147 Total CVEs
48 AI Analyzed
0 CISA KEV
33 Critical
All Vendors
Showing 1-147 of 147 CVEs
CVE-2026-7384
7.3
Arch Multiple Products

A vulnerability was detected in ezequiroga mcp-bases 357ca19c7a49a9b9cb2ef639b366f03aba8bea39/c630b8ab0f970614d42da8e566e9c0d15a16414c

2026-05-01
CVE-2026-7211
7.3
Arch API

A weakness has been identified in dvladimirov MCP up to 0

2026-04-28
CVE-2026-7205
7.3
Arch Multiple Products

A vulnerability was identified in duartium papers-mcp-server 9ceb3812a6458ba7922ca24a7406f8807bc55598

2026-04-28
CVE-2026-6562
7.3
Arch Multiple Products

A flaw has been found in dameng100 muucmf 1

2026-04-20
CVE-2026-6508
Analyzed
9.8
Arch Institute Liderahenk

Origin Validation Error vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Accessing Functionality Not Properl...

2026-05-08
CVE-2026-6421
7
Arch path

A vulnerability has been found in Mobatek MobaXterm Home Edition up to 26

2026-04-18
CVE-2026-5941
7.8
Arch Multiple Products

Parsing logic flaws cause non-signature data to be misidentified as valid signatures when processing malformed form field hierarchies, leading to inva...

2026-04-28
CVE-2026-5789
7.8
Arch path in

Vulnerability related to an unquoted search path in CivetWeb v1

2026-04-23
CVE-2026-5633
7.3
Arch Multiple Products

A vulnerability was determined in assafelovic gpt-researcher up to 3

2026-04-06
CVE-2026-5632
7.3
Arch Multiple Products

A vulnerability was found in assafelovic gpt-researcher up to 3

2026-04-06
CVE-2026-5631
7.3
Arch Multiple Products

A vulnerability has been found in assafelovic gpt-researcher up to 3

2026-04-06
CVE-2026-5166
Analyzed
9.6
Arch Institute Pardus

A path traversal vulnerability in the Pardus Software Center allows attackers to access or manipulate files outside the intended directory.

2026-04-30
CVE-2026-5128
Analyzed
10
Arch steam-trader

ArthurFiorette steam-trader 2.1.1 is vulnerable to unauthenticated sensitive information exposure, leaking Steam account credentials and 2FA secrets v...

2026-03-31
CVE-2026-5055
7.8
Arch Path Element

NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

2026-04-11
CVE-2026-4962
7
Arch path

A security flaw has been discovered in UltraVNC up to 1

2026-03-29
CVE-2026-47358
Analyzed
7.5
Arch Multiple Products

Terrascan v1

2026-05-20
CVE-2026-47357
Analyzed
7.5
Arch Multiple Products

Terrascan v1

2026-05-20
CVE-2026-47356
Analyzed
7.5
Arch Multiple Products

Terrascan v1

2026-05-20
CVE-2026-4546
7
Arch path

A weakness has been identified in Flos Freeware Notepad2 4

2026-03-23
CVE-2026-4545
7
Arch path

A security flaw has been discovered in Flos Freeware Notepad2 4

2026-03-23
CVE-2026-45288
Analyzed
9.8
Arch APIs interpolated

Marten is a .NET Transactional Document DB and Event Store on PostgreSQL. Prior to 8.36.1, Marten's full-text search APIs interpolated the user-suppli...

2026-05-29
CVE-2026-4498
7.7
Arch RBAC scope

Execution with Unnecessary Privileges (CWE-250) in Kibana’s Fleet plugin debug route handlers can lead reading index data beyond their direct Elastics...

2026-04-09
CVE-2026-44962
Analyzed
9.9
Arch functionality

Plesk contains an XPath injection vulnerability in the APS Application Catalog search functionality, where user-supplied input is interpolated into XP...

2026-05-30
CVE-2026-44313
Analyzed
9.1
Arch Multiple Products

Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. Prior to version 2.13.0, a Server-S...

