17426 Total CVEs
8726 AI Analyzed
264 CISA KEV
3526 Critical
All Vendors
Showing 3351-3400 of 17426 CVEs Page 68 of 349
CVE-2026-40959
Analyzed
9.3
Luanti Multiple Products

Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod.

2026-04-16
CVE-2026-4094
8.1
WordPress is vulnerable

The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability chec...

2026-05-16
CVE-2026-40938
7.5
Tekton Multiple Products

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines

2026-04-23
CVE-2026-40937
8.3
Unknown Multiple Products

RustFS is a distributed object storage system built in Rust

2026-04-23
CVE-2026-40933
Analyzed
9.9
Flowise Flowise

Flowise prior to 3.1.0 is vulnerable to OS command injection due to unsafe serialization of stdio commands in the MCP adapter, allowing authenticated...

2026-04-22
CVE-2026-40931
8.4
Unknown Multiple Products

Compressing is a compressing and uncompressing lib for node

2026-04-22
CVE-2026-40925
8.3
F5 Multiple Products

WWBN AVideo is an open source video platform

2026-04-22
CVE-2026-40912
8.2
Traefik Multiple Products

Traefik is an HTTP reverse proxy and load balancer

2026-05-02
CVE-2026-40911
Analyzed
10
WWBN AVideo

A WebSocket-based cross-site scripting (XSS) vulnerability in the AVideo YPTSocket plugin allows unauthenticated attackers to achieve universal accoun...

2026-04-22
CVE-2026-40909
8.7
HP Multiple Products

WWBN AVideo is an open source video platform

2026-04-22
CVE-2026-40906
Analyzed
9.9
PostgreSQL database through

ElectricSQL is vulnerable to error-based SQL injection via the /v1/shape API, allowing authenticated users to read, modify, or destroy database conten...

2026-04-22
CVE-2026-40905
8.1
Arch Multiple Products

LinkAce is a self-hosted archive to collect website links

2026-04-22
CVE-2026-40904
Analyzed
8.1
Chartbrew Chartbrew

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts

2026-05-01
CVE-2026-40903
Analyzed
9.1
GitHub goshs

The goshs SimpleHTTPServer is affected by an ArtiPACKED vulnerability that can lead to the unauthorized leakage of GITHUB_TOKEN credentials via workfl...

2026-04-22
CVE-2026-40897
Analyzed
8.8
Unknown Multiple Products

Math

2026-04-25
CVE-2026-40893
8.2
Docker Multiple Products

Gotenberg is a Docker-powered stateless API for PDF files

2026-05-15
CVE-2026-40890
7.5
GitHub Multiple Products

The package `github

2026-04-22
CVE-2026-40887
Analyzed
9.1
PostgreSQL Vendure

An unauthenticated SQL injection vulnerability in the Vendure Shop API allows remote attackers to execute arbitrary SQL commands against the backend d...

2026-04-22
CVE-2026-40886
7.7
Kubernetes Multiple Products

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes

2026-04-24
CVE-2026-40884
Analyzed
9.8
Unknown goshs

An SFTP authentication bypass in goshs allows unauthenticated network attackers to access files without a password when specific configurations are us...

2026-04-22
CVE-2026-40882
7.6
Unknown Multiple Products

OpenRemote is an open-source internet-of-things platform

2026-04-23
CVE-2026-40879
7.5
Unknown Multiple Products

Nest is a framework for building scalable Node

2026-04-22
CVE-2026-40870
7.5
Unknown Multiple Products

Decidim is a participatory democracy framework

2026-04-22
CVE-2026-40869
7.5
Unknown Multiple Products

Decidim is a participatory democracy framework

2026-04-22
CVE-2026-40868
8.1
Microsoft Multiple Products

Kyverno is a policy engine designed for cloud native platform engineering teams

2026-04-22
CVE-2026-40860
Analyzed
9.8
Apache Camel

JmsBinding.extractBodyFromJms() in camel-jms, and the equivalent JmsBinding class in camel-sjms, deserialized the payload of incoming JMS ObjectMessag...

