Latest Vulnerabilities

CVEs and Known Exploited Vulnerabilities tracked daily

Sort:

Showing 212 of 212 vulnerabilities

Severity	CVE ID	Title	CVSS	Date
HIGH	CVE-2026-10062	TRENDnet TEW-432BRP formSetRoute Function Vulnerability	8.8	2026-05-31
HIGH	CVE-2026-10063	TRENDnet TEW-432BRP formWPS Function Vulnerability	8.8	2026-05-31
HIGH	CVE-2018-25388	HaPe PKH Arbitrary File Upload Vulnerability	8.8	2026-05-31
HIGH	CVE-2026-10066	Shibby Tomato tomatoups.cgi Function Vulnerability	8.8	2026-05-31
HIGH	CVE-2026-10067	Shibby Tomato multimon.cgi Stack-Based Buffer Overflow	8.8	2026-05-31
HIGH	CVE-2026-9227	GutenBee – Gutenberg Blocks plugin for WordPress Arbitrary File Upload	8.8	2026-05-30
HIGH	CVE-2026-6226	Frontend Admin by DynamiApps plugin for WordPress Unauthenticated Privilege Escalation	8.8	2026-05-30
HIGH	CVE-2026-10002	Google Chrome PDFium Use-After-Free Vulnerability	8.8	2026-05-30
HIGH	CVE-2026-9887	Google Chrome Proxy Use-After-Free Vulnerability	8.8	2026-05-30
CRITICAL	CVE-2026-0257	Palo Alto Networks PAN-OS Authentication Bypass Vulnerability	N/A	2026-05-30
HIGH	CVE-2026-5065	IBM Controller Hard-Coded Credentials Vulnerability	8.8	2026-05-29
HIGH	CVE-2026-8179	IBM Aspera High-Speed Transfer Privilege Escalation	8.8	2026-05-29
HIGH	CVE-2026-7802	WordPress Frontend Admin Authorization Bypass	8.8	2026-05-29
HIGH	CVE-2026-9009	WordPress Crawlomatic Plugin Remote Code Execution	8.8	2026-05-29
HIGH	CVE-2026-9227	WordPress GutenBee Plugin Arbitrary File Upload	8.8	2026-05-29
HIGH	CVE-2026-46368	luci-app-https-dns-proxy through 2025.12.29-5	8.8	2026-05-28
HIGH	CVE-2026-44832	Snipe-IT Privilege Escalation Vulnerability	8.8	2026-05-28
CRITICAL	CVE-2026-48027	Nx Console - Nx Console Embedded Malicious Code Vulnerability	N/A	2026-05-28
CRITICAL	CVE-2026-45321	TanStack - TanStack Unspecified Vulnerability	N/A	2026-05-28
CRITICAL	CVE-2026-8398	Daemon Tools Lite - Daemon Tools Lite Embedded Malicious Code Vulnerability	N/A	2026-05-28
HIGH	CVE-2026-9442	Edimax BR-6478AC formiNICSiteSurvey Function Vulnerability	8.8	2026-05-27
HIGH	CVE-2026-9443	Edimax BR-6478AC formL2TPSetup Function Vulnerability	8.8	2026-05-27
HIGH	CVE-2026-9459	Edimax EW-7438RPn formConnectionSetting Function Vulnerability	8.8	2026-05-27
HIGH	CVE-2026-9460	Edimax EW-7438RPn formAccept Function Vulnerability	8.8	2026-05-27
CRITICAL	CVE-2026-48172	LiteSpeed cPanel Plugin Privilege Escalation Vulnerability	N/A	2026-05-27
HIGH	CVE-2026-47114	IINA User-Assisted Command Execution Vulnerability	8.8	2026-05-23
HIGH	CVE-2026-47101	LiteLLM API Key Privilege Escalation	8.8	2026-05-23
HIGH	CVE-2026-47102	LiteLLM User Role Modification Vulnerability	8.8	2026-05-23
HIGH	CVE-2026-9018	Easy Elements for Elementor Privilege Escalation	8.8	2026-05-23
CRITICAL	CVE-2026-9082	Drupal Core SQL Injection Vulnerability	N/A	2026-05-23
HIGH	CVE-2026-24425	Twig sandbox bypass vulnerability	8.8	2026-05-22
HIGH	CVE-2026-47114	IINA user-assisted command execution vulnerability	8.8	2026-05-22
HIGH	CVE-2026-47101	LiteLLM API key creation with unauthorized access	8.8	2026-05-22
CRITICAL	CVE-2025-34291	Langflow Langflow - Langflow Origin Validation Error Vulnerability	N/A	2026-05-22
CRITICAL	CVE-2026-34926	Trend Micro Apex One - Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability	N/A	2026-05-22
HIGH	CVE-2026-7498	Cross-site scripting vulnerability in Basamak Information Technology Consulting and Or	8.8	2026-05-20
HIGH	CVE-2026-6456	Privilege Escalation in WordPress Account Switcher plugin	8.8	2026-05-20
HIGH	CVE-2026-7467	Privilege Escalation in WordPress Read More & Accordion plugin	8.8	2026-05-20
HIGH	CVE-2026-7522	Local File Inclusion in WordPress Advanced Database Cleaner – Premium plugin	8.8	2026-05-20
HIGH	CVE-2026-5200	Missing Authorization in WordPress AcyMailing plugin	8.8	2026-05-20
HIGH	CVE-2026-45495	Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability	8.8	2026-05-19
HIGH	CVE-2026-8775	Edimax BR-6428NS formL2TPSetup Function Vulnerability	8.8	2026-05-19
HIGH	CVE-2026-8776	Edimax BR-6428NS formPPTPSetup Function Vulnerability	8.8	2026-05-19
HIGH	CVE-2026-7498	Basamak Information Technology Consulting and Or Cross-Site Scripting Vulnerability	8.8	2026-05-19
HIGH	CVE-2018-25322	Allok Fast AVI MPEG Splitter Stack-Based Buffer Overflow	8.4	2026-05-19
HIGH	CVE-2020-37227	HS Brand Logo Slider 2.1 Unrestricted File Upload	8.8	2026-05-18
HIGH	CVE-2021-47976	TextPattern CMS 4.9.0-dev Remote Code Execution	8.8	2026-05-18
HIGH	CVE-2021-47979	WordPress Plugin Backup and Restore 1.0.3 Arbitrary File Deletion	8.8	2026-05-18
HIGH	CVE-2026-8719	AI Engine WordPress Plugin Privilege Escalation	8.8	2026-05-18
HIGH	CVE-2018-25322	Allok Fast AVI MPEG Splitter 1.2 Stack-Based Buffer Overflow	8.4	2026-05-18
HIGH	CVE-2026-6228	WordPress Frontend Admin Plugin Privilege Escalation	8.8	2026-05-17
HIGH	CVE-2021-47964	Schlix CMS Remote Code Execution	8.8	2026-05-17
HIGH	CVE-2020-37227	HS Brand Logo Slider Unrestricted File Upload	8.8	2026-05-17
HIGH	CVE-2021-47976	TextPattern CMS Remote Code Execution	8.8	2026-05-17
HIGH	CVE-2021-47979	WordPress Backup and Restore Plugin Arbitrary File Deletion	8.8	2026-05-17
CRITICAL	CVE-2026-42897	Microsoft Exchange Server Cross-Site Scripting Vulnerability	N/A	2026-05-16
HIGH	CVE-2026-3425	WordPress RTMKit Addons for Elementor Plugin Local File Inclusion	8.8	2026-05-15
HIGH	CVE-2026-32643	BIG-IP and BIG-IQ Systems Privilege Escalation via Certificate Manager Role	8.7	2026-05-15
HIGH	CVE-2026-32673	BIG-IP Scripted Monitors Privilege Escalation	8.7	2026-05-15
HIGH	CVE-2026-34176	BIG-IP Appliance Mode Remote Command Injection	8.7	2026-05-15
CRITICAL	CVE-2026-20182	Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability	N/A	2026-05-15
HIGH	CVE-2026-6001	Authorization bypass in ABIS Technology Ltd. Co. BAPSİS allows exploitation of trusted identifiers.	8.8	2026-05-14
HIGH	CVE-2026-2465	Incorrect Authorization vulnerability in E-Kalite Software Hardware Engineering Design and Internet Services Industry and Trade Ltd. Co. Turboard FOR-	8.8	2026-05-14
HIGH	CVE-2026-30810	Server-Side Request Forgery in Pandora FMS allows Privilege Escalation via API Checker extension.	8.8	2026-05-14
HIGH	CVE-2026-31222	Insecure deserialization vulnerability in snorkel library Trainer.load() method.	8.8	2026-05-14
HIGH	CVE-2026-31223	Critical insecure deserialization vulnerability in snorkel library BaseLabeler.load() method.	8.8	2026-05-14
CRITICAL	CVE-2026-40636	Dell ECS and ObjectScale Hard-Coded Credentials Vulnerability	9.8	2026-05-13
HIGH	CVE-2026-45006	OpenClaw Improper Access Control in Gateway Tool	8.8	2026-05-13
HIGH	CVE-2026-7256	Zyxel WRE6505 Command Injection Vulnerability	8.8	2026-05-13
HIGH	CVE-2026-6001	ABIS Technology BAPSİS Authorization Bypass	8.8	2026-05-13
HIGH	CVE-2026-34963	barebox EFI PE Loader Memory-Safety Vulnerabilities	8.4	2026-05-13
HIGH	CVE-2021-47935	Sentry 8.2.0 Remote Code Execution	8.8	2026-05-12
HIGH	CVE-2021-47937	e107 CMS 2.3.0 Remote Code Execution	8.8	2026-05-12
HIGH	CVE-2021-47938	ImpressCMS 1.4.2 Remote Code Execution	8.8	2026-05-12
HIGH	CVE-2021-47939	Evolution CMS 3.1.6 Remote Code Execution	8.8	2026-05-12
HIGH	CVE-2021-47943	TextPattern CMS 4.8.7 Remote Code Execution	8.8	2026-05-12
