17426 Total CVEs
8726 AI Analyzed
264 CISA KEV
3526 Critical
All Vendors
Showing 4601-4650 of 17426 CVEs Page 93 of 349
CVE-2026-33107
Analyzed
10
Microsoft Databricks allows

A Server-Side Request Forgery (SSRF) vulnerability in Azure Databricks allows unauthenticated attackers to elevate privileges and access internal netw...

2026-04-03
CVE-2026-33105
Analyzed
10
Microsoft Azure Kubernetes

A critical improper authorization vulnerability in Microsoft Azure Kubernetes Service allows unauthenticated attackers to elevate privileges over a ne...

2026-04-03
CVE-2026-33102
Analyzed
9.3
Url Multiple Products

Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.

2026-04-24
CVE-2026-33092
7.8
Acronis True Image

Local privilege escalation due to improper handling of environment variables

2026-04-11
CVE-2026-33080
7.3
Unknown Multiple Products

Filament is a collection of full-stack components for accelerated Laravel development

2026-03-22
CVE-2026-3308
7.8
Unknown Multiple Products

An integer overflow vulnerability in 'pdf-image

2026-04-02
CVE-2026-33072
8.2
Unknown Multiple Products

FileRise is a self-hosted web file manager / WebDAV server

2026-03-21
CVE-2026-33057
Analyzed
9.8
Mesop Mesop

Mesop versions 1.2.2 and below contain an unauthenticated remote code execution (RCE) vulnerability in a debugging endpoint within the AI testing modu...

2026-03-20
CVE-2026-33054
Analyzed
10
Mesop Mesop

Mesop versions 1.2.2 and below are vulnerable to path traversal, allowing unauthorized users to manipulate or delete arbitrary files on the host disk.

2026-03-20
CVE-2026-33053
8.8
Unknown Multiple Products

Langflow is a tool for building and deploying AI-powered agents and workflows

2026-03-21
CVE-2026-33046
8.8
Unknown Multiple Products

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask

2026-03-25
CVE-2026-33043
8.1
HP exposes the

WWBN AVideo is an open source video platform

2026-03-20
CVE-2026-33039
8.6
HP endpoint validates

WWBN AVideo is an open source video platform

2026-03-20
CVE-2026-33038
8.1
HP endpoint

WWBN AVideo is an open source video platform

2026-03-20
CVE-2026-33037
8.1
Docker deployment files

WWBN AVideo is an open source video platform

2026-03-20
CVE-2026-33036
7.5
Unknown Multiple Products

fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks

2026-03-20
CVE-2026-33034
7.5
Unknown Multiple Products

An issue was discovered in 6

2026-04-09
CVE-2026-33032
Analyzed
9.8
Nginx UI is

Nginx UI versions 2.3.5 and prior are vulnerable to an authentication bypass on the /mcp_message endpoint, allowing unauthenticated attackers to take...

2026-03-31
CVE-2026-33030
8.8
Nginx UI is

Nginx UI is a web user interface for the Nginx web server

2026-03-31
CVE-2026-33017
KEV
9.5
Langflow Langflow

Langflow Code Injection Vulnerability - Active in CISA KEV catalog.

2026-03-26
CVE-2026-33012
7.5
Micronaut Multiple Products

Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications

2026-03-20
CVE-2026-33010
Analyzed
8.1
Unknown Multiple Products

mcp-memory-service is an open-source memory backend for multi-agent systems

2026-03-21
CVE-2026-3301
Analyzed
9.8
TOTOLINK N300RH

A remote OS command injection vulnerability exists in the Totolink N300RH Web Management Interface due to improper handling of the webWlanIdx paramete...

2026-02-27
CVE-2026-33009
8.2
Unknown Multiple Products

EVerest is an EV charging software stack

2026-03-27
CVE-2026-33002
7.5
Jenkins Multiple Products

Jenkins 2

2026-03-20
CVE-2026-33001
8.8
Jenkins Multiple Products

Jenkins 2

2026-03-20
CVE-2026-33000
Analyzed
9.1
Ubiquiti UniFi OS

An improper input validation vulnerability in Ubiquiti UniFi OS allows high-privileged, network-adjacent users to execute arbitrary system commands.

