17426 Total CVEs
8726 AI Analyzed
264 CISA KEV
3526 Critical
All Vendors
Showing 3151-3200 of 17426 CVEs Page 64 of 349
CVE-2026-4164
Analyzed
9.8
Wavlink WL-WN578W2

Wavlink WL-WN578W2 firmware contains a command injection vulnerability in the Delete_Mac_list/SetName/GuestWifi functions, enabling remote attackers t...

2026-03-17
CVE-2026-41636
7.5
Apache Thrift Node

Uncontrolled Recursion vulnerability in Apache Thrift Node

2026-04-29
CVE-2026-41635
Analyzed
9.8
Apache MINA

Apache MINA's AbstractIoBuffer.resolveClass() contains two branches, one of them (for static classes or primitive types) does not check the class at a...

2026-04-28
CVE-2026-4163
Analyzed
9.8
Wavlink WL-WN579A3

A command injection vulnerability in the SetName/GuestWifi function of Wavlink WL-WN579A3 firmware allows remote attackers to execute arbitrary comman...

2026-03-17
CVE-2026-4162
7.1
WordPress is vulnerable

The Gravity SMTP plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2

2026-04-12
CVE-2026-41615
Analyzed
9.6
Microsoft Authenticator allows

A vulnerability in Microsoft Authenticator allows an unauthorized attacker to disclose sensitive information over the network.

2026-05-15
CVE-2026-41613
8.8
Session Multiple Products

Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network

2026-05-13
CVE-2026-41605
7.3
Apache Thrift

Integer Overflow or Wraparound vulnerability in Apache Thrift

2026-04-30
CVE-2026-41604
8.2
Apache Thrift

Out-of-bounds Read vulnerability in Apache Thrift

2026-04-29
CVE-2026-41603
7.4
Apache Thrift

Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift

2026-04-29
CVE-2026-41602
7.5
Apache Thrift TFramedTransport

Integer Overflow or Wraparound vulnerability in Apache Thrift TFramedTransport Go language implementation This issue affects Apache Thrift: before 0

2026-04-29
CVE-2026-41589
Analyzed
9.6
Charm Wish

A path traversal vulnerability in the SCP middleware of the Wish SSH server allows unauthorized file access and modification.

2026-05-08
CVE-2026-41584
7.5
Unknown Multiple Products

ZEBRA is a Zcash node written entirely in Rust

2026-05-09
CVE-2026-41583
Analyzed
9.1
Canon Multiple Products

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and prior to zebra-script version 5.0.2, after a refactoring, Zebra fail...

2026-05-09
CVE-2026-4158
7.3
Arch Path Element

KeePassXC OpenSSL Configuration Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

2026-04-12
CVE-2026-41576
7.1
HP Multiple Products

Brave CMS is an open-source CMS

2026-05-10
CVE-2026-41571
Analyzed
9.4
Note Multiple Products

Note Mark is an open-source note-taking application. In version 0.19.2, IsPasswordMatch in backend/db/models.go falls back to a hard-coded bcrypt("nul...

2026-05-05
CVE-2026-41570
7.8
HP INI settings

PHPUnit is a testing framework for PHP

2026-05-09
CVE-2026-4157
Analyzed
7.5
ChargePoint Home Flex

ChargePoint Home Flex revssh Service Command Injection Remote Code Execution Vulnerability

2026-04-12
CVE-2026-41566
Analyzed
9.4
Apache Apache Kvrocks

Apache Kvrocks version 2.8.0 contains a vulnerability involving the improper handling of permissions, which could lead to unauthorized privilege escal...

2026-06-26
CVE-2026-41564
7.5
Unknown Multiple Products

CryptX versions before 0

2026-04-24
CVE-2026-4156
Analyzed
7.5
ChargePoint Home Flex

ChargePoint Home Flex OCPP getpreq Stack-based Buffer Overflow Remote Code Execution Vulnerability

2026-04-12
CVE-2026-41551
Analyzed
9.1
Unknown Multiple Products

A vulnerability has been identified in ROS# (All versions < V2.2.2). Affected versions contain a path traversal vulnerability because user input is no...

