17426 Total CVEs
8726 AI Analyzed
264 CISA KEV
3526 Critical
All Vendors
Showing 3601-3650 of 17426 CVEs Page 73 of 349
CVE-2026-3976
8.8
Tenda W3

A weakness has been identified in Tenda W3 1

2026-03-12
CVE-2026-3975
8.8
Tenda W3

A security flaw has been discovered in Tenda W3 1

2026-03-12
CVE-2026-3974
8.8
Tenda W3

A vulnerability was identified in Tenda W3 1

2026-03-12
CVE-2026-3973
8.8
Tenda W3

A vulnerability was determined in Tenda W3 1

2026-03-12
CVE-2026-3972
8.8
Tenda W3

A vulnerability was found in Tenda W3 1

2026-03-12
CVE-2026-3971
8.8
Tenda i3

A vulnerability has been found in Tenda i3 1

2026-03-12
CVE-2026-3970
8.8
Tenda i3

A flaw has been found in Tenda i3 1

2026-03-12
CVE-2026-39684
7.5
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in UnTheme OrganicFood organicfo...

2026-04-10
CVE-2026-39623
7.5
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in kutethemes Biolife biolife al...

2026-04-10
CVE-2026-39621
8.8
Web Multiple Products

Cross-Site Request Forgery (CSRF) vulnerability in spicethemes SpicePress spicepress allows Upload a Web Shell to a Web Server

2026-04-10
CVE-2026-39591
Analyzed
9.9
WordPress WP-BusinessDirectory

An arbitrary file upload vulnerability exists in the WP-BusinessDirectory plugin for WordPress, allowing attackers to upload malicious files.

2026-06-16
CVE-2026-39587
Analyzed
8.1
WordPress WP BASE Booking

Unauthenticated Privilege Escalation in WP BASE Booking <= 5

2026-06-16
CVE-2026-39583
Analyzed
9.8
WordPress Ecommerce Delivery

An unauthenticated privilege escalation vulnerability exists in the Datalogics Ecommerce Delivery WordPress plugin, allowing attackers to gain adminis...

2026-06-16
CVE-2026-39581
Analyzed
8.5
WordPress WP Sessions Time Monitoring Full Automatic

Subscriber SQL Injection in WP Sessions Time Monitoring Full Automatic <= 1

2026-06-17
CVE-2026-39579
Analyzed
8.8
WordPress B Blocks

Contributor Privilege Escalation in B Blocks <= 2

2026-06-16
CVE-2026-39532
Analyzed
8.8
HP Events Calendar for GeoDirectory

Contributor PHP Object Injection in Events Calendar for GeoDirectory <= 2

2026-06-16
CVE-2026-39531
Analyzed
9.3
WordPress WP Directory Kit

The WP Directory Kit plugin for WordPress is vulnerable to Blind SQL Injection, allowing attackers to extract sensitive database information.

2026-05-22
CVE-2026-3953
8.8
Gosoft Software Multiple Products

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Gosoft Software Industry and Trade Ltd

2026-05-08
CVE-2026-39502
Analyzed
9.3
WordPress Form Maker

The Form Maker by 10Web plugin for WordPress is vulnerable to unauthenticated SQL injection, allowing attackers to extract information from the databa...

2026-06-16
CVE-2026-39493
Analyzed
9.3
Unknown Simply Schedule Appointments Plugin

An unauthenticated SQL injection vulnerability in the Simply Schedule Appointments plugin allows attackers to extract sensitive database information.

2026-06-16
CVE-2026-39492
Analyzed
9.3
WordPress WP Maps Plugin

The WP Maps plugin for WordPress is vulnerable to unauthenticated SQL injection, enabling attackers to extract sensitive information from the database...

2026-06-16
CVE-2026-39478
Analyzed
8.8
HP Anti-Malware Security and Brute-Force Firewall

Contributor PHP Object Injection in Anti-Malware Security and Brute-Force Firewall <= 4

2026-06-16
CVE-2026-39474
Analyzed
8.8
HP Post Duplicator

Contributor PHP Object Injection in Post Duplicator <= 3

2026-06-16
CVE-2026-39467
7.2
MetaSlider Responsive Multiple Products

Deserialization of Untrusted Data vulnerability in MetaSlider Responsive Slider by MetaSlider allows Object Injection

2026-04-21
CVE-2026-39462
8.1
Unknown Multiple Products

A vulnerability exists in SenseLive X3050’s web management interface in which password updates are not reliably applied due to improper handling of cr...