HIGH	CVE-2026-8234	EFM ipTIME A8004T 14.18.2 Vulnerability in formWifiBasicSet	8.8	2026-05-11
HIGH	CVE-2021-47935	Sentry 8.2.0 Remote Code Execution Vulnerability	8.8	2026-05-11
HIGH	CVE-2021-47937	e107 CMS 2.3.0 Remote Code Execution Vulnerability	8.8	2026-05-11
HIGH	CVE-2021-47938	ImpressCMS 1.4.2 Remote Code Execution Vulnerability	8.8	2026-05-11
HIGH	CVE-2021-47939	Evolution CMS 3.1.6 Remote Code Execution Vulnerability	8.8	2026-05-11
HIGH	CVE-2026-5127	WordPress User Frontend Plugin Deserialization Vulnerability	8.8	2026-05-10
HIGH	CVE-2026-39816	Apache NiFi Missing Restricted Annotation in TinkerpopClientService	8.8	2026-05-10
HIGH	CVE-2026-8234	EFM ipTIME A8004T formWifiBasicSet Security Vulnerability	8.8	2026-05-10
HIGH	CVE-2022-50994	DrayTek Vigor 2960 OS Command Injection	8.1	2026-05-10
HIGH	CVE-2026-7807	SmarterTools SmarterMail Local File Inclusion	8.1	2026-05-10
CRITICAL	CVE-2026-42208	BerriAI LiteLLM - SQL Injection Vulnerability	N/A	2026-05-09
HIGH	CVE-2026-20034	Cisco Unity Connection Web-based Management Interface Arbitrary Code Execution	8.8	2026-05-08
HIGH	CVE-2026-41934	Vvveb Authenticated Remote Code Execution in Admin Code Editor	8.8	2026-05-08
HIGH	CVE-2026-7927	Google Chrome Type Confusion in Runtime Arbitrary Code Execution	8.8	2026-05-08
HIGH	CVE-2026-43584	OpenClaw Insufficient Environment Variable Denylist Vulnerability	8.8	2026-05-08
CRITICAL	CVE-2026-6973	Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerability	N/A	2026-05-08
HIGH	CVE-2023-54345	Frappe Framework ERPNext Sandbox Escape Vulnerability	8.8	2026-05-07
HIGH	CVE-2023-54348	ERPGo SaaS CSV Injection Vulnerability	8.8	2026-05-07
HIGH	CVE-2026-42434	OpenClaw Sandbox Escape Vulnerability	8.8	2026-05-07
HIGH	CVE-2026-42435	OpenClaw Insufficient Shell-Wrapper Detection Vulnerability	8.8	2026-05-07
CRITICAL	CVE-2026-0300	Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability	N/A	2026-05-07
HIGH	CVE-2026-2052	Remote Code Execution in Widget Options WordPress Plugin	8.8	2026-05-04
HIGH	CVE-2026-7607	Firmware Update Vulnerability in TRENDnet TEW-821DAP	8.8	2026-05-04
HIGH	CVE-2026-7489	SQL Injection in Sunnet CTMS	8.8	2026-05-04
HIGH	CVE-2026-7674	Remote Code Execution in Shenzhen Libituo Technology LBT-T300-HW1	8.8	2026-05-04
HIGH	CVE-2026-7675	Remote Code Execution in Shenzhen Libituo Technology LBT-T300-HW1	8.8	2026-05-04
CRITICAL	CVE-2026-2052	The Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets plugin for WordPress is vulnerable to Remote Code Executio	8.8	2026-05-03
CRITICAL	CVE-2026-7489	CTMS developed by Sunnet has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify,	8.8	2026-05-03
CRITICAL	CVE-2026-7641	The Import and export users and customers plugin for WordPress is vulnerable to Privilege Escalation in all versions up to and including 2.0.8 via the	8.8	2026-05-03
CRITICAL	CVE-2026-7607	A security vulnerability has been detected in TRENDnet TEW-821DAP 1.12B01. Impacted is the function auto_update_firmware of the component Firmware Udp	8.8	2026-05-03
HIGH	CVE-2026-7598	A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauth_password of the file src/userauth.c.	7.3	2026-05-03
HIGH	CVE-2026-6389	IBM Turbonomic prometurbo agent - Excessive Cluster-Wide Permissions	8.8	2026-05-02
HIGH	CVE-2026-6543	IBM Langflow Desktop - Arbitrary Command Execution	8.8	2026-05-02
HIGH	CVE-2026-7551	HKUDS OpenHarness - Remote Code Execution via /bridge Slash Command	8.8	2026-05-02
HIGH	CVE-2026-40912	Traefik - High Severity Authentication Bypass	8.2	2026-05-02
CRITICAL	CVE-2026-31431	Linux Kernel - Incorrect Resource Transfer Between Spheres Vulnerability	N/A	2026-05-02
HIGH	CVE-2026-34965	Cockpit CMS - Authenticated remote code execution vulnerability	8.8	2026-05-01
HIGH	CVE-2026-7466	AgentFlow - Arbitrary code execution vulnerability	8.8	2026-05-01
HIGH	CVE-2018-25308	BuddyPress Xprofile Custom Fields Type - Remote code execution vulnerability	8.8	2026-05-01
HIGH	CVE-2026-6849	TUBITAK BILGEM Software Technologies Research Institute Pardus - OS command injection vulnerability	8.8	2026-05-01
CRITICAL	CVE-2026-41940	WebPros cPanel & WHM and WP2 (WordPress Squared) - Missing Authentication for Critical Function	N/A	2026-05-01
CRITICAL	CVE-2026-41404	OpenClaw incomplete scope-clearing vulnerability in trusted-proxy authentication mode that allows operator.admin privileges	8.8	2026-04-30
CRITICAL	CVE-2026-42422	OpenClaw before 2026.4.8 contains a role bypass vulnerability in the device.token.rotate function that allows minting tokens for unapproved roles.	8.8	2026-04-30
CRITICAL	CVE-2026-41378	OpenClaw before 2026.3.31 contains a privilege escalation vulnerability allowing paired nodes with role=node to dispatch node.event agent requests.	8.8	2026-04-30
CRITICAL	CVE-2026-7288	A vulnerability has been found in D-Link DIR-825M 1.1.12 affecting the function sub_4151FC of the file /boafrm/formVpnConfigSetup.	8.8	2026-04-30
CRITICAL	CVE-2026-7289	A vulnerability was found in D-Link DIR-825M 1.1.12 affecting the function sub_414BA8 of the file /boafrm/formWanConfigSetup.	8.8	2026-04-30
HIGH	CVE-2026-6741	LatePoint WordPress Plugin Privilege Escalation Vulnerability	8.8	2026-04-29
HIGH	CVE-2026-41463	ProjeQtor ZipSlip Path Traversal Vulnerability	8.8	2026-04-29
HIGH	CVE-2026-7096	Tenda HG3 2.0 formgponConf Function Vulnerability	8.8	2026-04-29
CRITICAL	CVE-2024-1708	ConnectWise ScreenConnect Path Traversal Vulnerability	N/A	2026-04-29
CRITICAL	CVE-2026-32202	Microsoft Windows Protection Mechanism Failure Vulnerability	N/A	2026-04-29
HIGH	CVE-2026-7068	D-Link DIR-825 Router NMBD_process Remote Code Execution	8.8	2026-04-28
HIGH	CVE-2026-7029	Tenda F456 Router addressNat Function Weakness	8.8	2026-04-28
HIGH	CVE-2026-7034	Tenda FH1202 Router WrlExtraSet Function Vulnerability	8.8	2026-04-28
HIGH	CVE-2026-7053	Tenda F456 Router HTTP Daemon L7Prot Flaw	8.8	2026-04-28
HIGH	CVE-2026-7057	Tenda F456 Router HTTP Daemon setcfm Unknown Flaw	8.8	2026-04-28
HIGH	CVE-2026-6988	Tenda HG10 Router Remote Code Execution	8.8	2026-04-27
HIGH	CVE-2026-7019	Tenda F456 Router P2pListFilter Vulnerability	8.8	2026-04-27
HIGH	CVE-2026-7029	Tenda F456 Router Address NAT Bypass	8.8	2026-04-27
HIGH	CVE-2026-7030	Tenda F456 Router Static Route Manipulation	8.8	2026-04-27
HIGH	CVE-2026-7031	Tenda F456 Router SafeMacFilter Bypass	8.8	2026-04-27
HIGH	CVE-2026-6988	A flaw has been found in Tenda HG10 HG7_HG9_HG10re_300001138_en_xpon. This issue affects the function formRoute of the file /boaform/formRouting of th	8.8	2026-04-26
HIGH	CVE-2026-7019	A vulnerability was identified in Tenda F456 1.0.0.5. The impacted element is the function fromP2pListFilter of the file /goform/P2pListFilter. The ma	8.8	2026-04-26
HIGH	CVE-2026-6977	A security vulnerability has been detected in vanna-ai vanna up to 2.0.2. The affected element is an unknown function of the component Legacy Flask AP	7.3	2026-04-26
HIGH	CVE-2026-6980	A vulnerability has been found in Divyanshu-hash GitPilot-MCP up to 9ed9f153ba4158a2ad230ee4871b25130da29ffd. This impacts the function repo_path of t	7.3	2026-04-26
HIGH	CVE-2026-6987	A vulnerability was detected in PicoClaw up to 0.2.4. Impacted is an unknown function of the file /api/gateway/restart of the component Web Launcher M	7.3	2026-04-26
