17426 Total CVEs
8726 AI Analyzed
264 CISA KEV
3526 Critical
All Vendors
Showing 4251-4300 of 17426 CVEs Page 86 of 349
CVE-2026-3425
8.8
WordPress is vulnerable

The RTMKit Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2

2026-05-14
CVE-2026-34243
Analyzed
9.8
GitHub Actions workflow

The wenxian GitHub Actions workflow is vulnerable to command injection via untrusted user input in issue comments, allowing arbitrary code execution o...

2026-04-01
CVE-2026-34242
7.7
Unknown Multiple Products

Weblate is a web based localization tool

2026-04-17
CVE-2026-34241
Analyzed
8.7
Unknown Multiple Products

CtrlPanel is open-source billing software for hosting providers

2026-05-20
CVE-2026-34240
7.5
Unknown Multiple Products

JOSE is a Javascript Object Signing and Encryption (JOSE) library

2026-04-01
CVE-2026-34236
8.2
HP is

Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs

2026-04-02
CVE-2026-34234
Analyzed
10
HP CtrlPanel

CtrlPanel contains an unauthenticated Remote Code Execution (RCE) vulnerability in its web-based installer, allowing attackers to execute arbitrary co...

2026-05-20
CVE-2026-34232
7.5
Unknown Multiple Products

Firebird is an open-source relational database management system

2026-04-18
CVE-2026-34226
7.5
Happy Multiple Products

Happy DOM is a JavaScript implementation of a web browser without its graphical user interface

2026-03-29
CVE-2026-34222
7.7
Intel Multiple Products

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline

2026-04-02
CVE-2026-3422
Analyzed
9.8
Microsoft U-Office Force

An insecure deserialization vulnerability in U-Office Force allows unauthenticated remote attackers to execute arbitrary code via crafted serialized c...

2026-03-02
CVE-2026-34214
7.7
Unknown Multiple Products

Trino is a distributed SQL query engine for big data analytics

2026-04-01
CVE-2026-34209
7.5
Unknown Multiple Products

mppx is a TypeScript interface for machine payments protocol

2026-04-01
CVE-2026-34208
Analyzed
10
SandboxJS SandboxJS

A sandbox escape in SandboxJS allows attackers to bypass global object protection by utilizing an exposed constructor path, enabling arbitrary propert...

2026-04-07
CVE-2026-34205
Analyzed
9.6
Docker Home Assistant (Supervisor)

Home Assistant Supervisor fails to restrict access to internal Docker endpoints when using host network mode on Linux, exposing unauthenticated manage...

2026-03-28
CVE-2026-34197
KEV
8.8
Apache ActiveMQ Broker

Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ

2026-04-08
CVE-2026-34195
Analyzed
8.8
Imagination Technologies GPU Driver

Software installed and run as a non-privileged user may conduct intentional GPU sparse memory API calls to cause out of bounds write in the kernel

2026-06-16
CVE-2026-34179
Analyzed
9.1
Canon LXD

Canonical LXD versions 4.12 through 6.7 contain a privilege escalation vulnerability where restricted TLS certificate users can elevate to cluster adm...

2026-04-09
CVE-2026-34178
Analyzed
9.1
Arch LXD

A backup import validation flaw in Canonical LXD allows authenticated remote attackers to bypass project restrictions and achieve full host compromise...

2026-04-09
CVE-2026-34177
Analyzed
9.1
Canon LXD

An incomplete denylist in Canonical LXD allows a restricted project user to inject AppArmor and QEMU configurations, facilitating privilege escalation...

2026-04-09
CVE-2026-34176
8.7
Unknown Multiple Products

When running in Appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint

2026-05-14
CVE-2026-34171
Analyzed
8
CoolLabs Coolify

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases

2026-07-07
CVE-2026-34168
Analyzed
8.8
CoolLabs Coolify

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases

2026-07-07
CVE-2026-34163
Analyzed
7.7
Intel and Redis

FastGPT is an AI Agent building platform

2026-04-01
CVE-2026-34162
Analyzed
10
FastGPT FastGPT

FastGPT exposes an unauthenticated HTTP tools testing endpoint that functions as a full HTTP proxy, enabling Server-Side Request Forgery (SSRF) and in...

2026-04-01
CVE-2026-34160
8.6
HP is accessible

Chamilo LMS is an open-source learning management system

2026-04-15
CVE-2026-34159
Analyzed
9.8
Unknown llama.cpp

An unauthenticated attacker can achieve remote code execution and ASLR bypass in llama.cpp by exploiting a lack of bounds validation in the RPC backen...

