17426 Total CVEs
8726 AI Analyzed
264 CISA KEV
3526 Critical
All Vendors
Showing 4201-4250 of 17426 CVEs Page 85 of 349
CVE-2026-34449
Analyzed
9.6
SiYuan SiYuan

SiYuan desktop application is vulnerable to Remote Code Execution via a permissive CORS policy. A malicious website can inject JavaScript into the Ele...

2026-04-01
CVE-2026-34448
Analyzed
9
Intel SiYuan

SiYuan is vulnerable to a stored XSS-to-RCE chain in its Attribute View. Malicious URLs in the mAsse field trigger JavaScript execution with full OS a...

2026-04-01
CVE-2026-34445
8.6
Microsoft Multiple Products

Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability

2026-04-02
CVE-2026-34430
8.8
Unknown Multiple Products

ByteDance Deer-Flow versions prior to commit 92c7a20 contain a sandbox escape vulnerability in bash tool handling that allows attackers to execute arb...

2026-04-02
CVE-2026-34428
7.7
Unknown Multiple Products

Vvveb prior to 1

2026-04-21
CVE-2026-34427
8.8
Unknown Multiple Products

Vvveb prior to 1

2026-04-21
CVE-2026-34426
Analyzed
7.6
OpenClaw Multiple Products

OpenClaw versions prior to commit b57b680 contain an approval bypass vulnerability due to inconsistent environment variable normalization between appr...

2026-04-03
CVE-2026-34424
Analyzed
9.8
WordPress and Joomla

Smart Slider 3 Pro 3.5.1.35 contains a critical remote access toolkit vulnerability that allows unauthenticated attackers to execute arbitrary code an...

2026-04-10
CVE-2026-34415
Analyzed
9.8
HP code

Xerte Online Toolkits 3.15 and earlier allow unauthenticated attackers to upload and execute malicious PHP code via an elFinder connector flaw.

2026-04-23
CVE-2026-34414
7.1
HP where the

Xerte Online Toolkits versions 3

2026-04-24
CVE-2026-34413
8.6
HP where an

Xerte Online Toolkits versions 3

2026-04-23
CVE-2026-34402
8.1
HP endpoint to

ChurchCRM is an open-source church management system

2026-04-07
CVE-2026-34394
8.1
HP Multiple Products

WWBN AVideo is an open source video platform

2026-04-01
CVE-2026-34393
8.8
Unknown Multiple Products

Weblate is a web based localization tool

2026-04-16
CVE-2026-34392
7.5
Arch and Imaging

LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging r...

2026-04-10
CVE-2026-34381
7.5
Apache configuration

Admidio is an open-source user management solution

2026-04-01
CVE-2026-34376
7.5
D-Link password

PdfDing is a selfhosted PDF manager, viewer and editor offering a seamless user experience on multiple devices

2026-04-02
CVE-2026-34375
8.2
HP Multiple Products

WWBN AVideo is an open source video platform

2026-03-28
CVE-2026-34374
Analyzed
9.1
WWBN AVideo

WWBN AVideo contains a critical SQL injection vulnerability in its stream key lookup path, allowing unauthenticated attackers to execute malicious dat...

2026-03-28
CVE-2026-34367
7.6
Unknown Multiple Products

InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates

2026-04-01
CVE-2026-34366
7.6
Unknown Multiple Products

InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates

2026-04-01
CVE-2026-34365
7.6
Unknown Multiple Products

InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates

2026-04-01
CVE-2026-34361
Analyzed
9.3
HL7 HAPI FHIR

HAPI FHIR's Validator service contains an unauthenticated SSRF vulnerability in the "/loadIG" endpoint that allows attackers to steal sensitive authen...