2026-05-09
CVE-2026-44304
8.1
Arch filters using

Lemur manages TLS certificate creation

2026-05-13
CVE-2026-4424
7.5
Arch Multiple Products

A flaw was found in libarchive

2026-03-20
CVE-2026-42574
Analyzed
7.5
Arch Multiple Products

apko allows users to build and publish OCI container images built from apk packages

2026-05-10
CVE-2026-42266
Analyzed
8.8
Arch Multiple Products

jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture

2026-05-14
CVE-2026-42229
8.8
Arch and row

n8n is an open source workflow automation platform

2026-05-06
CVE-2026-42072
Analyzed
9.8
Arch Nornicdb

Nornicdb fails to bind the Bolt server to the configured host, defaulting to all interfaces and exposing the database with default credentials to the...

2026-05-09
CVE-2026-41651
8.8
Arch Multiple Products

PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture API

2026-04-23
CVE-2026-4158
7.3
Arch Path Element

KeePassXC OpenSSL Configuration Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

2026-04-12
CVE-2026-41428
Analyzed
9.1
Arch Budibase

Budibase contains an authentication bypass vulnerability where unanchored regular expressions allow attackers to access protected endpoints via crafte...

2026-04-25
CVE-2026-41419
7.6
Arch Multiple Products

4ga Boards is a boards system for realtime project management

2026-04-25
CVE-2026-41241
8.7
Arch in the

pretalx is a conference planning tool

2026-04-24
CVE-2026-41201
Analyzed
9.1
Arch CI4MS

CI4MS contains a stored DOM-based XSS vulnerability in the backup module that can be leveraged for full account takeover.

2026-05-07
CVE-2026-41193
Analyzed
9.1
Arch Multiple Products

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, FreeScout's module installation feature extracts ZIP archives...

2026-04-22
CVE-2026-4111
7.5
Arch Multiple Products

A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path

2026-03-14
CVE-2026-40905
8.1
Arch Multiple Products

LinkAce is a self-hosted archive to collect website links

2026-04-22
CVE-2026-40516
8.3
Arch tools that

OpenHarness before commit bd4df81 contains a server-side request forgery vulnerability in the web_fetch and web_search tools that allows attackers to...

2026-04-18
CVE-2026-40258
Analyzed
9.1
Arch software Gramps

The Gramps Web API is a Python REST API for the genealogical research software Gramps. Versions 1.6.0 through 3.11.0 have a path traversal vulnerabili...

2026-04-18
CVE-2026-39394
8.1
Arch Multiple Products

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support

2026-04-09
CVE-2026-39393
8.1
Arch Multiple Products

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support

2026-04-09
CVE-2026-39310
Analyzed
8.6
Arch Multiple Products

Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases

2026-05-21
CVE-2026-3787
7
Arch path

A weakness has been identified in UltraVNC 1

2026-03-09
CVE-2026-3780
7.3
Arch paths that

The application's installer runs with elevated privileges but resolves system executables and DLLs using untrusted search paths that can include user-...

2026-04-01
CVE-2026-3775
7.8
Arch path that

The application's update service, when checking for updates, loads certain system libraries from a search path that includes directories writable by l...

2026-04-01
CVE-2026-35595
8.3
Arch Multiple Products

Vikunja is an open-source self-hosted task management platform

2026-04-11
CVE-2026-35546
Analyzed
9.8
Arch Multiple Products

Anviz CX2 Lite and CX7 are vulnerable to unauthenticated firmware uploads. This causes crafted archives to be accepted, enabling attackers to plant a...

2026-04-18
CVE-2026-35446
7.7
Arch and Imaging

LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging r...

2026-04-09
CVE-2026-35169
8.7
Arch and Imaging

LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging r...

2026-04-09
CVE-2026-35044
8.8
Arch Multiple Products

BentoML is a Python library for building online serving systems optimized for AI apps and model inference

2026-04-07
CVE-2026-34841
Analyzed
9.8
Arch Bruno IDE

A supply chain attack on the Bruno IDE introduced a malicious dependency, resulting in the deployment of a cross-platform Remote Access Trojan (RAT).