CRITICAL	CVE-2025-29635	D-Link DIR-823X Command Injection Vulnerability	N/A	2026-04-25
CRITICAL	CVE-2024-7399	Samsung MagicINFO 9 Server Path Traversal Vulnerability	N/A	2026-04-25
CRITICAL	CVE-2024-57728	SimpleHelp Path Traversal Vulnerability	N/A	2026-04-25
CRITICAL	CVE-2024-57726	SimpleHelp Missing Authorization Vulnerability	N/A	2026-04-25
MEDIUM	N/A-0000-0000	No Further Top Critical Vulnerabilities Identified	N/A	2026-04-25
CRITICAL	CVE-2026-6859	InstructLab Remote Code Execution via Hardcoded Trust	8.8	2026-04-24
CRITICAL	CVE-2026-41349	OpenClaw Agentic Consent Bypass Vulnerability	8.8	2026-04-24
CRITICAL	CVE-2026-41468	Beghelli Sicuro24 AngularJS Sandbox Escape Vulnerability	8.7	2026-04-24
CRITICAL	CVE-2026-34413	Xerte Online Toolkits Missing Authentication Vulnerability	8.6	2026-04-24
CRITICAL	CVE-2026-39987	Marimo Remote Code Execution Vulnerability	N/A	2026-04-24
HIGH	CVE-2026-6859	InstructLab - Remote Code Execution via Hardcoded Trust	8.8	2026-04-23
HIGH	CVE-2026-41468	Beghelli Sicuro24 SicuroWeb - AngularJS Sandbox Escape leading to RCE	8.7	2026-04-23
HIGH	CVE-2026-34413	Xerte Online Toolkits - Missing Authentication in elFinder Connector	8.6	2026-04-23
HIGH	CVE-2026-41455	WeKan - Server-Side Request Forgery via Webhook Integration	8.5	2026-04-23
CRITICAL	CVE-2026-33825	Microsoft Defender - Insufficient Granularity of Access Control Vulnerability	N/A	2026-04-23
HIGH	CVE-2026-6249	Vvveb CMS Remote Code Execution via Media Upload	8.8	2026-04-22
HIGH	CVE-2026-5967	ThreatSonar Anti-Ransomware Privilege Escalation	8.8	2026-04-22
HIGH	CVE-2026-34427	Vvveb Admin User Profile Privilege Escalation	8.8	2026-04-22
HIGH	CVE-2026-41445	KissFFT Integer Overflow in kiss_fftndr_alloc()	8.8	2026-04-22
HIGH	CVE-2026-34291	Oracle HTTP Server Core Vulnerability	8.7	2026-04-22
CRITICAL	CVE-2026-20122	Cisco Catalyst SD-WAN Manger - Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability	N/A	2026-04-21
CRITICAL	CVE-2026-20133	Cisco Catalyst SD-WAN Manager - Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability	N/A	2026-04-21
CRITICAL	CVE-2025-2749	Kentico Kentico Xperience - Kentico Xperience Path Traversal Vulnerability	N/A	2026-04-21
CRITICAL	CVE-2023-27351	PaperCut NG/MF - PaperCut NG/MF Improper Authentication Vulnerability	N/A	2026-04-21
CRITICAL	CVE-2025-48700	Synacor Zimbra Collaboration Suite (ZCS) - Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability	N/A	2026-04-21
CRITICAL	CVE-2026-6518	CMP – Coming Soon & Maintenance Plugin for WordPress: Arbitrary File Upload and Remote Code Execution	8.8	2026-04-19
CRITICAL	CVE-2026-3464	WP Customer Area plugin for WordPress: Arbitrary File Read and Deletion	8.8	2026-04-19
HIGH	CVE-2026-40516	OpenHarness: Server-Side Request Forgery (SSRF)	8.3	2026-04-19
HIGH	CVE-2026-40527	radare2: Command Injection via Crafted ELF Binaries	7.8	2026-04-19
HIGH	CVE-2026-6507	dnsmasq: Out-of-Bounds Write via Specially Crafted BOOTREPLY	7.5	2026-04-19
CRITICAL	CVE-2026-6518	CMP – Coming Soon & Maintenance Plugin for WordPress: Arbitrary File Upload and RCE	8.8	2026-04-18
CRITICAL	CVE-2026-1620	Livemesh Addons for Elementor plugin for WordPress: Local File Inclusion	8.8	2026-04-18
CRITICAL	CVE-2025-14868	Career Section plugin for WordPress: CSRF leading to Path Traversal and Arbitrary File Deletion	8.8	2026-04-18
CRITICAL	CVE-2026-3464	WP Customer Area plugin for WordPress: Arbitrary File Read and Deletion	8.8	2026-04-18
HIGH	CVE-2026-6507	dnsmasq: Remote Out-of-bounds Write via BOOTREPLY	7.5	2026-04-18
HIGH	CVE-2026-40502	OpenHarness prior to commit dd1d235 contains a command injection vulnerability that allows remote gateway users with chat access to invoke sensitive a	8.8	2026-04-17
HIGH	CVE-2026-6348	WinMatrix agent developed by Simopro Technology has a Missing Authentication vulnerability, allowing authenticated local attackers to execute arbitrar	8.8	2026-04-17
HIGH	CVE-2023-3634	In products of the MSE6 product-family by Festo a remote authenticated, low privileged attacker could use functions of undocumented test mode which co	8.8	2026-04-17
HIGH	CVE-2026-5617	The Login as User plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.3. This is due to the handle_re	8.8	2026-04-17
CRITICAL	CVE-2026-34197	Apache ActiveMQ - Apache ActiveMQ Improper Input Validation Vulnerability	N/A	2026-04-17
HIGH	CVE-2026-25654	Siemens SINEC NMS Authorization Bypass	8.8	2026-04-15
HIGH	CVE-2026-27668	Siemens RUGGEDCOM CROSSBOW SAM-P Privilege Escalation	8.8	2026-04-15
HIGH	CVE-2026-40040	Pachno Unrestricted File Upload Vulnerability	8.8	2026-04-15
CRITICAL	CVE-2009-0238	Microsoft Office Remote Code Execution	N/A	2026-04-15
CRITICAL	CVE-2026-32201	Microsoft SharePoint Server Improper Input Validation	N/A	2026-04-15
CRITICAL	CVE-2025-60710	Microsoft Windows - Microsoft Windows Link Following Vulnerability	N/A	2026-04-14
CRITICAL	CVE-2023-36424	Microsoft Windows - Microsoft Windows Out-of-Bounds Read Vulnerability	N/A	2026-04-14
CRITICAL	CVE-2023-21529	Microsoft Exchange Server - Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability	N/A	2026-04-14
CRITICAL	CVE-2026-21643	Fortinet FortiClient EMS - Fortinet SQL Injection Vulnerability	N/A	2026-04-14
CRITICAL	CVE-2026-34621	Adobe Acrobat and Reader - Adobe Acrobat and Reader Prototype Pollution Vulnerability	N/A	2026-04-14
CRITICAL	CVE-2026-6120	Tenda F451 Router fromDhcpListClient Vulnerability	8.8	2026-04-13
CRITICAL	CVE-2026-6121	Tenda F451 Router WrlclientSet Vulnerability	8.8	2026-04-13
CRITICAL	CVE-2026-6122	Tenda F451 Router L7 Protocol Form Vulnerability	8.8	2026-04-13
CRITICAL	CVE-2026-6123	Tenda F451 Router Address NAT Vulnerability	8.8	2026-04-13
CRITICAL	CVE-2026-6124	Tenda F451 Router Safe MAC Filter Vulnerability	8.8	2026-04-13
CRITICAL	CVE-2026-5144	BuddyPress Groupblog plugin for WordPress Privilege Escalation	8.8	2026-04-12
CRITICAL	CVE-2026-35643	OpenClaw Unvalidated WebView JavascriptInterface Arbitrary Instruction Injection	8.8	2026-04-12
CRITICAL	CVE-2026-6120	Tenda F451 Router Remote Code Execution Vulnerability	8.8	2026-04-12
CRITICAL	CVE-2026-35663	OpenClaw Privilege Escalation for Non-Admin Operators	8.8	2026-04-12
CRITICAL	CVE-2026-34621	Adobe Acrobat Reader Improperly Controlled Modification of Object Prototype Attributes	8.6	2026-04-12
HIGH	CVE-2026-35638	OpenClaw Control UI Unauthenticated Privilege Escalation	8.8	2026-04-11
HIGH	CVE-2026-39911	Hashgraph Guardian Unsandboxed JavaScript Execution	8.8	2026-04-11
HIGH	CVE-2026-33785	Juniper Junos OS MX Series Missing Authorization Privilege Escalation	8.8	2026-04-11
HIGH	CVE-2025-13914	Juniper Apstra SSH Key Exchange Without Entity Authentication	8.7	2026-04-11
HIGH	CVE-2023-54359	WordPress adivaha Travel Plugin Time-Based Blind SQL Injection	8.2	2026-04-11
CRITICAL	CVE-2026-3243	WordPress Advanced Members for ACF Plugin Arbitrary File Deletion	8.8	2026-04-10
CRITICAL	CVE-2026-4326	WordPress Vertex Addons for Elementor Plugin Missing Authorization	8.8	2026-04-10
CRITICAL	CVE-2026-5815	D-Link DIR-645 Router Remote Code Execution Vulnerability	8.8	2026-04-10
CRITICAL	CVE-2026-5830	Tenda AC15 Router Remote Code Execution Vulnerability	8.8	2026-04-10
HIGH	CVE-2026-5436	WordPress MW WP Form Plugin Arbitrary File Move/Read	8.1	2026-04-10

