17426 Total CVEs
8726 AI Analyzed
264 CISA KEV
3526 Critical
All Vendors
Showing 3301-3350 of 17426 CVEs Page 67 of 349
CVE-2026-4111
7.5
Arch Multiple Products

A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path

2026-03-14
CVE-2026-41109
8.8
GitHub Copilot and

Improper neutralization of special elements in output used by a downstream component ('injection') in GitHub Copilot and Visual Studio allows an unaut...

2026-05-13
CVE-2026-41106
Analyzed
9.3
Microsoft Microsoft 365 Copilot

An open redirect vulnerability in Microsoft 365 Copilot could be leveraged by an unauthorized attacker to facilitate privilege escalation over a netwo...

2026-07-03
CVE-2026-41105
8.1
Microsoft Notification Service

Server-side request forgery (ssrf) in Azure Notification Service allows an authorized attacker to elevate privileges over a network

2026-05-08
CVE-2026-41103
Analyzed
9.1
Microsoft SSO Plugin

Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized attacker to elevate priv...

2026-05-13
CVE-2026-41096
Analyzed
9.8
Microsoft Windows DNS

Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network.

2026-05-13
CVE-2026-41094
8.8
Microsoft Data Formulator

Improper control of generation of code ('code injection') in Microsoft Data Formulator allows an unauthorized attacker to execute code over a network

2026-05-13
CVE-2026-41091
KEV
7.8
Microsoft Defender allows

Improper link resolution before file access ('link following') in Microsoft Defender allows an authorized attacker to elevate privileges locally

2026-05-21
CVE-2026-41089
Analyzed
9.8
Microsoft Windows Netlogon

A stack-based buffer overflow in the Windows Netlogon service allows an unauthorized attacker to execute arbitrary code over the network.

2026-05-13
CVE-2026-41086
8.8
Microsoft Multiple Products

Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network

2026-05-13
CVE-2026-41085
Analyzed
8.8
Thermo Multiple Products

Thermo Fisher Scientific Torrent Suite Dx through 5

2026-05-19
CVE-2026-41082
7.3
Unknown Multiple Products

In OCaml opam before 2

2026-04-17
CVE-2026-4108
7.3
Microsoft Exchange Reporter

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Non-Owner Mailbox Permission report

2026-04-05
CVE-2026-41075
Analyzed
8.8
Best Practical Request Tracker (RT)

RT is an open source, enterprise-grade issue and ticket tracking system

2026-05-27
CVE-2026-41070
Analyzed
10
Linux Multiple Products

openvpn-auth-oauth2 is a plugin/management interface client for OpenVPN server to handle an OIDC based single sign-on (SSO) auth flows. From version 1...

2026-05-09
CVE-2026-4107
7.3
Microsoft Exchange Reporter

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Folder Message Count and Size report

2026-04-05
CVE-2026-41068
7.7
Microsoft Multiple Products

Kyverno is a policy engine designed for cloud native platform engineering teams

2026-04-24
CVE-2026-41066
Analyzed
7.5
Unknown Multiple Products

lxml is a library for processing XML and HTML in the Python language

2026-04-25
CVE-2026-41064
Analyzed
9.3
HP Multiple Products

WWBN AVideo is an open source video platform. In versions up to and including 29.0, an incomplete fix for AVideo's `test.php` adds `escapeshellarg` fo...

2026-04-22
CVE-2026-41060
7.7
HP Multiple Products

WWBN AVideo is an open source video platform

2026-04-22
CVE-2026-41059
8.2
Unknown Multiple Products

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers

2026-04-22
CVE-2026-41058
8.1
Unknown Multiple Products

WWBN AVideo is an open source video platform

2026-04-22
CVE-2026-41056
8.1
HP Multiple Products

WWBN AVideo is an open source video platform

2026-04-22
CVE-2026-41055
8.6
Unknown Multiple Products

WWBN AVideo is an open source video platform

2026-04-22
CVE-2026-41054
Analyzed
7.8
Unknown Multiple Products

In `src/havegecmd

2026-05-21
CVE-2026-41053
Analyzed
8.8
GitHub Rancher

Incorrect authentication caching in the team member ship expansion of the Rancher Github authentication provider caused it granting principal access t...