2026-05-13
CVE-2026-4155
7.5
Infor Multiple Products

ChargePoint Home Flex Inclusion of Sensitive Information in Source Code Information Disclosure Vulnerability

2026-04-12
CVE-2026-4154
7.8
Unknown Multiple Products

GIMP XPM File Parsing Integer Overflow Remote Code Execution Vulnerability

2026-04-11
CVE-2026-4153
7.8
Unknown Multiple Products

GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

2026-04-11
CVE-2026-41524
8.7
Brave Multiple Products

Brave CMS is an open-source CMS

2026-05-09
CVE-2026-41523
Analyzed
7.5
Unknown vLLM Inference Engine

vLLM is an inference and serving engine for large language models (LLMs)

2026-06-23
CVE-2026-41520
7.9
Unknown Multiple Products

Cilium is a networking, observability, and security solution with an eBPF-based dataplane

2026-05-09
CVE-2026-4152
7.8
Unknown Multiple Products

GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

2026-04-11
CVE-2026-41512
Analyzed
9.9
NVIDIA garak

ai-scanner is an AI model safety scanner built on NVIDIA garak. From version 1.0.0 to before version 1.4.1, there is a remote code execution vulnerabi...

2026-05-09
CVE-2026-4151
7.8
Unknown Multiple Products

GIMP ANI File Parsing Integer Overflow Remote Code Execution Vulnerability

2026-04-11
CVE-2026-41507
Analyzed
9.8
Unknown math-codegen

The math-codegen library is vulnerable to RCE because it injects unsanitized string literals into a new Function body.

2026-05-09
CVE-2026-41505
8.7
Unknown Multiple Products

RELATE is a web-based courseware package

2026-05-08
CVE-2026-41501
Analyzed
9.8
Linux electerm

A command injection vulnerability exists in electerm prior to version 3.3.8, where remote version strings are unsafely passed to system commands.

2026-05-08
CVE-2026-41500
Analyzed
9.8
GitHub Electerm

A command injection vulnerability in Electerm allows attackers to execute arbitrary code by supplying a malicious release name.

2026-05-08
CVE-2026-4150
7.8
Unknown Multiple Products

GIMP PSD File Parsing Integer Overflow Remote Code Execution Vulnerability

2026-04-11
CVE-2026-41497
Analyzed
9.8
Microsoft system

PraisonAI fails to validate commands in parse_mcp_command(), allowing unauthenticated attackers to execute arbitrary system commands via subprocesses.

2026-05-09
CVE-2026-41496
8.1
Microsoft system

PraisonAI is a multi-agent teams system

2026-05-09
CVE-2026-41492
Analyzed
9.8
Unknown Multiple Products

Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, Dgraphl exposes the process command line through the unauthenticated /debug/va...

2026-04-25
CVE-2026-41491
8.1
Unknown Multiple Products

Dapr is a portable, event-driven, runtime for building distributed applications across cloud and edge

2026-05-09
CVE-2026-41490
8.3
Delta Multiple Products

Dagster is an orchestration platform for the development, production, and observation of data assets

2026-05-08
CVE-2026-4149
Analyzed
10
Sonos Era Era 300

The Sonos Era 300 is vulnerable to remote code execution due to an out-of-bounds memory access issue within SMB response handling.

2026-04-11
CVE-2026-41489
8.8
Unknown Multiple Products

Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software

2026-05-12
CVE-2026-41485
7.7
Microsoft Multiple Products

Kyverno is a policy engine designed for cloud native platform engineering teams

2026-04-24
CVE-2026-4148
8.8
Unknown Multiple Products

A use-after-free vulnerability can be triggered in sharded clusters by an authenticated user with the read role who issues a specially crafted $lookup...

2026-03-18
CVE-2026-41478
Analyzed
9.9
Saltcorn Multiple Products

Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.6, 1.5.6, and 1.6.0-beta.5, a SQL injection vulnerability i...

2026-04-25
CVE-2026-41477
Analyzed
7.8
Unknown Multiple Products

Deskflow is a keyboard and mouse sharing app

2026-04-25
CVE-2026-41471
7.5
WordPress versions

Easy PayPal Events & Tickets plugin for WordPress versions 1

2026-05-05
CVE-2026-41468
8.7
Unknown Multiple Products

Beghelli Sicuro24 SicuroWeb embeds AngularJS 1

2026-04-23