2026-04-02
CVE-2026-34158
Analyzed
8.8
CoolLabs Coolify

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases

2026-07-07
CVE-2026-34156
Analyzed
9.9
NocoBase NocoBase

NocoBase Workflow Script Node allows authenticated sandbox escape to Remote Code Execution as root via prototype chain traversal of console objects. T...

2026-04-01
CVE-2026-34153
Analyzed
8.8
CoolLabs Coolify

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases

2026-07-07
CVE-2026-34152
Analyzed
8.8
CoolLabs Coolify

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases

2026-07-07
CVE-2026-34148
7.5
Unknown Multiple Products

Fedify is a TypeScript library for building federated server apps powered by ActivityPub

2026-04-07
CVE-2026-3413
Analyzed
7.3
HP University Management System

A flaw has been found in itsourcecode University Management System 1

2026-03-02
CVE-2026-34117
Analyzed
9.8
HP language-system

A critical OS command injection vulnerability exists in the text_to_subtitles.php script of the Guardian language-system, allowing unauthenticated rem...

2026-07-02
CVE-2026-34116
Analyzed
9.8
HP language-system

A critical OS command injection vulnerability exists in the transcribe.php script of the Guardian language-system, allowing unauthenticated remote cod...

2026-07-02
CVE-2026-34115
Analyzed
9.8
HP Language-system

An unauthenticated command injection vulnerability exists in the transcribe_amazon.php file of the Guardian language-system due to improper sanitizati...

2026-07-02
CVE-2026-34114
Analyzed
9.8
HP Language-system

An unauthenticated command injection vulnerability exists in the translate_text.php file of the Guardian language-system due to improper sanitization...

2026-07-02
CVE-2026-34113
Analyzed
9.8
HP Language-system

An unauthenticated command injection vulnerability exists in the speech_text.php file of the Guardian language-system due to improper sanitization of...

2026-07-02
CVE-2026-34112
Analyzed
9.8
HP Language-System

An unauthenticated command injection vulnerability in speechmac.php allows remote attackers to execute arbitrary OS commands via the 'id' parameter.

2026-07-02
CVE-2026-34111
Analyzed
9.8
HP Language-System

An unauthenticated command injection vulnerability in speechmac_text.php allows remote attackers to execute arbitrary OS commands via the 'id' paramet...

2026-07-02
CVE-2026-34110
Analyzed
9.8
HP Language-System

An unauthenticated command injection vulnerability in complex_start.php allows remote attackers to execute arbitrary OS commands via the 'id' paramete...

2026-07-02
CVE-2026-3411
Analyzed
7.3
HP University Management System

A security vulnerability has been detected in itsourcecode University Management System 1

2026-03-02
CVE-2026-34109
Analyzed
9.8
HP Language-system

The Guardian language-system is vulnerable to unauthenticated remote code execution due to improper sanitization of the 'id' parameter in speech.php.

2026-07-02
CVE-2026-34108
Analyzed
9.8
HP Language-system

The Guardian language-system is vulnerable to unauthenticated remote code execution due to improper sanitization of the 'id' parameter in text.php.

2026-07-02
CVE-2026-34107
Analyzed
9.8
HP language-system

An unauthenticated remote command injection vulnerability exists in the language-system translate.php script, allowing attackers to execute arbitrary...

2026-07-02
CVE-2026-34106
Analyzed
9.8
HP language-system

A critical OS command injection vulnerability exists in the subtitles.php script of the Guardian language-system, allowing unauthenticated remote code...

2026-07-02
CVE-2026-34105
Analyzed
9.8
HP language-system

The Guardian language-system contains an error-based SQL injection vulnerability in translate_text.php, allowing authenticated users to extract databa...

2026-07-02
CVE-2026-34104
Analyzed
9.8
HP language-system

The Guardian language-system is vulnerable to error-based SQL injection via the 'name' GET parameter in designer.php, allowing authenticated attackers...

2026-07-02
CVE-2026-34103
Analyzed
9.8
HP language-system

Guardian language-system is vulnerable to error-based SQL injection in subtitles.php, stemming from the unsanitized 'id' GET parameter.

2026-07-02
CVE-2026-34102
Analyzed
9.8
HP language-system

Guardian language-system contains an error-based SQL injection vulnerability in job_info_get.php, where the 'id' parameter is processed without proper...

2026-07-02