# CVEs — March 2026

_5734 vulnerabilities_

| CVE ID | CVSS | Severity | CWE | KEV | EPSS | VAP | Published | Description |
|--------|------|----------|-----|-----|------|-----|-----------|-------------|
| [CVE-2026-5237](https://nvd.nist.gov/vuln/detail/CVE-2026-5237) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-31 | A security flaw has been discovered in itsourcecode Payroll Management System 1.0. Affected by this vulnerability is an... |
| [CVE-2026-5236](https://nvd.nist.gov/vuln/detail/CVE-2026-5236) | 4.8 | MEDIUM | CWE-119 | No | 0.0% | 3.36 | 2026-03-31 | A vulnerability was identified in Axiomatic Bento4 up to 1.6.0-641. Affected is the function AP4_BitReader::SkipBits of... |
| [CVE-2026-5235](https://nvd.nist.gov/vuln/detail/CVE-2026-5235) | 4.8 | MEDIUM | CWE-119 | No | 0.0% | 3.36 | 2026-03-31 | A vulnerability was determined in Axiomatic Bento4 up to 1.6.0-641. This impacts the function AP4_BitReader::ReadCache o... |
| [CVE-2026-34556](https://nvd.nist.gov/vuln/detail/CVE-2026-34556) | 6.2 | MEDIUM | CWE-125 | No | 0.0% | 4.34 | 2026-03-31 | iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, t... |
| [CVE-2026-34555](https://nvd.nist.gov/vuln/detail/CVE-2026-34555) | 6.2 | MEDIUM | CWE-121 | No | 0.0% | 4.34 | 2026-03-31 | iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, t... |
| [CVE-2026-34554](https://nvd.nist.gov/vuln/detail/CVE-2026-34554) | 6.2 | MEDIUM | CWE-125 | No | 0.0% | 4.34 | 2026-03-31 | iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a... |
| [CVE-2026-34553](https://nvd.nist.gov/vuln/detail/CVE-2026-34553) | 4.0 | MEDIUM | CWE-562 | No | 0.0% | 2.80 | 2026-03-31 | iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, t... |
| [CVE-2026-34552](https://nvd.nist.gov/vuln/detail/CVE-2026-34552) | 6.2 | MEDIUM | CWE-476 | No | 0.0% | 4.34 | 2026-03-31 | iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, t... |
| [CVE-2026-34551](https://nvd.nist.gov/vuln/detail/CVE-2026-34551) | 6.2 | MEDIUM | CWE-476 | No | 0.0% | 4.34 | 2026-03-31 | iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a... |
| [CVE-2026-34550](https://nvd.nist.gov/vuln/detail/CVE-2026-34550) | 6.2 | MEDIUM | CWE-681 | No | 0.0% | 4.34 | 2026-03-31 | iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, t... |
| [CVE-2026-34549](https://nvd.nist.gov/vuln/detail/CVE-2026-34549) | 6.2 | MEDIUM | CWE-758 | No | 0.0% | 4.34 | 2026-03-31 | iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, t... |
| [CVE-2026-34548](https://nvd.nist.gov/vuln/detail/CVE-2026-34548) | 6.2 | MEDIUM | CWE-681 | No | 0.0% | 4.34 | 2026-03-31 | iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, t... |
| [CVE-2026-34547](https://nvd.nist.gov/vuln/detail/CVE-2026-34547) | 6.2 | MEDIUM | CWE-758 | No | 0.0% | 4.34 | 2026-03-31 | iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a... |
| [CVE-2026-34546](https://nvd.nist.gov/vuln/detail/CVE-2026-34546) | 6.2 | MEDIUM | CWE-369 | No | 0.0% | 4.34 | 2026-03-31 | iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a... |
| [CVE-2026-2480](https://nvd.nist.gov/vuln/detail/CVE-2026-2480) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-03-31 | The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... |
| [CVE-2026-5215](https://nvd.nist.gov/vuln/detail/CVE-2026-5215) | 5.3 | MEDIUM | CWE-266 | No | 0.1% | 3.71 | 2026-03-31 | A vulnerability was identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, D... |
| [CVE-2026-5214](https://nvd.nist.gov/vuln/detail/CVE-2026-5214) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-03-31 | A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-32... |
| [CVE-2026-34605](https://nvd.nist.gov/vuln/detail/CVE-2026-34605) | 8.6 | HIGH | CWE-79 | No | 0.1% | 6.02 | 2026-03-31 | SiYuan is a personal knowledge management system. From version 3.6.0 to before version 3.6.2, the SanitizeSVG function i... |
| [CVE-2026-34585](https://nvd.nist.gov/vuln/detail/CVE-2026-34585) | 8.6 | HIGH | CWE-79 | No | 0.1% | 6.02 | 2026-03-31 | SiYuan is a personal knowledge management system. Prior to version 3.6.2, a vulnerability allows crafted block attribute... |
| [CVE-2026-34542](https://nvd.nist.gov/vuln/detail/CVE-2026-34542) | 6.2 | MEDIUM | CWE-121 | No | 0.0% | 4.34 | 2026-03-31 | iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a... |
| [CVE-2026-34541](https://nvd.nist.gov/vuln/detail/CVE-2026-34541) | 6.2 | MEDIUM | CWE-476 | No | 0.0% | 4.34 | 2026-03-31 | iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a... |
| [CVE-2026-34540](https://nvd.nist.gov/vuln/detail/CVE-2026-34540) | 6.2 | MEDIUM | CWE-122 | No | 0.0% | 4.34 | 2026-03-31 | iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a... |
| [CVE-2026-34539](https://nvd.nist.gov/vuln/detail/CVE-2026-34539) | 6.2 | MEDIUM | CWE-122 | No | 0.0% | 4.34 | 2026-03-31 | iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a... |
| [CVE-2026-34537](https://nvd.nist.gov/vuln/detail/CVE-2026-34537) | 6.2 | MEDIUM | CWE-758 | No | 0.0% | 4.34 | 2026-03-31 | iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a... |
| [CVE-2026-34536](https://nvd.nist.gov/vuln/detail/CVE-2026-34536) | 6.2 | MEDIUM | CWE-674 | No | 0.0% | 4.34 | 2026-03-31 | iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a... |
| [CVE-2026-34535](https://nvd.nist.gov/vuln/detail/CVE-2026-34535) | 6.2 | MEDIUM | CWE-122 | No | 0.0% | 4.34 | 2026-03-31 | iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a... |
| [CVE-2026-34534](https://nvd.nist.gov/vuln/detail/CVE-2026-34534) | 6.2 | MEDIUM | CWE-122 | No | 0.0% | 4.34 | 2026-03-31 | iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a... |
| [CVE-2026-34533](https://nvd.nist.gov/vuln/detail/CVE-2026-34533) | 6.2 | MEDIUM | CWE-758 | No | 0.0% | 4.34 | 2026-03-31 | iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a... |
| [CVE-2026-34453](https://nvd.nist.gov/vuln/detail/CVE-2026-34453) | 7.5 | HIGH | CWE-863 | No | 3.5% | 5.35 | 2026-03-31 | SiYuan is a personal knowledge management system. Prior to version 3.6.2, the publish service exposes bookmarked blocks... |
| [CVE-2026-34452](https://nvd.nist.gov/vuln/detail/CVE-2026-34452) | 5.8 | MEDIUM | CWE-59 | No | 0.0% | 4.06 | 2026-03-31 | The Claude SDK for Python provides access to the Claude API from Python applications. From version 0.86.0 to before vers... |
| [CVE-2026-34451](https://nvd.nist.gov/vuln/detail/CVE-2026-34451) | 6.3 | MEDIUM | CWE-22 | No | 0.1% | 4.41 | 2026-03-31 | Claude SDK for TypeScript provides access to the Claude API from server-side TypeScript or JavaScript applications. From... |
| [CVE-2026-34450](https://nvd.nist.gov/vuln/detail/CVE-2026-34450) | 4.8 | MEDIUM | CWE-276 | No | 0.0% | 3.36 | 2026-03-31 | The Claude SDK for Python provides access to the Claude API from Python applications. From version 0.86.0 to before vers... |
| [CVE-2026-34449](https://nvd.nist.gov/vuln/detail/CVE-2026-34449) | 9.6 | CRITICAL | CWE-942 | No | 0.1% | 6.72 | 2026-03-31 | SiYuan is a personal knowledge management system. Prior to version 3.6.2, a malicious website can achieve Remote Code Ex... |
| [CVE-2026-34448](https://nvd.nist.gov/vuln/detail/CVE-2026-34448) | 9.0 | CRITICAL | CWE-79 | No | 0.0% | 6.30 | 2026-03-31 | SiYuan is a personal knowledge management system. Prior to version 3.6.2, an attacker who can place a malicious URL in a... |
| [CVE-2026-34443](https://nvd.nist.gov/vuln/detail/CVE-2026-34443) | 6.9 | MEDIUM | CWE-918 | No | 0.0% | 4.83 | 2026-03-31 | FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.211, checkIpByMa... |
| [CVE-2026-34442](https://nvd.nist.gov/vuln/detail/CVE-2026-34442) | 5.4 | MEDIUM | CWE-20 | No | 0.1% | 3.78 | 2026-03-31 | FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.211, host header... |
| [CVE-2026-34441](https://nvd.nist.gov/vuln/detail/CVE-2026-34441) | 4.8 | MEDIUM | CWE-444 | No | 0.0% | 3.36 | 2026-03-31 | cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.40.0, cpp-httplib i... |
| [CVE-2026-34406](https://nvd.nist.gov/vuln/detail/CVE-2026-34406) | 9.4 | CRITICAL | CWE-915 | No | 0.3% | 6.59 | 2026-03-31 | APTRS (Automated Penetration Testing Reporting System) is a Python and Django-based automated reporting tool designed fo... |
| [CVE-2026-34405](https://nvd.nist.gov/vuln/detail/CVE-2026-34405) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-03-31 | Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to version 6.2.5, the image‑generation component by... |
| [CVE-2026-34404](https://nvd.nist.gov/vuln/detail/CVE-2026-34404) | 6.9 | MEDIUM | CWE-400 | No | 0.1% | 4.83 | 2026-03-31 | Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to version 6.2.5, the image‑generation component by... |
| [CVE-2026-34401](https://nvd.nist.gov/vuln/detail/CVE-2026-34401) | 6.5 | MEDIUM | CWE-611 | No | 0.3% | 4.56 | 2026-03-31 | XML Notepad is a Windows program that provides a simple intuitive User Interface for browsing and editing XML documents.... |
| [CVE-2026-34400](https://nvd.nist.gov/vuln/detail/CVE-2026-34400) | 6.9 | MEDIUM | CWE-89 | No | 0.0% | 4.83 | 2026-03-31 | Alerta is a monitoring tool. Prior to version 9.1.0, the Query string search API (q=) was vulnerable to SQL injection vi... |
| [CVE-2026-5213](https://nvd.nist.gov/vuln/detail/CVE-2026-5213) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-03-31 | A vulnerability was determined in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, D... |
| [CVE-2026-5212](https://nvd.nist.gov/vuln/detail/CVE-2026-5212) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-31 | A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, D... |
| [CVE-2026-3470](https://nvd.nist.gov/vuln/detail/CVE-2026-3470) | 3.8 | LOW | CWE-20 | No | 0.2% | 2.66 | 2026-03-31 | A vulnerability exists in the SonicWall Email Security appliance due to improper input sanitization that may lead to dat... |
| [CVE-2026-3469](https://nvd.nist.gov/vuln/detail/CVE-2026-3469) | 2.7 | LOW | CWE-20 | No | 0.2% | 1.89 | 2026-03-31 | A denial-of-service (DoS) vulnerability exists due to improper input validation in the SonicWall Email Security applianc... |
| [CVE-2026-3468](https://nvd.nist.gov/vuln/detail/CVE-2026-3468) | 4.8 | MEDIUM | CWE-79 | No | 0.0% | 3.36 | 2026-03-31 | A stored Cross-Site Scripting (XSS) vulnerability has been identified in the SonicWall Email Security appliance due to i... |
| [CVE-2026-34740](https://nvd.nist.gov/vuln/detail/CVE-2026-34740) | 6.5 | MEDIUM | CWE-918 | No | 0.0% | 4.55 | 2026-03-31 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, the EPG (Electronic Program Guide) link featur... |
| [CVE-2026-34739](https://nvd.nist.gov/vuln/detail/CVE-2026-34739) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-03-31 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, the User_Location plugin's testIP.php page ref... |
| [CVE-2026-34738](https://nvd.nist.gov/vuln/detail/CVE-2026-34738) | 4.3 | MEDIUM | CWE-285 | No | 0.0% | 3.01 | 2026-03-31 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, AVideo's video processing pipeline accepts an... |
| [CVE-2026-34737](https://nvd.nist.gov/vuln/detail/CVE-2026-34737) | 6.5 | MEDIUM | CWE-862 | No | 0.0% | 4.55 | 2026-03-31 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, the StripeYPT plugin includes a test.php debug... |
| [CVE-2026-34733](https://nvd.nist.gov/vuln/detail/CVE-2026-34733) | 6.5 | MEDIUM | CWE-284 | No | 0.1% | 4.55 | 2026-03-31 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo installation script install/deleteS... |
| [CVE-2026-34732](https://nvd.nist.gov/vuln/detail/CVE-2026-34732) | 5.3 | MEDIUM | CWE-306 | No | 0.1% | 3.71 | 2026-03-31 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo CreatePlugin template for list.json... |
| [CVE-2026-34731](https://nvd.nist.gov/vuln/detail/CVE-2026-34731) | 7.5 | HIGH | CWE-306 | No | 0.2% | 5.26 | 2026-03-31 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo on_publish_done.php endpoint in the... |
| [CVE-2026-34716](https://nvd.nist.gov/vuln/detail/CVE-2026-34716) | 6.4 | MEDIUM | CWE-79 | No | 0.1% | 4.48 | 2026-03-31 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo YPTSocket plugin's caller feature r... |
| [CVE-2026-34613](https://nvd.nist.gov/vuln/detail/CVE-2026-34613) | 6.5 | MEDIUM | CWE-352 | No | 0.0% | 4.55 | 2026-03-31 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo endpoint objects/pluginSwitch.json.... |
| [CVE-2026-34611](https://nvd.nist.gov/vuln/detail/CVE-2026-34611) | 6.5 | MEDIUM | CWE-352 | No | 0.0% | 4.55 | 2026-03-31 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo endpoint objects/emailAllUsers.json... |
| [CVE-2026-34586](https://nvd.nist.gov/vuln/detail/CVE-2026-34586) | 6.5 | MEDIUM | CWE-863 | No | 0.0% | 4.55 | 2026-03-31 | PdfDing is a selfhosted PDF manager, viewer and editor offering a seamless user experience on multiple devices. Prior to... |
| [CVE-2026-34396](https://nvd.nist.gov/vuln/detail/CVE-2026-34396) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-03-31 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo admin panel renders plugin configur... |
| [CVE-2026-34395](https://nvd.nist.gov/vuln/detail/CVE-2026-34395) | 6.5 | MEDIUM | CWE-862 | No | 0.0% | 4.55 | 2026-03-31 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, the plugin/YPTWallet/view/users.json.php endpo... |
| [CVE-2026-34394](https://nvd.nist.gov/vuln/detail/CVE-2026-34394) | 8.1 | HIGH | CWE-352 | No | 0.0% | 5.67 | 2026-03-31 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, AVideo's admin plugin configuration endpoint (... |
| [CVE-2026-34384](https://nvd.nist.gov/vuln/detail/CVE-2026-34384) | 4.5 | MEDIUM | CWE-352 | No | 0.0% | 3.15 | 2026-03-31 | Admidio is an open-source user management solution. Prior to version 5.0.8, the create_user, assign_member, and assign_u... |
| [CVE-2026-34383](https://nvd.nist.gov/vuln/detail/CVE-2026-34383) | 4.3 | MEDIUM | CWE-20 | No | 0.0% | 3.01 | 2026-03-31 | Admidio is an open-source user management solution. Prior to version 5.0.8, the inventory module's item_save endpoint ac... |
| [CVE-2026-34382](https://nvd.nist.gov/vuln/detail/CVE-2026-34382) | 4.6 | MEDIUM | CWE-352 | No | 0.0% | 3.22 | 2026-03-31 | Admidio is an open-source user management solution. From version 5.0.0 to before version 5.0.8, the delete mode handler... |
| [CVE-2026-34381](https://nvd.nist.gov/vuln/detail/CVE-2026-34381) | 7.5 | HIGH | CWE-284 | No | 0.1% | 5.25 | 2026-03-31 | Admidio is an open-source user management solution. From version 5.0.0 to before version 5.0.8, Admidio relies on adm_my... |
| [CVE-2026-34372](https://nvd.nist.gov/vuln/detail/CVE-2026-34372) | 5.3 | MEDIUM | CWE-288 | No | 0.0% | 3.71 | 2026-03-31 | Sulu is an open-source PHP content management system based on the Symfony framework. From versions 1.0.0 to before 2.6.2... |
| [CVE-2026-34367](https://nvd.nist.gov/vuln/detail/CVE-2026-34367) | 7.6 | HIGH | CWE-918 | No | 0.0% | 5.32 | 2026-03-31 | InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and... |
| [CVE-2026-34366](https://nvd.nist.gov/vuln/detail/CVE-2026-34366) | 7.6 | HIGH | CWE-918 | No | 0.0% | 5.32 | 2026-03-31 | InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and... |
| [CVE-2026-5211](https://nvd.nist.gov/vuln/detail/CVE-2026-5211) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-03-31 | A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, D... |
| [CVE-2026-34784](https://nvd.nist.gov/vuln/detail/CVE-2026-34784) | 8.2 | HIGH | CWE-285 | No | 0.0% | 5.74 | 2026-03-31 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version... |
| [CVE-2026-34365](https://nvd.nist.gov/vuln/detail/CVE-2026-34365) | 7.6 | HIGH | CWE-918 | No | 0.0% | 5.32 | 2026-03-31 | InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and... |
| [CVE-2026-34215](https://nvd.nist.gov/vuln/detail/CVE-2026-34215) | 8.2 | HIGH | CWE-200 | No | 0.0% | 5.74 | 2026-03-31 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version... |
| [CVE-2026-34206](https://nvd.nist.gov/vuln/detail/CVE-2026-34206) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-03-31 | Captcha Protect is a Traefik middleware to add an anti-bot challenge to individual IPs in a subnet when traffic spikes a... |
| [CVE-2026-34204](https://nvd.nist.gov/vuln/detail/CVE-2026-34204) | 7.1 | HIGH | CWE-287 | No | 0.0% | 4.97 | 2026-03-31 | MinIO is a high-performance object storage system. Prior to version RELEASE.2026-03-26T21-24-40Z, a flaw in extractMetad... |
| [CVE-2026-34203](https://nvd.nist.gov/vuln/detail/CVE-2026-34203) | 2.7 | LOW | CWE-521 | No | 0.0% | 1.89 | 2026-03-31 | Nautobot is a Network Source of Truth and Network Automation Platform. Prior to versions 2.4.30 and 3.0.10, user creatio... |
| [CVE-2026-30290](https://nvd.nist.gov/vuln/detail/CVE-2026-30290) | 8.4 | HIGH | CWE-22 | No | 0.0% | 5.88 | 2026-03-31 | An arbitrary file overwrite vulnerability in InTouch Contacts & Caller ID APP v6.38.1 allows attackers to overwrite crit... |
| [CVE-2026-30285](https://nvd.nist.gov/vuln/detail/CVE-2026-30285) | 9.8 | CRITICAL | CWE-22 | No | 0.1% | 6.86 | 2026-03-31 | An arbitrary file overwrite vulnerability in Zora: Post, Trade, Earn Crypto v2.60.0 allows attackers to overwrite critic... |
| [CVE-2026-30280](https://nvd.nist.gov/vuln/detail/CVE-2026-30280) | 5.3 | MEDIUM | CWE-434 | No | 0.0% | 3.71 | 2026-03-31 | An arbitrary file overwrite vulnerability in RAREPROB SOLUTIONS PRIVATE LIMITED Video player Play All Videos v1.0.135 al... |