2026-04-24
CVE-2026-39461
Analyzed
8.8
Unknown Multiple Products

libcasper(3) communicates with helper processes via UNIX domain sockets, and uses the select(2) system call to wait for data to become available

2026-05-22
CVE-2026-39457
7.8
Unknown Multiple Products

When exchanging data over a socket, libnv uses select(2) to wait for data to arrive

2026-05-01
CVE-2026-39454
7.8
SKYSEA Multiple Products

SKYSEA Client View and SKYMEC IT Manager provided by Sky Co

2026-04-21
CVE-2026-3945
7.5
HTTP chunked Multiple Products

An integer overflow vulnerability in the HTTP chunked transfer encoding parser in tinyproxy up to and including version 1

2026-03-30
CVE-2026-39441
Analyzed
9.3
WordPress Feed KuantoKusta for WooCommerce

The Feed KuantoKusta for WooCommerce plugin contains an unauthenticated SQL injection vulnerability that allows remote attackers to manipulate databas...

2026-06-16
CVE-2026-39440
Analyzed
9.9
Funnelforms LLC Multiple Products

Improper Control of Generation of Code ('Code Injection') vulnerability in Funnelforms LLC FunnelFormsPro allows Remote Code Inclusion.This issue affe...

2026-04-24
CVE-2026-39432
8.2
Arraytics Timetics Multiple Products

Missing Authorization vulnerability in Arraytics Timetics allows Exploiting Incorrectly Configured Access Control Security Levels

2026-05-13
CVE-2026-39429
8.2
Kubernetes and container

kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads

2026-04-09
CVE-2026-39399
Analyzed
9.6
F5 Multiple Products

NuGet Gallery is a package repository that powers nuget.org. A security vulnerability exists in the NuGetGallery backend job’s handling of .nuspec fil...

2026-04-15
CVE-2026-39397
Analyzed
9.4
Delmare Digital Payload-Puck Plugin

The @delmaredigital/payload-puck plugin for PayloadCMS bypasses collection-level access controls, allowing unauthorized API access.

2026-04-08
CVE-2026-39394
8.1
Arch Multiple Products

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support

2026-04-09
CVE-2026-39393
8.1
Arch Multiple Products

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support

2026-04-09
CVE-2026-39386
8.8
Docker and uses

Neko is a a self-hosted virtual browser that runs in Docker and uses WebRTC In versions 3

2026-04-21
CVE-2026-39384
7.6
HP Multiple Products

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework

2026-04-09
CVE-2026-39376
7.5
Unknown Multiple Products

FastFeedParser is a high performance RSS, Atom and RDF parser

2026-04-09
CVE-2026-39371
8.1
Unknown Multiple Products

RedwoodSDK is a server-first React framework

2026-04-08
CVE-2026-39369
7.6
HP allowed an

WWBN AVideo is an open source video platform

2026-04-09
CVE-2026-39361
7.7
AWS IMDSv1

OpenObserve is a cloud-native observability platform

2026-04-09
CVE-2026-3936
8.8
Google Chrome on

Use after free in WebView in Google Chrome on Android prior to 146

2026-03-13
CVE-2026-39356
7.5
Unknown Multiple Products

Drizzle is a modern TypeScript ORM

2026-04-09
CVE-2026-39355
Analyzed
9.9
Microsoft to themselves

A broken access control flaw in the Genealogy PHP application allows authenticated users to transfer ownership of arbitrary non-personal team workspac...

2026-04-08
CVE-2026-39344
8.1
Unknown Multiple Products

ChurchCRM is an open-source church management system

2026-04-08
CVE-2026-39341
8.1
HP Multiple Products

ChurchCRM is an open-source church management system

2026-04-08
CVE-2026-39340
8.1
HP Multiple Products

ChurchCRM is an open-source church management system

2026-04-08
CVE-2026-39339
Analyzed
9.1
HP Multiple Products

ChurchCRM is an open-source church management system. Prior to 7.1.0, a critical authentication bypass vulnerability in ChurchCRM's API middleware (C...

2026-04-08