17426 Total CVEs
8726 AI Analyzed
264 CISA KEV
3526 Critical
All Vendors
Showing 3401-3450 of 17426 CVEs Page 69 of 349
CVE-2026-4062
7.5
WordPress is vulnerable

The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'object_ids' and 'exclude_object_ids' parameters in all versions...

2026-05-03
CVE-2026-40613
7.5
STUN Multiple Products

Coturn is a free open source implementation of TURN and STUN Server

2026-04-22
CVE-2026-40611
8.8
Encrypt Multiple Products

Let's Encrypt client and ACME library written in Go (Lego)

2026-04-22
CVE-2026-4061
7.5
WordPress is vulnerable

The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'map_post_type' parameter in all versions up to, and including,...

2026-05-03
CVE-2026-40601
Analyzed
7.5
Chartbrew Chartbrew

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts

2026-05-01
CVE-2026-40600
Analyzed
8.1
Chartbrew Chartbrew

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts

2026-05-01
CVE-2026-4060
7.5
WordPress is vulnerable

The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'sort' parameter in all versions up to, and including, 1

2026-05-03
CVE-2026-40595
Analyzed
7.5
Intel Chartbrew

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts

2026-05-01
CVE-2026-40589
7.6
Unknown Multiple Products

FreeScout is a free self-hosted help desk and shared mailbox

2026-04-22
CVE-2026-40588
8.1
Unreal Multiple Products

blueprintUE is a tool to help Unreal Engine developers

2026-04-22
CVE-2026-40586
7.5
Unreal Multiple Products

blueprintUE is a tool to help Unreal Engine developers

2026-04-22
CVE-2026-40581
8.1
HP Multiple Products

ChurchCRM is an open-source church management system

2026-04-18
CVE-2026-40576
Analyzed
9.4
AWS excel-mcp-server

A path traversal vulnerability in excel-mcp-server allows unauthenticated remote attackers to read, write, and overwrite arbitrary files on the host f...

2026-04-22
CVE-2026-40575
Analyzed
9.1
Nginx and not

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 may trust a client-supplied `X-Forw...

2026-04-22
CVE-2026-40572
Analyzed
9
Unknown Multiple Products

NovumOS is a custom 32-bit operating system written in Zig and x86 Assembly. In versions prior to 0.24, Syscall 15 (MemoryMapRange) allows Ring 3 user...

2026-04-18
CVE-2026-40569
Analyzed
9
HP Multiple Products

FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a mass assignment vulnerability in the mailbox connection...

2026-04-22
CVE-2026-40568
8.5
HP Multiple Products

FreeScout is a free self-hosted help desk and shared mailbox

2026-04-22
CVE-2026-40563
7.1
Apache endpoint that

Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Atlas Apache Atlas exposes a DSL search endpoint that a...

2026-05-05
CVE-2026-40560
7.5
Unknown Multiple Products

Starman versions before 0

2026-04-30
CVE-2026-40527
7.8
Unknown Multiple Products

radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command path where crafted ELF binaries can embed malicio...

2026-04-18
CVE-2026-40525
Analyzed
9.1
OpenViking Multiple Products

OpenViking prior to commit c7bb167 contains an authentication bypass vulnerability in the VikingBot OpenAPI HTTP route surface where the authenticatio...

2026-04-18
CVE-2026-40524
Analyzed
8.1
FrontAccounting FrontAccounting

FrontAccounting before 2

2026-06-30
CVE-2026-40523
Analyzed
8.1
FrontAccounting FrontAccounting

FrontAccounting before 2

2026-06-30
CVE-2026-40522
Analyzed
7.1
FrontAccounting FrontAccounting

FrontAccounting before 2

2026-06-30
CVE-2026-40521
Analyzed
8.8
FrontAccounting FrontAccounting

FrontAccounting before 2

2026-06-30
CVE-2026-40518
7.1
Unknown Multiple Products

ByteDance DeerFlow before commit 2176b2b contains a path traversal and arbitrary file write vulnerability in bootstrap-mode custom-agent creation wher...