| [CVE-2026-5210](https://nvd.nist.gov/vuln/detail/CVE-2026-5210) | 6.9 | MEDIUM | CWE-73 | No | 0.1% | 4.83 | 2026-03-31 | A vulnerability was detected in SourceCodester Leave Application System 1.0. This affects an unknown part. Performing a... |
| [CVE-2026-5209](https://nvd.nist.gov/vuln/detail/CVE-2026-5209) | 4.8 | MEDIUM | CWE-79 | No | 0.0% | 3.36 | 2026-03-31 | A security vulnerability has been detected in SourceCodester Leave Application System 1.0. Affected by this issue is som... |
| [CVE-2026-3356](https://nvd.nist.gov/vuln/detail/CVE-2026-3356) | 9.3 | CRITICAL | CWE-306 | No | 0.1% | 6.51 | 2026-03-31 | The MS27102A Remote Spectrum Monitor is vulnerable to an authentication bypass that allows unauthorized users to access... |
| [CVE-2026-30521](https://nvd.nist.gov/vuln/detail/CVE-2026-30521) | 6.5 | MEDIUM | NVD-CWE-noinfo | No | 0.0% | 4.55 | 2026-03-31 | A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper server-side validati... |
| [CVE-2026-5206](https://nvd.nist.gov/vuln/detail/CVE-2026-5206) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-03-31 | A security vulnerability has been detected in code-projects Simple Gym Management System 1.0. This vulnerability affects... |
| [CVE-2026-33415](https://nvd.nist.gov/vuln/detail/CVE-2026-33415) | 5.1 | MEDIUM | CWE-284 | No | 0.0% | 3.57 | 2026-03-31 | Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to be... |
| [CVE-2026-33300](https://nvd.nist.gov/vuln/detail/CVE-2026-33300) | 5.3 | MEDIUM | CWE-200 | No | 0.0% | 3.71 | 2026-03-31 | Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to be... |
| [CVE-2026-33185](https://nvd.nist.gov/vuln/detail/CVE-2026-33185) | 5.3 | MEDIUM | CWE-918 | No | 0.0% | 3.71 | 2026-03-31 | Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to be... |
| [CVE-2026-33074](https://nvd.nist.gov/vuln/detail/CVE-2026-33074) | 6.3 | MEDIUM | CWE-269 | No | 0.0% | 4.41 | 2026-03-31 | Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to be... |
| [CVE-2026-33073](https://nvd.nist.gov/vuln/detail/CVE-2026-33073) | 2.0 | LOW | CWE-200 | No | 0.0% | 1.40 | 2026-03-31 | Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to be... |
| [CVE-2026-32951](https://nvd.nist.gov/vuln/detail/CVE-2026-32951) | 4.3 | MEDIUM | CWE-200 | No | 0.0% | 3.01 | 2026-03-31 | Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to be... |
| [CVE-2026-32726](https://nvd.nist.gov/vuln/detail/CVE-2026-32726) | 8.1 | HIGH | CWE-863 | No | 0.0% | 5.67 | 2026-03-31 | SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp... |
| [CVE-2026-32725](https://nvd.nist.gov/vuln/detail/CVE-2026-32725) | 8.3 | HIGH | CWE-23 | No | 0.2% | 5.82 | 2026-03-31 | SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp... |
| [CVE-2026-32620](https://nvd.nist.gov/vuln/detail/CVE-2026-32620) | 5.3 | MEDIUM | CWE-200 | No | 0.0% | 3.71 | 2026-03-31 | Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to be... |
| [CVE-2026-32619](https://nvd.nist.gov/vuln/detail/CVE-2026-32619) | 6.3 | MEDIUM | CWE-285 | No | 0.0% | 4.41 | 2026-03-31 | Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to be... |
| [CVE-2026-32618](https://nvd.nist.gov/vuln/detail/CVE-2026-32618) | 4.3 | MEDIUM | CWE-200 | No | 0.0% | 3.01 | 2026-03-31 | Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to be... |
| [CVE-2026-32615](https://nvd.nist.gov/vuln/detail/CVE-2026-32615) | 5.3 | MEDIUM | CWE-285 | No | 0.0% | 3.71 | 2026-03-31 | Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to be... |
| [CVE-2026-32607](https://nvd.nist.gov/vuln/detail/CVE-2026-32607) | 2.1 | LOW | CWE-79 | No | 0.0% | 1.47 | 2026-03-31 | Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to be... |
| [CVE-2026-32273](https://nvd.nist.gov/vuln/detail/CVE-2026-32273) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-31 | Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to be... |
| [CVE-2026-32243](https://nvd.nist.gov/vuln/detail/CVE-2026-32243) | 5.3 | MEDIUM | CWE-79 | No | 0.0% | 3.71 | 2026-03-31 | Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to be... |
| [CVE-2026-32143](https://nvd.nist.gov/vuln/detail/CVE-2026-32143) | 5.3 | MEDIUM | CWE-200 | No | 0.0% | 3.71 | 2026-03-31 | Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to be... |
| [CVE-2026-32113](https://nvd.nist.gov/vuln/detail/CVE-2026-32113) | 5.1 | MEDIUM | CWE-601 | No | 0.1% | 3.57 | 2026-03-31 | Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to be... |
| [CVE-2026-30520](https://nvd.nist.gov/vuln/detail/CVE-2026-30520) | 5.4 | MEDIUM | CWE-89 | No | 0.0% | 3.78 | 2026-03-31 | A Blind SQL Injection vulnerability exists in SourceCodester Loan Management System v1.0. The vulnerability is located i... |
| [CVE-2026-30286](https://nvd.nist.gov/vuln/detail/CVE-2026-30286) | 9.8 | CRITICAL | CWE-22 | No | 0.1% | 6.86 | 2026-03-31 | An arbitrary file overwrite vulnerability in Funambol, Inc. Zefiro Cloud v32.0.2026011614 allows attackers to overwrite... |
| [CVE-2026-30283](https://nvd.nist.gov/vuln/detail/CVE-2026-30283) | 9.8 | CRITICAL | CWE-22 | No | 0.1% | 6.86 | 2026-03-31 | An arbitrary file overwrite vulnerability in PEAKSEL D.O.O. NIS Animal Sounds and Ringtones v1.3.0 allows attackers to o... |
| [CVE-2026-30282](https://nvd.nist.gov/vuln/detail/CVE-2026-30282) | 9.0 | CRITICAL | CWE-22 | No | 0.0% | 6.30 | 2026-03-31 | An arbitrary file overwrite vulnerability in UXGROUP LLC Cast to TV Screen Mirroring v2.2.77 allows attackers to overwri... |
| [CVE-2026-30279](https://nvd.nist.gov/vuln/detail/CVE-2026-30279) | 8.4 | HIGH | CWE-22 | No | 0.0% | 5.88 | 2026-03-31 | An arbitrary file overwrite vulnerability in Squareapps LLC My Location Travel Timeline v11.80 allows attackers to overw... |
| [CVE-2026-30278](https://nvd.nist.gov/vuln/detail/CVE-2026-30278) | 9.8 | CRITICAL | CWE-22 | No | 0.1% | 6.86 | 2026-03-31 | An arbitrary file overwrite vulnerability in FLY is FUN Aviation Navigation v35.33 allows attackers to overwrite critica... |
| [CVE-2026-30277](https://nvd.nist.gov/vuln/detail/CVE-2026-30277) | 8.4 | HIGH | CWE-22 | No | 0.0% | 5.88 | 2026-03-31 | An arbitrary file overwrite vulnerability in PDF Reader App : TA/UTAX Mobile Print v3.7.2.251001 allows attackers to ove... |
| [CVE-2025-62184](https://nvd.nist.gov/vuln/detail/CVE-2025-62184) | 4.8 | MEDIUM | CWE-79 | No | 0.0% | 3.36 | 2026-03-31 | Pega Platform versions 8.1.0 through 25.1.0 are affected by a Stored Cross-site Scripting vulnerability in a user interf... |
| [CVE-2026-5205](https://nvd.nist.gov/vuln/detail/CVE-2026-5205) | 5.3 | MEDIUM | CWE-918 | No | 0.0% | 3.71 | 2026-03-31 | A vulnerability was identified in chatwoot up to 4.11.2. Affected by this vulnerability is the function Webhooks::Trigge... |
| [CVE-2026-34361](https://nvd.nist.gov/vuln/detail/CVE-2026-34361) | 9.3 | CRITICAL | CWE-552 | No | 0.0% | 6.51 | 2026-03-31 | HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to versio... |
| [CVE-2026-34360](https://nvd.nist.gov/vuln/detail/CVE-2026-34360) | 5.8 | MEDIUM | CWE-918 | No | 0.0% | 4.06 | 2026-03-31 | HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to versio... |
| [CVE-2026-34359](https://nvd.nist.gov/vuln/detail/CVE-2026-34359) | 7.4 | HIGH | CWE-346 | No | 0.0% | 5.18 | 2026-03-31 | HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to versio... |
| [CVE-2026-24165](https://nvd.nist.gov/vuln/detail/CVE-2026-24165) | 7.8 | HIGH | CWE-502 | No | 0.0% | 5.46 | 2026-03-31 | NVIDIA BioNeMo contains a vulnerability where a user could cause a deserialization of untrusted data. A successful explo... |
| [CVE-2026-24164](https://nvd.nist.gov/vuln/detail/CVE-2026-24164) | 8.8 | HIGH | CWE-502 | No | 0.1% | 6.16 | 2026-03-31 | NVIDIA BioNeMo contains a vulnerability where a user could cause a deserialization of untrusted data. A successful explo... |
| [CVE-2026-24154](https://nvd.nist.gov/vuln/detail/CVE-2026-24154) | 7.6 | HIGH | CWE-78 | No | 0.0% | 5.32 | 2026-03-31 | NVIDIA Jetson Linux has vulnerability in initrd, where an unprivileged attacker with physical access coul inject incorre... |
| [CVE-2026-24153](https://nvd.nist.gov/vuln/detail/CVE-2026-24153) | 5.2 | MEDIUM | CWE-501 | No | 0.0% | 3.64 | 2026-03-31 | NVIDIA Jetson Linux has a vulnerability in initrd, where the nvluks trusted application is not disabled. A successful ex... |
| [CVE-2026-24148](https://nvd.nist.gov/vuln/detail/CVE-2026-24148) | 8.3 | HIGH | CWE-1188 | No | 0.0% | 5.81 | 2026-03-31 | NVIDIA Jetson for JetPack contains a vulnerability in the system initialization logic, where an unprivileged attacker co... |
| [CVE-2026-5204](https://nvd.nist.gov/vuln/detail/CVE-2026-5204) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-31 | A vulnerability was determined in Tenda CH22 1.0.0.1. Affected is the function formWebTypeLibrary of the file /goform/we... |
| [CVE-2026-5203](https://nvd.nist.gov/vuln/detail/CVE-2026-5203) | 5.1 | MEDIUM | CWE-22 | No | 0.1% | 3.57 | 2026-03-31 | A vulnerability was found in CMS Made Simple up to 2.2.22. This impacts the function _copyFilesToFolder in the library m... |
| [CVE-2026-4819](https://nvd.nist.gov/vuln/detail/CVE-2026-4819) | 4.9 | MEDIUM | CWE-522 | No | 0.0% | 3.43 | 2026-03-31 | In Search Guard FLX versions from 1.0.0 up to 4.0.1, the audit logging feature might log user credentials from users log... |
| [CVE-2026-4818](https://nvd.nist.gov/vuln/detail/CVE-2026-4818) | 6.8 | MEDIUM | CWE-285 | No | 0.0% | 4.76 | 2026-03-31 | In Search Guard FLX versions from 3.0.0 up to 4.0.1, there exists an issue which allows users without the necessary priv... |
| [CVE-2026-34595](https://nvd.nist.gov/vuln/detail/CVE-2026-34595) | 5.3 | MEDIUM | CWE-843 | No | 0.0% | 3.71 | 2026-03-31 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version... |
| [CVE-2026-34574](https://nvd.nist.gov/vuln/detail/CVE-2026-34574) | 5.3 | MEDIUM | CWE-697 | No | 0.0% | 3.71 | 2026-03-31 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version... |
| [CVE-2026-34573](https://nvd.nist.gov/vuln/detail/CVE-2026-34573) | 8.2 | HIGH | CWE-407 | No | 0.1% | 5.74 | 2026-03-31 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version... |
| [CVE-2026-34243](https://nvd.nist.gov/vuln/detail/CVE-2026-34243) | 9.8 | CRITICAL | CWE-77 | No | 0.2% | 6.87 | 2026-03-31 | wenxian is a tool to generate BIBTEX files from given identifiers (DOI, PMID, arXiv ID, or paper title). In versions 0.3... |
| [CVE-2026-34240](https://nvd.nist.gov/vuln/detail/CVE-2026-34240) | 7.5 | HIGH | CWE-347 | No | 0.0% | 5.25 | 2026-03-31 | JOSE is a Javascript Object Signing and Encryption (JOSE) library. Prior to version 0.3.5+1, a vulnerability in jose cou... |
| [CVE-2026-34237](https://nvd.nist.gov/vuln/detail/CVE-2026-34237) | 6.1 | MEDIUM | CWE-942 | No | 0.0% | 4.27 | 2026-03-31 | MCP Java SDK is the official Java SDK for Model Context Protocol servers and clients. Prior to versions 1.0.1 and 1.1.1,... |
| [CVE-2026-34235](https://nvd.nist.gov/vuln/detail/CVE-2026-34235) | 6.9 | MEDIUM | CWE-125 | No | 0.1% | 4.83 | 2026-03-31 | PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, a heap out-of-boun... |
| [CVE-2026-34231](https://nvd.nist.gov/vuln/detail/CVE-2026-34231) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-03-31 | Slippers is a UI component framework for Django. Prior to version 0.6.3, a Cross-Site Scripting (XSS) vulnerability exis... |
| [CVE-2026-34227](https://nvd.nist.gov/vuln/detail/CVE-2026-34227) | 5.9 | MEDIUM | CWE-306 | No | 0.0% | 4.13 | 2026-03-31 | Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to version 1.7.4, a single click... |
| [CVE-2026-34221](https://nvd.nist.gov/vuln/detail/CVE-2026-34221) | 8.3 | HIGH | CWE-1321 | No | 0.1% | 5.81 | 2026-03-31 | MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to versions... |
| [CVE-2026-34220](https://nvd.nist.gov/vuln/detail/CVE-2026-34220) | 9.3 | CRITICAL | CWE-89 | No | 0.0% | 6.51 | 2026-03-31 | MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to versions... |
| [CVE-2026-34219](https://nvd.nist.gov/vuln/detail/CVE-2026-34219) | 8.2 | HIGH | CWE-190 | No | 0.1% | 5.74 | 2026-03-31 | libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to version 0.49.4, the Ru... |
| [CVE-2026-34218](https://nvd.nist.gov/vuln/detail/CVE-2026-34218) | 6.3 | MEDIUM | CWE-269 | No | 0.0% | 4.41 | 2026-03-31 | ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to version 4.... |
| [CVE-2026-30284](https://nvd.nist.gov/vuln/detail/CVE-2026-30284) | 8.6 | HIGH | CWE-73 | No | 0.0% | 6.02 | 2026-03-31 | An arbitrary file overwrite vulnerability in UXGROUP LLC Voice Recorder v10.0 allows attackers to overwrite critical int... |
| [CVE-2026-30281](https://nvd.nist.gov/vuln/detail/CVE-2026-30281) | 9.8 | CRITICAL | CWE-73 | No | 0.1% | 6.86 | 2026-03-31 | An arbitrary file overwrite vulnerability in MaruNuri LLC v2.0.23 allows attackers to overwrite critical internal files... |
| [CVE-2026-30276](https://nvd.nist.gov/vuln/detail/CVE-2026-30276) | 9.8 | CRITICAL | CWE-73 | No | 0.1% | 6.86 | 2026-03-31 | An arbitrary file overwrite vulnerability in DeftPDF Document Translator v54.0 allows attackers to overwrite critical in... |
| [CVE-2026-22569](https://nvd.nist.gov/vuln/detail/CVE-2026-22569) | 5.4 | MEDIUM | CWE-1289 | No | 0.1% | 3.78 | 2026-03-31 | An incorrect startup configuration of affected versions of Zscaler Client Connector on Windows may cause a limited amoun... |
| [CVE-2026-22561](https://nvd.nist.gov/vuln/detail/CVE-2026-22561) | 4.7 | MEDIUM | CWE-427 | No | 0.0% | 3.29 | 2026-03-31 | Uncontrolled search path elements in Anthropic Claude for Windows installer (Claude Setup.exe) versions prior to 1.1.336... |
| [CVE-2026-4799](https://nvd.nist.gov/vuln/detail/CVE-2026-4799) | 4.3 | MEDIUM | CWE-601 | No | 0.0% | 3.01 | 2026-03-31 | In Search Guard FLX up to version 4.0.1, it is possible to use specially crafted requests to redirect the user to an unt... |
| [CVE-2026-34532](https://nvd.nist.gov/vuln/detail/CVE-2026-34532) | 9.1 | CRITICAL | CWE-863 | No | 0.0% | 6.37 | 2026-03-31 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version... |
| [CVE-2026-34504](https://nvd.nist.gov/vuln/detail/CVE-2026-34504) | 6.9 | MEDIUM | CWE-918 | No | 0.0% | 4.83 | 2026-03-31 | OpenClaw before 2026.3.28 contains a server-side request forgery vulnerability in the fal provider image-generation-prov... |
| [CVE-2026-34503](https://nvd.nist.gov/vuln/detail/CVE-2026-34503) | 8.6 | HIGH | CWE-613 | No | 0.0% | 6.02 | 2026-03-31 | OpenClaw before 2026.3.28 fails to disconnect active WebSocket sessions when devices are removed or tokens are revoked.... |
| [CVE-2026-34377](https://nvd.nist.gov/vuln/detail/CVE-2026-34377) | 8.4 | HIGH | CWE-347 | No | 0.0% | 5.88 | 2026-03-31 | ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-consensus version 5.0.1, a logic... |
| [CVE-2026-34373](https://nvd.nist.gov/vuln/detail/CVE-2026-34373) | 5.3 | MEDIUM | CWE-346 | No | 0.0% | 3.71 | 2026-03-31 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version... |
| [CVE-2026-34363](https://nvd.nist.gov/vuln/detail/CVE-2026-34363) | 8.2 | HIGH | CWE-362 | No | 0.0% | 5.74 | 2026-03-31 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version... |
| [CVE-2026-34224](https://nvd.nist.gov/vuln/detail/CVE-2026-34224) | 2.1 | LOW | CWE-367 | No | 0.0% | 1.47 | 2026-03-31 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version... |
| [CVE-2026-34214](https://nvd.nist.gov/vuln/detail/CVE-2026-34214) | 7.7 | HIGH | CWE-212 | No | 0.0% | 5.39 | 2026-03-31 | Trino is a distributed SQL query engine for big data analytics. From version 439 to before version 480, Iceberg connecto... |
| [CVE-2026-34210](https://nvd.nist.gov/vuln/detail/CVE-2026-34210) | 6.0 | MEDIUM | CWE-697 | No | 0.0% | 4.20 | 2026-03-31 | mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the stripe/charge payment method... |
| [CVE-2026-34209](https://nvd.nist.gov/vuln/detail/CVE-2026-34209) | 7.5 | HIGH | CWE-294 | No | 0.0% | 5.25 | 2026-03-31 | mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the tempo/session cooperative clo... |
| [CVE-2026-34202](https://nvd.nist.gov/vuln/detail/CVE-2026-34202) | 9.2 | CRITICAL | CWE-94 | No | 0.3% | 6.45 | 2026-03-31 | ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-chain version 6.0.1, a vulnerabi... |
| [CVE-2026-34200](https://nvd.nist.gov/vuln/detail/CVE-2026-34200) | 7.7 | HIGH | CWE-306 | No | 0.1% | 5.39 | 2026-03-31 | Nhost is an open source Firebase alternative with GraphQL. Prior to version 1.41.0, The Nhost CLI MCP server, when expli... |
| [CVE-2026-34172](https://nvd.nist.gov/vuln/detail/CVE-2026-34172) | 7.7 | HIGH | CWE-1336 | No | 0.3% | 5.40 | 2026-03-31 | Giskard is an open-source Python library for testing and evaluating agentic systems. Prior to versions 0.3.4 and 1.0.2b1... |
| [CVE-2026-34165](https://nvd.nist.gov/vuln/detail/CVE-2026-34165) | 5.0 | MEDIUM | CWE-191 | No | 0.0% | 3.50 | 2026-03-31 | go-git is an extensible git implementation library written in pure Go. From version 5.0.0 to before version 5.17.1, a vu... |
| [CVE-2026-34163](https://nvd.nist.gov/vuln/detail/CVE-2026-34163) | 7.7 | HIGH | CWE-918 | No | 0.0% | 5.39 | 2026-03-31 | FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, FastGPT's MCP (Model Context Protocol) tools endpoi... |
| [CVE-2026-34162](https://nvd.nist.gov/vuln/detail/CVE-2026-34162) | 10.0 | CRITICAL | CWE-306 | No | 0.2% | 7.00 | 2026-03-31 | FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, the FastGPT HTTP tools testing endpoint (/api/core/... |