2026-04-07
CVE-2026-34607
7.2
Arch Multiple Products

Emlog is an open source website building system

2026-04-05
CVE-2026-34578
8.2
Arch filter without

OPNsense is a FreeBSD based firewall and routing platform

2026-04-10
CVE-2026-34572
8.8
Arch Multiple Products

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support

2026-04-02
CVE-2026-34571
Analyzed
9.9
Arch CI4MS (CodeIgniter 4 CMS)

A Stored Cross-Site Scripting (XSS) vulnerability in the CI4MS backend user management allows attackers to inject malicious JavaScript, leading to ful...

2026-04-02
CVE-2026-34569
Analyzed
9.9
Arch CI4MS (CodeIgniter 4 CMS)

CI4MS versions prior to 0.31.0.0 are vulnerable to Stored XSS in the blog category title field, allowing malicious scripts to execute on both public a...

2026-04-02
CVE-2026-34568
Analyzed
9.1
Arch Multiple Products

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to...

2026-04-02
CVE-2026-34567
Analyzed
9.1
Arch Multiple Products

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to...

2026-04-02
CVE-2026-34566
Analyzed
9.1
Arch Multiple Products

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to...

2026-04-02
CVE-2026-34565
Analyzed
9.1
Arch Multiple Products

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to...

2026-04-02
CVE-2026-34564
Analyzed
9.1
Arch Multiple Products

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to...

2026-04-02
CVE-2026-34563
Analyzed
9.1
Arch Multiple Products

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to...

2026-04-02
CVE-2026-34560
Analyzed
9.1
Arch Multiple Products

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to...

2026-04-02
CVE-2026-34559
Analyzed
9.1
Arch Multiple Products

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to...

2026-04-02
CVE-2026-34558
Analyzed
9.1
Arch CI4MS (CMS skeleton)

CI4MS is vulnerable to Stored DOM-Based Cross-Site Scripting in its Methods Management functionality, allowing for script execution in administrative...

2026-03-31
CVE-2026-34557
Analyzed
9.1
Arch CI4MS (CMS skeleton)

CI4MS is vulnerable to stored Cross-Site Scripting (XSS) in its group and role management functionality, allowing attackers to execute malicious scrip...

2026-03-31
CVE-2026-34488
7.3
Arch path

IP Setting Software contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries

2026-04-24
CVE-2026-34392
7.5
Arch and Imaging

LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging r...

2026-04-10
CVE-2026-34178
Analyzed
9.1
Arch LXD

A backup import validation flaw in Canonical LXD allows authenticated remote attackers to bypass project restrictions and achieve full host compromise...

2026-04-09
CVE-2026-33953
8.5
Arch Multiple Products

LinkAce is a self-hosted archive to collect website links

2026-03-28
CVE-2026-33636
7.6
Arch Multiple Products

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files

2026-03-28
CVE-2026-33466
8.1
Arch Multiple Products

Improper Limitation of a Pathname to a Restricted Directory (CWE-22) in Logstash can lead to arbitrary file write and potentially remote code executio...

2026-04-09
CVE-2026-33350
7.5
Arch and Imaging

LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging r...

2026-04-10
CVE-2026-33309
Analyzed
9.9
Arch Multiple Products

Langflow is a tool for building and deploying AI-powered agents and workflows. Versions 1.2.0 through 1.8.1 have a bypass of the patch for CVE-2025-68...

2026-03-25
CVE-2026-33289
8.8
Arch filter

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application

2026-03-20
CVE-2026-33236
8.1
Arch and development

NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Lang...

2026-03-21
CVE-2026-32767
Analyzed
9.8
Arch endpoint bypasses

SiYuan is a personal knowledge management system. Versions 3.6.0 and below contain an authorization bypass vulnerability in the /api/search/fullTextSe...

2026-03-20
CVE-2026-32749
7.6
Arch Multiple Products

SiYuan is a personal knowledge management system

2026-03-20
CVE-2026-32621
Analyzed
9.9
Arch Federation

A prototype pollution vulnerability in Apollo Federation's query plan execution allows attackers to pollute Object.prototype, potentially leading to r...

