17426 Total CVEs
8726 AI Analyzed
264 CISA KEV
3526 Critical
All Vendors
Showing 4501-4550 of 17426 CVEs Page 91 of 349
CVE-2026-33471
Analyzed
9.6
Nimiq nimiq-block

A logic error in the Nimiq block proof verification process allows attackers to bypass quorum requirements using manipulated BLS signatures.

2026-04-23
CVE-2026-33468
8.1
MySQL dialect

Kysely is a type-safe TypeScript SQL query builder

2026-03-28
CVE-2026-33466
8.1
Arch Multiple Products

Improper Limitation of a Pathname to a Restricted Directory (CWE-22) in Logstash can lead to arbitrary file write and potentially remote code executio...

2026-04-09
CVE-2026-33461
7.7
Infor Multiple Products

Incorrect Authorization (CWE-863) in Kibana can lead to information disclosure via Privilege Abuse (CAPEC-122)

2026-04-09
CVE-2026-33454
Analyzed
9.4
Microsoft Camel

The Camel-Mail component is vulnerable to Camel message header injection. The custom header filter strategy used by the component (MailHeaderFilterStr...

2026-04-28
CVE-2026-33453
Analyzed
10
Microsoft Camel Camel

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Apache Camel Camel-Coap component. Apache Camel's cam...

2026-04-28
CVE-2026-33442
8.1
MySQL with the

Kysely is a type-safe TypeScript SQL query builder

2026-03-28
CVE-2026-33435
8
Unknown Multiple Products

Weblate is a web based localization tool

2026-04-16
CVE-2026-3342
7.2
WatchGuard Fireware Fireware OS

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow an authenticated privileged administrator to execute arbitrary code with root...

2026-03-05
CVE-2026-33418
7.5
Unknown Multiple Products

DiceBear is an avatar library for designers and developers

2026-03-26
CVE-2026-33416
7.5
Unknown Multiple Products

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files

2026-03-28
CVE-2026-33413
8.8
Kubernetes does not

etcd is a distributed key-value store for the data of a distributed system

2026-03-27
CVE-2026-33399
7.7
HP executes

Wallos is an open-source, self-hostable personal subscription tracker

2026-03-25
CVE-2026-33396
Analyzed
9.9
Linux OneUptime

OneUptime versions prior to 10.0.35 allow low-privileged users to achieve remote code execution on the Probe container by escaping the Playwright sand...

2026-03-27
CVE-2026-33392
7.2
YouTrack Multiple Products

In JetBrains YouTrack before 2025

2026-04-18
CVE-2026-3338
7.5
AWS services do

Improper signature validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass signature verification when processing PKCS7 object...

2026-03-03
CVE-2026-33362
8.6
Unknown Multiple Products

In Meari IoT SDK builds embedded in CloudEdge 5

2026-05-12
CVE-2026-33361
Analyzed
7.5
IBM IoT SDK (libmrplayer)

In Meari IoT SDK image handling (libmrplayer

2026-05-12
CVE-2026-3336
7.5
AWS services do

Improper certificate validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PK...

2026-03-03
CVE-2026-33359
7.5
Unknown Multiple Products

In Meari IoT Cloud alert image storage on Alibaba OSS (latest observed; storage service version not disclosed), motion snapshots are retrievable witho...

2026-05-12
CVE-2026-33357
7.5
Meari Multiple Products

In Meari client applications embedding "com

2026-05-12
CVE-2026-33356
7.7
Unknown Multiple Products

In Meari IoT Cloud MQTT Broker deployments running EMQX 4

2026-05-12
CVE-2026-33354
7.6
HP Multiple Products

WWBN AVideo is an open source video platform

2026-03-24
CVE-2026-33352
Analyzed
9.8
HP AVideo

WWBN AVideo is vulnerable to an unauthenticated SQL injection in the getAllCategories() method due to insufficient sanitization of the doNotShowCats p...