| [CVE-2026-33762](https://nvd.nist.gov/vuln/detail/CVE-2026-33762) | 2.8 | LOW | CWE-129 | No | 0.0% | 1.96 | 2026-03-31 | go-git is an extensible git implementation library written in pure Go. Prior to version 5.17.1, go-git’s index decoder f... |
| [CVE-2026-33581](https://nvd.nist.gov/vuln/detail/CVE-2026-33581) | 7.1 | HIGH | CWE-22 | No | 0.0% | 4.97 | 2026-03-31 | OpenClaw before 2026.3.24 contains a sandbox bypass vulnerability in the message tool that allows attackers to read arbi... |
| [CVE-2026-33580](https://nvd.nist.gov/vuln/detail/CVE-2026-33580) | 6.3 | MEDIUM | CWE-307 | No | 0.1% | 4.41 | 2026-03-31 | OpenClaw before 2026.3.28 contains a missing rate limiting vulnerability in the Nextcloud Talk webhook authentication th... |
| [CVE-2026-33579](https://nvd.nist.gov/vuln/detail/CVE-2026-33579) | 9.4 | CRITICAL | CWE-863 | No | 0.0% | 6.58 | 2026-03-31 | OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the /pair approve command path that fails to... |
| [CVE-2026-33578](https://nvd.nist.gov/vuln/detail/CVE-2026-33578) | 5.3 | MEDIUM | CWE-863 | No | 0.0% | 3.71 | 2026-03-31 | OpenClaw before 2026.3.28 contains a sender policy bypass vulnerability in the Google Chat and Zalouser extensions where... |
| [CVE-2026-33577](https://nvd.nist.gov/vuln/detail/CVE-2026-33577) | 8.6 | HIGH | CWE-863 | No | 0.0% | 6.02 | 2026-03-31 | OpenClaw before 2026.3.28 contains an insufficient scope validation vulnerability in the node pairing approval path that... |
| [CVE-2026-33576](https://nvd.nist.gov/vuln/detail/CVE-2026-33576) | 6.9 | MEDIUM | CWE-863 | No | 0.0% | 4.83 | 2026-03-31 | OpenClaw before 2026.3.28 downloads and stores inbound media from Zalo channels before validating sender authorization.... |
| [CVE-2026-33276](https://nvd.nist.gov/vuln/detail/CVE-2026-33276) | 8.6 | HIGH | CWE-79 | No | 0.0% | 6.02 | 2026-03-31 | Stored cross-site scripting (XSS) in Checkmk 2.5.0 (beta) before 2.5.0b2 allows authenticated users with permission to c... |
| [CVE-2026-30314](https://nvd.nist.gov/vuln/detail/CVE-2026-30314) | 9.8 | CRITICAL | CWE-78 | No | 0.7% | 6.88 | 2026-03-31 | Ridvay Code's command auto-approval module contains a critical OS command injection vulnerability that renders its white... |
| [CVE-2026-30312](https://nvd.nist.gov/vuln/detail/CVE-2026-30312) | 9.8 | CRITICAL | CWE-78 | No | 0.9% | 6.89 | 2026-03-31 | DSAI-Cline's command auto-approval module contains a critical OS command injection vulnerability that renders its whitel... |
| [CVE-2026-30311](https://nvd.nist.gov/vuln/detail/CVE-2026-30311) | 9.8 | CRITICAL | CWE-78 | No | 0.7% | 6.88 | 2026-03-31 | Ridvay Code's command auto-approval module contains a critical OS command injection vulnerability that renders its white... |
| [CVE-2026-30309](https://nvd.nist.gov/vuln/detail/CVE-2026-30309) | 7.8 | HIGH | CWE-78 | No | 0.0% | 5.46 | 2026-03-31 | InfCode's terminal auto-execution module contains a critical command filtering vulnerability that renders its blacklist... |
| [CVE-2026-29870](https://nvd.nist.gov/vuln/detail/CVE-2026-29870) | 7.6 | HIGH | CWE-22 | No | 0.1% | 5.32 | 2026-03-31 | A directory traversal vulnerability in the agentic-context-engine project versions up to 0.7.1 allows arbitrary file wri... |
| [CVE-2026-20915](https://nvd.nist.gov/vuln/detail/CVE-2026-20915) | 8.5 | HIGH | CWE-79 | No | 0.0% | 5.95 | 2026-03-31 | Stored cross-site scripting (XSS) in Checkmk version 2.5.0 (beta) before 2.5.0b2 allows authenticated users with permiss... |
| [CVE-2026-0596](https://nvd.nist.gov/vuln/detail/CVE-2026-0596) | 7.8 | HIGH | CWE-78 | No | 0.1% | 5.46 | 2026-03-31 | A command injection vulnerability exists in mlflow/mlflow when serving a model with `enable_mlserver=True`. The `model_u... |
| [CVE-2026-3308](https://nvd.nist.gov/vuln/detail/CVE-2026-3308) | 7.8 | HIGH | CWE-190 | No | 0.0% | 5.46 | 2026-03-31 | An integer overflow vulnerability in 'pdf-image.c' in Artifex's MuPDF version 1.27.0 allows an attacker to maliciously c... |
| [CVE-2026-34156](https://nvd.nist.gov/vuln/detail/CVE-2026-34156) | 9.9 | CRITICAL | CWE-913 | No | 7.2% | 7.15 | 2026-03-31 | NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior t... |
| [CVE-2026-34155](https://nvd.nist.gov/vuln/detail/CVE-2026-34155) | 7.2 | HIGH | CWE-196 | No | 0.0% | 5.04 | 2026-03-31 | RAUC controls the update process on embedded Linux systems. Prior to version 1.15.2, RAUC bundles using the 'plain' form... |
| [CVE-2026-30310](https://nvd.nist.gov/vuln/detail/CVE-2026-30310) | 9.8 | CRITICAL | CWE-77 | No | 0.1% | 6.86 | 2026-03-31 | In its design for automatic terminal command execution, Sixth offers two options: Execute safe commands and Execute all... |
| [CVE-2026-5198](https://nvd.nist.gov/vuln/detail/CVE-2026-5198) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-31 | A vulnerability was determined in code-projects Student Membership System 1.0. The impacted element is an unknown functi... |
| [CVE-2026-4267](https://nvd.nist.gov/vuln/detail/CVE-2026-4267) | 7.2 | HIGH | CWE-79 | No | 0.1% | 5.04 | 2026-03-31 | The Query Monitor – The developer tools panel for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site S... |
| [CVE-2026-3191](https://nvd.nist.gov/vuln/detail/CVE-2026-3191) | 5.4 | MEDIUM | CWE-352 | No | 0.0% | 3.78 | 2026-03-31 | The Minify HTML plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2... |
| [CVE-2026-3139](https://nvd.nist.gov/vuln/detail/CVE-2026-3139) | 4.3 | MEDIUM | CWE-639 | No | 0.0% | 3.01 | 2026-03-31 | The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is v... |
| [CVE-2026-34509](https://nvd.nist.gov/vuln/detail/CVE-2026-34509) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-03-31 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. |
| [CVE-2026-34508](https://nvd.nist.gov/vuln/detail/CVE-2026-34508) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-03-31 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. |
| [CVE-2026-34506](https://nvd.nist.gov/vuln/detail/CVE-2026-34506) | 2.3 | LOW | CWE-863 | No | 0.0% | 1.61 | 2026-03-31 | OpenClaw before 2026.3.8 contains a sender allowlist bypass vulnerability in its Microsoft Teams plugin that allows unau... |
| [CVE-2026-34505](https://nvd.nist.gov/vuln/detail/CVE-2026-34505) | 6.9 | MEDIUM | CWE-307 | No | 0.1% | 4.83 | 2026-03-31 | OpenClaw before 2026.3.12 applies rate limiting only after successful webhook authentication, allowing attackers to bypa... |
| [CVE-2026-32988](https://nvd.nist.gov/vuln/detail/CVE-2026-32988) | 5.8 | MEDIUM | CWE-367 | No | 0.0% | 4.06 | 2026-03-31 | OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability in fs-bridge staged writes where temporary fi... |
| [CVE-2026-32982](https://nvd.nist.gov/vuln/detail/CVE-2026-32982) | 8.7 | HIGH | CWE-532 | No | 0.0% | 6.09 | 2026-03-31 | OpenClaw before 2026.3.13 contains an information disclosure vulnerability in the fetchRemoteMedia function that exposes... |
| [CVE-2026-32977](https://nvd.nist.gov/vuln/detail/CVE-2026-32977) | 5.8 | MEDIUM | CWE-367 | No | 0.0% | 4.06 | 2026-03-31 | OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability in the fs-bridge writeFile commit step that u... |
| [CVE-2026-32976](https://nvd.nist.gov/vuln/detail/CVE-2026-32976) | 7.1 | HIGH | CWE-639 | No | 0.0% | 4.97 | 2026-03-31 | OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing channel commands to mutate protected s... |
| [CVE-2026-32971](https://nvd.nist.gov/vuln/detail/CVE-2026-32971) | 7.3 | HIGH | CWE-451 | No | 0.0% | 5.11 | 2026-03-31 | OpenClaw before 2026.3.11 contains an approval-integrity vulnerability in node-host system.run approvals that displays e... |
| [CVE-2026-32970](https://nvd.nist.gov/vuln/detail/CVE-2026-32970) | 2.0 | LOW | CWE-636 | No | 0.0% | 1.40 | 2026-03-31 | OpenClaw before 2026.3.11 contains a credential fallback vulnerability where unavailable local gateway.auth.token and ga... |
| [CVE-2026-32921](https://nvd.nist.gov/vuln/detail/CVE-2026-32921) | 5.3 | MEDIUM | CWE-367 | No | 0.1% | 3.71 | 2026-03-31 | OpenClaw before 2026.3.8 contains an approval bypass vulnerability in system.run where mutable script operands are not b... |
| [CVE-2026-32920](https://nvd.nist.gov/vuln/detail/CVE-2026-32920) | 8.6 | HIGH | CWE-829 | No | 0.0% | 6.02 | 2026-03-31 | OpenClaw before 2026.3.12 automatically discovers and loads plugins from .OpenClaw/extensions/ without explicit trust ve... |
| [CVE-2026-32917](https://nvd.nist.gov/vuln/detail/CVE-2026-32917) | 9.2 | CRITICAL | CWE-78 | No | 0.6% | 6.46 | 2026-03-31 | OpenClaw before 2026.3.13 contains a remote command injection vulnerability in the iMessage attachment staging flow that... |
| [CVE-2026-32916](https://nvd.nist.gov/vuln/detail/CVE-2026-32916) | 9.2 | CRITICAL | CWE-266 | No | 0.1% | 6.44 | 2026-03-31 | OpenClaw versions 2026.3.7 before 2026.3.11 contain an authorization bypass vulnerability where plugin subagent routes e... |
| [CVE-2026-27854](https://nvd.nist.gov/vuln/detail/CVE-2026-27854) | 4.8 | MEDIUM | CWE-416 | No | 0.0% | 3.36 | 2026-03-31 | An attacker might be able to trigger a use-after-free by sending crafted DNS queries to a DNSdist using the DNSQuestion:... |
| [CVE-2026-27853](https://nvd.nist.gov/vuln/detail/CVE-2026-27853) | 5.9 | MEDIUM | CWE-787 | No | 0.0% | 4.13 | 2026-03-31 | An attacker might be able to trigger an out-of-bounds write by sending crafted DNS responses to a DNSdist using the DNSQ... |
| [CVE-2026-24030](https://nvd.nist.gov/vuln/detail/CVE-2026-24030) | 5.3 | MEDIUM | CWE-789 | No | 0.0% | 3.71 | 2026-03-31 | An attacker might be able to trick DNSdist into allocating too much memory while processing DNS over QUIC or DNS over HT... |
| [CVE-2026-24029](https://nvd.nist.gov/vuln/detail/CVE-2026-24029) | 6.5 | MEDIUM | CWE-863 | No | 0.0% | 4.55 | 2026-03-31 | When the early_acl_drop (earlyACLDrop in Lua) option is disabled (default is enabled) on a DNS over HTTPs frontend using... |
| [CVE-2026-24028](https://nvd.nist.gov/vuln/detail/CVE-2026-24028) | 5.3 | MEDIUM | CWE-126 | No | 0.0% | 3.71 | 2026-03-31 | An attacker might be able to trigger an out-of-bounds read by sending a crafted DNS response packet, when custom Lua cod... |
| [CVE-2026-0397](https://nvd.nist.gov/vuln/detail/CVE-2026-0397) | 3.1 | LOW | CWE-942 | No | 0.0% | 2.17 | 2026-03-31 | When the internal webserver is enabled (default is disabled), an attacker might be able to trick an administrator logged... |
| [CVE-2026-0396](https://nvd.nist.gov/vuln/detail/CVE-2026-0396) | 3.1 | LOW | CWE-80 | No | 0.0% | 2.17 | 2026-03-31 | An attacker might be able to inject HTML content into the internal web dashboard by sending crafted DNS queries to a DNS... |
| [CVE-2025-14213](https://nvd.nist.gov/vuln/detail/CVE-2025-14213) | 8.3 | HIGH | CWE-20 | No | 0.5% | 5.82 | 2026-03-31 | Cato Networks’ Socket versions prior to 25 contain a command injection vulnerability that allows an authenticated attack... |
| [CVE-2026-4400](https://nvd.nist.gov/vuln/detail/CVE-2026-4400) | 7.0 | HIGH | CWE-639 | No | 0.1% | 4.90 | 2026-03-31 | Insecure Direct Object Reference (IDOR) vulnerability in 1millionbot Millie chat that allows private conversations of ot... |
| [CVE-2026-4399](https://nvd.nist.gov/vuln/detail/CVE-2026-4399) | 8.7 | HIGH | CWE-77 | No | 0.1% | 6.09 | 2026-03-31 | Prompt injection vulnerability in 1millionbot Millie chatbot that occurs when a user manages to evade chat restrictions... |
| [CVE-2026-34887](https://nvd.nist.gov/vuln/detail/CVE-2026-34887) | 6.5 | MEDIUM | CWE-79 | No | 0.0% | 4.55 | 2026-03-31 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Extend Themes Kubi... |
| [CVE-2026-5197](https://nvd.nist.gov/vuln/detail/CVE-2026-5197) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-03-31 | A vulnerability was found in code-projects Student Membership System 1.0. The affected element is an unknown function of... |
| [CVE-2026-4317](https://nvd.nist.gov/vuln/detail/CVE-2026-4317) | 9.3 | CRITICAL | CWE-89 | No | 0.1% | 6.51 | 2026-03-31 | SQL inyection (SQLi) vulnerability in Umami Software web application through an improperly sanitized parameter, which co... |
| [CVE-2026-5201](https://nvd.nist.gov/vuln/detail/CVE-2026-5201) | 7.5 | HIGH | CWE-122 | No | 0.1% | 5.25 | 2026-03-31 | A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loade... |
| [CVE-2026-5196](https://nvd.nist.gov/vuln/detail/CVE-2026-5196) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-03-31 | A vulnerability has been found in code-projects Student Membership System 1.0. Impacted is an unknown function of the fi... |
| [CVE-2026-5195](https://nvd.nist.gov/vuln/detail/CVE-2026-5195) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-31 | A flaw has been found in code-projects Student Membership System 1.0. This issue affects some unknown processing of the... |
| [CVE-2026-3107](https://nvd.nist.gov/vuln/detail/CVE-2026-3107) | 9.3 | CRITICAL | CWE-79 | No | 0.0% | 6.51 | 2026-03-31 | Stored Cross-Site Scripting (XSS) in Teampass versions prior to 3.1.5.16, affecting the password manager's password impo... |
| [CVE-2026-3106](https://nvd.nist.gov/vuln/detail/CVE-2026-3106) | 9.3 | CRITICAL | CWE-79 | No | 0.0% | 6.51 | 2026-03-31 | Blind Cross-Site Scripting (XSS) in Teampass, versions prior to 3.1.5.16, within the password manager login functionalit... |
| [CVE-2025-10559](https://nvd.nist.gov/vuln/detail/CVE-2025-10559) | 7.1 | HIGH | CWE-22 | No | 0.0% | 4.97 | 2026-03-31 | A Path Traversal vulnerability affecting Factory Resource Management in DELMIA Factory Resource Manager from Release 3DE... |
| [CVE-2025-10553](https://nvd.nist.gov/vuln/detail/CVE-2025-10553) | 8.7 | HIGH | CWE-79 | No | 0.0% | 6.09 | 2026-03-31 | A Stored Cross-site Scripting (XSS) vulnerability affecting Factory Resource Management in DELMIA Factory Resource Manag... |
| [CVE-2025-10551](https://nvd.nist.gov/vuln/detail/CVE-2025-10551) | 8.7 | HIGH | CWE-79 | No | 0.0% | 6.09 | 2026-03-31 | A Stored Cross-site Scripting (XSS) vulnerability affecting Document Management in ENOVIA Collaborative Industry Innovat... |
| [CVE-2026-5186](https://nvd.nist.gov/vuln/detail/CVE-2026-5186) | 4.8 | MEDIUM | CWE-119 | No | 0.0% | 3.36 | 2026-03-31 | A weakness has been identified in Nothings stb up to 2.30. This impacts the function stbi__load_gif_main of the file stb... |
| [CVE-2026-5185](https://nvd.nist.gov/vuln/detail/CVE-2026-5185) | 4.8 | MEDIUM | CWE-119 | No | 0.0% | 3.36 | 2026-03-31 | A security flaw has been discovered in Nothings stb_image up to 2.30. This affects the function stbi__gif_load_next of t... |
| [CVE-2026-5184](https://nvd.nist.gov/vuln/detail/CVE-2026-5184) | 5.3 | MEDIUM | CWE-74 | No | 1.4% | 3.75 | 2026-03-31 | A vulnerability was identified in TRENDnet TEW-713RE up to 1.02. The impacted element is an unknown function of the file... |
| [CVE-2026-3881](https://nvd.nist.gov/vuln/detail/CVE-2026-3881) | 5.8 | MEDIUM | CWE-918 | No | 0.0% | 4.06 | 2026-03-31 | The Performance Monitor WordPress plugin through 1.0.6 does not validate a parameter before making a request to it, whic... |
| [CVE-2026-5183](https://nvd.nist.gov/vuln/detail/CVE-2026-5183) | 5.3 | MEDIUM | CWE-74 | No | 1.4% | 3.75 | 2026-03-31 | A vulnerability was determined in TRENDnet TEW-713RE up to 1.02. The affected element is the function sub_421494 of the... |
| [CVE-2026-5182](https://nvd.nist.gov/vuln/detail/CVE-2026-5182) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-31 | A vulnerability was found in SourceCodester Teacher Record System 1.0. Impacted is an unknown function of the file Teach... |
| [CVE-2026-34881](https://nvd.nist.gov/vuln/detail/CVE-2026-34881) | 5.0 | MEDIUM | CWE-918 | No | 0.0% | 3.50 | 2026-03-31 | OpenStack Glance before 29.1.1, 30.x before 30.1.1, and 31.0.0 is affected by Server-Side Request Forgery (SSRF). By use... |
| [CVE-2026-1877](https://nvd.nist.gov/vuln/detail/CVE-2026-1877) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-03-31 | The Auto Post Scheduler plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and incl... |
| [CVE-2026-1834](https://nvd.nist.gov/vuln/detail/CVE-2026-1834) | 6.4 | MEDIUM | CWE-80 | No | 0.0% | 4.48 | 2026-03-31 | The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin'... |
| [CVE-2026-5181](https://nvd.nist.gov/vuln/detail/CVE-2026-5181) | 5.3 | MEDIUM | CWE-284 | No | 0.0% | 3.71 | 2026-03-31 | A vulnerability has been found in SourceCodester Simple Doctors Appointment System up to 1.0. This issue affects some un... |
| [CVE-2026-5180](https://nvd.nist.gov/vuln/detail/CVE-2026-5180) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-31 | A flaw has been found in SourceCodester Simple Doctors Appointment System 1.0. This vulnerability affects unknown code o... |
| [CVE-2026-5179](https://nvd.nist.gov/vuln/detail/CVE-2026-5179) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-31 | A vulnerability was detected in SourceCodester Simple Doctors Appointment System 1.0. This affects an unknown part of th... |
| [CVE-2026-4146](https://nvd.nist.gov/vuln/detail/CVE-2026-4146) | 6.1 | MEDIUM | CWE-79 | No | 0.1% | 4.27 | 2026-03-31 | The Loco Translate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘update_href’ parameter... |
| [CVE-2026-1797](https://nvd.nist.gov/vuln/detail/CVE-2026-1797) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-31 | The Appointment Booking and Scheduler Plugin – Truebooker plugin for WordPress is vulnerable to Sensitive Information Ex... |
| [CVE-2026-1710](https://nvd.nist.gov/vuln/detail/CVE-2026-1710) | 6.5 | MEDIUM | CWE-285 | No | 0.1% | 4.55 | 2026-03-31 | The WooPayments: Integrated WooCommerce Payments plugin for WordPress is vulnerable to unauthorized modification of data... |