HIGH8.8

CVE-2026-10062

TRENDnet TEW-432BRP formSetRoute Function Vulnerability

2026-05-31

HIGH8.8

CVE-2026-10063

TRENDnet TEW-432BRP formWPS Function Vulnerability

2026-05-31

HIGH8.8

CVE-2018-25388

HaPe PKH Arbitrary File Upload Vulnerability

2026-05-31

HIGH8.8

CVE-2026-10066

Shibby Tomato tomatoups.cgi Function Vulnerability

2026-05-31

HIGH8.8

CVE-2026-10067

Shibby Tomato multimon.cgi Stack-Based Buffer Overflow

2026-05-31

HIGH8.8

CVE-2026-9227

GutenBee – Gutenberg Blocks plugin for WordPress Arbitrary File Upload

2026-05-30

HIGH8.8

CVE-2026-6226

Frontend Admin by DynamiApps plugin for WordPress Unauthenticated Privilege Escalation

2026-05-30

HIGH8.8

CVE-2026-10002

Google Chrome PDFium Use-After-Free Vulnerability

2026-05-30

HIGH8.8

CVE-2026-9887

Google Chrome Proxy Use-After-Free Vulnerability

2026-05-30

CRITICALN/A

CVE-2026-0257

Palo Alto Networks PAN-OS Authentication Bypass Vulnerability

2026-05-30

HIGH8.8

CVE-2026-5065

IBM Controller Hard-Coded Credentials Vulnerability

2026-05-29

HIGH8.8

CVE-2026-8179

IBM Aspera High-Speed Transfer Privilege Escalation

2026-05-29

HIGH8.8

CVE-2026-7802

WordPress Frontend Admin Authorization Bypass

2026-05-29

HIGH8.8

CVE-2026-9009

WordPress Crawlomatic Plugin Remote Code Execution

2026-05-29

HIGH8.8

CVE-2026-9227

WordPress GutenBee Plugin Arbitrary File Upload

2026-05-29

HIGH8.8

CVE-2026-46368

luci-app-https-dns-proxy through 2025.12.29-5

2026-05-28

HIGH8.8

CVE-2026-44832

Snipe-IT Privilege Escalation Vulnerability

2026-05-28

CRITICALN/A

CVE-2026-48027

Nx Console - Nx Console Embedded Malicious Code Vulnerability

2026-05-28

CRITICALN/A

CVE-2026-45321

TanStack - TanStack Unspecified Vulnerability

2026-05-28

CRITICALN/A

CVE-2026-8398

Daemon Tools Lite - Daemon Tools Lite Embedded Malicious Code Vulnerability

2026-05-28

HIGH8.8

CVE-2026-9442

Edimax BR-6478AC formiNICSiteSurvey Function Vulnerability

2026-05-27

HIGH8.8

CVE-2026-9443

Edimax BR-6478AC formL2TPSetup Function Vulnerability

2026-05-27

HIGH8.8

CVE-2026-9459

Edimax EW-7438RPn formConnectionSetting Function Vulnerability

2026-05-27

HIGH8.8

CVE-2026-9460

Edimax EW-7438RPn formAccept Function Vulnerability

2026-05-27

CRITICALN/A

CVE-2026-48172

LiteSpeed cPanel Plugin Privilege Escalation Vulnerability

2026-05-27

HIGH8.8

CVE-2026-47114

IINA User-Assisted Command Execution Vulnerability

2026-05-23

HIGH8.8

CVE-2026-47101

LiteLLM API Key Privilege Escalation

2026-05-23

HIGH8.8

CVE-2026-47102

LiteLLM User Role Modification Vulnerability

2026-05-23

HIGH8.8

CVE-2026-9018

Easy Elements for Elementor Privilege Escalation

2026-05-23

CRITICALN/A

CVE-2026-9082

Drupal Core SQL Injection Vulnerability

2026-05-23

HIGH8.8

CVE-2026-24425

Twig sandbox bypass vulnerability

2026-05-22

HIGH8.8

CVE-2026-47114

IINA user-assisted command execution vulnerability

2026-05-22

HIGH8.8

CVE-2026-47101

LiteLLM API key creation with unauthorized access

2026-05-22

CRITICALN/A

CVE-2025-34291

Langflow Langflow - Langflow Origin Validation Error Vulnerability

2026-05-22

CRITICALN/A

CVE-2026-34926

Trend Micro Apex One - Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability

2026-05-22

HIGH8.8

CVE-2026-7498

Cross-site scripting vulnerability in Basamak Information Technology Consulting and Or

2026-05-20

HIGH8.8

CVE-2026-6456

Privilege Escalation in WordPress Account Switcher plugin

2026-05-20

HIGH8.8

CVE-2026-7467

Privilege Escalation in WordPress Read More & Accordion plugin

2026-05-20

HIGH8.8

CVE-2026-7522

Local File Inclusion in WordPress Advanced Database Cleaner – Premium plugin

2026-05-20

HIGH8.8

CVE-2026-5200

Missing Authorization in WordPress AcyMailing plugin

2026-05-20

HIGH8.8

CVE-2026-45495

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

2026-05-19

HIGH8.8

CVE-2026-8775

Edimax BR-6428NS formL2TPSetup Function Vulnerability

2026-05-19

HIGH8.8

CVE-2026-8776

Edimax BR-6428NS formPPTPSetup Function Vulnerability

2026-05-19

HIGH8.8

CVE-2026-7498

Basamak Information Technology Consulting and Or Cross-Site Scripting Vulnerability

2026-05-19

HIGH8.4

CVE-2018-25322

Allok Fast AVI MPEG Splitter Stack-Based Buffer Overflow

2026-05-19

HIGH8.8

CVE-2020-37227

HS Brand Logo Slider 2.1 Unrestricted File Upload

2026-05-18

HIGH8.8

CVE-2021-47976

TextPattern CMS 4.9.0-dev Remote Code Execution

2026-05-18

HIGH8.8

CVE-2021-47979

WordPress Plugin Backup and Restore 1.0.3 Arbitrary File Deletion

2026-05-18

HIGH8.8

CVE-2026-8719

AI Engine WordPress Plugin Privilege Escalation

2026-05-18

HIGH8.4

CVE-2018-25322

Allok Fast AVI MPEG Splitter 1.2 Stack-Based Buffer Overflow

2026-05-18

HIGH8.8

CVE-2026-6228

WordPress Frontend Admin Plugin Privilege Escalation

2026-05-17

HIGH8.8

CVE-2021-47964

Schlix CMS Remote Code Execution

2026-05-17

HIGH8.8

CVE-2020-37227

HS Brand Logo Slider Unrestricted File Upload

2026-05-17

HIGH8.8

CVE-2021-47976

TextPattern CMS Remote Code Execution

2026-05-17

HIGH8.8

CVE-2021-47979

WordPress Backup and Restore Plugin Arbitrary File Deletion

2026-05-17

CRITICALN/A

CVE-2026-42897

Microsoft Exchange Server Cross-Site Scripting Vulnerability

2026-05-16

HIGH8.8

CVE-2026-3425

WordPress RTMKit Addons for Elementor Plugin Local File Inclusion

2026-05-15

HIGH8.7

CVE-2026-32643

BIG-IP and BIG-IQ Systems Privilege Escalation via Certificate Manager Role

2026-05-15

HIGH8.7

CVE-2026-32673

BIG-IP Scripted Monitors Privilege Escalation

2026-05-15

HIGH8.7

CVE-2026-34176

BIG-IP Appliance Mode Remote Command Injection

2026-05-15

CRITICALN/A

CVE-2026-20182

Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability

2026-05-15

HIGH8.8

CVE-2026-6001

Authorization bypass in ABIS Technology Ltd. Co. BAPSİS allows exploitation of trusted identifiers.

2026-05-14

HIGH8.8

CVE-2026-2465

Incorrect Authorization vulnerability in E-Kalite Software Hardware Engineering Design and Internet Services Industry and Trade Ltd. Co. Turboard FOR-

2026-05-14

HIGH8.8

CVE-2026-30810

Server-Side Request Forgery in Pandora FMS allows Privilege Escalation via API Checker extension.

2026-05-14

HIGH8.8

CVE-2026-31222

Insecure deserialization vulnerability in snorkel library Trainer.load() method.

2026-05-14

HIGH8.8

CVE-2026-31223

Critical insecure deserialization vulnerability in snorkel library BaseLabeler.load() method.

2026-05-14

CRITICAL9.8

CVE-2026-40636

Dell ECS and ObjectScale Hard-Coded Credentials Vulnerability

2026-05-13

HIGH8.8

CVE-2026-45006

OpenClaw Improper Access Control in Gateway Tool

2026-05-13

HIGH8.8

CVE-2026-7256

Zyxel WRE6505 Command Injection Vulnerability

2026-05-13

HIGH8.8

CVE-2026-6001

ABIS Technology BAPSİS Authorization Bypass

2026-05-13

HIGH8.4

CVE-2026-34963

barebox EFI PE Loader Memory-Safety Vulnerabilities

2026-05-13

HIGH8.8

CVE-2021-47935

Sentry 8.2.0 Remote Code Execution

2026-05-12

HIGH8.8

CVE-2021-47937

e107 CMS 2.3.0 Remote Code Execution

2026-05-12

HIGH8.8

CVE-2021-47938

ImpressCMS 1.4.2 Remote Code Execution

2026-05-12

HIGH8.8

CVE-2021-47939

Evolution CMS 3.1.6 Remote Code Execution

2026-05-12

HIGH8.8

CVE-2021-47943

TextPattern CMS 4.8.7 Remote Code Execution

2026-05-12

HIGH8.8

CVE-2026-8234

EFM ipTIME A8004T 14.18.2 Vulnerability in formWifiBasicSet

2026-05-11

HIGH8.8

CVE-2021-47935

Sentry 8.2.0 Remote Code Execution Vulnerability

2026-05-11

HIGH8.8

CVE-2021-47937

e107 CMS 2.3.0 Remote Code Execution Vulnerability

2026-05-11

HIGH8.8

CVE-2021-47938

ImpressCMS 1.4.2 Remote Code Execution Vulnerability

2026-05-11

HIGH8.8

CVE-2021-47939

Evolution CMS 3.1.6 Remote Code Execution Vulnerability

2026-05-11

HIGH8.8

CVE-2026-5127

WordPress User Frontend Plugin Deserialization Vulnerability

2026-05-10

HIGH8.8

CVE-2026-39816

Apache NiFi Missing Restricted Annotation in TinkerpopClientService

2026-05-10

HIGH8.8

CVE-2026-8234

EFM ipTIME A8004T formWifiBasicSet Security Vulnerability

2026-05-10

HIGH8.1

CVE-2022-50994

DrayTek Vigor 2960 OS Command Injection

2026-05-10

HIGH8.1

CVE-2026-7807

SmarterTools SmarterMail Local File Inclusion

2026-05-10

CRITICALN/A

CVE-2026-42208

BerriAI LiteLLM - SQL Injection Vulnerability

2026-05-09

HIGH8.8

CVE-2026-20034

Cisco Unity Connection Web-based Management Interface Arbitrary Code Execution

2026-05-08

HIGH8.8

CVE-2026-41934

Vvveb Authenticated Remote Code Execution in Admin Code Editor

2026-05-08

HIGH8.8

CVE-2026-7927

Google Chrome Type Confusion in Runtime Arbitrary Code Execution

2026-05-08

HIGH8.8

CVE-2026-43584

OpenClaw Insufficient Environment Variable Denylist Vulnerability

2026-05-08

CRITICALN/A

CVE-2026-6973

Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerability

2026-05-08

HIGH8.8

CVE-2023-54345

Frappe Framework ERPNext Sandbox Escape Vulnerability

2026-05-07

HIGH8.8

CVE-2023-54348

ERPGo SaaS CSV Injection Vulnerability

2026-05-07

HIGH8.8

CVE-2026-42434

OpenClaw Sandbox Escape Vulnerability

2026-05-07

HIGH8.8

CVE-2026-42435

OpenClaw Insufficient Shell-Wrapper Detection Vulnerability

2026-05-07

CRITICALN/A

CVE-2026-0300

Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability

2026-05-07

HIGH8.8

CVE-2026-2052

Remote Code Execution in Widget Options WordPress Plugin

2026-05-04

HIGH8.8

CVE-2026-7607

Firmware Update Vulnerability in TRENDnet TEW-821DAP

2026-05-04

HIGH8.8

CVE-2026-7489

SQL Injection in Sunnet CTMS

2026-05-04

HIGH8.8

CVE-2026-7674

Remote Code Execution in Shenzhen Libituo Technology LBT-T300-HW1

2026-05-04

HIGH8.8

CVE-2026-7675

Remote Code Execution in Shenzhen Libituo Technology LBT-T300-HW1

2026-05-04

CRITICAL8.8

CVE-2026-2052

The Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets plugin for WordPress is vulnerable to Remote Code Executio

2026-05-03

CRITICAL8.8

CVE-2026-7489

CTMS developed by Sunnet has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify,

2026-05-03

CRITICAL8.8

CVE-2026-7641

The Import and export users and customers plugin for WordPress is vulnerable to Privilege Escalation in all versions up to and including 2.0.8 via the

2026-05-03

CRITICAL8.8

CVE-2026-7607

A security vulnerability has been detected in TRENDnet TEW-821DAP 1.12B01. Impacted is the function auto_update_firmware of the component Firmware Udp

2026-05-03

HIGH7.3

CVE-2026-7598

A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauth_password of the file src/userauth.c.

