31,467 indexed
CVECVE vulnerabilities
31,467 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 651–700 of 31,467 · page 14 of 630
| ID | Title | Summary |
|---|---|---|
| CVE-2026-7674 | CVE-2026-7674 CVSS 8.8 | A flaw has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. This issue affects the function start_single_service of the component Web Manage… |
| CVE-2026-7666 | CVE-2026-7666 CVSS 3.1djangoproject | An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. `django.core.mail.backends.smtp.EmailBackend` in Django fails to prevent reuse of a p… |
| CVE-2026-7665 | CVE-2026-7665 CVSS 5.3 | The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Information Exposure in all versions up to, an… |
| CVE-2026-7662 | CVE-2026-7662 CVSS 6.4 | The ePaperFlip Publisher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'publicationid' attribute of the `epaperflip_embed` shortcod… |
| CVE-2026-7654 | CVE-2026-7654 CVSS 8.8 | The Admin Columns plugin for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution in versions up to and including 7.0.18. This is d… |
| CVE-2026-7647 | CVE-2026-7647 CVSS 8.1 | The Profile Builder Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to and including 3.14.5. This is due to the use of PHP's … |
| CVE-2026-7641 | CVE-2026-7641 CVSS 8.8 | The Import and export users and customers plugin for WordPress is vulnerable to Privilege Escalation in all versions up to and including 2.0.8 via the `save_ex… |
| CVE-2026-7637 | CVE-2026-7637 CVSS 9.8 | The Boost plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.0.3 via deserialization of untrusted input in the STYX… |
| CVE-2026-7635 | CVE-2026-7635 CVSS 8.1 | The coreActivity: Activity Logging for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0. This is … |
| CVE-2026-7624 | CVE-2026-7624 CVSS 4.3 | The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 12.4.16. This is due to the plu… |
| CVE-2026-7611 | CVE-2026-7611 CVSS 8.1 | A vulnerability was found in TRENDnet TEW-821DAP up to 1.12B01. This impacts the function platform_do_upgrade_cameo_dev of the file cameo_dev.sh of the compone… |
| CVE-2026-7610 | CVE-2026-7610 CVSS 8.1 | A vulnerability has been found in TRENDnet TEW-821DAP 1.12B01. This affects an unknown function of the file /www/cgi/ssi of the component Firmware Update. Such… |
| CVE-2026-7609 | CVE-2026-7609 CVSS 8.8 | A flaw has been found in TRENDnet TEW-821DAP up to 1.12B01. The impacted element is the function tools_diagnostic of the file /tmp/diagnostic of the component … |
| CVE-2026-7608 | CVE-2026-7608 CVSS 8.0 | A vulnerability was detected in TRENDnet TEW-821DAP up to 1.12B01. The affected element is the function tools_diagnostic. The manipulation results in os comman… |
| CVE-2026-7607 | CVE-2026-7607 CVSS 8.8 | A security vulnerability has been detected in TRENDnet TEW-821DAP 1.12B01. Impacted is the function auto_update_firmware of the component Firmware Udpate. The … |
| CVE-2026-7606 | CVE-2026-7606 CVSS 8.1 | A weakness has been identified in TRENDnet TEW-821DAP 1.12B01. This issue affects the function find_hwid/new_gui_update_firmware of the component Firmware Upda… |
| CVE-2026-7573 | CVE-2026-7573 CVSS 5.0rapid7 | An authorization bypass (CWE-639) in the GetUserRoles gRPC API endpoint in Velocidex Velociraptor below version 0.76.5 allows any authenticated low-privilege u… |
| CVE-2026-7572 | CVE-2026-7572 CVSS 4.4rapid7 | An off-by-one error (CWE-193) in the ConsumeUnit16Array and ConsumeUnit64Array functions in Velocidex Velociraptor before version 0.76.5 on Windows and Linux a… |
| CVE-2026-7571 | CVE-2026-7571 CVSS 7.1redhat | A flaw was found in Keycloak. A low-privilege user, with knowledge of user credentials and client ID, can bypass a security control intended to disable the imp… |
| CVE-2026-7567 | CVE-2026-7567 CVSS 9.8 | The Temporary Login plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.0.0. This is due to improper input validation… |
| CVE-2026-7566 | CVE-2026-7566 CVSS 6.6 | The LearnPress – Backup & Migration Tool plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.1.4 via deserializa… |
| CVE-2026-7565 | CVE-2026-7565 CVSS 4.9 | The LearnPress – Backup & Migration Tool plugin for WordPress is vulnerable to Arbitrary File Read via Directory Traversal in all versions up to, and including… |
| CVE-2026-7556 | CVE-2026-7556 CVSS 7.2 | The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the comment text in all versions up to, and including, 7.5… |
| CVE-2026-7554 | CVE-2026-7554 CVSS 8.1 | A vulnerability was determined in D-Link M60 up to 1.20B02. Affected by this issue is some unknown functionality of the file /usr/bin/httpd. This manipulation … |
| CVE-2026-7551 | CVE-2026-7551 CVSS 8.8 | HKUDS OpenHarness contains a remote code execution vulnerability in the /bridge slash command that allows remote senders accepted by configuration to execute a… |