| [CVE-2026-5178](https://nvd.nist.gov/vuln/detail/CVE-2026-5178) | 5.3 | MEDIUM | CWE-74 | No | 0.6% | 3.73 | 2026-03-31 | A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_b20221024. Affected by this issue is the func... |
| [CVE-2026-5177](https://nvd.nist.gov/vuln/detail/CVE-2026-5177) | 5.3 | MEDIUM | CWE-74 | No | 0.6% | 3.73 | 2026-03-31 | A weakness has been identified in Totolink A3300R 17.0.0cu.557_b20221024. Affected by this vulnerability is the function... |
| [CVE-2026-34073](https://nvd.nist.gov/vuln/detail/CVE-2026-34073) | 1.7 | LOW | CWE-295 | No | 0.0% | 1.19 | 2026-03-31 | cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version... |
| [CVE-2026-34070](https://nvd.nist.gov/vuln/detail/CVE-2026-34070) | 7.5 | HIGH | CWE-22 | No | 0.1% | 5.25 | 2026-03-31 | LangChain is a framework for building agents and LLM-powered applications. Prior to version 1.2.22, multiple functions i... |
| [CVE-2026-34060](https://nvd.nist.gov/vuln/detail/CVE-2026-34060) | 7.1 | HIGH | CWE-94 | No | 0.1% | 4.97 | 2026-03-31 | Ruby LSP is an implementation of the language server protocol for Ruby. Prior to Shopify.ruby-lsp version 0.10.2 and rub... |
| [CVE-2026-34054](https://nvd.nist.gov/vuln/detail/CVE-2026-34054) | 7.8 | HIGH | CWE-427 | No | 0.1% | 5.46 | 2026-03-31 | vcpkg is a free and open-source C/C++ package manager. Prior to version 3.6.1#3, vcpkg's Windows builds of OpenSSL set o... |
| [CVE-2026-34043](https://nvd.nist.gov/vuln/detail/CVE-2026-34043) | 5.9 | MEDIUM | CWE-400 | No | 0.1% | 4.13 | 2026-03-31 | Serialize JavaScript to a superset of JSON that includes regular expressions and functions. Prior to version 7.0.5, ther... |
| [CVE-2026-34042](https://nvd.nist.gov/vuln/detail/CVE-2026-34042) | 8.2 | HIGH | CWE-862 | No | 0.1% | 5.74 | 2026-03-31 | act is a project which allows for local running of github actions. Prior to version 0.2.86, act's built in actions/cache... |
| [CVE-2026-34041](https://nvd.nist.gov/vuln/detail/CVE-2026-34041) | 7.7 | HIGH | CWE-74 | No | 0.1% | 5.39 | 2026-03-31 | act is a project which allows for local running of github actions. Prior to version 0.2.86, act unconditionally processe... |
| [CVE-2026-34040](https://nvd.nist.gov/vuln/detail/CVE-2026-34040) | 8.8 | HIGH | CWE-288 | No | 0.0% | 6.16 | 2026-03-31 | Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that all... |
| [CVE-2026-34036](https://nvd.nist.gov/vuln/detail/CVE-2026-34036) | 6.5 | MEDIUM | CWE-98 | No | 0.0% | 4.55 | 2026-03-31 | Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. In versio... |
| [CVE-2026-33997](https://nvd.nist.gov/vuln/detail/CVE-2026-33997) | 6.8 | MEDIUM | CWE-193 | No | 0.0% | 4.76 | 2026-03-31 | Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that all... |
| [CVE-2026-32727](https://nvd.nist.gov/vuln/detail/CVE-2026-32727) | 8.1 | HIGH | CWE-22 | No | 0.0% | 5.67 | 2026-03-31 | SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.7, the Enforcer is vulnerable... |
| [CVE-2026-32716](https://nvd.nist.gov/vuln/detail/CVE-2026-32716) | 8.1 | HIGH | CWE-285 | No | 0.0% | 5.67 | 2026-03-31 | SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.6, the Enforcer incorrectly va... |
| [CVE-2026-32714](https://nvd.nist.gov/vuln/detail/CVE-2026-32714) | 9.8 | CRITICAL | CWE-89 | No | 0.0% | 6.86 | 2026-03-31 | SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.6, the KeyCache class in scito... |
| [CVE-2026-5176](https://nvd.nist.gov/vuln/detail/CVE-2026-5176) | 6.9 | MEDIUM | CWE-74 | No | 2.0% | 4.89 | 2026-03-31 | A security flaw has been discovered in Totolink A3300R 17.0.0cu.557_b20221024. Affected is the function setSyslogCfg of... |
| [CVE-2026-4020](https://nvd.nist.gov/vuln/detail/CVE-2026-4020) | 7.5 | HIGH | CWE-200 | No | 6.0% | 5.43 | 2026-03-31 | The Gravity SMTP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and includi... |
| [CVE-2026-3300](https://nvd.nist.gov/vuln/detail/CVE-2026-3300) | 9.8 | CRITICAL | CWE-94 | No | 0.3% | 6.87 | 2026-03-31 | The Everest Forms Pro plugin for WordPress is vulnerable to Remote Code Execution via PHP Code Injection in all versions... |
| [CVE-2026-4794](https://nvd.nist.gov/vuln/detail/CVE-2026-4794) | 2.1 | LOW | CWE-79 | No | 0.0% | 1.47 | 2026-03-31 | Multiple cross-site scripting (XSS) vulnerabilities in PaperCut NG/MF before 25.0.10 allow authenticated administrator u... |
| [CVE-2026-32734](https://nvd.nist.gov/vuln/detail/CVE-2026-32734) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-31 | baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has DOM-based cross-site scripting in tag... |
| [CVE-2026-30940](https://nvd.nist.gov/vuln/detail/CVE-2026-30940) | 7.2 | HIGH | CWE-22 | No | 0.3% | 5.05 | 2026-03-31 | baserCMS is a website development framework. Prior to version 5.2.3, a path traversal vulnerability exists in the theme... |
| [CVE-2026-30880](https://nvd.nist.gov/vuln/detail/CVE-2026-30880) | 9.2 | CRITICAL | CWE-78 | No | 0.2% | 6.45 | 2026-03-31 | baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has an OS command injection vulnerability... |
| [CVE-2026-30879](https://nvd.nist.gov/vuln/detail/CVE-2026-30879) | 6.9 | MEDIUM | CWE-79 | No | 0.0% | 4.83 | 2026-03-31 | baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a cross-site scripting vulnerability i... |
| [CVE-2026-30878](https://nvd.nist.gov/vuln/detail/CVE-2026-30878) | 5.3 | MEDIUM | CWE-285 | No | 0.0% | 3.71 | 2026-03-31 | baserCMS is a website development framework. Prior to version 5.2.3, a public mail submission API allows unauthenticated... |
| [CVE-2026-30877](https://nvd.nist.gov/vuln/detail/CVE-2026-30877) | 9.1 | CRITICAL | CWE-78 | No | 0.2% | 6.38 | 2026-03-31 | baserCMS is a website development framework. Prior to version 5.2.3, there is an OS command injection vulnerability in t... |
| [CVE-2026-27697](https://nvd.nist.gov/vuln/detail/CVE-2026-27697) | 6.9 | MEDIUM | CWE-89 | No | 0.0% | 4.83 | 2026-03-31 | baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a SQL injection vulnerability in blog... |
| [CVE-2026-21861](https://nvd.nist.gov/vuln/detail/CVE-2026-21861) | 9.1 | CRITICAL | CWE-78 | No | 0.4% | 6.38 | 2026-03-31 | baserCMS is a website development framework. Prior to version 5.2.3, baserCMS contains an OS command injection vulnerabi... |
| [CVE-2025-32957](https://nvd.nist.gov/vuln/detail/CVE-2025-32957) | 8.7 | HIGH | CWE-434 | No | 0.1% | 6.09 | 2026-03-31 | baserCMS is a website development framework. Prior to version 5.2.3, the application's restore function allows users to... |
| [CVE-2026-5157](https://nvd.nist.gov/vuln/detail/CVE-2026-5157) | 5.3 | MEDIUM | CWE-79 | No | 0.0% | 3.71 | 2026-03-31 | A vulnerability was identified in code-projects Online Food Ordering System 1.0. Affected is an unknown function of the... |
| [CVE-2026-5156](https://nvd.nist.gov/vuln/detail/CVE-2026-5156) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-31 | A vulnerability was determined in Tenda CH22 1.0.0.1. This impacts the function formQuickIndex of the file /goform/Quick... |
| [CVE-2026-5155](https://nvd.nist.gov/vuln/detail/CVE-2026-5155) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-03-30 | A vulnerability was found in Tenda CH22 1.0.0.1. This affects the function fromAdvSetWan of the file /goform/AdvSetWan o... |
| [CVE-2026-5154](https://nvd.nist.gov/vuln/detail/CVE-2026-5154) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-03-30 | A vulnerability has been found in Tenda CH22 1.0.0.1/1.If. The impacted element is the function fromSetCfm of the file /... |
| [CVE-2026-5130](https://nvd.nist.gov/vuln/detail/CVE-2026-5130) | 8.8 | HIGH | CWE-565 | No | 0.0% | 6.16 | 2026-03-30 | The Debugger & Troubleshooter plugin for WordPress was vulnerable to Unauthenticated Privilege Escalation in versions up... |
| [CVE-2026-5153](https://nvd.nist.gov/vuln/detail/CVE-2026-5153) | 5.3 | MEDIUM | CWE-74 | No | 0.8% | 3.74 | 2026-03-30 | A flaw has been found in Tenda CH22 1.0.0.1. The affected element is the function FormWriteFacMac of the file /goform/Wr... |
| [CVE-2026-4257](https://nvd.nist.gov/vuln/detail/CVE-2026-4257) | 9.8 | CRITICAL | CWE-94 | No | 19.6% | 7.45 | 2026-03-30 | The Contact Form by Supsystic plugin for WordPress is vulnerable to Server-Side Template Injection (SSTI) leading to Rem... |
| [CVE-2026-33995](https://nvd.nist.gov/vuln/detail/CVE-2026-33995) | 5.3 | MEDIUM | CWE-415 | No | 0.1% | 3.71 | 2026-03-30 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a double-free vulnerability in... |
| [CVE-2026-33987](https://nvd.nist.gov/vuln/detail/CVE-2026-33987) | 7.1 | HIGH | CWE-122 | No | 0.0% | 4.97 | 2026-03-30 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in persistent_cache_read_entry... |
| [CVE-2026-33986](https://nvd.nist.gov/vuln/detail/CVE-2026-33986) | 7.5 | HIGH | CWE-122 | No | 0.0% | 5.25 | 2026-03-30 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in yuv_ensure_buffer() in libf... |
| [CVE-2026-33985](https://nvd.nist.gov/vuln/detail/CVE-2026-33985) | 5.9 | MEDIUM | CWE-125 | No | 0.0% | 4.13 | 2026-03-30 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, pixel data from adjacent heap... |
| [CVE-2026-33984](https://nvd.nist.gov/vuln/detail/CVE-2026-33984) | 7.5 | HIGH | CWE-122 | No | 0.0% | 5.25 | 2026-03-30 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in resize_vbar_entry() in libf... |
| [CVE-2026-33983](https://nvd.nist.gov/vuln/detail/CVE-2026-33983) | 6.5 | MEDIUM | CWE-190 | No | 0.0% | 4.55 | 2026-03-30 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, progressive_decompress_tile_up... |
| [CVE-2026-33982](https://nvd.nist.gov/vuln/detail/CVE-2026-33982) | 7.1 | HIGH | CWE-125 | No | 0.0% | 4.97 | 2026-03-30 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, there is a heap-buffer-overflo... |
| [CVE-2026-33977](https://nvd.nist.gov/vuln/detail/CVE-2026-33977) | 6.9 | MEDIUM | CWE-617 | No | 0.0% | 4.83 | 2026-03-30 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a malicious RDP server can cra... |
| [CVE-2026-33952](https://nvd.nist.gov/vuln/detail/CVE-2026-33952) | 6.0 | MEDIUM | CWE-617 | No | 0.1% | 4.20 | 2026-03-30 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, an unvalidated auth_length fie... |
| [CVE-2026-5152](https://nvd.nist.gov/vuln/detail/CVE-2026-5152) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-30 | A vulnerability was detected in Tenda CH22 1.0.0.1. Impacted is the function formCreateFileName of the file /goform/crea... |
| [CVE-2026-4789](https://nvd.nist.gov/vuln/detail/CVE-2026-4789) | 9.8 | CRITICAL | CWE-918 | No | 0.0% | 6.86 | 2026-03-30 | Kyverno, versions 1.16.0 and later, are vulnerable to SSRF due to unrestricted CEL HTTP functions. |
| [CVE-2026-34558](https://nvd.nist.gov/vuln/detail/CVE-2026-34558) | 9.1 | CRITICAL | CWE-79 | No | 0.1% | 6.37 | 2026-03-30 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorizati... |
| [CVE-2026-34557](https://nvd.nist.gov/vuln/detail/CVE-2026-34557) | 9.1 | CRITICAL | CWE-79 | No | 0.1% | 6.37 | 2026-03-30 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorizati... |
| [CVE-2026-32884](https://nvd.nist.gov/vuln/detail/CVE-2026-32884) | 5.9 | MEDIUM | CWE-295 | No | 0.0% | 4.13 | 2026-03-30 | Botan is a C++ cryptography library. Prior to version 3.11.0, during processing of an X.509 certificate path using name... |
| [CVE-2026-32883](https://nvd.nist.gov/vuln/detail/CVE-2026-32883) | 5.9 | MEDIUM | CWE-347 | No | 0.0% | 4.13 | 2026-03-30 | Botan is a C++ cryptography library. From version 3.0.0 to before version 3.11.0, during X509 path validation, OCSP resp... |
| [CVE-2026-32877](https://nvd.nist.gov/vuln/detail/CVE-2026-32877) | 8.2 | HIGH | CWE-125 | No | 0.1% | 5.74 | 2026-03-30 | Botan is a C++ cryptography library. From version 2.3.0 to before version 3.11.0, during SM2 decryption, the code that c... |
| [CVE-2026-32696](https://nvd.nist.gov/vuln/detail/CVE-2026-32696) | 3.1 | LOW | CWE-476 | No | 0.0% | 2.17 | 2026-03-30 | NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In NanoMQ version 0.24.6, after enabling auth.http... |
| [CVE-2026-31946](https://nvd.nist.gov/vuln/detail/CVE-2026-31946) | 9.8 | CRITICAL | CWE-287 | No | 0.0% | 6.86 | 2026-03-30 | OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. From vers... |
| [CVE-2026-30313](https://nvd.nist.gov/vuln/detail/CVE-2026-30313) | 9.8 | CRITICAL | CWE-94 | No | 0.9% | 6.89 | 2026-03-30 | DSAI-Cline's command auto-approval module contains a critical OS command injection vulnerability that renders its whitel... |
| [CVE-2026-30308](https://nvd.nist.gov/vuln/detail/CVE-2026-30308) | 9.8 | CRITICAL | CWE-94 | No | 0.1% | 6.86 | 2026-03-30 | In its design for automatic terminal command execution, HAI Build Code Generator offers two options: Execute safe comman... |
| [CVE-2026-30306](https://nvd.nist.gov/vuln/detail/CVE-2026-30306) | 9.8 | CRITICAL | CWE-94 | No | 0.0% | 6.86 | 2026-03-30 | In its design for automatic terminal command execution, SakaDev offers two options: Execute safe commands and execute al... |
| [CVE-2026-28228](https://nvd.nist.gov/vuln/detail/CVE-2026-28228) | 8.8 | HIGH | CWE-1336 | No | 0.1% | 6.16 | 2026-03-30 | OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. Prior to... |
| [CVE-2026-27599](https://nvd.nist.gov/vuln/detail/CVE-2026-27599) | 4.7 | MEDIUM | CWE-79 | No | 0.0% | 3.29 | 2026-03-30 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorizati... |
| [CVE-2026-27018](https://nvd.nist.gov/vuln/detail/CVE-2026-27018) | 8.8 | HIGH | CWE-22 | No | 0.0% | 6.16 | 2026-03-30 | Gotenberg is an API for converting document formats. Prior to version 8.29.0, the fix introduced for CVE-2024-21527 can... |
| [CVE-2026-25627](https://nvd.nist.gov/vuln/detail/CVE-2026-25627) | 6.5 | MEDIUM | CWE-125 | No | 0.0% | 4.55 | 2026-03-30 | NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Prior to version 0.24.8, NanoMQ’s MQTT-over-WebSoc... |
| [CVE-2026-5150](https://nvd.nist.gov/vuln/detail/CVE-2026-5150) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-30 | A security vulnerability has been detected in code-projects Accounting System 1.0. This issue affects some unknown proce... |
| [CVE-2026-5148](https://nvd.nist.gov/vuln/detail/CVE-2026-5148) | 5.1 | MEDIUM | CWE-74 | No | 0.0% | 3.57 | 2026-03-30 | A weakness has been identified in YunaiV yudao-cloud up to 2026.01. This vulnerability affects unknown code of the file... |
| [CVE-2026-33026](https://nvd.nist.gov/vuln/detail/CVE-2026-33026) | 9.4 | CRITICAL | CWE-312 | No | 0.0% | 6.58 | 2026-03-30 | Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui backup restore mechanism... |
| [CVE-2026-32275](https://nvd.nist.gov/vuln/detail/CVE-2026-32275) | 7.4 | HIGH | CWE-79 | No | 0.1% | 5.18 | 2026-03-30 | Tautulli is a Python based monitoring and tracking tool for Plex Media Server. From version 1.3.10 to before version 2.1... |
| [CVE-2026-31831](https://nvd.nist.gov/vuln/detail/CVE-2026-31831) | 8.7 | HIGH | CWE-23 | No | 0.1% | 6.09 | 2026-03-30 | Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.0, the /newsletter/... |
| [CVE-2026-31804](https://nvd.nist.gov/vuln/detail/CVE-2026-31804) | 4.0 | MEDIUM | CWE-918 | No | 0.1% | 2.80 | 2026-03-30 | Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.0, the /pms_image_p... |
| [CVE-2026-31799](https://nvd.nist.gov/vuln/detail/CVE-2026-31799) | 4.9 | MEDIUM | CWE-20 | No | 0.0% | 3.43 | 2026-03-30 | Tautulli is a Python based monitoring and tracking tool for Plex Media Server. From version 2.14.2 to before version 2.1... |
| [CVE-2026-30307](https://nvd.nist.gov/vuln/detail/CVE-2026-30307) | 9.8 | CRITICAL | CWE-94 | No | 0.7% | 6.88 | 2026-03-30 | Roo Code's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelis... |
| [CVE-2026-30305](https://nvd.nist.gov/vuln/detail/CVE-2026-30305) | 9.8 | CRITICAL | CWE-94 | No | 0.5% | 6.88 | 2026-03-30 | Syntx's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist s... |
| [CVE-2026-28505](https://nvd.nist.gov/vuln/detail/CVE-2026-28505) | 7.5 | HIGH | CWE-94 | No | 0.0% | 5.25 | 2026-03-30 | Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.0, the str_eval() f... |
| [CVE-2026-5147](https://nvd.nist.gov/vuln/detail/CVE-2026-5147) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-30 | A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This affects an unknown part of the file /admin... |
| [CVE-2026-3991](https://nvd.nist.gov/vuln/detail/CVE-2026-3991) | 7.8 | HIGH | CWE-829 | No | 0.0% | 5.46 | 2026-03-30 | Symantec Data Loss Prevention Windows Endpoint, prior to 25.1 MP1, 16.1 MP2, 16.0 RU2 HF9, 16.0 RU1 MP1 HF12, and 16.0 M... |
| [CVE-2026-3502](https://nvd.nist.gov/vuln/detail/CVE-2026-3502) | 7.8 | HIGH | CWE-494 | Yes | 1.5% | 5.50 | 2026-03-30 | TrueConf Client downloads application update code and applies it without performing verification. An attacker who is abl... |
| [CVE-2026-34714](https://nvd.nist.gov/vuln/detail/CVE-2026-34714) | 9.2 | CRITICAL | CWE-78 | No | 0.0% | 6.44 | 2026-03-30 | Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configurat... |
| [CVE-2026-29925](https://nvd.nist.gov/vuln/detail/CVE-2026-29925) | 7.7 | HIGH | CWE-918 | No | 0.0% | 5.39 | 2026-03-30 | Invoice Ninja v5.12.46 and v5.12.48 is vulnerable to Server-Side Request Forgery (SSRF) in CheckDatabaseRequest.php. |
| [CVE-2026-29924](https://nvd.nist.gov/vuln/detail/CVE-2026-29924) | 7.6 | HIGH | CWE-611 | No | 0.1% | 5.32 | 2026-03-30 | Grav CMS v1.7.x and before is vulnerable to XML External Entity (XXE) through the SVG file upload functionality in the a... |
