17426 Total CVEs
8726 AI Analyzed
264 CISA KEV
3526 Critical
All Vendors
Showing 4451-4500 of 17426 CVEs Page 90 of 349
CVE-2026-33634
KEV
9.5
Aquasecurity Trivy

Aquasecurity Trivy Embedded Malicious Code Vulnerability - Active in CISA KEV catalog.

2026-03-27
CVE-2026-33633
Analyzed
7.5
Unknown Multiple Products

Kitty is a cross-platform GPU based terminal

2026-05-20
CVE-2026-33631
Analyzed
8.7
Apple ClearanceKit for macOS

ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies

2026-03-27
CVE-2026-33626
7.5
LMDeploy Multiple Products

LMDeploy is a toolkit for compressing, deploying, and serving large language models

2026-04-21
CVE-2026-33618
8.8
HP code into

Chamilo LMS is a learning management system

2026-04-11
CVE-2026-33616
7.5
Unknown Multiple Products

An unauthenticated remote attacker can exploit an unauthenticated blind SQL Injection vulnerability in the mb24api endpoint due to improper neutraliza...

2026-04-03
CVE-2026-33615
Analyzed
9.1
Unknown Affected Software (setinfo endpoint)

An unauthenticated SQL injection vulnerability in the setinfo endpoint allows attackers to execute malicious SQL UPDATE commands, resulting in total l...

2026-04-03
CVE-2026-33614
7.5
Unknown Multiple Products

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getinfo endpoint due to improper neutralization o...

2026-04-03
CVE-2026-33608
7.4
Unknown Multiple Products

An attacker can send a notify request that causes a new secondary domain to be added to the bind backend, but causes said backend to update its config...

2026-04-24
CVE-2026-3360
7.5
WordPress is vulnerable

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to an Insecure Direct Object Reference in all versions up to,...

2026-04-11
CVE-2026-33593
7.5
Unknown Multiple Products

A client can trigger a divide by zero error leading to crash by sending a crafted DNSCrypt query

2026-04-24
CVE-2026-3359
Analyzed
7.5
WordPress is vulnerable

The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to SQL Injection via the 'inputs' parame...

2026-05-06
CVE-2026-33588
8.1
Docker container via

Lack of user input validation in the file upload functionality of Open Notebook v1

2026-05-08
CVE-2026-33587
Analyzed
10
Docker container via

A Server-Side Template Injection (SSTI) vulnerability in Open Notebook v1.8.3 allows authenticated users to execute arbitrary Python code and OS comma...

2026-05-08
CVE-2026-33583
8.7
Unknown Multiple Products

Exposure of the QKEY (used as input into the ‘OTA-Quantum’ device registration process) and internal system keys via an unauthenticated and unencryp...

2026-05-14
CVE-2026-33579
8.1
OpenClaw Multiple Products

OpenClaw before 2026

2026-04-01
CVE-2026-33577
8.1
OpenClaw Multiple Products

OpenClaw before 2026

2026-04-01
CVE-2026-33575
7.5
OpenClaw Multiple Products

OpenClaw before 2026

2026-03-30
CVE-2026-33573
8.8
OpenClaw Multiple Products

OpenClaw before 2026

2026-03-30
CVE-2026-33572
8.4
OpenClaw Multiple Products

OpenClaw before 2026

2026-03-30
CVE-2026-3357
8.8
IBM Langflow Desktop

IBM Langflow Desktop 1

2026-04-08
CVE-2026-33557
Analyzed
9.1
Apache Kafka

A possible security vulnerability has been identified in Apache Kafka. By default, the broker property `sasl.oauthbearer.jwt.validator.class` is set...

2026-04-21
CVE-2026-33544
Analyzed
7.7
Google Multiple Products

Tinyauth is an authentication and authorization server

2026-04-03
CVE-2026-33543
Analyzed
9.3
FOSSBilling FOSSBilling

A flawed administrator existence check in the FOSSBilling guest API allows unauthenticated attackers to create new administrator accounts, leading to...

