17426 Total CVEs
8726 AI Analyzed
264 CISA KEV
3526 Critical
All Vendors
Showing 4151-4200 of 17426 CVEs Page 84 of 349
CVE-2026-34621
KEV Analyzed
9.6
Adobe Acrobat Reader

Adobe Acrobat Reader is vulnerable to prototype pollution, which can result in arbitrary code execution when a victim opens a malicious file.

2026-04-11
CVE-2026-34617
8.7
Adobe Connect versions

Adobe Connect versions 2025

2026-04-15
CVE-2026-34615
Analyzed
9.3
Adobe Connect versions

Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code...

2026-04-15
CVE-2026-34612
Analyzed
9.9
Docker Kestra

A SQL Injection vulnerability in Kestra's flow search endpoint allows authenticated users to execute arbitrary OS commands on the host via PostgreSQL'...

2026-04-04
CVE-2026-3461
Analyzed
9.8
WordPress is vulnerable

The Visa Acceptance Solutions plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.1.0. This is due to...

2026-04-16
CVE-2026-34607
7.2
Arch Multiple Products

Emlog is an open source website building system

2026-04-05
CVE-2026-34601
Analyzed
7.5
DOM Multiple Products

xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module

2026-04-03
CVE-2026-34599
Analyzed
8.8
CoolLabs Coolify

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases

2026-07-07
CVE-2026-34597
Analyzed
8.8
Coolify Coolify

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases

2026-06-30
CVE-2026-34594
Analyzed
8.8
Coolify Coolify

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases

2026-06-30
CVE-2026-34592
Analyzed
7.7
Coolify Coolify

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases

2026-06-30
CVE-2026-3459
8.1
WordPress is vulnerable

The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type val...

2026-03-06
CVE-2026-34588
7.8
Unknown Multiple Products

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry

2026-04-08
CVE-2026-34585
8.6
Unknown Multiple Products

SiYuan is a personal knowledge management system

2026-04-01
CVE-2026-34581
Analyzed
8.1
Unknown Multiple Products

goshs is a SimpleHTTPServer written in Go

2026-04-03
CVE-2026-34578
8.2
Arch filter without

OPNsense is a FreeBSD based firewall and routing platform

2026-04-10
CVE-2026-34577
Analyzed
8.6
Unknown Multiple Products

Postiz is an AI social media scheduling tool

2026-04-03
CVE-2026-34572
8.8
Arch Multiple Products

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support

2026-04-02
CVE-2026-34571
Analyzed
9.9
Arch CI4MS (CodeIgniter 4 CMS)

A Stored Cross-Site Scripting (XSS) vulnerability in the CI4MS backend user management allows attackers to inject malicious JavaScript, leading to ful...

2026-04-02
CVE-2026-34569
Analyzed
9.9
Arch CI4MS (CodeIgniter 4 CMS)

CI4MS versions prior to 0.31.0.0 are vulnerable to Stored XSS in the blog category title field, allowing malicious scripts to execute on both public a...

2026-04-02
CVE-2026-34568
Analyzed
9.1
Arch Multiple Products

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to...

2026-04-02
CVE-2026-34567
Analyzed
9.1
Arch Multiple Products

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to...

2026-04-02
CVE-2026-34566
Analyzed
9.1
Arch Multiple Products

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to...

2026-04-02
CVE-2026-34565
Analyzed
9.1
Arch Multiple Products

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to...

2026-04-02
CVE-2026-34564
Analyzed
9.1
Arch Multiple Products

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to...

2026-04-02
CVE-2026-34563
Analyzed
9.1
Arch Multiple Products

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to...

2026-04-02
CVE-2026-34560
Analyzed
9.1
Arch Multiple Products

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to...

2026-04-02
CVE-2026-3456
Analyzed
7.5
WordPress is vulnerable

The GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation plugin for WordPress is vulnerable to SQL Injection via the 'attributek...

2026-05-05
CVE-2026-34559
Analyzed
9.1
Arch Multiple Products

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to...

2026-04-02
CVE-2026-34558
Analyzed
9.1
Arch CI4MS (CMS skeleton)

CI4MS is vulnerable to Stored DOM-Based Cross-Site Scripting in its Methods Management functionality, allowing for script execution in administrative...

2026-03-31
CVE-2026-34557
Analyzed
9.1
Arch CI4MS (CMS skeleton)

CI4MS is vulnerable to stored Cross-Site Scripting (XSS) in its group and role management functionality, allowing attackers to execute malicious scrip...

2026-03-31
CVE-2026-3453
8.1
WordPress is vulnerable

The ProfilePress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4

2026-03-11
CVE-2026-34529
7.6
File Multiple Products

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory

2026-04-02
CVE-2026-34528
8.1
File Multiple Products

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory

2026-04-02
CVE-2026-34524
Analyzed
8.3
Unknown Multiple Products

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines,...

2026-04-03
CVE-2026-34522
Analyzed
8.1
Unknown Multiple Products

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines,...

2026-04-03
CVE-2026-3452
7.2
HP object injection

Concrete CMS below version 9

2026-03-05
CVE-2026-34512
8.1
OpenClaw Multiple Products

OpenClaw before 2026

2026-04-10
CVE-2026-34504
8.3
OpenClaw Multiple Products

OpenClaw before 2026

2026-04-01
CVE-2026-34503
8.1
OpenClaw Multiple Products

OpenClaw before 2026

2026-04-01
CVE-2026-34488
7.3
Arch path

IP Setting Software contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries

2026-04-24
CVE-2026-34487
Analyzed
7.5
Kubernetes Tomcat exposed

Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clustering component of Apache Tomcat exposed the Kubernete...

2026-04-11
CVE-2026-34486
7.5
Apache Tomcat due

Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor

2026-04-11
CVE-2026-34483
7.5
Apache Tomcat

Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat

2026-04-11
CVE-2026-34476
7.1
Apache SkyWalking MCP

Server-Side Request Forgery via SW-URL Header vulnerability in Apache SkyWalking MCP

2026-04-14
CVE-2026-34472
7.1
ZTE ZXHN H188A

Unauthenticated credential disclosure in the wizard interface in ZTE ZXHN H188A V6

2026-03-31
CVE-2026-34457
Analyzed
9.1
Nginx auth

OAuth2 Proxy contains an authentication bypass vulnerability when integrated with Nginx auth_request, allowing unauthenticated access to protected res...

2026-04-15
CVE-2026-34456
Analyzed
9.1
Google Reviactyl Game Server Management Panel

A flaw in Reviactyl's OAuth flow allows unauthenticated account takeover by linking social accounts via matching email addresses without password veri...

2026-04-02
CVE-2026-34453
7.5
Unknown Multiple Products

SiYuan is a personal knowledge management system

2026-04-01
CVE-2026-3445
Analyzed
7.1
WordPress is vulnerable

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vuln...

2026-04-05