| [CVE-2026-5126](https://nvd.nist.gov/vuln/detail/CVE-2026-5126) | 5.3 | MEDIUM | CWE-918 | No | 0.0% | 3.71 | 2026-03-30 | A flaw has been found in SourceCodester RSS Feed Parser 1.0. Affected by this issue is the function file_get_contents. T... |
| [CVE-2026-5125](https://nvd.nist.gov/vuln/detail/CVE-2026-5125) | 4.8 | MEDIUM | CWE-77 | No | 0.3% | 3.37 | 2026-03-30 | A vulnerability was detected in raine consult-llm-mcp up to 2.5.3. Affected by this vulnerability is the function child_... |
| [CVE-2026-33032](https://nvd.nist.gov/vuln/detail/CVE-2026-33032) | 9.8 | CRITICAL | CWE-306 | No | 0.1% | 6.86 | 2026-03-30 | Nginx UI is a web user interface for the Nginx web server. In versions 2.3.5 and prior, the nginx-ui MCP (Model Context... |
| [CVE-2026-33030](https://nvd.nist.gov/vuln/detail/CVE-2026-33030) | 8.8 | HIGH | CWE-78 | No | 0.0% | 6.16 | 2026-03-30 | Nginx UI is a web user interface for the Nginx web server. In versions 2.3.3 and prior, Nginx-UI contains an Insecure Di... |
| [CVE-2026-33029](https://nvd.nist.gov/vuln/detail/CVE-2026-33029) | 6.9 | MEDIUM | CWE-20 | No | 0.1% | 4.83 | 2026-03-30 | Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, an input validation vulnerability in... |
| [CVE-2026-33028](https://nvd.nist.gov/vuln/detail/CVE-2026-33028) | 7.1 | HIGH | CWE-362 | No | 0.1% | 4.97 | 2026-03-30 | Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui application is vulnerabl... |
| [CVE-2026-33027](https://nvd.nist.gov/vuln/detail/CVE-2026-33027) | 6.9 | MEDIUM | CWE-22 | No | 0.1% | 4.83 | 2026-03-30 | Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui configuration improperly... |
| [CVE-2026-30077](https://nvd.nist.gov/vuln/detail/CVE-2026-30077) | 7.5 | HIGH | CWE-20 | No | 0.1% | 5.25 | 2026-03-30 | OpenAirInterface V2.2.0 AMF crashes when it fails to decode the message. Not all decode failures result in a crash. But... |
| [CVE-2026-29872](https://nvd.nist.gov/vuln/detail/CVE-2026-29872) | 8.2 | HIGH | CWE-200 | No | 0.1% | 5.74 | 2026-03-30 | A cross-session information disclosure vulnerability exists in the awesome-llm-apps project in commit e46690f99c3f08be80... |
| [CVE-2025-66215](https://nvd.nist.gov/vuln/detail/CVE-2025-66215) | 3.8 | LOW | CWE-121 | No | 0.0% | 2.66 | 2026-03-30 | OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to t... |
| [CVE-2025-66038](https://nvd.nist.gov/vuln/detail/CVE-2025-66038) | 3.9 | LOW | CWE-126 | No | 0.0% | 2.73 | 2026-03-30 | OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, sc_compacttlv_find_tag searches a com... |
| [CVE-2025-66037](https://nvd.nist.gov/vuln/detail/CVE-2025-66037) | 3.9 | LOW | CWE-125 | No | 0.0% | 2.73 | 2026-03-30 | OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, feeding a crafted input to the fuzz_p... |
| [CVE-2025-49010](https://nvd.nist.gov/vuln/detail/CVE-2025-49010) | 3.8 | LOW | CWE-121 | No | 0.0% | 2.66 | 2026-03-30 | OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to t... |
| [CVE-2026-5124](https://nvd.nist.gov/vuln/detail/CVE-2026-5124) | 6.3 | MEDIUM | CWE-266 | No | 0.1% | 4.41 | 2026-03-30 | A security vulnerability has been detected in osrg GoBGP up to 4.3.0. Affected is the function BGPHeader.DecodeFromBytes... |
| [CVE-2026-29954](https://nvd.nist.gov/vuln/detail/CVE-2026-29954) | 7.6 | HIGH | CWE-88 | No | 0.0% | 5.32 | 2026-03-30 | In KubePlus 4.1.4, the mutating webhook and kubeconfiggenerator components have an SSRF vulnerability when processing th... |
| [CVE-2026-29909](https://nvd.nist.gov/vuln/detail/CVE-2026-29909) | 5.3 | MEDIUM | CWE-20 | No | 0.0% | 3.71 | 2026-03-30 | MRCMS V3.1.2 contains an unauthenticated directory enumeration vulnerability in the file management module. The /admin/f... |
| [CVE-2026-27508](https://nvd.nist.gov/vuln/detail/CVE-2026-27508) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-03-30 | Smoothwall Express versions prior to 3.1 Update 13 contain a reflected cross-site scripting vulnerability in the /redire... |
| [CVE-2026-26352](https://nvd.nist.gov/vuln/detail/CVE-2026-26352) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-03-30 | Smoothwall Express versions prior to 3.1 Update 13 contain a stored cross-site scripting vulnerability in the /cgi-bin/v... |
| [CVE-2026-5123](https://nvd.nist.gov/vuln/detail/CVE-2026-5123) | 6.3 | MEDIUM | CWE-189 | No | 0.1% | 4.41 | 2026-03-30 | A weakness has been identified in osrg GoBGP up to 4.3.0. This impacts the function DecodeFromBytes of the file pkg/pack... |
| [CVE-2026-34472](https://nvd.nist.gov/vuln/detail/CVE-2026-34472) | 7.1 | HIGH | CWE-200 | No | 0.0% | 4.97 | 2026-03-30 | Unauthenticated credential disclosure in the wizard interface in ZTE ZXHN H188A V6.0.10P2_TE and V6.0.10P3N3_TE allows u... |
| [CVE-2026-33643](https://nvd.nist.gov/vuln/detail/CVE-2026-33643) | 7.4 | HIGH | CWE-89 | No | 0.0% | 5.18 | 2026-03-30 | SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the mysqlColumnAsInsert function in file pl... |
| [CVE-2026-30562](https://nvd.nist.gov/vuln/detail/CVE-2026-30562) | 9.3 | CRITICAL | CWE-79 | No | 0.0% | 6.51 | 2026-03-30 | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulner... |
| [CVE-2026-30561](https://nvd.nist.gov/vuln/detail/CVE-2026-30561) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-03-30 | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulner... |
| [CVE-2026-30560](https://nvd.nist.gov/vuln/detail/CVE-2026-30560) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-03-30 | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulner... |
| [CVE-2026-30559](https://nvd.nist.gov/vuln/detail/CVE-2026-30559) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-03-30 | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulner... |
| [CVE-2026-30558](https://nvd.nist.gov/vuln/detail/CVE-2026-30558) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-03-30 | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulner... |
| [CVE-2026-30557](https://nvd.nist.gov/vuln/detail/CVE-2026-30557) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-03-30 | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulner... |
| [CVE-2026-30556](https://nvd.nist.gov/vuln/detail/CVE-2026-30556) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-03-30 | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulner... |
| [CVE-2026-2287](https://nvd.nist.gov/vuln/detail/CVE-2026-2287) | 9.8 | CRITICAL | CWE-94 | No | 0.1% | 6.86 | 2026-03-30 | CrewAI does not properly check that Docker is still running during runtime, and will fall back to a sandbox setting that... |
| [CVE-2026-2286](https://nvd.nist.gov/vuln/detail/CVE-2026-2286) | 9.8 | CRITICAL | CWE-918 | No | 0.1% | 6.86 | 2026-03-30 | CrewAI contains a server-side request forgery vulnerability that enables content acquisition from internal and cloud ser... |
| [CVE-2026-2285](https://nvd.nist.gov/vuln/detail/CVE-2026-2285) | 7.5 | HIGH | NVD-CWE-noinfo | No | 0.2% | 5.26 | 2026-03-30 | CrewAI contains a arbitrary local file read vulnerability in the JSON loader tool that reads files without path validati... |
| [CVE-2026-2275](https://nvd.nist.gov/vuln/detail/CVE-2026-2275) | 9.6 | CRITICAL | CWE-749 | No | 0.0% | 6.72 | 2026-03-30 | The CrewAI CodeInterpreter tool falls back to SandboxPython when it cannot reach Docker, which can enable RCE through ar... |
| [CVE-2026-29953](https://nvd.nist.gov/vuln/detail/CVE-2026-29953) | 7.4 | HIGH | CWE-89 | No | 0.0% | 5.18 | 2026-03-30 | SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the columnAsInsert function in file plugins... |
| [CVE-2026-29597](https://nvd.nist.gov/vuln/detail/CVE-2026-29597) | 6.5 | MEDIUM | CWE-284 | No | 0.0% | 4.55 | 2026-03-30 | DDSN Interactive cm3 Acora CMS version 10.7.1 contains an improper access control vulnerability. An editor-privileged us... |
| [CVE-2026-21712](https://nvd.nist.gov/vuln/detail/CVE-2026-21712) | 5.7 | MEDIUM | N/A | No | 0.0% | 3.99 | 2026-03-30 | A flaw in Node.js URL processing causes an assertion failure in native code when `url.format()` is called with a malform... |
| [CVE-2026-5165](https://nvd.nist.gov/vuln/detail/CVE-2026-5165) | 6.7 | MEDIUM | CWE-825 | No | 0.0% | 4.69 | 2026-03-30 | A flaw was found in virtio-win, specifically within the VirtIO Block (BLK) device. When the device undergoes a reset, it... |
| [CVE-2026-5164](https://nvd.nist.gov/vuln/detail/CVE-2026-5164) | 6.7 | MEDIUM | CWE-120 | No | 0.0% | 4.69 | 2026-03-30 | A flaw was found in virtio-win. The `RhelDoUnMap()` function does not properly validate the number of descriptors provid... |
| [CVE-2026-5122](https://nvd.nist.gov/vuln/detail/CVE-2026-5122) | 6.3 | MEDIUM | CWE-266 | No | 0.1% | 4.41 | 2026-03-30 | A security flaw has been discovered in osrg GoBGP up to 4.3.0. This affects the function DecodeFromBytes of the file pkg... |
| [CVE-2026-33373](https://nvd.nist.gov/vuln/detail/CVE-2026-33373) | 8.8 | HIGH | CWE-352 | No | 0.0% | 6.16 | 2026-03-30 | An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A Cross-Site Request Forgery (CSRF) vulnerability e... |
| [CVE-2026-30566](https://nvd.nist.gov/vuln/detail/CVE-2026-30566) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-03-30 | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulner... |
| [CVE-2026-30565](https://nvd.nist.gov/vuln/detail/CVE-2026-30565) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-03-30 | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulner... |
| [CVE-2026-30564](https://nvd.nist.gov/vuln/detail/CVE-2026-30564) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-03-30 | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulner... |
| [CVE-2026-30563](https://nvd.nist.gov/vuln/detail/CVE-2026-30563) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-03-30 | A Stored Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerabi... |
| [CVE-2026-30082](https://nvd.nist.gov/vuln/detail/CVE-2026-30082) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-03-30 | Multiple stored cross-site scripting (XSS) vulnerabilities in the Edit feature of the Software Package List page of IngE... |
| [CVE-2026-3321](https://nvd.nist.gov/vuln/detail/CVE-2026-3321) | 8.7 | HIGH | CWE-639 | No | 0.1% | 6.09 | 2026-03-30 | A vulnerability of authorization bypass through user-controlled key in the 'console-survey/api/v1/answer/{EVENTID}/{TIME... |
| [CVE-2026-28528](https://nvd.nist.gov/vuln/detail/CVE-2026-28528) | 2.1 | LOW | CWE-125 | No | 0.0% | 1.47 | 2026-03-30 | BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Browsing Target GET... |
| [CVE-2026-28527](https://nvd.nist.gov/vuln/detail/CVE-2026-28527) | 2.1 | LOW | CWE-125 | No | 0.0% | 1.47 | 2026-03-30 | BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Controller GET_PLAY... |
| [CVE-2026-28526](https://nvd.nist.gov/vuln/detail/CVE-2026-28526) | 2.1 | LOW | CWE-125 | No | 0.0% | 1.47 | 2026-03-30 | BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Controller LIST_PLA... |
| [CVE-2026-4315](https://nvd.nist.gov/vuln/detail/CVE-2026-4315) | 7.1 | HIGH | CWE-352 | No | 0.1% | 4.97 | 2026-03-30 | A Cross-Site Request Forgery (CSRF) vulnerability in the WatchGuard Fireware OS WebUI could allow a remote attacker to t... |
| [CVE-2026-4425](https://nvd.nist.gov/vuln/detail/CVE-2026-4425) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-03-30 | Rejected reason: Reserved for EastLink case, but no need for CVE anymore |
| [CVE-2019-25655](https://nvd.nist.gov/vuln/detail/CVE-2019-25655) | 6.9 | MEDIUM | CWE-1316 | No | 0.0% | 4.83 | 2026-03-30 | Device Monitoring Studio 8.10.00.8925 contains a denial of service vulnerability that allows local attackers to crash th... |
| [CVE-2019-25654](https://nvd.nist.gov/vuln/detail/CVE-2019-25654) | 8.7 | HIGH | CWE-787 | No | 0.1% | 6.09 | 2026-03-30 | Core FTP/SFTP Server 1.2 contains a buffer overflow vulnerability that allows attackers to crash the service by supplyin... |
| [CVE-2019-25653](https://nvd.nist.gov/vuln/detail/CVE-2019-25653) | 6.9 | MEDIUM | CWE-620 | No | 0.0% | 4.83 | 2026-03-30 | Navicat for Oracle 12.1.15 contains a denial of service vulnerability that allows local attackers to crash the applicati... |
| [CVE-2018-25235](https://nvd.nist.gov/vuln/detail/CVE-2018-25235) | 6.9 | MEDIUM | CWE-787 | No | 0.0% | 4.83 | 2026-03-30 | NetworkActiv Web Server 4.0 contains a buffer overflow vulnerability in the username field of the Security options that... |
| [CVE-2018-25234](https://nvd.nist.gov/vuln/detail/CVE-2018-25234) | 6.9 | MEDIUM | CWE-466 | No | 0.0% | 4.83 | 2026-03-30 | SmartFTP Client 9.0.2615.0 contains a denial of service vulnerability that allows local attackers to crash the applicati... |
| [CVE-2018-25233](https://nvd.nist.gov/vuln/detail/CVE-2018-25233) | 6.9 | MEDIUM | CWE-233 | No | 0.0% | 4.83 | 2026-03-30 | WebDrive 18.00.5057 contains a denial of service vulnerability that allows local attackers to crash the application by s... |
| [CVE-2018-25232](https://nvd.nist.gov/vuln/detail/CVE-2018-25232) | 6.8 | MEDIUM | CWE-1285 | No | 0.0% | 4.76 | 2026-03-30 | Softros LAN Messenger 9.2 contains a denial of service vulnerability that allows local attackers to crash the applicatio... |
| [CVE-2018-25231](https://nvd.nist.gov/vuln/detail/CVE-2018-25231) | 6.9 | MEDIUM | CWE-98 | No | 0.0% | 4.83 | 2026-03-30 | HeidiSQL 9.5.0.5196 contains a denial of service vulnerability that allows local attackers to crash the application by s... |
| [CVE-2018-25230](https://nvd.nist.gov/vuln/detail/CVE-2018-25230) | 6.8 | MEDIUM | CWE-787 | No | 0.0% | 4.76 | 2026-03-30 | Free IP Switcher 3.1 contains a buffer overflow vulnerability that allows local attackers to crash the application by su... |
| [CVE-2018-25229](https://nvd.nist.gov/vuln/detail/CVE-2018-25229) | 6.8 | MEDIUM | CWE-1282 | No | 0.0% | 4.76 | 2026-03-30 | BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the SMTP configuration interface that a... |
| [CVE-2018-25228](https://nvd.nist.gov/vuln/detail/CVE-2018-25228) | 6.9 | MEDIUM | CWE-787 | No | 0.0% | 4.83 | 2026-03-30 | NetSetMan 4.7.1 contains a buffer overflow vulnerability in the Workgroup feature that allows local attackers to crash t... |
| [CVE-2018-25227](https://nvd.nist.gov/vuln/detail/CVE-2018-25227) | 6.9 | MEDIUM | CWE-466 | No | 0.0% | 4.83 | 2026-03-30 | Valentina Studio 9.0.4 contains a denial of service vulnerability that allows local attackers to crash the application b... |
| [CVE-2018-25226](https://nvd.nist.gov/vuln/detail/CVE-2018-25226) | 6.9 | MEDIUM | CWE-787 | No | 0.0% | 4.83 | 2026-03-30 | FTPShell Server 6.83 contains a buffer overflow vulnerability that allows local attackers to crash the application by su... |
| [CVE-2026-5128](https://nvd.nist.gov/vuln/detail/CVE-2026-5128) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-03-30 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. |
| [CVE-2026-5121](https://nvd.nist.gov/vuln/detail/CVE-2026-5121) | 7.5 | HIGH | CWE-190 | No | 0.1% | 5.25 | 2026-03-30 | A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer... |
| [CVE-2026-4416](https://nvd.nist.gov/vuln/detail/CVE-2026-4416) | 8.5 | HIGH | CWE-502 | No | 0.0% | 5.95 | 2026-03-30 | The Performance Library component of Gigabyte Control Center has an Insecure Deserialization vulnerability. Authenticate... |
| [CVE-2026-4415](https://nvd.nist.gov/vuln/detail/CVE-2026-4415) | 9.2 | CRITICAL | CWE-23 | No | 0.5% | 6.46 | 2026-03-30 | Gigabyte Control Center developed by GIGABYTE has an Arbitrary File Write vulnerability. When the pairing feature is ena... |
| [CVE-2026-3945](https://nvd.nist.gov/vuln/detail/CVE-2026-3945) | 8.7 | HIGH | CWE-190 | No | 0.1% | 6.09 | 2026-03-30 | An integer overflow vulnerability in the HTTP chunked transfer encoding parser in tinyproxy up to and including version... |
| [CVE-2026-2328](https://nvd.nist.gov/vuln/detail/CVE-2026-2328) | 7.5 | HIGH | CWE-790 | No | 0.0% | 5.25 | 2026-03-30 | An unauthenticated remote attacker can exploit insufficient input validation to access backend components beyond their i... |
| [CVE-2025-3716](https://nvd.nist.gov/vuln/detail/CVE-2025-3716) | 5.3 | MEDIUM | CWE-204 | No | 0.0% | 3.71 | 2026-03-30 | User enumeration in ESET Protect (on-prem) via Response Timing. |
| [CVE-2025-15379](https://nvd.nist.gov/vuln/detail/CVE-2025-15379) | 10.0 | CRITICAL | CWE-77 | No | 0.2% | 7.01 | 2026-03-30 | A command injection vulnerability exists in MLflow's model serving container initialization code, specifically in the `_... |
| [CVE-2026-5119](https://nvd.nist.gov/vuln/detail/CVE-2026-5119) | 5.9 | MEDIUM | CWE-319 | No | 0.0% | 4.13 | 2026-03-30 | A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies... |
| [CVE-2026-5107](https://nvd.nist.gov/vuln/detail/CVE-2026-5107) | 2.3 | LOW | CWE-266 | No | 0.0% | 1.61 | 2026-03-30 | A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the function process_type2_route of the file... |
| [CVE-2026-5106](https://nvd.nist.gov/vuln/detail/CVE-2026-5106) | 4.8 | MEDIUM | CWE-79 | No | 0.0% | 3.36 | 2026-03-30 | A flaw has been found in code-projects Exam Form Submission 1.0. The impacted element is an unknown function of the file... |
| [CVE-2026-5105](https://nvd.nist.gov/vuln/detail/CVE-2026-5105) | 5.3 | MEDIUM | CWE-74 | No | 2.2% | 3.77 | 2026-03-30 | A vulnerability was detected in Totolink A3300R 17.0.0cu.557_b20221024. The affected element is the function setVpnPassC... |
