17426 Total CVEs
8726 AI Analyzed
264 CISA KEV
3526 Critical
All Vendors
Showing 3551-3600 of 17426 CVEs Page 72 of 349
CVE-2026-40035
Analyzed
9.1
Infor Unfurl

Unfurl contains an improper input validation vulnerability in configuration parsing that enables Flask debug mode by default, potentially leading to r...

2026-04-09
CVE-2026-40033
Analyzed
8.8
FreeRDP FreeRDP

FreeRDP before 3

2026-05-27
CVE-2026-40032
7.8
Unknown Multiple Products

UAC (Unix-like Artifacts Collector) before 3

2026-04-09
CVE-2026-40031
7.8
IBM Multiple Products

MemProcFS before 5

2026-04-09
CVE-2026-40030
7.8
Unknown Multiple Products

parseusbs before 1

2026-04-09
CVE-2026-4003
Analyzed
9.8
WordPress is vulnerable

The Users manager – PN WordPress plugin contains a privilege escalation flaw allowing unauthenticated attackers to modify arbitrary user metadata.

2026-04-08
CVE-2026-40029
7.8
Unknown Multiple Products

parseusbs before 1

2026-04-09
CVE-2026-40022
8.2
Apache Camel embedded

When authentication is enabled on the Apache Camel embedded HTTP server or embedded management server (camel-platform-http-main) and a non-root contex...

2026-04-28
CVE-2026-40010
Analyzed
9.1
Apache Wicket

Apache Wicket fails to invoke the changeSessionId method after session binding, exposing the application to session fixation attacks.

2026-05-07
CVE-2026-4001
Analyzed
9.8
HP is vulnerable

The Woocommerce Custom Product Addons Pro plugin for WordPress is vulnerable to unauthenticated Remote Code Execution (RCE) via the PHP eval() functio...

2026-03-24
CVE-2026-3999
Analyzed
8.8
Unknown Multiple Products

A broken access control may allow an authenticated user to perform a horizontal privilege escalation

2026-06-09
CVE-2026-39987
KEV
9.5
Marimo Marimo

Marimo Remote Code Execution Vulnerability - Active in CISA KEV catalog.

2026-04-24
CVE-2026-39983
8.6
FTP Multiple Products

basic-ftp is an FTP client for Node

2026-04-10
CVE-2026-39981
8.8
Unknown Multiple Products

AGiXT is a dynamic AI Agent Automation Platform

2026-04-10
CVE-2026-39980
Analyzed
9.1
Intel OpenCTI

OpenCTI prior to 6.9.5 contains an EJS template injection vulnerability allowing authenticated users with Manage customization capabilities to execute...

2026-04-10
CVE-2026-39974
Analyzed
8.5
Oracle Multiple Products

n8n-MCP is a Model Context Protocol (MCP) server that provides AI assistants with comprehensive access to n8n node documentation, properties, and oper...

2026-04-10
CVE-2026-39973
7.1
Google Multiple Products

Apktool is a tool for reverse engineering Android APK files

2026-04-21
CVE-2026-39955
Analyzed
9.8
HP Cacti

The Cacti performance management framework is vulnerable to a pre-authentication SQL injection via an improperly validated input parameter in graph_vi...

2026-06-25
CVE-2026-39948
Analyzed
9.3
HP Cacti

An SQL injection vulnerability in Cacti allows unauthenticated attackers to execute arbitrary database commands via the rfilter parameter in graph_vie...

2026-06-25
CVE-2026-39942
8.5
Unknown Multiple Products

Directus is a real-time API and App dashboard for managing SQL database content

2026-04-10
CVE-2026-39938
Analyzed
9.8
Cacti Cacti

Cacti versions 1.2.30 and prior contain an unauthenticated Local File Inclusion (LFI) vulnerability via the graph_theme parameter, potentially allowin...

2026-06-25
CVE-2026-39920
Analyzed
9.8
Apache Multiple Products

BridgeHead FileStore versions prior to 24A (released in early 2024) expose the Apache Axis2 administration module on network-accessible endpoints with...

2026-04-25
CVE-2026-39918
Analyzed
9.8
HP configuration file

Vvveb prior to 1.0.8.1 contains a code injection vulnerability in the installation endpoint where the subdir POST parameter is written unsanitized int...

2026-04-21
CVE-2026-39912
Analyzed
9.1
V2Board Multiple Products

V2Board 1.6.1 through 1.7.4 and Xboard through 0.1.9 expose authentication tokens in HTTP response bodies of the loginWithMailLink endpoint when the l...

