analyzed
10
Apache Pinot (via mcp-pinot)

The mcp-pinot server defaults to an unauthenticated configuration, allowing any network-adjacent attacker to execute arbitrary SQL and mutate table co...

2026-06-19
CVE-2026-49247
Analyzed
8.8
Jellyfin Media Server

Jellyfin is an open source self hosted media server

2026-06-25
CVE-2026-49241
Analyzed
8.7
Google Angular Language Service VS Code Extension

The Angular Language Service VS Code Extension provides a rich editing experience for Angular templates

2026-06-23
CVE-2026-4924
8.2
Devolutions Multiple Products

Improper authentication in the two-factor authentication (2FA) feature in Devolutions Server 2026

2026-04-02
CVE-2026-49238
Analyzed
8.4
Unknown Multiple Products

An issue was discovered in Canonical Multipass before version 1

2026-05-29
CVE-2026-4922
8.1
GitLab has remediated

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17

2026-04-23
CVE-2026-49195
Analyzed
8.8
Unknown Debug Service

Unauthenticated Debug Service

2026-06-09
CVE-2026-49194
Analyzed
8.8
Unknown Unknown

The debugging routine SCREEN_CLICK(5053) enables a connection to skip the standard device login prompt entirely and directly enter an interactive shel...

2026-06-05
CVE-2026-49191
Analyzed
9.8
Acer Connect M6E 5G Portable WiFi Router

The M3WebServer in the Acer Connect M6E 5G router hard-codes backend API keys, which are exposed via verbose error pages.

2026-06-05
CVE-2026-49190
Analyzed
8.8
Unknown Unknown

The system fails to evaluate instructional permissions over multiple internal operation codes (opcodes), permitting unauthorized application installat...

2026-06-05
CVE-2026-49188
Analyzed
9.8
Acer Connect M6E 5G Portable WiFi Router

The ai_cmd utility on the Acer Connect M6E 5G router runs with root privileges and is vulnerable to unauthenticated command injection via popen().

2026-06-05
CVE-2026-49186
Analyzed
9.8
Acer Connect M6E 5G Portable WiFi Router

The local MQTT broker on the Acer Connect M6E 5G router fails to enforce ACLs, allowing unauthorized clients to enumerate devices and publish rogue co...

2026-06-05
CVE-2026-49185
Analyzed
9.8
Acer Connect M6E 5G Portable WiFi Router

The FieldX MDM component in the Acer Connect M6E 5G router is vulnerable to command injection via unverified payloads in the adb messaging topic.

2026-06-05
CVE-2026-49157
Analyzed
8.8
Apache ActiveMQ

Incorrect Default Permissions vulnerability in Apache ActiveMQ

2026-06-02
CVE-2026-49143
Analyzed
8.8
BrowserStack Runner

BrowserStack Runner through 0

2026-06-03
CVE-2026-49127
Analyzed
8.6
Unknown Multiple Products

Music Player Daemon (MPD) before version 0

2026-05-29
CVE-2026-49120
Analyzed
8.5
Medplum Medplum

Medplum before 5

2026-06-04
CVE-2026-49113
Analyzed
8.5
Cornerstone Cornerstone

Subscriber Arbitrary Code Execution in Cornerstone < 7

2026-06-18
CVE-2026-49111
Analyzed
8.8
WordPress Masteriyo - LMS

Incorrect Privilege Assignment vulnerability in ThemeGrill Masteriyo - LMS allows Privilege Escalation

2026-06-16
CVE-2026-49109
Analyzed
9.8
HP Integration for Salesforce

An unauthenticated PHP Object Injection vulnerability in the CRM Perks Integration for Salesforce allows remote attackers to achieve arbitrary code ex...

2026-06-16
CVE-2026-49106
Analyzed
9.8
HP Integration for Contact Form 7 and Constant Contact

An unauthenticated PHP Object Injection vulnerability exists in the CRM Perks Integration for Contact Form 7 and Constant Contact, enabling potential...

2026-06-16
CVE-2026-49105
Analyzed
9.8
HP WP Zendesk

An unauthenticated PHP Object Injection vulnerability in the WP Zendesk integration for WordPress allows attackers to execute arbitrary code via deser...

2026-06-16
CVE-2026-49104
Analyzed
9.8
HP Integration for Keap/infusionsoft

An unauthenticated PHP Object Injection vulnerability in the CRM Perks Integration for Keap/infusionsoft allows remote attackers to perform deserializ...

2026-06-16
CVE-2026-49085
Analyzed
9.8
HP WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms

An unauthenticated PHP Object Injection vulnerability exists in the WP Insightly integration plugin for various WordPress form builders, allowing pote...

2026-06-16
CVE-2026-49073
Analyzed
8.5
Unknown Directorist Booking

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpWax Directorist Booking allows Blind SQL Injec...

2026-06-18
CVE-2026-49065
Analyzed
8.2
Hippoo Mobile App for WooCommerce

Unauthenticated Broken Access Control in Hippoo Mobile App for WooCommerce <= 1

2026-06-16
CVE-2026-49062
Analyzed
8.8
WP Engine Faust.Js

Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Engine Faust

2026-06-16
CVE-2026-49060
Analyzed
9.8
Hippoo Mobile Hippoo Mobile App for WooCommerce

An incorrect privilege assignment vulnerability in Hippoo Mobile App for WooCommerce allows remote attackers to perform privilege escalation.

2026-06-12
CVE-2026-4906
8.8
Tenda AC5

A vulnerability was determined in Tenda AC5 15

2026-03-27
CVE-2026-4905
8.8
Tenda AC5

A vulnerability was found in Tenda AC5 15

2026-03-27