| [CVE-2026-5104](https://nvd.nist.gov/vuln/detail/CVE-2026-5104) | 5.3 | MEDIUM | CWE-74 | No | 2.2% | 3.77 | 2026-03-30 | A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_b20221024. Impacted is the function setStatic... |
| [CVE-2026-5103](https://nvd.nist.gov/vuln/detail/CVE-2026-5103) | 5.3 | MEDIUM | CWE-74 | No | 2.2% | 3.77 | 2026-03-30 | A weakness has been identified in Totolink A3300R 17.0.0cu.557_b20221024. This issue affects the function setUPnPCfg of... |
| [CVE-2026-3124](https://nvd.nist.gov/vuln/detail/CVE-2026-3124) | 7.5 | HIGH | CWE-639 | No | 0.0% | 5.25 | 2026-03-30 | The Download Monitor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and i... |
| [CVE-2025-15036](https://nvd.nist.gov/vuln/detail/CVE-2025-15036) | 9.6 | CRITICAL | CWE-29 | No | 0.1% | 6.72 | 2026-03-30 | A path traversal vulnerability exists in the `extract_archive_to_dir` function within the `mlflow/pyfunc/dbconnect_artif... |
| [CVE-2026-5102](https://nvd.nist.gov/vuln/detail/CVE-2026-5102) | 5.3 | MEDIUM | CWE-74 | No | 2.2% | 3.77 | 2026-03-30 | A security flaw has been discovered in Totolink A3300R 17.0.0cu.557_b20221024. This vulnerability affects the function s... |
| [CVE-2026-2370](https://nvd.nist.gov/vuln/detail/CVE-2026-2370) | 8.1 | HIGH | CWE-233 | No | 0.0% | 5.67 | 2026-03-30 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.3 before 18.8.7, 18.9 before 18.9.3, and 1... |
| [CVE-2026-5101](https://nvd.nist.gov/vuln/detail/CVE-2026-5101) | 5.3 | MEDIUM | CWE-74 | No | 2.9% | 3.80 | 2026-03-29 | A vulnerability was identified in Totolink A3300R 17.0.0cu.557_b20221024. This affects the function setLanCfg of the fil... |
| [CVE-2026-4946](https://nvd.nist.gov/vuln/detail/CVE-2026-4946) | 8.8 | HIGH | CWE-78 | No | 0.0% | 6.16 | 2026-03-29 | Ghidra versions prior to 12.0.3 improperly process annotation directives embedded in automatically extracted binary data... |
| [CVE-2026-0562](https://nvd.nist.gov/vuln/detail/CVE-2026-0562) | 8.3 | HIGH | CWE-863 | No | 0.0% | 5.81 | 2026-03-29 | A critical security vulnerability in parisneo/lollms versions up to 2.2.0 allows any authenticated user to accept or rej... |
| [CVE-2026-0560](https://nvd.nist.gov/vuln/detail/CVE-2026-0560) | 7.5 | HIGH | CWE-918 | No | 0.1% | 5.25 | 2026-03-29 | A Server-Side Request Forgery (SSRF) vulnerability exists in parisneo/lollms versions prior to 2.2.0, specifically in th... |
| [CVE-2026-0558](https://nvd.nist.gov/vuln/detail/CVE-2026-0558) | 9.8 | CRITICAL | CWE-287 | No | 0.3% | 6.87 | 2026-03-29 | A vulnerability in parisneo/lollms, up to and including version 2.2.0, allows unauthenticated users to upload and proces... |
| [CVE-2026-34005](https://nvd.nist.gov/vuln/detail/CVE-2026-34005) | 8.8 | HIGH | CWE-78 | No | 0.1% | 6.16 | 2026-03-29 | In Sofia on Xiongmai DVR/NVR (AHB7008T-MH-V2 and NBD7024H-P) 4.03.R11 devices, root OS command injection can occur via s... |
| [CVE-2026-5046](https://nvd.nist.gov/vuln/detail/CVE-2026-5046) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-29 | A flaw has been found in Tenda FH1201 1.2.0.14(408). Affected is the function formWrlExtraSet of the file /goform/WrlExt... |
| [CVE-2026-5045](https://nvd.nist.gov/vuln/detail/CVE-2026-5045) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-29 | A vulnerability was detected in Tenda FH1201 1.2.0.14(408). This impacts the function WrlclientSet of the file /goform/W... |
| [CVE-2026-5044](https://nvd.nist.gov/vuln/detail/CVE-2026-5044) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-29 | A security vulnerability has been detected in Belkin F9K1122 1.00.33. This affects the function formSetSystemSettings of... |
| [CVE-2026-33575](https://nvd.nist.gov/vuln/detail/CVE-2026-33575) | 8.6 | HIGH | CWE-522 | No | 0.0% | 6.02 | 2026-03-29 | OpenClaw before 2026.3.12 embeds long-lived shared gateway credentials directly in pairing setup codes generated by /pai... |
| [CVE-2026-33574](https://nvd.nist.gov/vuln/detail/CVE-2026-33574) | 5.8 | MEDIUM | CWE-367 | No | 0.0% | 4.06 | 2026-03-29 | OpenClaw before 2026.3.8 contains a path traversal vulnerability in the skills download installer that validates the too... |
| [CVE-2026-33573](https://nvd.nist.gov/vuln/detail/CVE-2026-33573) | 8.7 | HIGH | CWE-668 | No | 0.1% | 6.09 | 2026-03-29 | OpenClaw before 2026.3.11 contains an authorization bypass vulnerability in the gateway agent RPC that allows authentica... |
| [CVE-2026-33572](https://nvd.nist.gov/vuln/detail/CVE-2026-33572) | 6.8 | MEDIUM | CWE-378 | No | 0.0% | 4.76 | 2026-03-29 | OpenClaw before 2026.2.17 creates session transcript JSONL files with overly broad default permissions, allowing local u... |
| [CVE-2026-32987](https://nvd.nist.gov/vuln/detail/CVE-2026-32987) | 9.3 | CRITICAL | CWE-294 | No | 0.1% | 6.51 | 2026-03-29 | OpenClaw before 2026.3.13 allows bootstrap setup codes to be replayed during device pairing verification in src/infra/de... |
| [CVE-2026-32980](https://nvd.nist.gov/vuln/detail/CVE-2026-32980) | 8.7 | HIGH | CWE-770 | No | 0.1% | 6.09 | 2026-03-29 | OpenClaw before 2026.3.13 reads and buffers Telegram webhook request bodies before validating the x-telegram-bot-api-sec... |
| [CVE-2026-32979](https://nvd.nist.gov/vuln/detail/CVE-2026-32979) | 7.0 | HIGH | CWE-367 | No | 0.0% | 4.90 | 2026-03-29 | OpenClaw before 2026.3.11 contains an approval integrity vulnerability allowing attackers to execute rewritten local cod... |
| [CVE-2026-32978](https://nvd.nist.gov/vuln/detail/CVE-2026-32978) | 9.4 | CRITICAL | CWE-863 | No | 0.0% | 6.58 | 2026-03-29 | OpenClaw before 2026.3.11 contains an approval integrity vulnerability where system.run approvals fail to bind mutable f... |
| [CVE-2026-32975](https://nvd.nist.gov/vuln/detail/CVE-2026-32975) | 6.9 | MEDIUM | CWE-807 | No | 0.1% | 4.83 | 2026-03-29 | OpenClaw before 2026.3.12 contains a weak authorization vulnerability in Zalouser allowlist mode that matches mutable gr... |
| [CVE-2026-32974](https://nvd.nist.gov/vuln/detail/CVE-2026-32974) | 8.8 | HIGH | CWE-347 | No | 0.1% | 6.16 | 2026-03-29 | OpenClaw before 2026.3.12 contains an authentication bypass vulnerability in Feishu webhook mode when only verificationT... |
| [CVE-2026-32973](https://nvd.nist.gov/vuln/detail/CVE-2026-32973) | 8.8 | HIGH | CWE-625 | No | 0.1% | 6.16 | 2026-03-29 | OpenClaw before 2026.3.11 contains an exec allowlist bypass vulnerability where matchesExecAllowlistPattern improperly n... |
| [CVE-2026-32972](https://nvd.nist.gov/vuln/detail/CVE-2026-32972) | 7.1 | HIGH | CWE-863 | No | 0.0% | 4.97 | 2026-03-29 | OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing authenticated operators with only oper... |
| [CVE-2026-32924](https://nvd.nist.gov/vuln/detail/CVE-2026-32924) | 6.9 | MEDIUM | CWE-863 | No | 0.1% | 4.83 | 2026-03-29 | OpenClaw before 2026.3.12 contains an authorization bypass vulnerability where Feishu reaction events with omitted chat_... |
| [CVE-2026-32923](https://nvd.nist.gov/vuln/detail/CVE-2026-32923) | 5.3 | MEDIUM | CWE-863 | No | 0.0% | 3.71 | 2026-03-29 | OpenClaw before 2026.3.11 contains an authorization bypass vulnerability in Discord guild reaction ingestion that fails... |
| [CVE-2026-32922](https://nvd.nist.gov/vuln/detail/CVE-2026-32922) | 9.4 | CRITICAL | CWE-266 | No | 0.2% | 6.59 | 2026-03-29 | OpenClaw before 2026.3.11 contains a privilege escalation vulnerability in device.token.rotate that allows callers with... |
| [CVE-2026-32919](https://nvd.nist.gov/vuln/detail/CVE-2026-32919) | 6.9 | MEDIUM | CWE-863 | No | 0.0% | 4.83 | 2026-03-29 | OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing write-scoped callers to reach admin-on... |
| [CVE-2026-32918](https://nvd.nist.gov/vuln/detail/CVE-2026-32918) | 9.2 | CRITICAL | CWE-863 | No | 0.0% | 6.44 | 2026-03-29 | OpenClaw before 2026.3.11 contains a session sandbox escape vulnerability in the session_status tool that allows sandbox... |
| [CVE-2026-32915](https://nvd.nist.gov/vuln/detail/CVE-2026-32915) | 9.3 | CRITICAL | CWE-863 | No | 0.0% | 6.51 | 2026-03-29 | OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability allowing leaf subagents to access the subagen... |
| [CVE-2026-32914](https://nvd.nist.gov/vuln/detail/CVE-2026-32914) | 8.7 | HIGH | CWE-863 | No | 0.0% | 6.09 | 2026-03-29 | OpenClaw before 2026.3.12 contains an insufficient access control vulnerability in the /config and /debug command handle... |
| [CVE-2026-5043](https://nvd.nist.gov/vuln/detail/CVE-2026-5043) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-29 | A weakness has been identified in Belkin F9K1122 1.00.33. The impacted element is the function formSetPassword of the fi... |
| [CVE-2026-5042](https://nvd.nist.gov/vuln/detail/CVE-2026-5042) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-29 | A security flaw has been discovered in Belkin F9K1122 1.00.33. The affected element is the function formCrossBandSwitch... |
| [CVE-2026-5041](https://nvd.nist.gov/vuln/detail/CVE-2026-5041) | 5.1 | MEDIUM | CWE-74 | No | 0.3% | 3.58 | 2026-03-29 | A vulnerability was identified in code-projects Chamber of Commerce Membership Management System 1.0. Impacted is the fu... |
| [CVE-2026-5037](https://nvd.nist.gov/vuln/detail/CVE-2026-5037) | 4.8 | MEDIUM | CWE-119 | No | 0.0% | 3.36 | 2026-03-29 | A vulnerability was determined in mxml up to 4.0.4. This issue affects the function index_sort of the file mxml-index.c... |
| [CVE-2026-5036](https://nvd.nist.gov/vuln/detail/CVE-2026-5036) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-03-29 | A vulnerability was found in Tenda 4G06 04.06.01.29. This vulnerability affects the function fromDhcpListClient of the f... |
| [CVE-2026-5035](https://nvd.nist.gov/vuln/detail/CVE-2026-5035) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-29 | A vulnerability has been found in code-projects Accounting System 1.0. This affects an unknown part of the file /view_wo... |
| [CVE-2026-5034](https://nvd.nist.gov/vuln/detail/CVE-2026-5034) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-29 | A flaw has been found in code-projects Accounting System 1.0. Affected by this issue is some unknown functionality of th... |
| [CVE-2026-5033](https://nvd.nist.gov/vuln/detail/CVE-2026-5033) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-29 | A vulnerability was detected in code-projects Accounting System 1.0. Affected by this vulnerability is an unknown functi... |
| [CVE-2026-5031](https://nvd.nist.gov/vuln/detail/CVE-2026-5031) | 5.3 | MEDIUM | CWE-99 | No | 0.0% | 3.71 | 2026-03-29 | A vulnerability was found in BichitroGan ISP Billing Software 2025.3.20. Impacted is an unknown function of the file /?_... |
| [CVE-2026-5030](https://nvd.nist.gov/vuln/detail/CVE-2026-5030) | 5.3 | MEDIUM | CWE-74 | No | 1.6% | 3.76 | 2026-03-29 | A vulnerability has been found in Totolink NR1800X 9.1.0u.6279_B20210910. This issue affects the function NTPSyncWithHos... |
| [CVE-2026-5024](https://nvd.nist.gov/vuln/detail/CVE-2026-5024) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-03-29 | A vulnerability was found in D-Link DIR-513 1.10. This issue affects the function formSetEmail of the file /goform/formS... |
| [CVE-2026-5023](https://nvd.nist.gov/vuln/detail/CVE-2026-5023) | 4.8 | MEDIUM | CWE-77 | No | 0.5% | 3.38 | 2026-03-29 | A vulnerability has been found in DeDeveloper23 codebase-mcp up to 3ec749d237dd8eabbeef48657cf917275792fde6. This vulner... |
| [CVE-2026-5021](https://nvd.nist.gov/vuln/detail/CVE-2026-5021) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-29 | A flaw has been found in Tenda F453 1.0.0.3. This affects the function fromPPTPUserSetting of the file /goform/PPTPUserS... |
| [CVE-2026-2602](https://nvd.nist.gov/vuln/detail/CVE-2026-2602) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-03-29 | The Twentig plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'featuredImageSizeWidth' parameter... |
| [CVE-2026-5020](https://nvd.nist.gov/vuln/detail/CVE-2026-5020) | 5.3 | MEDIUM | CWE-74 | No | 1.6% | 3.76 | 2026-03-29 | A vulnerability was detected in Totolink A3600R 4.1.2cu.5182_B20201102. Affected by this issue is the function setNotice... |
| [CVE-2026-5019](https://nvd.nist.gov/vuln/detail/CVE-2026-5019) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-29 | A security vulnerability has been detected in code-projects Simple Food Order System 1.0. Affected by this vulnerability... |
| [CVE-2026-5018](https://nvd.nist.gov/vuln/detail/CVE-2026-5018) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-28 | A weakness has been identified in code-projects Simple Food Order System 1.0. Affected is an unknown function of the fil... |
| [CVE-2026-5017](https://nvd.nist.gov/vuln/detail/CVE-2026-5017) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-28 | A security flaw has been discovered in code-projects Simple Food Order System 1.0. This impacts an unknown function of t... |
| [CVE-2026-5016](https://nvd.nist.gov/vuln/detail/CVE-2026-5016) | 6.9 | MEDIUM | CWE-918 | No | 0.1% | 4.83 | 2026-03-28 | A vulnerability was identified in elecV2 elecV2P up to 3.8.3. This affects the function eAxios of the file /mock of the... |
| [CVE-2026-5015](https://nvd.nist.gov/vuln/detail/CVE-2026-5015) | 5.3 | MEDIUM | CWE-79 | No | 0.0% | 3.71 | 2026-03-28 | A vulnerability was determined in elecV2 elecV2P up to 3.8.3. The impacted element is an unknown function of the file /l... |
| [CVE-2026-5014](https://nvd.nist.gov/vuln/detail/CVE-2026-5014) | 5.5 | MEDIUM | CWE-22 | No | 0.1% | 3.85 | 2026-03-28 | A vulnerability was found in elecV2 elecV2P up to 3.8.3. The affected element is the function path.join of the file /log... |
| [CVE-2026-5013](https://nvd.nist.gov/vuln/detail/CVE-2026-5013) | 5.5 | MEDIUM | CWE-22 | No | 0.0% | 3.85 | 2026-03-28 | A vulnerability has been found in elecV2 elecV2P up to 3.8.3. Impacted is the function path.join of the file /store/:key... |
| [CVE-2026-5012](https://nvd.nist.gov/vuln/detail/CVE-2026-5012) | 6.9 | MEDIUM | CWE-77 | No | 2.2% | 4.90 | 2026-03-28 | A flaw has been found in elecV2 elecV2P up to 3.8.3. This issue affects the function pm2run of the file /rpc. Executing... |
| [CVE-2026-5011](https://nvd.nist.gov/vuln/detail/CVE-2026-5011) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-03-28 | A vulnerability was detected in elecV2 elecV2P up to 3.8.3. This vulnerability affects the function runJSFile of the fil... |
| [CVE-2026-5007](https://nvd.nist.gov/vuln/detail/CVE-2026-5007) | 4.8 | MEDIUM | CWE-77 | No | 0.3% | 3.37 | 2026-03-28 | A vulnerability was identified in kazuph mcp-docs-rag up to 0.5.0. Affected is the function cloneRepository of the file... |
| [CVE-2026-5004](https://nvd.nist.gov/vuln/detail/CVE-2026-5004) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-28 | A vulnerability was determined in Wavlink WL-WN579X3-C 231124. This impacts the function sub_4019FC of the file /cgi-bin... |
| [CVE-2026-5003](https://nvd.nist.gov/vuln/detail/CVE-2026-5003) | 5.5 | MEDIUM | CWE-200 | No | 0.0% | 3.85 | 2026-03-28 | A vulnerability was found in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054. This affects the fun... |
| [CVE-2026-5002](https://nvd.nist.gov/vuln/detail/CVE-2026-5002) | 6.9 | MEDIUM | CWE-74 | No | 0.1% | 4.83 | 2026-03-28 | A vulnerability has been found in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054. The impacted el... |
| [CVE-2026-5001](https://nvd.nist.gov/vuln/detail/CVE-2026-5001) | 6.9 | MEDIUM | CWE-284 | No | 0.1% | 4.83 | 2026-03-28 | A flaw has been found in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054. The affected element is... |
| [CVE-2026-5000](https://nvd.nist.gov/vuln/detail/CVE-2026-5000) | 6.9 | MEDIUM | CWE-287 | No | 0.1% | 4.83 | 2026-03-28 | A vulnerability was detected in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054. Impacted is the f... |
| [CVE-2026-4999](https://nvd.nist.gov/vuln/detail/CVE-2026-4999) | 5.3 | MEDIUM | CWE-22 | No | 0.1% | 3.71 | 2026-03-28 | A security vulnerability has been detected in z-9527 admin up to 72aaf2dd05cf4ec2e98f390668b41e128eec5ad2. This issue af... |
| [CVE-2026-4998](https://nvd.nist.gov/vuln/detail/CVE-2026-4998) | 6.9 | MEDIUM | CWE-74 | No | 0.1% | 4.83 | 2026-03-28 | A weakness has been identified in Sinaptik AI PandasAI up to 3.0.0. This vulnerability affects the function CodeExecutor... |
| [CVE-2026-4997](https://nvd.nist.gov/vuln/detail/CVE-2026-4997) | 5.5 | MEDIUM | CWE-22 | No | 0.1% | 3.85 | 2026-03-28 | A security flaw has been discovered in Sinaptik AI PandasAI up to 3.0.0. This affects the function is_sql_query_safe of... |
| [CVE-2026-4996](https://nvd.nist.gov/vuln/detail/CVE-2026-4996) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-28 | A vulnerability was identified in Sinaptik AI PandasAI up to 0.1.4. Affected by this issue is the function delete_questi... |
| [CVE-2026-2595](https://nvd.nist.gov/vuln/detail/CVE-2026-2595) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-28 | The Quads Ads Manager for Google AdSense plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions u... |
| [CVE-2018-25225](https://nvd.nist.gov/vuln/detail/CVE-2018-25225) | 8.6 | HIGH | CWE-306 | No | 0.0% | 6.02 | 2026-03-28 | SIPP 3.3 contains a stack-based buffer overflow vulnerability that allows local unauthenticated attackers to execute arb... |
| [CVE-2018-25224](https://nvd.nist.gov/vuln/detail/CVE-2018-25224) | 8.6 | HIGH | CWE-306 | No | 0.0% | 6.02 | 2026-03-28 | PMS 0.42 contains a stack-based buffer overflow vulnerability that allows local unauthenticated attackers to execute arb... |