2026-05-03

HIGH8.8

CVE-2026-6389

IBM Turbonomic prometurbo agent - Excessive Cluster-Wide Permissions

2026-05-02

HIGH8.8

CVE-2026-6543

IBM Langflow Desktop - Arbitrary Command Execution

2026-05-02

HIGH8.8

CVE-2026-7551

HKUDS OpenHarness - Remote Code Execution via /bridge Slash Command

2026-05-02

HIGH8.2

CVE-2026-40912

Traefik - High Severity Authentication Bypass

2026-05-02

CRITICALN/A

CVE-2026-31431

Linux Kernel - Incorrect Resource Transfer Between Spheres Vulnerability

2026-05-02

HIGH8.8

CVE-2026-34965

Cockpit CMS - Authenticated remote code execution vulnerability

2026-05-01

HIGH8.8

CVE-2026-7466

AgentFlow - Arbitrary code execution vulnerability

2026-05-01

HIGH8.8

CVE-2018-25308

BuddyPress Xprofile Custom Fields Type - Remote code execution vulnerability

2026-05-01

HIGH8.8

CVE-2026-6849

TUBITAK BILGEM Software Technologies Research Institute Pardus - OS command injection vulnerability

2026-05-01

CRITICALN/A

CVE-2026-41940

WebPros cPanel & WHM and WP2 (WordPress Squared) - Missing Authentication for Critical Function

2026-05-01

CRITICAL8.8

CVE-2026-41404

OpenClaw incomplete scope-clearing vulnerability in trusted-proxy authentication mode that allows operator.admin privileges

2026-04-30

CRITICAL8.8

CVE-2026-42422

OpenClaw before 2026.4.8 contains a role bypass vulnerability in the device.token.rotate function that allows minting tokens for unapproved roles.

2026-04-30

CRITICAL8.8

CVE-2026-41378

OpenClaw before 2026.3.31 contains a privilege escalation vulnerability allowing paired nodes with role=node to dispatch node.event agent requests.

2026-04-30

CRITICAL8.8

CVE-2026-7288

A vulnerability has been found in D-Link DIR-825M 1.1.12 affecting the function sub_4151FC of the file /boafrm/formVpnConfigSetup.

2026-04-30

CRITICAL8.8

CVE-2026-7289

A vulnerability was found in D-Link DIR-825M 1.1.12 affecting the function sub_414BA8 of the file /boafrm/formWanConfigSetup.

2026-04-30

HIGH8.8

CVE-2026-6741

LatePoint WordPress Plugin Privilege Escalation Vulnerability

2026-04-29

HIGH8.8

CVE-2026-41463

ProjeQtor ZipSlip Path Traversal Vulnerability

2026-04-29

HIGH8.8

CVE-2026-7096

Tenda HG3 2.0 formgponConf Function Vulnerability

2026-04-29

CRITICALN/A

CVE-2024-1708

ConnectWise ScreenConnect Path Traversal Vulnerability

2026-04-29

CRITICALN/A

CVE-2026-32202

Microsoft Windows Protection Mechanism Failure Vulnerability

2026-04-29

HIGH8.8

CVE-2026-7068

D-Link DIR-825 Router NMBD_process Remote Code Execution

2026-04-28

HIGH8.8

CVE-2026-7029

Tenda F456 Router addressNat Function Weakness

2026-04-28

HIGH8.8

CVE-2026-7034

Tenda FH1202 Router WrlExtraSet Function Vulnerability

2026-04-28

HIGH8.8

CVE-2026-7053

Tenda F456 Router HTTP Daemon L7Prot Flaw

2026-04-28

HIGH8.8

CVE-2026-7057

Tenda F456 Router HTTP Daemon setcfm Unknown Flaw

2026-04-28

HIGH8.8

CVE-2026-6988

Tenda HG10 Router Remote Code Execution

2026-04-27

HIGH8.8

CVE-2026-7019

Tenda F456 Router P2pListFilter Vulnerability

2026-04-27

HIGH8.8

CVE-2026-7029

Tenda F456 Router Address NAT Bypass

2026-04-27

HIGH8.8

CVE-2026-7030

Tenda F456 Router Static Route Manipulation

2026-04-27

HIGH8.8

CVE-2026-7031

Tenda F456 Router SafeMacFilter Bypass

2026-04-27

HIGH8.8

CVE-2026-6988

A flaw has been found in Tenda HG10 HG7_HG9_HG10re_300001138_en_xpon. This issue affects the function formRoute of the file /boaform/formRouting of th

2026-04-26

HIGH8.8

CVE-2026-7019

A vulnerability was identified in Tenda F456 1.0.0.5. The impacted element is the function fromP2pListFilter of the file /goform/P2pListFilter. The ma

2026-04-26

HIGH7.3

CVE-2026-6977

A security vulnerability has been detected in vanna-ai vanna up to 2.0.2. The affected element is an unknown function of the component Legacy Flask AP

2026-04-26

HIGH7.3

CVE-2026-6980

A vulnerability has been found in Divyanshu-hash GitPilot-MCP up to 9ed9f153ba4158a2ad230ee4871b25130da29ffd. This impacts the function repo_path of t

2026-04-26

HIGH7.3

CVE-2026-6987

A vulnerability was detected in PicoClaw up to 0.2.4. Impacted is an unknown function of the file /api/gateway/restart of the component Web Launcher M

2026-04-26

CRITICALN/A

CVE-2025-29635

D-Link DIR-823X Command Injection Vulnerability

2026-04-25

CRITICALN/A

CVE-2024-7399

Samsung MagicINFO 9 Server Path Traversal Vulnerability

2026-04-25

CRITICALN/A

CVE-2024-57728

SimpleHelp Path Traversal Vulnerability

2026-04-25

CRITICALN/A

CVE-2024-57726

SimpleHelp Missing Authorization Vulnerability

2026-04-25

MEDIUMN/A

N/A-0000-0000

No Further Top Critical Vulnerabilities Identified

2026-04-25

CRITICAL8.8

CVE-2026-6859

InstructLab Remote Code Execution via Hardcoded Trust

2026-04-24

CRITICAL8.8

CVE-2026-41349

OpenClaw Agentic Consent Bypass Vulnerability

2026-04-24

CRITICAL8.7

CVE-2026-41468

Beghelli Sicuro24 AngularJS Sandbox Escape Vulnerability

2026-04-24

CRITICAL8.6

CVE-2026-34413

Xerte Online Toolkits Missing Authentication Vulnerability

2026-04-24

CRITICALN/A

CVE-2026-39987

Marimo Remote Code Execution Vulnerability

2026-04-24

HIGH8.8

CVE-2026-6859

InstructLab - Remote Code Execution via Hardcoded Trust

2026-04-23

HIGH8.7

CVE-2026-41468

Beghelli Sicuro24 SicuroWeb - AngularJS Sandbox Escape leading to RCE

2026-04-23

HIGH8.6

CVE-2026-34413

Xerte Online Toolkits - Missing Authentication in elFinder Connector

2026-04-23

HIGH8.5

CVE-2026-41455

WeKan - Server-Side Request Forgery via Webhook Integration

2026-04-23

CRITICALN/A

CVE-2026-33825

Microsoft Defender - Insufficient Granularity of Access Control Vulnerability

2026-04-23

HIGH8.8

CVE-2026-6249

Vvveb CMS Remote Code Execution via Media Upload

2026-04-22

HIGH8.8

CVE-2026-5967

ThreatSonar Anti-Ransomware Privilege Escalation

2026-04-22

HIGH8.8

CVE-2026-34427

Vvveb Admin User Profile Privilege Escalation

2026-04-22

HIGH8.8

CVE-2026-41445

KissFFT Integer Overflow in kiss_fftndr_alloc()

2026-04-22

HIGH8.7

CVE-2026-34291

Oracle HTTP Server Core Vulnerability

2026-04-22

CRITICALN/A

CVE-2026-20122

Cisco Catalyst SD-WAN Manger - Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability

2026-04-21

CRITICALN/A

CVE-2026-20133

Cisco Catalyst SD-WAN Manager - Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability

2026-04-21

CRITICALN/A

CVE-2025-2749

Kentico Kentico Xperience - Kentico Xperience Path Traversal Vulnerability

2026-04-21

CRITICALN/A

CVE-2023-27351

PaperCut NG/MF - PaperCut NG/MF Improper Authentication Vulnerability

2026-04-21

CRITICALN/A

CVE-2025-48700

Synacor Zimbra Collaboration Suite (ZCS) - Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability

2026-04-21

CRITICAL8.8

CVE-2026-6518

CMP – Coming Soon & Maintenance Plugin for WordPress: Arbitrary File Upload and Remote Code Execution

2026-04-19

CRITICAL8.8

CVE-2026-3464

WP Customer Area plugin for WordPress: Arbitrary File Read and Deletion

2026-04-19

HIGH8.3

CVE-2026-40516

OpenHarness: Server-Side Request Forgery (SSRF)

2026-04-19

HIGH7.8

CVE-2026-40527

radare2: Command Injection via Crafted ELF Binaries

2026-04-19

HIGH7.5

CVE-2026-6507

dnsmasq: Out-of-Bounds Write via Specially Crafted BOOTREPLY

2026-04-19

CRITICAL8.8

CVE-2026-6518

CMP – Coming Soon & Maintenance Plugin for WordPress: Arbitrary File Upload and RCE

2026-04-18

CRITICAL8.8

CVE-2026-1620

Livemesh Addons for Elementor plugin for WordPress: Local File Inclusion

2026-04-18

CRITICAL8.8

CVE-2025-14868

Career Section plugin for WordPress: CSRF leading to Path Traversal and Arbitrary File Deletion

