17426 Total CVEs
8726 AI Analyzed
264 CISA KEV
3526 Critical
All Vendors
Showing 2901-2950 of 17426 CVEs Page 59 of 349
CVE-2026-42742
8.5
Aman Views Multiple Products

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aman Views for WPForms views-for-wpforms-lite al...

2026-05-13
CVE-2026-42741
8.5
Aman Ninja Multiple Products

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aman Ninja Forms Views – Display & Edi...

2026-05-13
CVE-2026-42737
Analyzed
8.6
Unknown Multiple Products

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbook...

2026-05-29
CVE-2026-42735
Analyzed
8.2
Iqonic Design Multiple Products

Authentication Bypass Using an Alternate Path or Channel vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Password Rec...

2026-05-29
CVE-2026-42731
Analyzed
9.8
Unknown Multiple Products

Incorrect Privilege Assignment vulnerability in miniOrange miniorange otp verification miniorange-otp-verification allows Privilege Escalation.This is...

2026-05-28
CVE-2026-42730
Analyzed
8.5
Stylemix MasterStudy Multiple Products

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learnin...

2026-05-29
CVE-2026-4272
8.1
Honeywell Handheld Handheld Scanners

Missing Authentication for Critical Function vulnerability in Honeywell Handheld Scanners allows Authentication Abuse

2026-04-06
CVE-2026-4269
Analyzed
7.5
Unknown Multiple Products

A missing S3 ownership verification in the Bedrock AgentCore Starter Toolkit before version v0

2026-03-17
CVE-2026-42687
Analyzed
8.1
HP EventPrime

Unauthenticated PHP Object Injection in EventPrime <= 4

2026-06-16
CVE-2026-42680
Analyzed
9.8
WordPress Contest Gallery Pro

Contest Gallery Pro for WordPress contains an incorrect privilege assignment vulnerability that allows privilege escalation.

2026-06-02
CVE-2026-4267
7.2
WordPress plugin for

The Query Monitor – The developer tools panel for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘$_SERVER['RE...

2026-04-01
CVE-2026-42664
Analyzed
8.2
Motive AI Product Search for WooCommerce

Unauthenticated Broken Access Control in AI Product Search for WooCommerce &#8211; Motive Commerce Search <= 1

2026-06-16
CVE-2026-42661
Analyzed
8.8
WP Customer Area WP Customer Area Plugin

Custom role Path Traversal in WP Customer Area <= 8

2026-06-16
CVE-2026-42652
7.1
Unknown Multiple Products

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpeverest User Registration user-registration al...

2026-05-01
CVE-2026-42646
7.6
Steve Burge TaxoPress Multiple Products

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Steve Burge TaxoPress simple-tags allows Blind S...

2026-04-30
CVE-2026-42629
Analyzed
8.8
WordPress PowerPack Pro for Elementor

Unauthenticated Broken Authentication in PowerPack Pro for Elementor < v2

2026-06-18
CVE-2026-42613
Analyzed
9.4
Grav Grav CMS

Grav CMS is vulnerable to an authentication bypass during user registration, allowing an unauthenticated user to assign themselves administrative priv...

2026-05-12
CVE-2026-42612
8.5
Unknown Multiple Products

Grav is a file-based Web platform

2026-05-12
CVE-2026-42611
8.9
Infor Multiple Products

Grav is a file-based Web platform

2026-05-12
CVE-2026-4261
8.8
WordPress is vulnerable

The Expire Users plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1

2026-03-21
CVE-2026-42609
8.1
Grav Multiple Products

Grav is a file-based Web platform

2026-05-12
CVE-2026-42607
Analyzed
9.1
HP Grav CMS

Grav CMS allows authenticated administrators to achieve Remote Code Execution (RCE) by uploading malicious ZIP files via the "Direct Install" tool.

2026-05-12
CVE-2026-42606
Analyzed
8.1
Unknown Multiple Products

AzuraCast is a self-hosted, all-in-one web radio management suite

2026-05-10
CVE-2026-42605
Analyzed
8.8
HP webshell to

AzuraCast is a self-hosted, all-in-one web radio management suite

2026-05-10
CVE-2026-42603
8.8
GitHub Multiple Products

OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more

2026-05-12
CVE-2026-42596
Analyzed
9.4
Docker Gotenberg

A bypass of Gotenberg's URL deny-list allows an unauthenticated attacker to force the server to make outbound requests to internal-only targets.