2026-03-17
CVE-2026-32247
8.1
Arch Multiple Products

Graphiti is a framework for building and querying temporal context graphs for AI agents

2026-03-13
CVE-2026-32140
8.8
Arch Multiple Products

Dataease is an open source data visualization analysis tool

2026-03-14
CVE-2026-29645
7.5
Arch Multiple Products

NEMU (OpenXiangShan/NEMU) before v2025

2026-04-22
CVE-2026-29187
8.1
Arch functionality

OpenEMR is a free and open source electronic health records and medical practice management application

2026-03-26
CVE-2026-29089
8.8
Arch Multiple Products

TimescaleDB is a time-series database for high-performance real-time analytics packaged as a Postgres extension

2026-03-07
CVE-2026-28677
8.2
Arch and generative

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI

2026-03-06
CVE-2026-28676
8.8
Arch and generative

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI

2026-03-06
CVE-2026-27976
8.8
Arch Multiple Products

Zed, a code editor, has an extension installer allows tar/gzip downloads

2026-02-26
CVE-2026-27891
Analyzed
7.2
Arch Multiple Products

FacturaScripts is an open source accounting and invoicing software

2026-05-19
CVE-2026-27819
7.2
Arch Multiple Products

Vikunja is an open-source self-hosted task management platform

2026-02-26
CVE-2026-27800
7.4
Arch Multiple Products

Zed, a code editor, has a Zip Slip (Path Traversal) vulnerability exists in its extension archive extraction functionality prior to version 0

2026-02-26
CVE-2026-27169
8.9
Arch and generative

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI

2026-02-21
CVE-2026-27114
7.5
Arch Multiple Products

NanaZip is an open source file archive Starting in version 5

2026-02-21
CVE-2026-26985
8.1
Arch and Imaging

LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging r...

2026-02-26
CVE-2026-26984
8.7
Arch and Imaging

LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging r...

2026-02-26
CVE-2026-2684
7.3
Arch Multiple Products

A vulnerability was determined in Tsinghua Unigroup Electronic Archives System up to 3

2026-02-19
CVE-2026-26263
8.1
Arch engine

GLPI is a free asset and IT management software package

2026-04-07
CVE-2026-26050
7.8
Arch path

The installer for ジョブログ集計/分析ソフトウェア RICOHジョブログ集計ツール versions prior to Ver

2026-02-20
CVE-2026-25926
7.3
Arch Path vulnerability

Notepad++ is a free and open-source source code editor

2026-02-19
CVE-2026-25769
Analyzed
9.1
Arch Wazuh Manager

Wazuh deployments in cluster mode are vulnerable to Remote Code Execution via deserialization of untrusted data if a worker node is compromised.

2026-03-18
CVE-2026-25726
Analyzed
8.1
Arch window for

Cloudreve is a self-hosted file management and sharing system

2026-04-04
CVE-2026-25676
7.8
Arch path

The installer of M-Track Duo HD version 1

2026-02-13
CVE-2026-2538
Analyzed
7
Arch path

A security flaw has been discovered in Flos Freeware Notepad2 4

2026-02-16
CVE-2026-24884
Analyzed
8.4
Arch Compressing

Compressing is a compressing and uncompressing lib for node

2026-02-05
CVE-2026-24485
7.5
Arch Multiple Products

ImageMagick is free and open-source software used for editing and manipulating digital images

2026-02-24
CVE-2026-23989
8.2
Arch Multiple Products

REVA is an interoperability platform

2026-02-07
CVE-2026-2360
8
Arch Multiple Products

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a custom operator in the public schema and...

2026-02-12
CVE-2026-22679
Analyzed
9.8
Arch Multiple Products

Weaver (Fanwei) E-cology 10.0 versions prior to 20260312 contain an unauthenticated remote code execution vulnerability in the /papi/esearch/data/devo...

2026-04-08
CVE-2026-22661
Analyzed
8.1
Arch prompts

prompts

2026-04-04
CVE-2026-21728
7.5
Arch config

Tempo queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strat...

2026-04-25
CVE-2026-2040
7.3
Arch Path Element

PDF-XChange Editor TrackerUpdate Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

2026-02-21
CVE-2026-2039
7.3
Arch Multiple Products

GFI Archiver MArc

2026-02-21
CVE-2026-2038
7.3
Arch Multiple Products

GFI Archiver MArc

2026-02-21
CVE-2026-2037
8.8
Arch Multiple Products

GFI Archiver MArc

2026-02-21
CVE-2026-2036
8.8
Arch Multiple Products

GFI Archiver MArc

2026-02-21
CVE-2026-0662
Analyzed
7.8
Arch Path being

A maliciously crafted project directory, when opening a max file in Autodesk 3ds Max, could lead to execution of arbitrary code in the context of the...