2026-04-18

CRITICAL8.8

CVE-2026-3464

WP Customer Area plugin for WordPress: Arbitrary File Read and Deletion

2026-04-18

HIGH7.5

CVE-2026-6507

dnsmasq: Remote Out-of-bounds Write via BOOTREPLY

2026-04-18

HIGH8.8

CVE-2026-40502

OpenHarness prior to commit dd1d235 contains a command injection vulnerability that allows remote gateway users with chat access to invoke sensitive a

2026-04-17

HIGH8.8

CVE-2026-6348

WinMatrix agent developed by Simopro Technology has a Missing Authentication vulnerability, allowing authenticated local attackers to execute arbitrar

2026-04-17

HIGH8.8

CVE-2023-3634

In products of the MSE6 product-family by Festo a remote authenticated, low privileged attacker could use functions of undocumented test mode which co

2026-04-17

HIGH8.8

CVE-2026-5617

The Login as User plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.3. This is due to the handle_re

2026-04-17

CRITICALN/A

CVE-2026-34197

Apache ActiveMQ - Apache ActiveMQ Improper Input Validation Vulnerability

2026-04-17

HIGH8.8

CVE-2026-25654

Siemens SINEC NMS Authorization Bypass

2026-04-15

HIGH8.8

CVE-2026-27668

Siemens RUGGEDCOM CROSSBOW SAM-P Privilege Escalation

2026-04-15

HIGH8.8

CVE-2026-40040

Pachno Unrestricted File Upload Vulnerability

2026-04-15

CRITICALN/A

CVE-2009-0238

Microsoft Office Remote Code Execution

2026-04-15

CRITICALN/A

CVE-2026-32201

Microsoft SharePoint Server Improper Input Validation

2026-04-15

CRITICALN/A

CVE-2025-60710

Microsoft Windows - Microsoft Windows Link Following Vulnerability

2026-04-14

CRITICALN/A

CVE-2023-36424

Microsoft Windows - Microsoft Windows Out-of-Bounds Read Vulnerability

2026-04-14

CRITICALN/A

CVE-2023-21529

Microsoft Exchange Server - Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability

2026-04-14

CRITICALN/A

CVE-2026-21643

Fortinet FortiClient EMS - Fortinet SQL Injection Vulnerability

2026-04-14

CRITICALN/A

CVE-2026-34621

Adobe Acrobat and Reader - Adobe Acrobat and Reader Prototype Pollution Vulnerability

2026-04-14

CRITICAL8.8

CVE-2026-6120

Tenda F451 Router fromDhcpListClient Vulnerability

2026-04-13

CRITICAL8.8

CVE-2026-6121

Tenda F451 Router WrlclientSet Vulnerability

2026-04-13

CRITICAL8.8

CVE-2026-6122

Tenda F451 Router L7 Protocol Form Vulnerability

2026-04-13

CRITICAL8.8

CVE-2026-6123

Tenda F451 Router Address NAT Vulnerability

2026-04-13

CRITICAL8.8

CVE-2026-6124

Tenda F451 Router Safe MAC Filter Vulnerability

2026-04-13

CRITICAL8.8

CVE-2026-5144

BuddyPress Groupblog plugin for WordPress Privilege Escalation

2026-04-12

CRITICAL8.8

CVE-2026-35643

OpenClaw Unvalidated WebView JavascriptInterface Arbitrary Instruction Injection

2026-04-12

CRITICAL8.8

CVE-2026-6120

Tenda F451 Router Remote Code Execution Vulnerability

2026-04-12

CRITICAL8.8

CVE-2026-35663

OpenClaw Privilege Escalation for Non-Admin Operators

2026-04-12

CRITICAL8.6

CVE-2026-34621

Adobe Acrobat Reader Improperly Controlled Modification of Object Prototype Attributes