2026-04-10
CVE-2026-39911
8.8
Unknown Multiple Products

Hashgraph Guardian through version 3

2026-04-10
CVE-2026-39910
Analyzed
9.8
STACKIT IaaS API

A missing authorization check in the STACKIT IaaS API allows low-privileged users to escalate privileges to full organization compromise.

2026-06-09
CVE-2026-3991
7.8
Microsoft Data Loss

Symantec Data Loss Prevention Windows Endpoint, prior to 25

2026-03-31
CVE-2026-39893
Analyzed
9.8
Cacti Cacti

A SQL injection vulnerability exists in Cacti versions 1.2.30 and prior, where the rfilter parameter is unsafely concatenated into an RLIKE clause, re...

2026-06-25
CVE-2026-39891
8.8
Microsoft system

PraisonAI is a multi-agent teams system

2026-04-09
CVE-2026-39890
Analyzed
9.8
Microsoft system

PraisonAI versions prior to 4.5.115 are vulnerable to RCE via insecure YAML parsing, allowing execution of arbitrary JavaScript.

2026-04-09
CVE-2026-39889
7.5
Microsoft system

PraisonAI is a multi-agent teams system

2026-04-10
CVE-2026-39888
Analyzed
9.9
Microsoft system

PraisonAI versions prior to 1.5.115 contain a sandbox escape vulnerability in its Python code execution tool, allowing arbitrary code execution.

2026-04-09
CVE-2026-39885
7.5
Unknown Multiple Products

FrontMCP is a TypeScript-first framework for the Model Context Protocol (MCP)

2026-04-10
CVE-2026-39884
8.3
Kubernetes is

mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management

2026-04-16
CVE-2026-39863
7.5
Signaling Multiple Products

Kamailio is an open source implementation of a SIP Signaling Server

2026-04-10
CVE-2026-39860
Analyzed
9
Linux and other

A symlink following vulnerability in the Nix package manager allows users to overwrite files and escalate privileges to root in multi-user installatio...

2026-04-09
CVE-2026-39853
7.8
MSI Multiple Products

osslsigncode is a tool that implements Authenticode signing and timestamping

2026-04-10
CVE-2026-39850
Analyzed
7.4
HP application framework

Yii 2 is a PHP application framework

2026-05-22
CVE-2026-3985
Analyzed
7.5
WordPress is vulnerable

The Creative Mail – Easier WordPress & WooCommerce Email Marketing plugin for WordPress is vulnerable to SQL Injection via the 'checkout_uuid' paramet...

2026-05-20
CVE-2026-39847
Analyzed
9.1
Emmett Emmett

The Emmett web framework is vulnerable to path traversal attacks via the RSGI static handler, allowing unauthorized access to arbitrary files.

2026-04-08
CVE-2026-39846
Analyzed
9
SiYuan SiYuan Desktop Client

SiYuan personal knowledge management system is vulnerable to stored XSS, which can lead to remote code execution in the Electron desktop client.

2026-04-08
CVE-2026-39843
7.7
Unknown Multiple Products

Plane is an an open-source project management tool

2026-04-10
CVE-2026-39842
Analyzed
9.9
Unknown Multiple Products

OpenRemote is an open-source IoT platform. Versions 1.21.0 and below contain two interrelated expression injection vulnerabilities in the rules engine...

2026-04-16
CVE-2026-39836
7.5
Microsoft Multiple Products

The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0)

2026-05-09
CVE-2026-39820
7.5
Unknown Multiple Products

Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations

2026-05-09
CVE-2026-39816
8.8
Apache NiFi

The optional extension component TinkerpopClientService is missing the Restricted annotation with the Execute Code Required Permission in Apache NiFi...

2026-05-09
CVE-2026-39815
8.8
Fortinet FortiDDoS

A improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiDDoS-F 7

2026-04-15
CVE-2026-39813
Analyzed
9.8
Fortinet FortiSandbox

A path traversal vulnerability in Fortinet FortiSandbox allows unauthenticated attackers to achieve privilege escalation via crafted file paths.

2026-04-15
CVE-2026-39808
Analyzed
9.8
Fortinet FortiSandbox

A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4....

2026-04-15
CVE-2026-3978
8.8
D-Link DIR

A vulnerability was detected in D-Link DIR-513 1

2026-03-12