2026-04-28
CVE-2026-40859
Analyzed
8.1
Apache Camel

Deserialization of Untrusted Data vulnerability in Apache Camel

2026-07-07
CVE-2026-40858
8.8
Apache Camel

The camel-infinispan component's ProtoStream-based remote aggregation repository deserializes data read from a remote Infinispan cache using java

2026-04-28
CVE-2026-40851
Analyzed
8.4
Unknown Multiple Products

A local attacker can perform a confusion attack on the cfgparser via a specially crafted file on an USB stick leading to code execution

2026-05-29
CVE-2026-40797
Analyzed
9.3
Saleswonder LLC Multiple Products

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saleswonder LLC WebinarIgnition allows Blind SQL...

2026-05-05
CVE-2026-40784
8.1
Mahmudul Hasan Arif Multiple Products

Authorization Bypass Through User-Controlled Key vulnerability in Mahmudul Hasan Arif FluentBoards fluent-boards allows Exploiting Incorrectly Configu...

2026-04-16
CVE-2026-40772
Analyzed
10
WordPress GeekyBot Plugin

The GeekyBot WordPress plugin is susceptible to an unauthenticated arbitrary file upload vulnerability, which can lead to remote code execution.

2026-06-16
CVE-2026-40769
Analyzed
8.6
Divi Contact Form Extender for Divi

Unauthenticated Arbitrary File Deletion in Contact Form Extender for Divi &#8211; Save Entries, File Upload &amp; Country Code Field <= 1

2026-06-16
CVE-2026-40766
Analyzed
8.5
StylemixThemes MasterStudy LMS

Subscriber SQL Injection in MasterStudy LMS <= 3

2026-06-16
CVE-2026-40764
8.1
Syed Balkhi Contact Multiple Products

Cross-Site Request Forgery (CSRF) vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Cross Site Request Forgery

2026-04-16
CVE-2026-40750
Analyzed
9.9
Unknown Kids Online Store

An unrestricted file upload vulnerability in themagnifico52 Kids Online Store allows attackers to upload and execute a web shell.

2026-06-17
CVE-2026-40745
7.6
Unknown Multiple Products

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bdthemes Element Pack Elementor Addons bdthemes-...

2026-04-17
CVE-2026-40744
8.5
Beaver Builder Beaver Multiple Products

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Beaver Builder Beaver Builder beaver-builder-lit...

2026-04-17
CVE-2026-40711
Analyzed
8
Dell Container Storage Modules (CSI PowerStore)

Dell Dell Container Storage Modules, version(s) csi-powerstore v2

2026-06-27
CVE-2026-40706
8.4
Unknown Multiple Products

In NTFS-3G 2022

2026-04-22
CVE-2026-40702
Analyzed
9.4
EVoke EVoke CSMS

The EVoke CSMS platform contains a critical vulnerability where WebSocket endpoints lack authentication, allowing attackers to impersonate charging st...

2026-06-26
CVE-2026-40698
8.7
Unknown Multiple Products

A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Resource Administrator role ca...

2026-05-14
CVE-2026-4064
8.3
Universal Multiple Products

Missing authorization checks on multiple gRPC service endpoints in PowerShell Universal before 2026

2026-03-18
CVE-2026-40636
Analyzed
9.8
Dell ECS versions

Dell ECS and ObjectScale contain a hard-coded credentials vulnerability, enabling local attackers to gain unauthorized filesystem access.

2026-05-12
CVE-2026-40631
8.7
Unknown Multiple Products

An authenticated attacker with the Resource Administrator or Administrator role can modify configuration objects through iControl SOAP resulting in pr...

2026-05-14
CVE-2026-40630
Analyzed
9.8
SenseLive X3050 Multiple Products

A vulnerability in  SenseLive X3050’s web management interface allows unauthorized access to certain configuration endpoints due to improper access...

2026-04-24
CVE-2026-40624
Analyzed
9.8
AVer PTC500S, PTC115, PTC500+, and PTC115+ Cameras

Improper input validation in AVer PTC series cameras allows remote, unauthenticated attackers to execute arbitrary code via crafted web requests.

2026-06-20
CVE-2026-40623
8.1
SenseLive Multiple Products

A vulnerability in SenseLive X3050's web management interface allows critical system and network configuration parameters to be modified without suffi...

2026-04-24
CVE-2026-40621
Analyzed
9.8
ELECOM Wireless LAN Access Point

Certain ELECOM wireless LAN access points contain an authentication bypass vulnerability, allowing unauthenticated access to specific web URLs.

2026-05-14
CVE-2026-40620
Analyzed
9.8
SenseLive X3050 Multiple Products

A vulnerability in SenseLive X3050’s embedded management service allows full administrative control to be established without any form of authenticati...

2026-04-24