2026-03-24
CVE-2026-33351
Analyzed
9.1
HP AVideo (Live plugin)

WWBN AVideo is vulnerable to unauthenticated Server-Side Request Forgery (SSRF) via the `webSiteRootURL` parameter. Attackers can use the server to fe...

2026-03-24
CVE-2026-33350
7.5
Arch and Imaging

LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging r...

2026-04-10
CVE-2026-33348
8.7
Unknown Multiple Products

OpenEMR is a free and open source electronic health records and medical practice management application

2026-03-26
CVE-2026-33346
8.7
HP Multiple Products

OpenEMR is a free and open source electronic health records and medical practice management application

2026-03-20
CVE-2026-33344
8.1
Unknown Multiple Products

Dagu is a workflow engine with a built-in Web user interface

2026-03-25
CVE-2026-33340
Analyzed
9.1
AWS lollms-webui

A critical Server-Side Request Forgery (SSRF) in lollms-webui allows unauthenticated attackers to force arbitrary GET requests, potentially exfiltrati...

2026-03-25
CVE-2026-3334
8.8
WordPress is vulnerable

The CMS Commander plugin for WordPress is vulnerable to SQL Injection via the 'or_blogname', 'or_blogdescription', and 'or_admin_email' parameters in...

2026-03-21
CVE-2026-33337
7.5
Unknown Multiple Products

Firebird is an open-source relational database management system

2026-04-18
CVE-2026-33331
8.2
Unknown Multiple Products

oRPC is an tool that helps build APIs that are end-to-end type-safe and adhere to OpenAPI standards

2026-03-25
CVE-2026-33329
8.1
Unknown Multiple Products

FileRise is a self-hosted web file manager / WebDAV server

2026-03-25
CVE-2026-33321
7.6
Unknown Multiple Products

OpenEMR is a free and open source electronic health records and medical practice management application

2026-03-21
CVE-2026-33318
8.8
Unknown Multiple Products

Actual is a local-first personal finance tool

2026-04-24
CVE-2026-33317
8.7
Linux kernel running

OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone...

2026-04-24
CVE-2026-33316
8.1
Unknown Multiple Products

Vikunja is an open-source self-hosted task management platform

2026-03-25
CVE-2026-33310
8.8
Unknown Multiple Products

Intake is a package for finding, investigating, loading and disseminating data

2026-03-25
CVE-2026-33309
Analyzed
9.9
Arch Multiple Products

Langflow is a tool for building and deploying AI-powered agents and workflows. Versions 1.2.0 through 1.8.1 have a bypass of the patch for CVE-2025-68...

2026-03-25
CVE-2026-33307
7.5
Apache HTTPD based

Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS

2026-03-24
CVE-2026-33302
8.1
Unknown Multiple Products

OpenEMR is a free and open source electronic health records and medical practice management application

2026-03-21
CVE-2026-33301
8.1
Unknown Multiple Products

OpenEMR is a free and open source electronic health records and medical practice management application

2026-03-21
CVE-2026-33298
7.8
Unknown Multiple Products

llama

2026-03-24
CVE-2026-33297
Analyzed
9.1
HP AVideo (CustomizeUser plugin)

A logic error in AVideo's CustomizeUser plugin causes non-numeric passwords to be stored as "0". This allows any visitor to bypass channel access cont...

2026-03-24
CVE-2026-33293
Analyzed
8.1
HP AVideo

WWBN AVideo is an open source video platform

2026-03-23
CVE-2026-33292
Analyzed
7.5
Oracle condition where

WWBN AVideo is an open source video platform

2026-03-23
CVE-2026-33289
8.8
Arch filter

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application

2026-03-20
CVE-2026-33288
8.8
Unknown Multiple Products

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application

2026-03-20
CVE-2026-33286
Analyzed
9.1
Graphiti Graphiti Framework

Graphiti framework versions prior to 1.10.2 are vulnerable to arbitrary method execution, allowing attackers to invoke destructive operations on under...

2026-03-24