17426 Total CVEs
8726 AI Analyzed
264 CISA KEV
3526 Critical
All Vendors
Showing 2851-2900 of 17426 CVEs Page 58 of 349
CVE-2026-42997
7.7
Ironic Multiple Products

An issue was discovered in idrac in OpenStack Ironic before 35

2026-05-06
CVE-2026-42985
Analyzed
8.8
Microsoft Remote Desktop Client

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network

2026-06-10
CVE-2026-4297
Analyzed
8.8
WordPress Welcome Software Publishing Plugin

The Welcome Software Publishing plugin for WordPress is vulnerable to Arbitrary Options Update in all versions up to and including 0

2026-06-24
CVE-2026-42960
Analyzed
10
NLnet Labs Unbound

NLnet Labs Unbound is vulnerable to cache poisoning via promiscuous RRSets in the authority section of DNS replies, allowing attackers to inject malic...

2026-05-21
CVE-2026-42959
Analyzed
7.5
Unknown Multiple Products

NLnet Labs Unbound up to and including version 1

2026-05-21
CVE-2026-4295
7.8
Unknown Multiple Products

Improper trust boundary enforcement in Kiro IDE before version 0

2026-03-18
CVE-2026-42947
Analyzed
8.8
Naxclow IoT Platform (Smart Doorbell X3, X Smart Home, V720, ix cam)

A flaw in Naxclow's platform’s onboarding workflow allows an attacker to replay a confirm-then-bind sequence to silently reassign a device to an arbit...

2026-06-13
CVE-2026-42945
Analyzed
8.1
Nginx Plus and

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module

2026-05-15
CVE-2026-42944
Analyzed
7.5
Labs Multiple Products

NLnet Labs Unbound 1

2026-05-21
CVE-2026-42930
Analyzed
8.7
Unknown Multiple Products

When running in Appliance mode, an authenticated attacker assigned the 'Administrator' role may be able to bypass Appliance mode restrictions on a BIG...

2026-05-14
CVE-2026-42924
Analyzed
8.7
Unknown Multiple Products

An authenticated attacker with the Resource Administrator or Administrator role can create SNMP configuration objects through iControl SOAP resulting...

2026-05-14
CVE-2026-42898
Analyzed
9.9
Microsoft Dynamics

Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a...

2026-05-13
CVE-2026-42897
KEV Analyzed
8.1
Microsoft Exchange Server

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to p...

2026-05-16
CVE-2026-4289
7.3
Unknown Multiple Products

A security vulnerability has been detected in Tiandy Easy7 Integrated Management Platform up to 7

2026-03-17
CVE-2026-42889
Analyzed
9.1
Unknown Multiple Products

Relay adds real-time collaboration to Obsidian. Relay Server versions 0.9.0 through 0.9.6 contain an authentication bypass in the multi-document WebSo...

2026-05-13
CVE-2026-42882
Analyzed
9.4
AWS s3 proxy

The oxyno-zeta s3-proxy contains an authentication bypass vulnerability due to inconsistent path interpretation, allowing unauthorized S3 operations.

2026-05-12
CVE-2026-42880
Analyzed
9.6
Kubernetes Secret data

A missing authorization gap in Argo CD allows read-only users to extract plaintext Kubernetes Secret data via the ServerSideDiff endpoint.

2026-05-08
CVE-2026-4288
7.3
Unknown Multiple Products

A weakness has been identified in Tiandy Easy7 Integrated Management Platform 7

2026-03-17
CVE-2026-4287
7.3
Unknown Multiple Products

A security flaw has been discovered in Tiandy Easy7 Integrated Management Platform 7

2026-03-17
CVE-2026-42869
Analyzed
10
Docker Compose setup

SOCFortress CoPilot uses a hardcoded JWT signing secret, allowing unauthenticated attackers to forge administrative tokens.

2026-05-12
CVE-2026-42864
Analyzed
9.9
AWS credentials attached

FireFighter incident management application contains an unauthenticated SSRF vulnerability that can lead to the theft of AWS IAM credentials.

2026-05-12
CVE-2026-42860
8.5
Unknown Multiple Products

The Open edx Enterprise Service app provides enterprise features to the Open edX platform

2026-05-12
CVE-2026-42858
Analyzed
8.5
F5 Open edX Platform

Open edX Platform enables the authoring and delivery of online learning at any scale

2026-05-12
CVE-2026-42854
Analyzed
9.8
Unknown Multiple Products

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, the WebServer mu...