2026-06-25
CVE-2026-33540
7.5
Unknown Multiple Products

Distribution is a toolkit to pack, ship, store, and deliver container content

2026-04-07
CVE-2026-33530
7.7
Infor Multiple Products

InvenTree is an Open Source Inventory Management System

2026-03-28
CVE-2026-33524
Analyzed
7.5
Unknown Multiple Products

Zserio is a framework for serializing structured data with a compact and efficient way with low overhead

2026-04-25
CVE-2026-3352
7.2
HP is vulnerable

The Easy PHP Settings plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1

2026-03-08
CVE-2026-33519
Analyzed
9.8
Microsoft and Kubernetes

An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernetes that did not correctly...

2026-04-22
CVE-2026-33518
Analyzed
9.8
Microsoft that allows

An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and Linux that allows highly privileged users to crea...

2026-04-22
CVE-2026-33513
8.6
HP files under

WWBN AVideo is an open source video platform

2026-03-24
CVE-2026-33512
7.5
HP Multiple Products

WWBN AVideo is an open source video platform

2026-03-24
CVE-2026-33510
8.8
Unknown Multiple Products

Homarr is an open-source dashboard

2026-04-07
CVE-2026-33507
8.8
HP code

WWBN AVideo is an open source video platform

2026-03-24
CVE-2026-33506
8.8
Ory Multiple Products

Ory Polis, formerly known as BoxyHQ Jackson, bridges or proxies a SAML login flow to OAuth 2

2026-03-27
CVE-2026-33502
Analyzed
9.3
HP AVideo

An unauthenticated Server-Side Request Forgery (SSRF) vulnerability in WWBN AVideo's Live plugin allows attackers to probe internal networks and cloud...

2026-03-24
CVE-2026-33496
8.1
Unknown Multiple Products

ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules

2026-03-28
CVE-2026-33494
Analyzed
10
ORY Oathkeeper

ORY Oathkeeper versions prior to 26.2.0 are vulnerable to an authorization bypass via HTTP path traversal where raw paths are matched against permissi...

2026-03-27
CVE-2026-33492
7.3
HP session

WWBN AVideo is an open source video platform

2026-03-24
CVE-2026-33491
7.8
Zen Multiple Products

Zen C is a systems programming language that compiles to human-readable GNU C/C11

2026-03-28
CVE-2026-33488
7.4
HP Multiple Products

WWBN AVideo is an open source video platform

2026-03-24
CVE-2026-33485
7.5
F5 Multiple Products

WWBN AVideo is an open source video platform

2026-03-24
CVE-2026-33484
7.5
Unknown Multiple Products

Langflow is a tool for building and deploying AI-powered agents and workflows

2026-03-26
CVE-2026-33483
7.5
HP script with

WWBN AVideo is an open source video platform

2026-03-24
CVE-2026-33482
8.1
HP Multiple Products

WWBN AVideo is an open source video platform

2026-03-24
CVE-2026-33480
8.6
HP Multiple Products

WWBN AVideo is an open source video platform

2026-03-24
CVE-2026-33479
8.8
HP Multiple Products

WWBN AVideo is an open source video platform

2026-03-24
CVE-2026-33478
Analyzed
10
HP AVideo

WWBN AVideo contains a vulnerability chain allowing unauthenticated remote code execution via exposed clone secrets, database dumps, and OS command in...

2026-03-24
CVE-2026-33476
Analyzed
7.5
SiYuan SiYuan Knowledge Management System

SiYuan is a personal knowledge management system

2026-03-22
CVE-2026-33475
Analyzed
9.1
GitHub Actions workflows

Unauthenticated remote shell injection in Langflow's GitHub Actions workflows allows attackers to execute arbitrary commands and exfiltrate CI secrets...

2026-03-25