2026-02-05
CVE-2026-0545
Analyzed
9.1
Arch MLflow

An authentication bypass in MLflow's FastAPI job endpoints allows unauthenticated attackers to submit and execute jobs, potentially leading to remote...

2026-04-04
CVE-2025-68621
7.4
Arch Multiple Products

Trilium Notes is an open-source, cross-platform hierarchical note taking application with focus on building large personal knowledge bases

2026-02-07
CVE-2025-50328
7.3
Arch Multiple Products

A vulnerability in B1 Free Archiver v1

2026-05-01
CVE-2025-41757
8.8
Arch Multiple Products

A low-privileged remote attacker can abuse the backup restore functionality of UBR (ubr-restore) which runs with elevated privileges and does not vali...

2026-03-10
CVE-2025-36920
8.4
Arch Multiple Products

In hyp_alloc of arch/arm64/kvm/hyp/nvhe/alloc

2026-03-12
CVE-2025-32957
8.7
Arch Multiple Products

baserCMS is a website development framework

2026-03-31
CVE-2025-24818
8
Arch application

Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to improper neutralization of special elements used in an OS command in L...

2026-04-08
CVE-2025-15036
Analyzed
9.6
Arch MLflow

A path traversal vulnerability in MLflow's archive extraction function allows attackers to overwrite arbitrary files and escape sandboxed directories...

2026-03-30
CVE-2025-15031
8.1
Arch Multiple Products

A vulnerability in MLflow's pyfunc extraction process allows for arbitrary file writes due to improper handling of tar archive entries

2026-03-19
CVE-2025-14558
7.2
Arch list options

The rtsol(8) and rtsold(8) programs do not validate the domain search list options provided in router advertisement messages; the option body is passe...

2026-03-10
CVE-2021-47974
Analyzed
7.8
Arch Server and

VX Search 13

2026-05-17
CVE-2021-47954
Analyzed
8.2
Arch Multiple Products

LayerBB 1

2026-05-17
CVE-2020-37197
7.5
Arch Software contains

Dnss Domain Name Search Software contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' i...

2026-02-13
CVE-2020-37196
7.5
Arch Software contains

Dnss Domain Name Search Software contains a denial of service vulnerability that allows attackers to crash the application by providing an oversized r...

2026-02-13
CVE-2019-25684
8.2
Arch Multiple Products

OpenDocMan 1

2026-04-06
CVE-2019-25669
8.2
Arch Multiple Products

qdPM 9

2026-04-06
CVE-2019-25662
8.2
Arch Multiple Products

ResourceSpace 8

2026-04-06
CVE-2019-25639
8.2
Arch Multiple Products

Matrimony Website Script M-Plus contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by...

2026-03-25
CVE-2019-25528
8.2
Arch Multiple Products

Inout EasyRooms Ultimate Edition v1

2026-03-13
CVE-2019-25527
8.2
Arch Multiple Products

Inout EasyRooms Ultimate Edition v1

2026-03-13
CVE-2019-25526
8.2
Arch Multiple Products

Inout EasyRooms Ultimate Edition v1

2026-03-13
CVE-2019-25525
8.2
Arch Multiple Products

Inout EasyRooms Ultimate Edition v1

2026-03-13
CVE-2019-25498
8.2
Arch Multiple Products

Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code t...

2026-03-05
CVE-2019-25481
8.2
Arch endpoint with

iScripts ReserveLogic contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL co...

2026-03-13
CVE-2019-25461
8.2
Arch endpoint with

Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by inject...

2026-02-23
CVE-2018-25328
Analyzed
8.4
Arch Multiple Products

VX Search 10

2026-05-18
CVE-2018-25246
7.5
Arch functionality

Wikipedia 12

2026-04-05
CVE-2018-25245
7.5
Arch functionality

7 Tik 1

2026-04-05
CVE-2018-25241
7.5
Arch functionality

VPN Browser+ 1

2026-04-05
CVE-2018-25205
8.2
Arch functionality

ASP

2026-03-27