| [CVE-2018-25223](https://nvd.nist.gov/vuln/detail/CVE-2018-25223) | 9.3 | CRITICAL | CWE-787 | No | 0.3% | 6.52 | 2026-03-28 | Crashmail 1.6 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary cod... |
| [CVE-2018-25222](https://nvd.nist.gov/vuln/detail/CVE-2018-25222) | 8.6 | HIGH | CWE-787 | No | 0.0% | 6.02 | 2026-03-28 | SC v7.16 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by s... |
| [CVE-2018-25221](https://nvd.nist.gov/vuln/detail/CVE-2018-25221) | 9.3 | CRITICAL | CWE-787 | No | 0.3% | 6.52 | 2026-03-28 | EChat Server 3.1 contains a buffer overflow vulnerability in the chat.ghp endpoint that allows remote attackers to execu... |
| [CVE-2018-25220](https://nvd.nist.gov/vuln/detail/CVE-2018-25220) | 9.3 | CRITICAL | CWE-787 | No | 0.1% | 6.51 | 2026-03-28 | Bochs 2.6-5 contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supp... |
| [CVE-2017-20229](https://nvd.nist.gov/vuln/detail/CVE-2017-20229) | 9.3 | CRITICAL | CWE-787 | No | 0.1% | 6.51 | 2026-03-28 | MAWK 1.3.3-17 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary... |
| [CVE-2017-20228](https://nvd.nist.gov/vuln/detail/CVE-2017-20228) | 8.6 | HIGH | CWE-787 | No | 0.0% | 6.02 | 2026-03-28 | Flat Assembler 1.71.21 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbit... |
| [CVE-2017-20227](https://nvd.nist.gov/vuln/detail/CVE-2017-20227) | 9.3 | CRITICAL | CWE-787 | No | 0.1% | 6.51 | 2026-03-28 | JAD Java Decompiler 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vulnerability that allows attackers t... |
| [CVE-2017-20226](https://nvd.nist.gov/vuln/detail/CVE-2017-20226) | 8.6 | HIGH | CWE-787 | No | 0.0% | 6.02 | 2026-03-28 | Mapscrn 2.0.3 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code... |
| [CVE-2017-20225](https://nvd.nist.gov/vuln/detail/CVE-2017-20225) | 9.3 | CRITICAL | CWE-787 | No | 0.1% | 6.51 | 2026-03-28 | TiEmu 2.08 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary cod... |
| [CVE-2016-20049](https://nvd.nist.gov/vuln/detail/CVE-2016-20049) | 9.3 | CRITICAL | CWE-787 | No | 0.1% | 6.51 | 2026-03-28 | JAD 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitr... |
| [CVE-2016-20048](https://nvd.nist.gov/vuln/detail/CVE-2016-20048) | 8.6 | HIGH | CWE-22 | No | 0.0% | 6.02 | 2026-03-28 | iSelect 1.4.0-2+b1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code... |
| [CVE-2016-20047](https://nvd.nist.gov/vuln/detail/CVE-2016-20047) | 8.6 | HIGH | CWE-787 | No | 0.0% | 6.02 | 2026-03-28 | EKG Gadu 1.9~pre+r2855-3+b1 contains a local buffer overflow vulnerability in the username handling that allows local at... |
| [CVE-2016-20046](https://nvd.nist.gov/vuln/detail/CVE-2016-20046) | 8.6 | HIGH | CWE-787 | No | 0.0% | 6.02 | 2026-03-28 | zFTP Client 20061220+dfsg3-4.1 contains a buffer overflow vulnerability in the NAME parameter handling of FTP connection... |
| [CVE-2016-20045](https://nvd.nist.gov/vuln/detail/CVE-2016-20045) | 8.6 | HIGH | CWE-787 | No | 0.0% | 6.02 | 2026-03-28 | HNB Organizer 1.9.18-10 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary... |
| [CVE-2016-20044](https://nvd.nist.gov/vuln/detail/CVE-2016-20044) | 8.6 | HIGH | CWE-787 | No | 0.0% | 6.02 | 2026-03-28 | PInfo 0.6.9-5.1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by... |
| [CVE-2016-20043](https://nvd.nist.gov/vuln/detail/CVE-2016-20043) | 8.6 | HIGH | CWE-787 | No | 0.0% | 6.02 | 2026-03-28 | NRSS RSS Reader 0.3.9-1 contains a stack buffer overflow vulnerability that allows local attackers to execute arbitrary... |
| [CVE-2016-20042](https://nvd.nist.gov/vuln/detail/CVE-2016-20042) | 8.6 | HIGH | CWE-787 | No | 0.0% | 6.02 | 2026-03-28 | TRN 3.6-23 contains a stack buffer overflow vulnerability that allows local attackers to execute arbitrary code by suppl... |
| [CVE-2016-20041](https://nvd.nist.gov/vuln/detail/CVE-2016-20041) | 8.6 | HIGH | CWE-22 | No | 0.0% | 6.02 | 2026-03-28 | Yasr 0.6.9-5 contains a buffer overflow vulnerability that allows local attackers to crash the application or execute ar... |
| [CVE-2016-20040](https://nvd.nist.gov/vuln/detail/CVE-2016-20040) | 8.6 | HIGH | CWE-22 | No | 0.0% | 6.02 | 2026-03-28 | TiEmu 3.03-nogdb+dfsg-3 contains a buffer overflow vulnerability in the ROM parameter handling that allows local attacke... |
| [CVE-2016-20039](https://nvd.nist.gov/vuln/detail/CVE-2016-20039) | 8.6 | HIGH | CWE-787 | No | 0.0% | 6.02 | 2026-03-28 | Multi Emulator Super System 0.154-3.1 contains a buffer overflow vulnerability in the gamma parameter handling that allo... |
| [CVE-2016-20038](https://nvd.nist.gov/vuln/detail/CVE-2016-20038) | 8.6 | HIGH | CWE-787 | No | 0.0% | 6.02 | 2026-03-28 | yTree 1.94-1.1 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary cod... |
| [CVE-2016-20037](https://nvd.nist.gov/vuln/detail/CVE-2016-20037) | 8.6 | HIGH | CWE-787 | No | 0.0% | 6.02 | 2026-03-28 | xwpe 1.5.30a-2.1 and prior contains a stack-based buffer overflow vulnerability that allows local attackers to execute a... |
| [CVE-2026-4995](https://nvd.nist.gov/vuln/detail/CVE-2026-4995) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-03-28 | A vulnerability was determined in wandb OpenUI up to 1.0. Affected by this vulnerability is an unknown functionality of... |
| [CVE-2025-9497](https://nvd.nist.gov/vuln/detail/CVE-2025-9497) | 5.5 | MEDIUM | CWE-798 | No | 0.0% | 3.85 | 2026-03-28 | Use of Hard-coded Credentials vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This... |
| [CVE-2026-4994](https://nvd.nist.gov/vuln/detail/CVE-2026-4994) | 5.1 | MEDIUM | CWE-200 | No | 0.0% | 3.57 | 2026-03-28 | A vulnerability was found in wandb OpenUI up to 1.0/3.5-turb. Affected is the function generic_exception_handler of the... |
| [CVE-2026-4993](https://nvd.nist.gov/vuln/detail/CVE-2026-4993) | 1.9 | LOW | CWE-259 | No | 0.0% | 1.33 | 2026-03-28 | A vulnerability has been found in wandb OpenUI up to 0.0.0.0/1.0. This impacts an unknown function of the file backend/o... |
| [CVE-2026-2442](https://nvd.nist.gov/vuln/detail/CVE-2026-2442) | 5.3 | MEDIUM | CWE-93 | No | 0.1% | 3.71 | 2026-03-28 | The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Improper Neutralizatio... |
| [CVE-2026-1307](https://nvd.nist.gov/vuln/detail/CVE-2026-1307) | 6.5 | MEDIUM | CWE-200 | No | 0.0% | 4.55 | 2026-03-28 | The Ninja Forms - The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Sensitive Informati... |
| [CVE-2025-15445](https://nvd.nist.gov/vuln/detail/CVE-2025-15445) | 5.4 | MEDIUM | CWE-862 | No | 0.0% | 3.78 | 2026-03-28 | The Restaurant Cafeteria WordPress theme through 0.4.6 exposes insecure admin-ajax actions without nonce or capability c... |
| [CVE-2025-12886](https://nvd.nist.gov/vuln/detail/CVE-2025-12886) | 7.2 | HIGH | CWE-918 | No | 0.1% | 5.04 | 2026-03-28 | The Oxygen Theme theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including,... |
| [CVE-2026-4987](https://nvd.nist.gov/vuln/detail/CVE-2026-4987) | 7.5 | HIGH | CWE-20 | No | 0.1% | 5.25 | 2026-03-28 | The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amo... |
| [CVE-2026-1679](https://nvd.nist.gov/vuln/detail/CVE-2026-1679) | 7.3 | HIGH | CWE-120 | No | 0.0% | 5.11 | 2026-03-28 | The eswifi socket offload driver copies user-provided payloads into a fixed buffer without checking available space; ove... |
| [CVE-2026-4992](https://nvd.nist.gov/vuln/detail/CVE-2026-4992) | 5.3 | MEDIUM | CWE-79 | No | 0.0% | 3.71 | 2026-03-27 | A flaw has been found in wandb OpenUI up to 1.0. This affects the function create_share/get_share of the file backend/op... |
| [CVE-2026-4991](https://nvd.nist.gov/vuln/detail/CVE-2026-4991) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-03-27 | A vulnerability was detected in QDOCS Smart School Management System up to 7.2. The impacted element is an unknown funct... |
| [CVE-2026-4248](https://nvd.nist.gov/vuln/detail/CVE-2026-4248) | 8.0 | HIGH | CWE-285 | No | 0.0% | 5.60 | 2026-03-27 | The Ultimate Member plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and incl... |
| [CVE-2026-33996](https://nvd.nist.gov/vuln/detail/CVE-2026-33996) | 5.8 | MEDIUM | CWE-476 | No | 0.0% | 4.06 | 2026-03-27 | LibJWT is a C JSON Web Token Library. Starting in version 3.0.0 and prior to version 3.3.0, the JWK parsing for RSA-PSS... |
| [CVE-2026-33994](https://nvd.nist.gov/vuln/detail/CVE-2026-33994) | 6.3 | MEDIUM | CWE-1321 | No | 0.1% | 4.41 | 2026-03-27 | Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Starting in version 2.0.39... |
| [CVE-2026-33993](https://nvd.nist.gov/vuln/detail/CVE-2026-33993) | 6.9 | MEDIUM | CWE-1321 | No | 0.1% | 4.83 | 2026-03-27 | Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior to version 3.0.25, t... |
| [CVE-2026-33992](https://nvd.nist.gov/vuln/detail/CVE-2026-33992) | 9.3 | CRITICAL | CWE-918 | No | 0.1% | 6.51 | 2026-03-27 | pyLoad is a free and open-source download manager written in Python. Prior to version 0.5.0b3.dev97, PyLoad's download e... |
| [CVE-2026-33991](https://nvd.nist.gov/vuln/detail/CVE-2026-33991) | 8.8 | HIGH | CWE-89 | No | 0.1% | 6.16 | 2026-03-27 | WeGIA is a web manager for charitable institutions. Prior to version 3.6.7, the file `html/socio/sistema/deletar_tag.php... |
| [CVE-2026-33936](https://nvd.nist.gov/vuln/detail/CVE-2026-33936) | 5.3 | MEDIUM | CWE-20 | No | 0.1% | 3.71 | 2026-03-27 | The `ecdsa` PyPI package is a pure Python implementation of ECC (Elliptic Curve Cryptography) with support for ECDSA (El... |
| [CVE-2026-4990](https://nvd.nist.gov/vuln/detail/CVE-2026-4990) | 6.9 | MEDIUM | CWE-266 | No | 0.0% | 4.83 | 2026-03-27 | A security vulnerability has been detected in chatwoot up to 4.11.1. The affected element is an unknown function of the... |
| [CVE-2026-4988](https://nvd.nist.gov/vuln/detail/CVE-2026-4988) | 6.3 | MEDIUM | CWE-404 | No | 0.1% | 4.41 | 2026-03-27 | A security flaw has been discovered in Open5GS 2.7.6. This issue affects the function smf_gx_cca_cb/smf_gy_cca_cb/smf_s6... |
| [CVE-2026-4985](https://nvd.nist.gov/vuln/detail/CVE-2026-4985) | 5.3 | MEDIUM | CWE-189 | No | 0.0% | 3.71 | 2026-03-27 | A vulnerability was identified in dloebl CGIF up to 0.5.2. This vulnerability affects the function cgif_addframe of the... |
| [CVE-2026-34226](https://nvd.nist.gov/vuln/detail/CVE-2026-34226) | 7.5 | HIGH | CWE-201 | No | 0.0% | 5.25 | 2026-03-27 | Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. Versions prior to 20.8.9... |
| [CVE-2026-33989](https://nvd.nist.gov/vuln/detail/CVE-2026-33989) | 8.1 | HIGH | CWE-22 | No | 0.0% | 5.67 | 2026-03-27 | Mobile Next is an MCP server for mobile development and automation. Prior to version 0.0.49, the `@mobilenext/mobile-mcp... |
| [CVE-2026-33981](https://nvd.nist.gov/vuln/detail/CVE-2026-33981) | 8.3 | HIGH | CWE-200 | No | 0.0% | 5.81 | 2026-03-27 | changedetection.io is a free open source web page change detection tool. Prior to 0.54.7, the `jq:` and `jqraw:` include... |
| [CVE-2026-33980](https://nvd.nist.gov/vuln/detail/CVE-2026-33980) | 8.3 | HIGH | CWE-943 | No | 0.1% | 5.81 | 2026-03-27 | Azure Data Explorer MCP Server is a Model Context Protocol (MCP) server that enables AI assistants to execute KQL querie... |
| [CVE-2026-33979](https://nvd.nist.gov/vuln/detail/CVE-2026-33979) | 8.2 | HIGH | CWE-79 | No | 0.0% | 5.74 | 2026-03-27 | Express XSS Sanitizer is Express 4.x and 5.x middleware which sanitizes user input data (in req.body, req.query, req.hea... |
| [CVE-2026-33976](https://nvd.nist.gov/vuln/detail/CVE-2026-33976) | 9.6 | CRITICAL | CWE-79 | No | 0.1% | 6.72 | 2026-03-27 | Notesnook is a note-taking app. Prior to version 3.3.11 on Web/Desktop and 3.3.17 on Android/iOS, a stored XSS in the We... |
| [CVE-2026-33955](https://nvd.nist.gov/vuln/detail/CVE-2026-33955) | 8.6 | HIGH | CWE-79 | No | 0.1% | 6.02 | 2026-03-27 | Notesnook is a note-taking app. Prior to version 3.3.11 on Web/Desktop, a cross-site scripting vulnerability stored in t... |
| [CVE-2026-33954](https://nvd.nist.gov/vuln/detail/CVE-2026-33954) | 6.5 | MEDIUM | CWE-285 | No | 0.0% | 4.55 | 2026-03-27 | LinkAce is a self-hosted archive to collect website links. In versions prior to 2.5.3, a private note attached to a non-... |
| [CVE-2026-33953](https://nvd.nist.gov/vuln/detail/CVE-2026-33953) | 8.5 | HIGH | CWE-918 | No | 0.0% | 5.95 | 2026-03-27 | LinkAce is a self-hosted archive to collect website links. Versions prior to 2.5.3 block direct requests to private IP l... |
| [CVE-2026-33946](https://nvd.nist.gov/vuln/detail/CVE-2026-33946) | 8.2 | HIGH | CWE-384 | No | 0.0% | 5.74 | 2026-03-27 | MCP Ruby SDK is the official Ruby SDK for Model Context Protocol servers and clients. Prior to version 0.9.2, the Ruby S... |
| [CVE-2026-33943](https://nvd.nist.gov/vuln/detail/CVE-2026-33943) | 8.8 | HIGH | CWE-94 | No | 0.1% | 6.16 | 2026-03-27 | Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. In versions 15.10.0 thro... |
| [CVE-2026-33941](https://nvd.nist.gov/vuln/detail/CVE-2026-33941) | 8.2 | HIGH | CWE-79 | No | 0.0% | 5.74 | 2026-03-27 | Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the Hand... |
| [CVE-2026-33940](https://nvd.nist.gov/vuln/detail/CVE-2026-33940) | 8.1 | HIGH | CWE-94 | No | 0.1% | 5.67 | 2026-03-27 | Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, a crafte... |
| [CVE-2026-33939](https://nvd.nist.gov/vuln/detail/CVE-2026-33939) | 7.5 | HIGH | CWE-754 | No | 0.0% | 5.25 | 2026-03-27 | Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, when a H... |
| [CVE-2026-27309](https://nvd.nist.gov/vuln/detail/CVE-2026-27309) | 7.8 | HIGH | CWE-416 | No | 0.0% | 5.46 | 2026-03-27 | Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that could result in arbi... |
| [CVE-2019-25652](https://nvd.nist.gov/vuln/detail/CVE-2019-25652) | 7.7 | HIGH | CWE-295 | No | 0.0% | 5.39 | 2026-03-27 | UniFi Network Controller before version 5.10.22 and 5.11.x before 5.11.18 contains an improper certificate verification... |
| [CVE-2019-25651](https://nvd.nist.gov/vuln/detail/CVE-2019-25651) | 8.7 | HIGH | CWE-327 | No | 0.0% | 6.09 | 2026-03-27 | Ubiquiti UniFi Network Controller prior to 5.10.12 (excluding 5.6.42), UAP FW prior to 4.0.6, UAP-AC, UAP-AC v2, and UAP... |
| [CVE-2026-4976](https://nvd.nist.gov/vuln/detail/CVE-2026-4976) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-27 | A vulnerability was found in Totolink LR350 9.3.5u.6369_B20220309. This vulnerability affects the function setWiFiGuestC... |
| [CVE-2026-34046](https://nvd.nist.gov/vuln/detail/CVE-2026-34046) | 8.7 | HIGH | CWE-639 | No | 0.1% | 6.09 | 2026-03-27 | Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.5.1, the `_read_flow`... |
| [CVE-2026-33938](https://nvd.nist.gov/vuln/detail/CVE-2026-33938) | 8.1 | HIGH | CWE-94 | No | 0.1% | 5.67 | 2026-03-27 | Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the `@pa... |
| [CVE-2026-33937](https://nvd.nist.gov/vuln/detail/CVE-2026-33937) | 9.8 | CRITICAL | CWE-94 | No | 0.4% | 6.87 | 2026-03-27 | Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, `Handleb... |
| [CVE-2026-33916](https://nvd.nist.gov/vuln/detail/CVE-2026-33916) | 4.7 | MEDIUM | CWE-79 | No | 0.0% | 3.29 | 2026-03-27 | Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, `resolve... |
| [CVE-2026-33907](https://nvd.nist.gov/vuln/detail/CVE-2026-33907) | 6.5 | MEDIUM | CWE-476 | No | 0.0% | 4.55 | 2026-03-27 | Ella Core is a 5G core designed for private networks. Versions prior to 1.7.0 panic when processing Authentication Respo... |
| [CVE-2026-33906](https://nvd.nist.gov/vuln/detail/CVE-2026-33906) | 7.2 | HIGH | CWE-269 | No | 0.0% | 5.04 | 2026-03-27 | Ella Core is a 5G core designed for private networks. Prior to version 1.7.0, the NetworkManager role was granted backup... |
| [CVE-2026-33904](https://nvd.nist.gov/vuln/detail/CVE-2026-33904) | 6.5 | MEDIUM | CWE-833 | No | 0.0% | 4.55 | 2026-03-27 | Ella Core is a 5G core designed for private networks. Prior to version 1.7.0, a deadlock in the AMF's SCTP notification... |
| [CVE-2026-33903](https://nvd.nist.gov/vuln/detail/CVE-2026-33903) | 6.5 | MEDIUM | CWE-476 | No | 0.0% | 4.55 | 2026-03-27 | Ella Core is a 5G core designed for private networks. Versions prior to 1.7.0 panic when processing a specially crafted... |
| [CVE-2026-33896](https://nvd.nist.gov/vuln/detail/CVE-2026-33896) | 7.4 | HIGH | CWE-295 | No | 0.0% | 5.18 | 2026-03-27 | Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version... |
| [CVE-2026-33895](https://nvd.nist.gov/vuln/detail/CVE-2026-33895) | 7.5 | HIGH | CWE-347 | No | 0.0% | 5.25 | 2026-03-27 | Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version... |
| [CVE-2026-33894](https://nvd.nist.gov/vuln/detail/CVE-2026-33894) | 7.5 | HIGH | CWE-20 | No | 0.0% | 5.25 | 2026-03-27 | Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version... |
| [CVE-2026-33891](https://nvd.nist.gov/vuln/detail/CVE-2026-33891) | 7.5 | HIGH | CWE-835 | No | 0.1% | 5.25 | 2026-03-27 | Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version... |
| [CVE-2026-33887](https://nvd.nist.gov/vuln/detail/CVE-2026-33887) | 5.4 | MEDIUM | CWE-862 | No | 0.0% | 3.78 | 2026-03-27 | Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.16 and 6.7.2, authenticate... |
| [CVE-2026-33886](https://nvd.nist.gov/vuln/detail/CVE-2026-33886) | 6.5 | MEDIUM | CWE-200 | No | 0.0% | 4.55 | 2026-03-27 | Statamic is a Laravel and Git powered content management system (CMS). Starting in version 5.7.12 and prior to versions... |
| [CVE-2026-33885](https://nvd.nist.gov/vuln/detail/CVE-2026-33885) | 6.1 | MEDIUM | CWE-601 | No | 0.0% | 4.27 | 2026-03-27 | Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.16 and 6.7.2, the external... |