2026-05-22
CVE-2026-3300
Analyzed
9.8
HP is vulnerable

Everest Forms Pro is vulnerable to unauthenticated Remote Code Execution via PHP Code Injection in its Calculation Addon, allowing attackers to execut...

2026-03-31
CVE-2026-32993
8.3
Unknown Multiple Products

Improper sanitization of the `status` query parameter of the `/unprotected/nova_error` endpoint allows unauthenticated attacker to inject arbitrary HT...

2026-05-14
CVE-2026-32992
8.2
Unknown Multiple Products

SSL verification is disabled in the DNS Cluster system

2026-05-14
CVE-2026-32989
8.8
Intranet Multiple Products

Precurio Intranet Portal 4

2026-03-21
CVE-2026-32988
7.5
OpenClaw Multiple Products

OpenClaw before 2026

2026-04-01
CVE-2026-32987
Analyzed
9.8
OpenClaw OpenClaw

OpenClaw's device pairing process is vulnerable to a replay attack where bootstrap setup codes can be reused to escalate pairing scopes to administrat...

2026-03-30
CVE-2026-32985
Analyzed
9.8
HP Multiple Products

Xerte Online Toolkits versions 3.14 and earlier contain an unauthenticated arbitrary file upload vulnerability in the template import functionality. T...

2026-03-20
CVE-2026-32982
7.5
OpenClaw bot tokens

OpenClaw before 2026

2026-04-01
CVE-2026-32981
7.5
Unknown Multiple Products

A path traversal vulnerability was identified in Ray Dashboard (default port 8265) in Ray versions prior to 2

2026-03-18
CVE-2026-32980
7.5
OpenClaw webhook request

OpenClaw before 2026

2026-03-30
CVE-2026-32979
7.3
OpenClaw Multiple Products

OpenClaw before 2026

2026-03-30
CVE-2026-32978
8
OpenClaw Multiple Products

OpenClaw before 2026

2026-03-30
CVE-2026-32975
Analyzed
9.8
OpenClaw OpenClaw

A weak authorization vulnerability in OpenClaw's Zalouser allowlist mode allows attackers to bypass channel authorization by spoofing mutable group di...

2026-03-30
CVE-2026-32974
8.6
OpenClaw Multiple Products

OpenClaw before 2026

2026-03-30
CVE-2026-32973
Analyzed
9.8
Linux OpenClaw

An execution allowlist bypass in OpenClaw due to improper path normalization and glob matching allows attackers to execute unauthorized commands on th...

2026-03-30
CVE-2026-32972
7.1
OpenClaw Multiple Products

OpenClaw before 2026

2026-03-30
CVE-2026-32971
7.1
OpenClaw Multiple Products

OpenClaw before 2026

2026-04-01
CVE-2026-32969
7.5
Unknown Multiple Products

An unauthenticated remote attacker can exploit a Pre-Auth blind SQL Injection vulnerability in the userinfo endpoint’s authentication method due to im...

2026-03-24
CVE-2026-32968
Analyzed
9.8
SAP com_mb24sysapi module

An unauthenticated remote attacker can exploit an OS command injection vulnerability in the SAP com_mb24sysapi module, leading to full system compromi...

2026-03-24
CVE-2026-32965
7.5
AMC Multiple Products

Initialization of a resource with an insecure default vulnerability exists in SD-330AC and AMC Manager provided by silex technology, Inc

2026-04-20
CVE-2026-3296
Analyzed
9.8
HP is vulnerable

The Everest Forms WordPress plugin is vulnerable to PHP Object Injection via unsafe deserialization of user-supplied form metadata.

2026-04-08
CVE-2026-32956
Analyzed
9.8
Unknown SD-330AC and AMC Manager

silex technology SD-330AC and AMC Manager contain a heap-based buffer overflow vulnerability, potentially allowing arbitrary code execution.

2026-04-20
CVE-2026-32955
8.8
AMC Multiple Products

SD-330AC and AMC Manager provided by silex technology, Inc

2026-04-20