2026-04-12

HIGH8.8

CVE-2026-35638

OpenClaw Control UI Unauthenticated Privilege Escalation

2026-04-11

HIGH8.8

CVE-2026-39911

Hashgraph Guardian Unsandboxed JavaScript Execution

2026-04-11

HIGH8.8

CVE-2026-33785

Juniper Junos OS MX Series Missing Authorization Privilege Escalation

2026-04-11

HIGH8.7

CVE-2025-13914

Juniper Apstra SSH Key Exchange Without Entity Authentication

2026-04-11

HIGH8.2

CVE-2023-54359

WordPress adivaha Travel Plugin Time-Based Blind SQL Injection

2026-04-11

CRITICAL8.8

CVE-2026-3243

WordPress Advanced Members for ACF Plugin Arbitrary File Deletion

2026-04-10

CRITICAL8.8

CVE-2026-4326

WordPress Vertex Addons for Elementor Plugin Missing Authorization

2026-04-10

CRITICAL8.8

CVE-2026-5815

D-Link DIR-645 Router Remote Code Execution Vulnerability

2026-04-10

CRITICAL8.8

CVE-2026-5830

Tenda AC15 Router Remote Code Execution Vulnerability

2026-04-10

HIGH8.1

CVE-2026-5436

WordPress MW WP Form Plugin Arbitrary File Move/Read

2026-04-10

CVE-2026-10062 TRENDnet TEW-432BRP formSetRoute Function Vulnerability HIGH CVSS 8.8 CVE-2026-10063 TRENDnet TEW-432BRP formWPS Function Vulnerability HIGH CVSS 8.8 CVE-2018-25388 HaPe PKH Arbitrary File Upload Vulnerability HIGH CVSS 8.8 CVE-2026-10066 Shibby Tomato tomatoups.cgi Function Vulnerability HIGH CVSS 8.8 CVE-2026-10067 Shibby Tomato multimon.cgi Stack-Based Buffer Overflow HIGH CVSS 8.8 CVE-2026-9227 GutenBee – Gutenberg Blocks plugin for WordPress Arbitrary File Upload HIGH CVSS 8.8 CVE-2026-6226 Frontend Admin by DynamiApps plugin for WordPress Unauthenticated Privilege Escalation HIGH CVSS 8.8 CVE-2026-10002 Google Chrome PDFium Use-After-Free Vulnerability HIGH CVSS 8.8 CVE-2026-9887 Google Chrome Proxy Use-After-Free Vulnerability HIGH CVSS 8.8 CVE-2026-0257 Palo Alto Networks PAN-OS Authentication Bypass Vulnerability CRITICAL CVSS CVE-2026-5065 IBM Controller Hard-Coded Credentials Vulnerability HIGH CVSS 8.8 CVE-2026-8179 IBM Aspera High-Speed Transfer Privilege Escalation HIGH CVSS 8.8 CVE-2026-7802 WordPress Frontend Admin Authorization Bypass HIGH CVSS 8.8 CVE-2026-9009 WordPress Crawlomatic Plugin Remote Code Execution HIGH CVSS 8.8 CVE-2026-9227 WordPress GutenBee Plugin Arbitrary File Upload HIGH CVSS 8.8 CVE-2026-46368 luci-app-https-dns-proxy through 2025.12.29-5 HIGH CVSS 8.8 CVE-2026-44832 Snipe-IT Privilege Escalation Vulnerability HIGH CVSS 8.8 CVE-2026-48027 Nx Console - Nx Console Embedded Malicious Code Vulnerability CRITICAL CVSS CVE-2026-45321 TanStack - TanStack Unspecified Vulnerability CRITICAL CVSS CVE-2026-8398 Daemon Tools Lite - Daemon Tools Lite Embedded Malicious Code Vulnerability CRITICAL CVSS CVE-2026-9442 Edimax BR-6478AC formiNICSiteSurvey Function Vulnerability HIGH CVSS 8.8 CVE-2026-9443 Edimax BR-6478AC formL2TPSetup Function Vulnerability HIGH CVSS 8.8 CVE-2026-9459 Edimax EW-7438RPn formConnectionSetting Function Vulnerability HIGH CVSS 8.8 CVE-2026-9460 Edimax EW-7438RPn formAccept Function Vulnerability HIGH CVSS 8.8 CVE-2026-48172 LiteSpeed cPanel Plugin Privilege Escalation Vulnerability CRITICAL CVSS CVE-2026-47114 IINA User-Assisted Command Execution Vulnerability HIGH CVSS 8.8 CVE-2026-47101 LiteLLM API Key Privilege Escalation HIGH CVSS 8.8 CVE-2026-47102 LiteLLM User Role Modification Vulnerability HIGH CVSS 8.8 CVE-2026-9018 Easy Elements for Elementor Privilege Escalation HIGH CVSS 8.8 CVE-2026-9082 Drupal Core SQL Injection Vulnerability CRITICAL CVSS CVE-2026-24425 Twig sandbox bypass vulnerability HIGH CVSS 8.8 CVE-2026-47114 IINA user-assisted command execution vulnerability HIGH CVSS 8.8 CVE-2026-47101 LiteLLM API key creation with unauthorized access HIGH CVSS 8.8 CVE-2025-34291 Langflow Langflow - Langflow Origin Validation Error Vulnerability CRITICAL CVSS CVE-2026-34926 Trend Micro Apex One - Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability CRITICAL CVSS CVE-2026-7498 Cross-site scripting vulnerability in Basamak Information Technology Consulting and Or HIGH CVSS 8.8 CVE-2026-6456 Privilege Escalation in WordPress Account Switcher plugin HIGH CVSS 8.8 CVE-2026-7467 Privilege Escalation in WordPress Read More & Accordion plugin HIGH CVSS 8.8 CVE-2026-7522 Local File Inclusion in WordPress Advanced Database Cleaner – Premium plugin HIGH CVSS 8.8 CVE-2026-5200 Missing Authorization in WordPress AcyMailing plugin HIGH CVSS 8.8 CVE-2026-45495 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability HIGH CVSS 8.8 CVE-2026-8775 Edimax BR-6428NS formL2TPSetup Function Vulnerability HIGH CVSS 8.8 CVE-2026-8776 Edimax BR-6428NS formPPTPSetup Function Vulnerability HIGH CVSS 8.8 CVE-2026-7498 Basamak Information Technology Consulting and Or Cross-Site Scripting Vulnerability HIGH CVSS 8.8 CVE-2018-25322 Allok Fast AVI MPEG Splitter Stack-Based Buffer Overflow HIGH CVSS 8.4 CVE-2020-37227 HS Brand Logo Slider 2.1 Unrestricted File Upload HIGH CVSS 8.8 CVE-2021-47976 TextPattern CMS 4.9.0-dev Remote Code Execution HIGH CVSS 8.8 CVE-2021-47979 WordPress Plugin Backup and Restore 1.0.3 Arbitrary File Deletion HIGH CVSS 8.8 CVE-2026-8719 AI Engine WordPress Plugin Privilege Escalation HIGH CVSS 8.8 CVE-2018-25322 Allok Fast AVI MPEG Splitter 1.2 Stack-Based Buffer Overflow HIGH CVSS 8.4 CVE-2026-6228 WordPress Frontend Admin Plugin Privilege Escalation HIGH CVSS 8.8 CVE-2021-47964 Schlix CMS Remote Code Execution HIGH CVSS 8.8 CVE-2020-37227 HS Brand Logo Slider Unrestricted File Upload HIGH CVSS 8.8 CVE-2021-47976 TextPattern CMS Remote Code Execution HIGH CVSS 8.8 CVE-2021-47979 WordPress Backup and Restore Plugin Arbitrary File Deletion HIGH CVSS 8.8 CVE-2026-42897 Microsoft Exchange Server Cross-Site Scripting Vulnerability CRITICAL CVSS CVE-2026-3425 WordPress RTMKit Addons for Elementor Plugin Local File Inclusion HIGH CVSS 8.8 CVE-2026-32643 BIG-IP and BIG-IQ Systems Privilege Escalation via Certificate Manager Role HIGH CVSS 8.7 CVE-2026-32673 BIG-IP Scripted Monitors Privilege Escalation HIGH CVSS 8.7 CVE-2026-34176 BIG-IP Appliance Mode Remote Command Injection HIGH CVSS 8.7 CVE-2026-20182 Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability CRITICAL CVSS CVE-2026-6001 Authorization bypass in ABIS Technology Ltd. Co. BAPSİS allows exploitation of trusted identifiers. HIGH CVSS 8.8 CVE-2026-2465 Incorrect Authorization vulnerability in E-Kalite Software Hardware Engineering Design and Internet Services Industry and Trade Ltd. Co. Turboard FOR- HIGH CVSS 8.8 CVE-2026-30810 Server-Side Request Forgery in Pandora FMS allows Privilege Escalation via API Checker extension. HIGH CVSS 8.8 CVE-2026-31222 Insecure deserialization vulnerability in snorkel library Trainer.load() method. HIGH CVSS 8.8 CVE-2026-31223 Critical insecure deserialization vulnerability in snorkel library BaseLabeler.load() method. HIGH CVSS 8.8 CVE-2026-40636 Dell ECS and ObjectScale Hard-Coded Credentials Vulnerability CRITICAL CVSS 9.8 CVE-2026-45006 OpenClaw Improper Access Control in Gateway Tool HIGH CVSS 8.8 CVE-2026-7256 Zyxel WRE6505 Command Injection Vulnerability HIGH CVSS 8.8 CVE-2026-6001 ABIS Technology BAPSİS Authorization Bypass HIGH CVSS 8.8 CVE-2026-34963 barebox EFI PE Loader Memory-Safety Vulnerabilities HIGH CVSS 8.4 CVE-2021-47935 Sentry 8.2.0 Remote Code Execution HIGH CVSS 8.8 CVE-2021-47937 e107 CMS 2.3.0 Remote Code Execution HIGH CVSS 8.8 CVE-2021-47938 ImpressCMS 1.4.2 Remote Code Execution HIGH CVSS 8.8 CVE-2021-47939 Evolution CMS 3.1.6 Remote Code Execution HIGH CVSS 8.8 CVE-2021-47943 TextPattern CMS 4.8.7 Remote Code Execution HIGH CVSS 8.8 CVE-2026-8234 EFM ipTIME A8004T 14.18.2 Vulnerability in formWifiBasicSet HIGH CVSS 8.8 CVE-2021-47935 Sentry 8.2.0 Remote Code Execution Vulnerability HIGH CVSS 8.8 CVE-2021-47937 e107 CMS 2.3.0 Remote Code Execution Vulnerability HIGH CVSS 8.8 CVE-2021-47938 ImpressCMS 1.4.2 Remote Code Execution Vulnerability HIGH CVSS 8.8 CVE-2021-47939 Evolution CMS 3.1.6 Remote Code Execution Vulnerability HIGH CVSS 8.8 CVE-2026-5127 WordPress User Frontend Plugin Deserialization Vulnerability HIGH CVSS 8.8 CVE-2026-39816 Apache NiFi Missing Restricted Annotation in TinkerpopClientService HIGH CVSS 8.8 CVE-2026-8234 EFM ipTIME A8004T formWifiBasicSet Security Vulnerability HIGH CVSS 8.8 CVE-2022-50994 DrayTek Vigor 2960 OS Command Injection HIGH CVSS 8.1 CVE-2026-7807 SmarterTools SmarterMail Local File Inclusion HIGH CVSS 8.1 CVE-2026-42208 BerriAI LiteLLM - SQL Injection Vulnerability CRITICAL CVSS CVE-2026-20034 Cisco Unity Connection Web-based Management Interface Arbitrary Code Execution HIGH CVSS 8.8 CVE-2026-41934 Vvveb Authenticated Remote Code Execution in Admin Code Editor HIGH CVSS 8.8 CVE-2026-7927 Google Chrome Type Confusion in Runtime Arbitrary Code Execution HIGH CVSS 8.8 CVE-2026-43584 OpenClaw Insufficient Environment Variable Denylist Vulnerability HIGH CVSS 8.8 CVE-2026-6973 Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerability CRITICAL CVSS CVE-2023-54345 Frappe Framework ERPNext Sandbox Escape Vulnerability HIGH CVSS 8.8 CVE-2023-54348 ERPGo SaaS CSV Injection Vulnerability HIGH CVSS 8.8 CVE-2026-42434 OpenClaw Sandbox Escape Vulnerability HIGH CVSS 8.8 CVE-2026-42435 OpenClaw Insufficient Shell-Wrapper Detection Vulnerability HIGH CVSS 8.8 CVE-2026-0300 Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability CRITICAL CVSS CVE-2026-2052 Remote Code Execution in Widget Options WordPress Plugin HIGH CVSS 8.8 CVE-2026-7607 Firmware Update Vulnerability in TRENDnet TEW-821DAP HIGH CVSS 8.8 CVE-2026-7489 SQL Injection in Sunnet CTMS HIGH CVSS 8.8 CVE-2026-7674 Remote Code Execution in Shenzhen Libituo Technology LBT-T300-HW1 HIGH CVSS 8.8 CVE-2026-7675 Remote Code Execution in Shenzhen Libituo Technology LBT-T300-HW1 HIGH CVSS 8.8 CVE-2026-2052 The Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets plugin for WordPress is vulnerable to Remote Code Executio CRITICAL CVSS 8.8 CVE-2026-7489 CTMS developed by Sunnet has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, CRITICAL CVSS 8.8 CVE-2026-7641 The Import and export users and customers plugin for WordPress is vulnerable to Privilege Escalation in all versions up to and including 2.0.8 via the CRITICAL CVSS 8.8 CVE-2026-7607 A security vulnerability has been detected in TRENDnet TEW-821DAP 1.12B01. Impacted is the function auto_update_firmware of the component Firmware Udp CRITICAL CVSS 8.8 CVE-2026-7598 A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauth_password of the file src/userauth.c. HIGH CVSS 7.3 CVE-2026-6389 IBM Turbonomic prometurbo