2026-05-13
CVE-2026-42851
Analyzed
7.8
Kitty Kitty Terminal

Kitty is a cross-platform GPU based terminal

2026-06-14
CVE-2026-42850
Analyzed
8.8
Kovid Goyal Kitty

Kitty is a cross-platform GPU based terminal

2026-06-17
CVE-2026-42846
Analyzed
9.8
ClipBucket ClipBucket v5

ClipBucket v5 contains a command injection vulnerability in the Remote Play feature, allowing authenticated users to execute arbitrary shell commands...

2026-06-12
CVE-2026-42843
Analyzed
8.8
Grav Multiple Products

Grav API Plugin is a RESTful API for Grav CMS that provides full headless access to your site's content, media, configuration, users, and system manag...

2026-05-12
CVE-2026-42835
Analyzed
8.1
Microsoft Teams for Android

Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Teams for Android allows an authorized...

2026-06-14
CVE-2026-42834
Analyzed
7.8
Microsoft Portal Windows

Improper link resolution before file access ('link following') in Azure Portal Windows Admin Center allows an authorized attacker to elevate privilege...

2026-05-21
CVE-2026-42833
Analyzed
9.1
Microsoft Dynamics

An execution with unnecessary privileges vulnerability in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute arbitrary code...

2026-05-13
CVE-2026-4283
Analyzed
9.1
WordPress is vulnerable

The WP DSGVO Tools (GDPR) plugin for WordPress allows unauthenticated attackers to permanently destroy non-administrator accounts by bypassing the ema...

2026-03-24
CVE-2026-42826
Analyzed
10
Microsoft DevOps allows

An exposure of sensitive information in Azure DevOps allows an unauthenticated attacker to disclose data over a network.

2026-05-08
CVE-2026-42823
Analyzed
9.9
Microsoft Logic Apps

Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.

2026-05-13
CVE-2026-42822
Analyzed
10
Microsoft Local Disconnected

Improper authentication in Azure Local Disconnected Operations allows an unauthorized attacker to perform privilege escalation over the network.

2026-05-19
CVE-2026-4282
Analyzed
7.4
Keycloak Keycloak

A flaw was found in Keycloak

2026-04-04
CVE-2026-42812
Analyzed
9.9
Apache Iceberg

A security-sensitive metadata write bypass in Apache Iceberg allows authorized users to perform unauthorized operations on storage locations by manipu...

2026-05-05
CVE-2026-42811
Analyzed
9.9
Google Cloud Storage

A credential injection vulnerability in Apache Polaris allows attackers to bypass storage path restrictions in Google Cloud Storage via crafted namesp...

2026-05-05
CVE-2026-42810
Analyzed
9.9
Apache Polaris accepts

Apache Polaris is vulnerable to cross-table access due to improper handling of wildcard characters in object names, which results in insecure S3 IAM p...

2026-05-05
CVE-2026-42809
Analyzed
9.9
Apache Polaris can

Apache Polaris can issue broad temporary ("vended") storage credentials during staged table creation before the effective table location has been vali...

2026-05-05
CVE-2026-42800
7.4
Linux on Linux

NULL pointer dereference vulnerability in ASR1903 in ASR Lapwing_Linux on Linux (ims_client modules) allows Pointer Manipulation

2026-05-01
CVE-2026-42799
7.4
ASR Kestrel Multiple Products

Out-of-bounds read vulnerability in ASR Kestrel (nr_fw modules) allows Overflow Buffers

2026-05-01
CVE-2026-42796
Analyzed
9.8
Arelle Multiple Products

Arelle before 2.39.10 contains an unauthenticated remote code execution vulnerability in the /rest/configure REST endpoint that accepts a plugins quer...

2026-05-05
CVE-2026-42779
Analyzed
9.8
Apache MINA

Apache MINA's AbstractIoBuffer.resolveClass() contains a branch that fails to validate classes, allowing for arbitrary code execution via deserializat...

2026-05-02
CVE-2026-42778
Analyzed
9.8
Apache MINA AbstractIoBuffer

An incomplete fix for a deserialization vulnerability in Apache MINA's AbstractIoBuffer.getObject() allows for remote code execution via classname all...

2026-05-02
CVE-2026-4276
7.5
Unknown Multiple Products

LibreChat RAG API, version 0

2026-03-18
CVE-2026-42758
Analyzed
9.8
Saleswonder Team Multiple Products

Incorrect Privilege Assignment vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Privilege Escalation.This issue affec...

2026-05-28
CVE-2026-42757
Analyzed
9.9
Saleswonder Team Multiple Products

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignit...

2026-05-28
CVE-2026-42756
Analyzed
9.9
Ludwig You Multiple Products

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ludwig You QuickWebP – Compress / Optimize Image...

2026-05-28
CVE-2026-42748
Analyzed
9.9
HP Woo Czech

An unrestricted file upload vulnerability in the WPify Woo Czech plugin allows unauthenticated attackers to upload and execute a web shell on the serv...

2026-05-28