| CVE-2026-7548 | CVE-2026-7548 CVSS 8.8 | A vulnerability was detected in Totolink NR1800X 9.1.0u.6279_B20210910. This affects the function sub_41A68C of the file /cgi-bin/cstecgi.cgi. Performing a man… |
| CVE-2026-7547 | CVE-2026-7547 CVSS 4.9 | The Woosa – Marktplaats for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Read via Path Traversal in versions up to and including 2.0.4. Thi… |
| CVE-2026-7546 | CVE-2026-7546 CVSS 9.8 | A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279_B20210910. The impacted element is the function find_host_ip of the component lightt… |
| CVE-2026-7542 | CVE-2026-7542 CVSS 6.5 | The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions 7.0 to 7.0.10. This is due to three compounding design… |
| CVE-2026-7538 | CVE-2026-7538 CVSS 9.8 | A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function Vulnerability of the file /cgi-bin/cstecgi.cgi of the c… |
| CVE-2026-7537 | CVE-2026-7537 CVSS 7.2 | The MDJM Event Management plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7.8.3 via the mdjm_send_comm_emai… |
| CVE-2026-7528 | CVE-2026-7528 CVSS 7.1langflow | IBM Langflow OSS 1.0.0 through 1.9.0 could allow a denial of service due to uncontrolled resource consumption. |
| CVE-2026-7524 | CVE-2026-7524 CVSS 9.8langflow | IBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code execution due to improper validation of symbolic links during archive extraction. |
| CVE-2026-7523 | CVE-2026-7523 CVSS 4.3 | The Alba Board plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.1.3. This is due to the plugin not properly v… |
| CVE-2026-7522 | CVE-2026-7522 CVSS 8.8 | The Advanced Database Cleaner – Premium plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.1.0 via the 'template' p… |
| CVE-2026-7516 | CVE-2026-7516 CVSS 4.3 | A vulnerability was identified in the Lenovo Android Application, distributed exclusively on tablets in the Chinese market, that could allow a website visited … |
| CVE-2026-7515 | CVE-2026-7515 CVSS 9.8 | The BetterDocs Pro plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 3.8.0 via the `doc_style` parameter. This makes… |
| CVE-2026-7513 | CVE-2026-7513 CVSS 8.8 | A vulnerability has been found in UTT HiPER 1200GW up to 2.5.3-170306. The impacted element is the function strcpy of the file /goform/formRemoteControl. The m… |
| CVE-2026-7512 | CVE-2026-7512 CVSS 8.8 | A flaw has been found in UTT HiPER 1200GW up to 2.5.3-1703. The affected element is the function strcpy of the file /goform/formUser. Executing a manipulation … |
| CVE-2026-7507 | CVE-2026-7507 CVSS 7.5redhat | A session fixation vulnerability was found in Keycloak's login-actions endpoints. An unauthenticated attacker could exploit this flaw by pre-creating an authen… |
| CVE-2026-7504 | CVE-2026-7504 CVSS 8.1redhat | A flaw was found in Keycloak's URL validation logic during redirect operations. By crafting a malicious request, an attacker could bypass validation to redirec… |
| CVE-2026-7503 | CVE-2026-7503 CVSS 8.8 | A vulnerability was detected in code-projects for Plugin 4.1.2cu.5137. The impacted element is the function setWiFiMultipleConfig in the library /lib/cste_modu… |
| CVE-2026-7500 | CVE-2026-7500 CVSS 5.4redhat | When Keycloak is started with `--features-disabled=account,account-api`, the Account REST API is only partially disabled. Five endpoints under the versioned pa… |
| CVE-2026-7498 | CVE-2026-7498 CVSS 8.8 | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Basamak Information Technology Consulting and Organizatio… |
| CVE-2026-7491 | CVE-2026-7491 CVSS 8.1 | School App developed by Zyosoft has an Insecure Direct Object Reference vulnerability, allowing authenticated remote attackers to modify a specific parameter t… |
| CVE-2026-7489 | CVE-2026-7489 CVSS 8.8 | CTMS developed by Sunnet has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delet… |
| CVE-2026-7486 | CVE-2026-7486 CVSS 9.8 | Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Netcad Software Inc. E-İmar allows SQL Injection. This i… |
| CVE-2026-7482 | CVE-2026-7482 CVSS 9.1 | Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGUF model loader. The /api/create endpoint accepts an attacker-supplied GGUF file… |
| CVE-2026-7474 | CVE-2026-7474 CVSS 8.8 | HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to code execution on the client host through a path traversal attack. This vulnerability (CV… |
| CVE-2026-7473 | Arista Extensible Operating System Incomplete Comparison with Missing Factors Vulnerability KEVCVSS 5.8Arista | Arista Extensible Operating System (EOS) contains an incomplete comparison with missing factors vulnerability when the switch incorrectly decapsulate and forwa… |