2026-04-01
CVE-2026-34359
Analyzed
7.4
HAPI FHIR Project HAPI FHIR

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java

2026-04-01
CVE-2026-34358
Analyzed
8.1
Unknown Multiple Products

CtrlPanel is open-source billing software for hosting providers

2026-05-20
CVE-2026-34354
7.4
Apple and macOS

Akamai Guardicore Platform Agent (GPA) and Zero Trust Client on Linux and macOS allow TOCTOU-based local privilege escalation

2026-05-10
CVE-2026-34352
Analyzed
8.5
TigerVNC Multiple Products

In TigerVNC before 1

2026-03-27
CVE-2026-34332
8
Microsoft Multiple Products

Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to execute code over a network

2026-05-13
CVE-2026-34329
8.8
Microsoft Multiple Products

Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over an adjacent network

2026-05-13
CVE-2026-34327
8.2
Microsoft Partner Center

Externally controlled reference to a resource in another sphere in Microsoft Partner Center allows an unauthorized attacker to perform spoofing over a...

2026-05-08
CVE-2026-34320
7.5
Oracle Financial Services

Vulnerability in the Oracle Financial Services Customer Screening product of Oracle Financial Services Applications (component: User Interface)

2026-04-22
CVE-2026-34311
Analyzed
9.8
Oracle Hospitality OPERA 5

An unauthenticated, easily exploitable vulnerability in Oracle Hospitality OPERA 5 allows remote attackers to compromise the property services platfor...

2026-05-29
CVE-2026-34310
7.5
Oracle Financial Services

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Pl...

2026-04-22
CVE-2026-3431
Analyzed
9.8
MongoDB tool endpoints

SimStudio's MongoDB tool endpoints allow unauthenticated attackers to connect to arbitrary MongoDB instances and perform unauthorized data operations...

2026-03-03
CVE-2026-34309
8.1
Oracle PeopleSoft

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security)

2026-04-22
CVE-2026-34305
7.5
Oracle WebLogic Server

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services)

2026-04-22
CVE-2026-34297
7.5
Oracle HCM Common

Vulnerability in the Oracle HCM Common Architecture product of Oracle E-Business Suite (component: Knowledge Integration)

2026-04-22
CVE-2026-34291
8.7
Oracle HTTP Server

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Core)

2026-04-22
CVE-2026-34290
7.5
Oracle Identity Manager

Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core)

2026-04-22
CVE-2026-34287
Analyzed
9.1
Oracle Identity Manager

An unauthenticated vulnerability in the Oracle Identity Manager Connector enables remote attackers to compromise sensitive identity data through unaut...

2026-04-22
CVE-2026-34286
Analyzed
9.1
Oracle Identity Manager

An unauthenticated vulnerability in the Oracle Identity Manager Connector permits remote attackers to perform unauthorized operations on critical iden...

2026-04-22
CVE-2026-34285
Analyzed
9.1
Oracle Identity Manager

An unauthenticated vulnerability in the Oracle Identity Manager Connector allows remote attackers to gain unauthorized access to critical identity dat...

2026-04-22
CVE-2026-34282
7.5
Apple Multiple Products

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking)

2026-04-22
CVE-2026-34279
Analyzed
9.1
Oracle Enterprise Manager

A high-privileged vulnerability in the Oracle Enterprise Manager Event Management component allows for a full system takeover and cross-product impact...

2026-04-22
CVE-2026-34275
Analyzed
9.8
Oracle Advanced Inbound

An unauthenticated, easily exploitable vulnerability in the Oracle Advanced Inbound Telephony component allows a remote attacker to achieve a full sys...

2026-04-22
CVE-2026-34263
Analyzed
9.6
SAP Commerce cloud

SAP Commerce Cloud allows unauthenticated users to perform arbitrary code execution due to improper Spring Security configuration.

2026-05-12
CVE-2026-34260
Analyzed
9.6
SAP Enterprise Search

SAP Enterprise Search for ABAP is vulnerable to SQL injection, allowing authenticated attackers to execute malicious database queries.

2026-05-12
CVE-2026-34259
8.2
SAP Forecasting

Due to an OS Command Execution vulnerability in SAP Forecasting & Replenishment, an authenticated attacker with administrative authorizations could ab...

2026-05-12
CVE-2026-34256
7.1
SAP ERP and

Due to a missing authorization check in SAP ERP and SAP S/4HANA (Private Cloud and On-Premise), an authenticated attacker could execute a particular A...

2026-04-14
CVE-2026-34253
8.2
Unknown Multiple Products

A buffer underflow vulnerability has been identified in the ogg123 utility from the vorbis-tools 1

2026-05-16