2026-07-01
CVE-2026-41052
Analyzed
9.4
Kubernetes Rancher

Improper privilege handling in SUSE Rancher allows authenticated users with the Project Owner role to escalate their privileges within the cluster.

2026-06-30
CVE-2026-41050
Analyzed
9.9
Kubernetes Fleet

The Fleet Helm deployer improperly handles ServiceAccount impersonation, allowing unauthorized access to secrets across Kubernetes namespaces.

2026-05-14
CVE-2026-41049
Analyzed
8.4
Unknown qSnapper dbus service

Incorrect caching of authentication between different users of the  qSnapper dbus service before version 1

2026-06-23
CVE-2026-41048
Analyzed
8.4
Unknown qSnapper

Incorrect caching of authentication between different polkit methods in qSnapper before version 1

2026-06-23
CVE-2026-41046
Analyzed
7.3
Unknown qSnapper

A path traversal attack when using a "configName" parameter in qSnapper before version 1

2026-06-23
CVE-2026-41045
Analyzed
8.1
Unknown qSnapper

A time-to-check-time-of-use in polkit authentication of qSnapper before version 1

2026-06-23
CVE-2026-41044
Analyzed
8.8
Apache ActiveMQ

Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ, Apache ActiveMQ Broker, Apache...

2026-04-25
CVE-2026-41040
7.5
Unknown Multiple Products

GROWI provided by GROWI, Inc

2026-04-24
CVE-2026-4104
Analyzed
9.8
Unknown TeknoPass

An authorization bypass via SQL injection in TeknoPass allows unauthenticated attackers to execute arbitrary SQL commands and manipulate data.

2026-06-05
CVE-2026-41035
7.4
Linux platforms are

In rsync 3

2026-04-17
CVE-2026-41031
Analyzed
8.7
Vinna Process Monitor

A Stored Cross-Site Scripting vulnerability in Vinna Process Monitor Version 4

2026-06-11
CVE-2026-41015
7.4
Unknown Multiple Products

radare2 before 9236f44, when configured on UNIX without SSL, allows command injection via a PDB name to rabin2 -PP

2026-04-17
CVE-2026-4101
8.1
IBM Verify Identity

IBM Verify Identity Access Container 11

2026-04-02
CVE-2026-4100
7.1
WordPress is vulnerable

The Paid Memberships Pro plugin for WordPress is vulnerable to unauthorized modification and disruption of Stripe webhook configuration in all version...

2026-05-04
CVE-2026-40999
Analyzed
8.6
Spring Spring WS

When WS-Addressing is used with non-anonymous ReplyTo or FaultTo addresses, Spring WS may initiate outbound connections through configured WebServiceM...

2026-06-11
CVE-2026-40998
Analyzed
8.2
Spring Web Services

Jaxp13XPathTemplate evaluated XPath expressions for StreamSource and SAXSource inputs using a code path that parsed attacker-controlled XML with the J...

2026-06-12
CVE-2026-40994
Analyzed
8.2
Spring Web Services

Wss4jSecurityInterceptor initialized its BSP (WS-I Basic Security Profile) compliance flag so that inbound validation disabled WSS4J BSP enforcement o...

2026-06-12
CVE-2026-40982
Analyzed
9.1
Spring Cloud Config Server

Spring Cloud Config allows directory traversal via specially crafted URLs, enabling unauthorized access to arbitrary files.

2026-05-07
CVE-2026-40978
8.8
Spring Multiple Products

SQL injection vulnerability in Spring AI's `CosmosDBVectorStore` allows attackers to execute arbitrary SQL queries via crafted document IDs

2026-04-29
CVE-2026-40976
Analyzed
9.1
Unknown Multiple Products

In certain circumstances, Spring Boot's default web security is ineffective allowing unauthorized access to all endpoints. For an application to be vu...

2026-04-28
CVE-2026-40972
7.5
Infor Multiple Products

An attacker on the same network as the remote application may be able to utilize a timing attack to discover information about the remote secret

2026-04-28
CVE-2026-40967
8.6
Unknown Multiple Products

In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query la...

2026-04-28
CVE-2026-40965
Analyzed
10
Cloud Foundry UAA (User Account and Authentication)

Cloud Foundry UAA inadvertently exposes private EC keys via the public /token_keys endpoint, threatening JWT integrity.

2026-06-02
CVE-2026-40960
8.1
Luanti Multiple Products

Luanti 5 before 5

2026-04-16