2026-05-15
CVE-2026-42595
8.6
Docker Multiple Products

Gotenberg is a Docker-powered stateless API for PDF files

2026-05-15
CVE-2026-42591
8.2
Docker Multiple Products

Gotenberg is a Docker-powered stateless API for PDF files

2026-05-15
CVE-2026-42590
8.2
Docker Multiple Products

Gotenberg is a Docker-powered stateless API for PDF files

2026-05-15
CVE-2026-4259
Analyzed
7.1
WordPress Ultimate WooCommerce Auction Pro

The ultimate-woocommerce-auction-pro WordPress plugin through 2

2026-06-23
CVE-2026-42589
Analyzed
9.8
Docker Gotenberg

A command injection vulnerability in the Gotenberg PDF API allows unauthenticated remote attackers to execute OS commands via malicious JSON metadata.

2026-05-15
CVE-2026-4258
Analyzed
7.5
Oracle without requiring

All versions of the package sjcl are vulnerable to Improper Verification of Cryptographic Signature due to missing point-on-curve validation in sjcl

2026-03-17
CVE-2026-42575
Analyzed
7.5
Unknown Multiple Products

apko allows users to build and publish OCI container images built from apk packages

2026-05-10
CVE-2026-42574
Analyzed
7.5
Arch Multiple Products

apko allows users to build and publish OCI container images built from apk packages

2026-05-10
CVE-2026-4257
Analyzed
9.8
WordPress is vulnerable

The Contact Form by Supsystic plugin for WordPress is vulnerable to unauthenticated Remote Code Execution via Server-Side Template Injection in the Tw...

2026-03-31
CVE-2026-42569
Analyzed
9.4
HP application to

A critical vulnerability in phpVMS allows unauthenticated access to a legacy import feature, potentially exposing application data or functionality.

2026-05-10
CVE-2026-42564
8.2
Unknown Multiple Products

jotty·page is a self-hosted app for your checklists and notes

2026-05-12
CVE-2026-42562
Analyzed
8.3
HP Multiple Products

Plainpad is a self hosted note taking app

2026-05-10
CVE-2026-42560
Analyzed
9.1
Unknown auth

A flaw in the Patreon OAuth provider mapping causes multiple distinct user accounts to be incorrectly merged into a single local identity, leading to...

2026-05-10
CVE-2026-42559
8.8
Unknown Multiple Products

RMCP is an official Rust SDK for the Model Context Protocol

2026-05-15
CVE-2026-42556
Analyzed
8.9
Unknown Multiple Products

Postiz is an AI social media scheduling tool

2026-05-09
CVE-2026-42555
Analyzed
9.1
Ritense Valtimo

The Valtimo platform is vulnerable to Remote Code Execution (RCE) via insecure Spring Expression Language (SpEL) evaluation in multiple components.

2026-05-15
CVE-2026-42550
8.8
HP Multiple Products

Flight is an extensible micro-framework for PHP

2026-05-14
CVE-2026-4254
Analyzed
9.8
Tenda AC8 up

A weakness has been identified in Tenda AC8 up to 16.03.50.11. This vulnerability affects the function doSystemCmd of the file /goform/SysToolChangePw...

2026-03-17
CVE-2026-42527
Analyzed
8.1
Apache Camel

Deserialization of Untrusted Data vulnerability in Apache Camel

2026-07-07
CVE-2026-42524
8
Jenkins HTML Publisher

Jenkins HTML Publisher Plugin 427 and earlier does not escape job name and URL in the legacy wrapper file, resulting in a stored cross-site scripting...

2026-04-30
CVE-2026-42523
Analyzed
9
Jenkins GitHub Plugin

The Jenkins GitHub Plugin contains a stored cross-site scripting (XSS) vulnerability due to improper URL processing during GitHub hook trigger validat...

2026-04-30
CVE-2026-42520
7.5
Jenkins Credentials Binding

Jenkins Credentials Binding Plugin 719

2026-04-30
CVE-2026-4252
Analyzed
9.8
Tenda AC8

A vulnerability was identified in Tenda AC8 16.03.50.11. Affected by this issue is the function check_is_ipv6 of the component IPv6 Handler. The manip...

2026-03-17
CVE-2026-42512
7.3
As Multiple Products

As dhclient is building an environment to pass to dhclient-script, it may need to resize the array of string pointers

2026-05-01