2026-04-18
CVE-2026-40517
7.8
Unknown Multiple Products

radare2 prior to 6

2026-04-23
CVE-2026-40516
8.3
Arch tools that

OpenHarness before commit bd4df81 contains a server-side request forgery vulnerability in the web_fetch and web_search tools that allows attackers to...

2026-04-18
CVE-2026-40515
7.5
OpenHarness Multiple Products

OpenHarness before commit bd4df81 contains a permission bypass vulnerability that allows attackers to read sensitive files by exploiting incomplete pa...

2026-04-18
CVE-2026-40504
Analyzed
9.8
Creolabs Gravity Multiple Products

Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravity_vm_exec function that allows attackers to write out-of-boun...

2026-04-16
CVE-2026-40502
8.8
Unknown Multiple Products

OpenHarness prior to commit dd1d235 contains a command injection vulnerability that allows remote gateway users with chat access to invoke sensitive a...

2026-04-16
CVE-2026-40497
8.1
F5 Multiple Products

FreeScout is a free self-hosted help desk and shared mailbox

2026-04-21
CVE-2026-40494
Analyzed
9.8
Unknown Multiple Products

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 45d48d1f2e8e0d7...

2026-04-18
CVE-2026-40493
Analyzed
9.8
Unknown Multiple Products

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit c930284445ea3ff...

2026-04-18
CVE-2026-40492
Analyzed
9.8
Unknown Multiple Products

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 36aa5c7ec8a2bb3...

2026-04-18
CVE-2026-40487
8.9
Nginx with

Postiz is an AI social media scheduling tool

2026-04-18
CVE-2026-40484
Analyzed
9.1
HP Multiple Products

ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the database backup restore functionality extracts uploaded archive...

2026-04-18
CVE-2026-4048
8.4
Unknown ADC Products

OS Command Injection Remote Code Execution Vulnerability in UI in Progress ADC Products allows an authenticated attacker with “All” permissions to exe...

2026-04-21
CVE-2026-40478
Analyzed
9
Unknown Multiple Products

Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulner...

2026-04-18
CVE-2026-40477
Analyzed
9
Unknown Multiple Products

Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulner...

2026-04-18
CVE-2026-40474
7.6
Unknown Multiple Products

wger is a free, open-source workout and fitness manager

2026-04-18
CVE-2026-40473
8.8
Apache Camel

The camel-mina component's MinaConverter

2026-04-28
CVE-2026-40472
Analyzed
9.9
Haskell hackage-server

The hackage-server application fails to sanitize user-controlled metadata from .cabal files, leading to a stored Cross-Site Scripting (XSS) vulnerabil...

2026-04-24
CVE-2026-40471
Analyzed
9.6
Unknown Multiple Products

hackage-server lacked Cross-Site Request Forgery (CSRF) protection across its endpoints. Scripts on foreign sites could trigger requests to hackage se...

2026-04-24
CVE-2026-40470
Analyzed
9.9
Haskell.org Hackage Server

A Cross-Site Scripting (XSS) vulnerability in the Hackage server allows an attacker to hijack user sessions by serving malicious JavaScript via upload...

2026-04-24
CVE-2026-40466
8.8
Apache ActiveMQ Broker

Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apa...

2026-04-25
CVE-2026-40461
7.5
Anviz Multiple Products

Anviz CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modify debug settings (e

2026-04-18
CVE-2026-4046
Analyzed
7.5
IBM C Library (glibc)

The iconv() function in the GNU C Library versions 2

2026-03-31
CVE-2026-40453
Analyzed
9.9
Google Camel

Improper header filtering in Apache Camel allows attackers to inject case-variant headers, leading to remote code execution and arbitrary file writes.

2026-04-28
CVE-2026-40436
7.1
ZTE Multiple Products

The ZTE ZXEDM iEMS product has a password reset vulnerability for any user

2026-04-13