agent - Excessive Cluster-Wide Permissions HIGH CVSS 8.8 CVE-2026-6543 IBM Langflow Desktop - Arbitrary Command Execution HIGH CVSS 8.8 CVE-2026-7551 HKUDS OpenHarness - Remote Code Execution via /bridge Slash Command HIGH CVSS 8.8 CVE-2026-40912 Traefik - High Severity Authentication Bypass HIGH CVSS 8.2 CVE-2026-31431 Linux Kernel - Incorrect Resource Transfer Between Spheres Vulnerability CRITICAL CVSS CVE-2026-34965 Cockpit CMS - Authenticated remote code execution vulnerability HIGH CVSS 8.8 CVE-2026-7466 AgentFlow - Arbitrary code execution vulnerability HIGH CVSS 8.8 CVE-2018-25308 BuddyPress Xprofile Custom Fields Type - Remote code execution vulnerability HIGH CVSS 8.8 CVE-2026-6849 TUBITAK BILGEM Software Technologies Research Institute Pardus - OS command injection vulnerability HIGH CVSS 8.8 CVE-2026-41940 WebPros cPanel & WHM and WP2 (WordPress Squared) - Missing Authentication for Critical Function CRITICAL CVSS CVE-2026-41404 OpenClaw incomplete scope-clearing vulnerability in trusted-proxy authentication mode that allows operator.admin privileges CRITICAL CVSS 8.8 CVE-2026-42422 OpenClaw before 2026.4.8 contains a role bypass vulnerability in the device.token.rotate function that allows minting tokens for unapproved roles. CRITICAL CVSS 8.8 CVE-2026-41378 OpenClaw before 2026.3.31 contains a privilege escalation vulnerability allowing paired nodes with role=node to dispatch node.event agent requests. CRITICAL CVSS 8.8 CVE-2026-7288 A vulnerability has been found in D-Link DIR-825M 1.1.12 affecting the function sub_4151FC of the file /boafrm/formVpnConfigSetup. CRITICAL CVSS 8.8 CVE-2026-7289 A vulnerability was found in D-Link DIR-825M 1.1.12 affecting the function sub_414BA8 of the file /boafrm/formWanConfigSetup. CRITICAL CVSS 8.8 CVE-2026-6741 LatePoint WordPress Plugin Privilege Escalation Vulnerability HIGH CVSS 8.8 CVE-2026-41463 ProjeQtor ZipSlip Path Traversal Vulnerability HIGH CVSS 8.8 CVE-2026-7096 Tenda HG3 2.0 formgponConf Function Vulnerability HIGH CVSS 8.8 CVE-2024-1708 ConnectWise ScreenConnect Path Traversal Vulnerability CRITICAL CVSS CVE-2026-32202 Microsoft Windows Protection Mechanism Failure Vulnerability CRITICAL CVSS CVE-2026-7068 D-Link DIR-825 Router NMBD_process Remote Code Execution HIGH CVSS 8.8 CVE-2026-7029 Tenda F456 Router addressNat Function Weakness HIGH CVSS 8.8 CVE-2026-7034 Tenda FH1202 Router WrlExtraSet Function Vulnerability HIGH CVSS 8.8 CVE-2026-7053 Tenda F456 Router HTTP Daemon L7Prot Flaw HIGH CVSS 8.8 CVE-2026-7057 Tenda F456 Router HTTP Daemon setcfm Unknown Flaw HIGH CVSS 8.8 CVE-2026-6988 Tenda HG10 Router Remote Code Execution HIGH CVSS 8.8 CVE-2026-7019 Tenda F456 Router P2pListFilter Vulnerability HIGH CVSS 8.8 CVE-2026-7029 Tenda F456 Router Address NAT Bypass HIGH CVSS 8.8 CVE-2026-7030 Tenda F456 Router Static Route Manipulation HIGH CVSS 8.8 CVE-2026-7031 Tenda F456 Router SafeMacFilter Bypass HIGH CVSS 8.8 CVE-2026-6988 A flaw has been found in Tenda HG10 HG7_HG9_HG10re_300001138_en_xpon. This issue affects the function formRoute of the file /boaform/formRouting of th HIGH CVSS 8.8 CVE-2026-7019 A vulnerability was identified in Tenda F456 1.0.0.5. The impacted element is the function fromP2pListFilter of the file /goform/P2pListFilter. The ma HIGH CVSS 8.8 CVE-2026-6977 A security vulnerability has been detected in vanna-ai vanna up to 2.0.2. The affected element is an unknown function of the component Legacy Flask AP HIGH CVSS 7.3 CVE-2026-6980 A vulnerability has been found in Divyanshu-hash GitPilot-MCP up to 9ed9f153ba4158a2ad230ee4871b25130da29ffd. This impacts the function repo_path of t HIGH CVSS 7.3 CVE-2026-6987 A vulnerability was detected in PicoClaw up to 0.2.4. Impacted is an unknown function of the file /api/gateway/restart of the component Web Launcher M HIGH CVSS 7.3 CVE-2025-29635 D-Link DIR-823X Command Injection Vulnerability CRITICAL CVSS CVE-2024-7399 Samsung MagicINFO 9 Server Path Traversal Vulnerability CRITICAL CVSS CVE-2024-57728 SimpleHelp Path Traversal Vulnerability CRITICAL CVSS CVE-2024-57726 SimpleHelp Missing Authorization Vulnerability CRITICAL CVSS N/A-0000-0000 No Further Top Critical Vulnerabilities Identified MEDIUM CVSS CVE-2026-6859 InstructLab Remote Code Execution via Hardcoded Trust CRITICAL CVSS 8.8 CVE-2026-41349 OpenClaw Agentic Consent Bypass Vulnerability CRITICAL CVSS 8.8 CVE-2026-41468 Beghelli Sicuro24 AngularJS Sandbox Escape Vulnerability CRITICAL CVSS 8.7 CVE-2026-34413 Xerte Online Toolkits Missing Authentication Vulnerability CRITICAL CVSS 8.6 CVE-2026-39987 Marimo Remote Code Execution Vulnerability CRITICAL CVSS CVE-2026-6859 InstructLab - Remote Code Execution via Hardcoded Trust HIGH CVSS 8.8 CVE-2026-41468 Beghelli Sicuro24 SicuroWeb - AngularJS Sandbox Escape leading to RCE HIGH CVSS 8.7 CVE-2026-34413 Xerte Online Toolkits - Missing Authentication in elFinder Connector HIGH CVSS 8.6 CVE-2026-41455 WeKan - Server-Side Request Forgery via Webhook Integration HIGH CVSS 8.5 CVE-2026-33825 Microsoft Defender - Insufficient Granularity of Access Control Vulnerability CRITICAL CVSS CVE-2026-6249 Vvveb CMS Remote Code Execution via Media Upload HIGH CVSS 8.8 CVE-2026-5967 ThreatSonar Anti-Ransomware Privilege Escalation HIGH CVSS 8.8 CVE-2026-34427 Vvveb Admin User Profile Privilege Escalation HIGH CVSS 8.8 CVE-2026-41445 KissFFT Integer Overflow in kiss_fftndr_alloc() HIGH CVSS 8.8 CVE-2026-34291 Oracle HTTP Server Core Vulnerability HIGH CVSS 8.7 CVE-2026-20122 Cisco Catalyst SD-WAN Manger - Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability CRITICAL CVSS CVE-2026-20133 Cisco Catalyst SD-WAN Manager - Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability CRITICAL CVSS CVE-2025-2749 Kentico Kentico Xperience - Kentico Xperience Path Traversal Vulnerability CRITICAL CVSS CVE-2023-27351 PaperCut NG/MF - PaperCut NG/MF Improper Authentication Vulnerability CRITICAL CVSS CVE-2025-48700 Synacor Zimbra Collaboration Suite (ZCS) - Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability CRITICAL CVSS CVE-2026-6518 CMP – Coming Soon & Maintenance Plugin for WordPress: Arbitrary File Upload and Remote Code Execution CRITICAL CVSS 8.8 CVE-2026-3464 WP Customer Area plugin for WordPress: Arbitrary File Read and Deletion CRITICAL CVSS 8.8 CVE-2026-40516 OpenHarness: Server-Side Request Forgery (SSRF) HIGH CVSS 8.3 CVE-2026-40527 radare2: Command Injection via Crafted ELF Binaries HIGH CVSS 7.8 CVE-2026-6507 dnsmasq: Out-of-Bounds Write via Specially Crafted BOOTREPLY HIGH CVSS 7.5 CVE-2026-6518 CMP – Coming Soon & Maintenance Plugin for WordPress: Arbitrary File Upload and RCE CRITICAL CVSS 8.8 CVE-2026-1620 Livemesh Addons for Elementor plugin for WordPress: Local File Inclusion CRITICAL CVSS 8.8 CVE-2025-14868 Career Section plugin for WordPress: CSRF leading to Path Traversal and Arbitrary File Deletion CRITICAL CVSS 8.8 CVE-2026-3464 WP Customer Area plugin for WordPress: Arbitrary File Read and Deletion CRITICAL CVSS 8.8 CVE-2026-6507 dnsmasq: Remote Out-of-bounds Write via BOOTREPLY HIGH CVSS 7.5 CVE-2026-40502 OpenHarness prior to commit dd1d235 contains a command injection vulnerability that allows remote gateway users with chat access to invoke sensitive a HIGH CVSS 8.8 CVE-2026-6348 WinMatrix agent developed by Simopro Technology has a Missing Authentication vulnerability, allowing authenticated local attackers to execute arbitrar HIGH CVSS 8.8 CVE-2023-3634 In products of the MSE6 product-family by Festo a remote authenticated, low privileged attacker could use functions of undocumented test mode which co HIGH CVSS 8.8 CVE-2026-5617 The Login as User plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.3. This is due to the handle_re HIGH CVSS 8.8 CVE-2026-34197 Apache ActiveMQ - Apache ActiveMQ Improper Input Validation Vulnerability CRITICAL CVSS CVE-2026-25654 Siemens SINEC NMS Authorization Bypass HIGH CVSS 8.8 CVE-2026-27668 Siemens RUGGEDCOM CROSSBOW SAM-P Privilege Escalation HIGH CVSS 8.8 CVE-2026-40040 Pachno Unrestricted File Upload Vulnerability HIGH CVSS 8.8 CVE-2009-0238 Microsoft Office Remote Code Execution CRITICAL CVSS CVE-2026-32201 Microsoft SharePoint Server Improper Input Validation CRITICAL CVSS CVE-2025-60710 Microsoft Windows - Microsoft Windows Link Following Vulnerability CRITICAL CVSS CVE-2023-36424 Microsoft Windows - Microsoft Windows Out-of-Bounds Read Vulnerability CRITICAL CVSS CVE-2023-21529 Microsoft Exchange Server - Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability CRITICAL CVSS CVE-2026-21643 Fortinet FortiClient EMS - Fortinet SQL Injection Vulnerability CRITICAL CVSS CVE-2026-34621 Adobe Acrobat and Reader - Adobe Acrobat and Reader Prototype Pollution Vulnerability CRITICAL CVSS CVE-2026-6120 Tenda F451 Router fromDhcpListClient Vulnerability CRITICAL CVSS 8.8 CVE-2026-6121 Tenda F451 Router WrlclientSet Vulnerability CRITICAL CVSS 8.8 CVE-2026-6122 Tenda F451 Router L7 Protocol Form Vulnerability CRITICAL CVSS 8.8 CVE-2026-6123 Tenda F451 Router Address NAT Vulnerability CRITICAL CVSS 8.8 CVE-2026-6124 Tenda F451 Router Safe MAC Filter Vulnerability CRITICAL CVSS 8.8 CVE-2026-5144 BuddyPress Groupblog plugin for WordPress Privilege Escalation CRITICAL CVSS 8.8 CVE-2026-35643 OpenClaw Unvalidated WebView JavascriptInterface Arbitrary Instruction Injection CRITICAL CVSS 8.8 CVE-2026-6120 Tenda F451 Router Remote Code Execution Vulnerability CRITICAL CVSS 8.8 CVE-2026-35663 OpenClaw Privilege Escalation for Non-Admin Operators CRITICAL CVSS 8.8 CVE-2026-34621 Adobe Acrobat Reader Improperly Controlled Modification of Object Prototype Attributes CRITICAL CVSS 8.6 CVE-2026-35638 OpenClaw Control UI Unauthenticated Privilege Escalation HIGH CVSS 8.8 CVE-2026-39911 Hashgraph Guardian Unsandboxed JavaScript Execution HIGH CVSS 8.8 CVE-2026-33785 Juniper Junos OS MX Series Missing Authorization Privilege Escalation HIGH CVSS 8.8 CVE-2025-13914 Juniper Apstra SSH Key Exchange Without Entity Authentication HIGH CVSS 8.7 CVE-2023-54359 WordPress adivaha Travel Plugin Time-Based Blind SQL Injection HIGH CVSS 8.2 CVE-2026-3243 WordPress Advanced Members for ACF Plugin Arbitrary File Deletion CRITICAL CVSS 8.8 CVE-2026-4326 WordPress Vertex Addons for Elementor Plugin Missing Authorization CRITICAL CVSS 8.8 CVE-2026-5815 D-Link DIR-645 Router Remote Code Execution Vulnerability CRITICAL CVSS 8.8 CVE-2026-5830 Tenda AC15 Router Remote Code Execution Vulnerability CRITICAL CVSS 8.8 CVE-2026-5436 WordPress MW WP Form Plugin Arbitrary File Move/Read HIGH CVSS 8.1