| [CVE-2026-33884](https://nvd.nist.gov/vuln/detail/CVE-2026-33884) | 4.3 | MEDIUM | CWE-863 | No | 0.0% | 3.01 | 2026-03-27 | Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.16 and 6.7.2, an authentic... |
| [CVE-2026-33883](https://nvd.nist.gov/vuln/detail/CVE-2026-33883) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-03-27 | Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.16 and 6.7.2, the `user:re... |
| [CVE-2026-33882](https://nvd.nist.gov/vuln/detail/CVE-2026-33882) | 6.5 | MEDIUM | CWE-20 | No | 0.1% | 4.55 | 2026-03-27 | Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.16 and 6.7.2, the markdown... |
| [CVE-2026-33881](https://nvd.nist.gov/vuln/detail/CVE-2026-33881) | 7.3 | HIGH | CWE-94 | No | 0.1% | 5.11 | 2026-03-27 | Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Workspace env... |
| [CVE-2026-33879](https://nvd.nist.gov/vuln/detail/CVE-2026-33879) | 2.7 | LOW | CWE-307 | No | 0.1% | 1.89 | 2026-03-27 | Federated Learning and Interoperability Platform (FLIP) is an open-source platform for federated training and evaluation... |
| [CVE-2026-33875](https://nvd.nist.gov/vuln/detail/CVE-2026-33875) | 9.3 | CRITICAL | CWE-940 | No | 0.1% | 6.51 | 2026-03-27 | Gematik Authenticator securely authenticates users for login to digital health applications. Versions prior to 4.16.0 ar... |
| [CVE-2026-33874](https://nvd.nist.gov/vuln/detail/CVE-2026-33874) | 7.8 | HIGH | CWE-78 | No | 0.1% | 5.46 | 2026-03-27 | Gematik Authenticator securely authenticates users for login to digital health applications. Starting in version 4.12.0... |
| [CVE-2026-33873](https://nvd.nist.gov/vuln/detail/CVE-2026-33873) | 9.3 | CRITICAL | CWE-94 | No | 0.1% | 6.51 | 2026-03-27 | Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.9.0, the Agentic Assis... |
| [CVE-2026-32187](https://nvd.nist.gov/vuln/detail/CVE-2026-32187) | 4.2 | MEDIUM | CWE-1021 | No | 0.0% | 2.94 | 2026-03-27 | Microsoft Edge (Chromium-based) Defense in Depth Vulnerability |
| [CVE-2026-4975](https://nvd.nist.gov/vuln/detail/CVE-2026-4975) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-27 | A vulnerability has been found in Tenda AC15 15.03.05.19. This affects the function formSetCfm of the file /goform/setcf... |
| [CVE-2026-4974](https://nvd.nist.gov/vuln/detail/CVE-2026-4974) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-27 | A flaw has been found in Tenda AC7 15.03.06.44. Affected by this issue is the function fromSetSysTime of the file /gofor... |
| [CVE-2026-4973](https://nvd.nist.gov/vuln/detail/CVE-2026-4973) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-03-27 | A vulnerability was detected in SourceCodester Online Quiz System up to 1.0. Affected by this vulnerability is an unknow... |
| [CVE-2026-4972](https://nvd.nist.gov/vuln/detail/CVE-2026-4972) | 4.8 | MEDIUM | CWE-79 | No | 0.0% | 3.36 | 2026-03-27 | A security vulnerability has been detected in code-projects Online Reviewer System up to 1.0. Affected is an unknown fun... |
| [CVE-2026-4971](https://nvd.nist.gov/vuln/detail/CVE-2026-4971) | 5.3 | MEDIUM | CWE-352 | No | 0.0% | 3.71 | 2026-03-27 | A weakness has been identified in SourceCodester Note Taking App up to 1.0. This impacts an unknown function. This manip... |
| [CVE-2026-34475](https://nvd.nist.gov/vuln/detail/CVE-2026-34475) | 5.4 | MEDIUM | CWE-180 | No | 0.0% | 3.78 | 2026-03-27 | Varnish Cache before 8.0.1 and Varnish Enterprise before 6.0.16r12, in certain unchecked req.url scenarios, mishandle UR... |
| [CVE-2026-34391](https://nvd.nist.gov/vuln/detail/CVE-2026-34391) | 6.6 | MEDIUM | CWE-488 | No | 0.0% | 4.62 | 2026-03-27 | Fleet is open source device management software. Prior to 4.81.1, a vulnerability in Fleet's Windows MDM command process... |
| [CVE-2026-34389](https://nvd.nist.gov/vuln/detail/CVE-2026-34389) | 4.9 | MEDIUM | CWE-287 | No | 0.0% | 3.43 | 2026-03-27 | Fleet is open source device management software. Prior to 4.81.0, Fleet contained an issue in the user invitation flow w... |
| [CVE-2026-34388](https://nvd.nist.gov/vuln/detail/CVE-2026-34388) | 6.6 | MEDIUM | CWE-703 | No | 0.1% | 4.62 | 2026-03-27 | Fleet is open source device management software. Prior to 4.81.0, a denial-of-service vulnerability in Fleet's gRPC Laun... |
| [CVE-2026-34205](https://nvd.nist.gov/vuln/detail/CVE-2026-34205) | 9.6 | CRITICAL | CWE-923 | No | 0.0% | 6.72 | 2026-03-27 | Home Assistant is open source home automation software that puts local control and privacy first. Home Assistant apps (f... |
| [CVE-2026-33872](https://nvd.nist.gov/vuln/detail/CVE-2026-33872) | 7.1 | HIGH | CWE-362 | No | 0.1% | 4.97 | 2026-03-27 | elixir-nodejs provides an Elixir API for calling Node.js functions. A vulnerability in versions prior to 3.1.4 results i... |
| [CVE-2026-33871](https://nvd.nist.gov/vuln/detail/CVE-2026-33871) | 8.7 | HIGH | CWE-770 | No | 0.1% | 6.09 | 2026-03-27 | Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Fina... |
| [CVE-2026-33870](https://nvd.nist.gov/vuln/detail/CVE-2026-33870) | 7.5 | HIGH | CWE-444 | No | 0.0% | 5.25 | 2026-03-27 | Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Fina... |
| [CVE-2026-33869](https://nvd.nist.gov/vuln/detail/CVE-2026-33869) | 4.8 | MEDIUM | CWE-863 | No | 0.1% | 3.36 | 2026-03-27 | Mastodon is a free, open-source social network server based on ActivityPub. In versions on the 4.5.x branch prior to 4.5... |
| [CVE-2026-33868](https://nvd.nist.gov/vuln/detail/CVE-2026-33868) | 4.3 | MEDIUM | CWE-601 | No | 0.9% | 3.04 | 2026-03-27 | Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.5.8, 4.4.15, and 4.3.21,... |
| [CVE-2026-33765](https://nvd.nist.gov/vuln/detail/CVE-2026-33765) | 8.9 | HIGH | CWE-78 | No | 0.2% | 6.24 | 2026-03-27 | Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking applic... |
| [CVE-2026-33739](https://nvd.nist.gov/vuln/detail/CVE-2026-33739) | 5.7 | MEDIUM | CWE-79 | No | 0.0% | 3.99 | 2026-03-27 | FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to 1.5.10.1812, the listing ta... |
| [CVE-2026-33654](https://nvd.nist.gov/vuln/detail/CVE-2026-33654) | 8.9 | HIGH | CWE-94 | No | 0.2% | 6.24 | 2026-03-27 | nanobot is a personal AI assistant. Prior to version 0.1.6, an indirect prompt injection vulnerability exists in the ema... |
| [CVE-2026-33045](https://nvd.nist.gov/vuln/detail/CVE-2026-33045) | 7.3 | HIGH | CWE-79 | No | 0.0% | 5.11 | 2026-03-27 | Home Assistant is open source home automation software that puts local control and privacy first. Starting in version 20... |
| [CVE-2026-33044](https://nvd.nist.gov/vuln/detail/CVE-2026-33044) | 7.3 | HIGH | CWE-79 | No | 0.0% | 5.11 | 2026-03-27 | Home Assistant is open source home automation software that puts local control and privacy first. Starting in version 20... |
| [CVE-2026-32241](https://nvd.nist.gov/vuln/detail/CVE-2026-32241) | 7.5 | HIGH | CWE-77 | No | 0.2% | 5.26 | 2026-03-27 | Flannel is a network fabric for containers, designed for Kubernetes. The Flannel project includes an experimental Extens... |
| [CVE-2026-31951](https://nvd.nist.gov/vuln/detail/CVE-2026-31951) | 6.8 | MEDIUM | CWE-200 | No | 0.0% | 4.76 | 2026-03-27 | LibreChat is a ChatGPT clone with additional features. In versions 0.8.2-rc1 through 0.8.3-rc1, user-created MCP (Model... |
| [CVE-2026-31950](https://nvd.nist.gov/vuln/detail/CVE-2026-31950) | 5.3 | MEDIUM | CWE-284 | No | 0.0% | 3.71 | 2026-03-27 | LibreChat is a ChatGPT clone with additional features. In versions 0.8.2-rc2 through 0.8.2-rc3, the SSE streaming endpoi... |
| [CVE-2026-31945](https://nvd.nist.gov/vuln/detail/CVE-2026-31945) | 7.7 | HIGH | CWE-918 | No | 0.0% | 5.39 | 2026-03-27 | LibreChat is a ChatGPT clone with additional features. Versions 0.8.2-rc2 through 0.8.2 are vulnerable to a server-side... |
| [CVE-2026-31943](https://nvd.nist.gov/vuln/detail/CVE-2026-31943) | 8.5 | HIGH | CWE-918 | No | 0.0% | 5.95 | 2026-03-27 | LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.3, `isPrivateIP()` in `packages/api/src/auth... |
| [CVE-2026-4970](https://nvd.nist.gov/vuln/detail/CVE-2026-4970) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-03-27 | A security flaw has been discovered in code-projects Social Networking Site 1.0. This affects an unknown function of the... |
| [CVE-2026-4969](https://nvd.nist.gov/vuln/detail/CVE-2026-4969) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-03-27 | A vulnerability was identified in code-projects Social Networking Site 1.0. The impacted element is an unknown function... |
| [CVE-2026-34387](https://nvd.nist.gov/vuln/detail/CVE-2026-34387) | 5.7 | MEDIUM | CWE-78 | No | 0.1% | 3.99 | 2026-03-27 | Fleet is open source device management software. Prior to 4.81.1, a command injection vulnerability in Fleet's software... |
| [CVE-2026-34386](https://nvd.nist.gov/vuln/detail/CVE-2026-34386) | 6.3 | MEDIUM | CWE-89 | No | 0.0% | 4.41 | 2026-03-27 | Fleet is open source device management software. Prior to 4.81.0, a SQL injection vulnerability in Fleet's MDM bootstrap... |
| [CVE-2026-34385](https://nvd.nist.gov/vuln/detail/CVE-2026-34385) | 6.2 | MEDIUM | CWE-89 | No | 0.0% | 4.34 | 2026-03-27 | Fleet is open source device management software. Prior to 4.81.0, a second-order SQL injection vulnerability in Fleet's... |
| [CVE-2026-34375](https://nvd.nist.gov/vuln/detail/CVE-2026-34375) | 8.2 | HIGH | CWE-79 | No | 0.0% | 5.74 | 2026-03-27 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the YPTWallet Stripe payment confirm... |
| [CVE-2026-34374](https://nvd.nist.gov/vuln/detail/CVE-2026-34374) | 9.1 | CRITICAL | CWE-89 | No | 0.0% | 6.37 | 2026-03-27 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `Live_schedule::keyExists()` met... |
| [CVE-2026-34369](https://nvd.nist.gov/vuln/detail/CVE-2026-34369) | 5.3 | MEDIUM | CWE-862 | No | 0.1% | 3.71 | 2026-03-27 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `get_api_video_file` and `get_ap... |
| [CVE-2026-29180](https://nvd.nist.gov/vuln/detail/CVE-2026-29180) | 4.9 | MEDIUM | CWE-862 | No | 0.0% | 3.43 | 2026-03-27 | Fleet is open source device management software. Prior to 4.81.1, a broken access control vulnerability in Fleet's host... |
| [CVE-2026-26061](https://nvd.nist.gov/vuln/detail/CVE-2026-26061) | 8.7 | HIGH | CWE-770 | No | 0.1% | 6.09 | 2026-03-27 | Fleet is open source device management software. Prior to 4.81.0, Fleet contained multiple unauthenticated HTTP endpoint... |
| [CVE-2026-26060](https://nvd.nist.gov/vuln/detail/CVE-2026-26060) | 6.0 | MEDIUM | CWE-613 | No | 0.0% | 4.20 | 2026-03-27 | Fleet is open source device management software. Prior to 4.81.0, a vulnerability in Fleet’s password management logic c... |
| [CVE-2025-15612](https://nvd.nist.gov/vuln/detail/CVE-2025-15612) | 6.3 | MEDIUM | CWE-295 | No | 0.0% | 4.41 | 2026-03-27 | Wazuh provisioning scripts and Dockerfiles contain an insecure transport vulnerability where curl is invoked with the -k... |
| [CVE-2026-4968](https://nvd.nist.gov/vuln/detail/CVE-2026-4968) | 5.3 | MEDIUM | CWE-352 | No | 0.0% | 3.71 | 2026-03-27 | A vulnerability was determined in SourceCodester Diary App 1.0. The affected element is an unknown function of the file... |
| [CVE-2026-4966](https://nvd.nist.gov/vuln/detail/CVE-2026-4966) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-03-27 | A flaw has been found in itsourcecode Free Hotel Reservation System 1.0. Impacted is an unknown function of the file /ad... |
| [CVE-2026-4965](https://nvd.nist.gov/vuln/detail/CVE-2026-4965) | 6.9 | MEDIUM | CWE-94 | No | 0.0% | 4.83 | 2026-03-27 | A vulnerability was detected in letta-ai letta 0.16.4. This issue affects the function resolve_type of the file letta/fu... |
| [CVE-2026-34368](https://nvd.nist.gov/vuln/detail/CVE-2026-34368) | 5.3 | MEDIUM | CWE-362 | No | 0.0% | 3.71 | 2026-03-27 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `transferBalance()` method in `p... |
| [CVE-2026-34364](https://nvd.nist.gov/vuln/detail/CVE-2026-34364) | 5.3 | MEDIUM | CWE-863 | No | 0.0% | 3.71 | 2026-03-27 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `categories.json.php` endpoint,... |
| [CVE-2026-30568](https://nvd.nist.gov/vuln/detail/CVE-2026-30568) | 4.8 | MEDIUM | CWE-79 | No | 0.0% | 3.36 | 2026-03-27 | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0 in in the v... |
| [CVE-2026-30567](https://nvd.nist.gov/vuln/detail/CVE-2026-30567) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-03-27 | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0 in the view... |
| [CVE-2025-15617](https://nvd.nist.gov/vuln/detail/CVE-2025-15617) | 8.3 | HIGH | CWE-522 | No | 0.1% | 5.81 | 2026-03-27 | Wazuh version 4.12.0 contains an exposure vulnerability in GitHub Actions workflow artifacts that allows attackers to ex... |
| [CVE-2026-4964](https://nvd.nist.gov/vuln/detail/CVE-2026-4964) | 5.3 | MEDIUM | CWE-918 | No | 0.0% | 3.71 | 2026-03-27 | A security vulnerability has been detected in letta-ai letta 0.16.4. This vulnerability affects the function _convert_me... |
| [CVE-2026-4963](https://nvd.nist.gov/vuln/detail/CVE-2026-4963) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-03-27 | A weakness has been identified in huggingface smolagents 1.25.0.dev0. This affects the function evaluate_augassign/evalu... |
| [CVE-2026-4962](https://nvd.nist.gov/vuln/detail/CVE-2026-4962) | 7.3 | HIGH | CWE-426 | No | 0.0% | 5.11 | 2026-03-27 | A security flaw has been discovered in UltraVNC up to 1.6.4.0. Affected by this issue is some unknown functionality in t... |
| [CVE-2026-4961](https://nvd.nist.gov/vuln/detail/CVE-2026-4961) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-27 | A vulnerability was identified in Tenda AC6 15.03.05.16. Affected by this vulnerability is the function formQuickIndex o... |
| [CVE-2026-4960](https://nvd.nist.gov/vuln/detail/CVE-2026-4960) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-27 | A vulnerability was determined in Tenda AC6 15.03.05.16. Affected is the function fromWizardHandle of the file /goform/W... |
| [CVE-2026-34411](https://nvd.nist.gov/vuln/detail/CVE-2026-34411) | 6.9 | MEDIUM | CWE-306 | No | 0.1% | 4.83 | 2026-03-27 | Appsmith versions prior to 1.98 expose sensitive instance management API endpoints without authentication. Unauthenticat... |
| [CVE-2026-34362](https://nvd.nist.gov/vuln/detail/CVE-2026-34362) | 5.4 | MEDIUM | CWE-613 | No | 0.0% | 3.78 | 2026-03-27 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `verifyTokenSocket()` function i... |
| [CVE-2026-34247](https://nvd.nist.gov/vuln/detail/CVE-2026-34247) | 5.4 | MEDIUM | CWE-862 | No | 0.0% | 3.78 | 2026-03-27 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `plugin/Live/uploadPoster.php` e... |
| [CVE-2026-34245](https://nvd.nist.gov/vuln/detail/CVE-2026-34245) | 6.3 | MEDIUM | CWE-862 | No | 0.0% | 4.41 | 2026-03-27 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `plugin/PlayLists/View/Playlists... |
| [CVE-2026-33867](https://nvd.nist.gov/vuln/detail/CVE-2026-33867) | 9.1 | CRITICAL | CWE-312 | No | 0.0% | 6.37 | 2026-03-27 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, AVideo allows content owners to pass... |
| [CVE-2026-33770](https://nvd.nist.gov/vuln/detail/CVE-2026-33770) | 7.1 | HIGH | CWE-89 | No | 0.1% | 4.97 | 2026-03-27 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `fixCleanTitle()` static method... |
| [CVE-2026-33767](https://nvd.nist.gov/vuln/detail/CVE-2026-33767) | 7.1 | HIGH | CWE-89 | No | 0.1% | 4.97 | 2026-03-27 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, in `objects/like.php`, the `getLike(... |
| [CVE-2026-30576](https://nvd.nist.gov/vuln/detail/CVE-2026-30576) | 7.5 | HIGH | CWE-20 | No | 0.0% | 5.25 | 2026-03-27 | A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-stock.php file... |
| [CVE-2026-30575](https://nvd.nist.gov/vuln/detail/CVE-2026-30575) | 7.5 | HIGH | CWE-20 | No | 0.1% | 5.25 | 2026-03-27 | A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-stock.php file... |
| [CVE-2026-30574](https://nvd.nist.gov/vuln/detail/CVE-2026-30574) | 7.5 | HIGH | CWE-841 | No | 0.0% | 5.25 | 2026-03-27 | A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-sales.php file... |
| [CVE-2026-30571](https://nvd.nist.gov/vuln/detail/CVE-2026-30571) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-03-27 | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0 in the view... |
| [CVE-2026-30570](https://nvd.nist.gov/vuln/detail/CVE-2026-30570) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-03-27 | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0 in the view... |
| [CVE-2026-30569](https://nvd.nist.gov/vuln/detail/CVE-2026-30569) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-03-27 | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulner... |
| [CVE-2026-28369](https://nvd.nist.gov/vuln/detail/CVE-2026-28369) | 8.7 | HIGH | CWE-444 | No | 0.1% | 6.09 | 2026-03-27 | A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more... |
| [CVE-2026-28368](https://nvd.nist.gov/vuln/detail/CVE-2026-28368) | 8.7 | HIGH | CWE-444 | No | 0.1% | 6.09 | 2026-03-27 | A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where... |
| [CVE-2026-28367](https://nvd.nist.gov/vuln/detail/CVE-2026-28367) | 8.7 | HIGH | CWE-444 | No | 0.0% | 6.09 | 2026-03-27 | A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending `\r\r\r` as a header block ter... |
| [CVE-2025-15616](https://nvd.nist.gov/vuln/detail/CVE-2025-15616) | 7.1 | HIGH | CWE-94 | No | 0.1% | 4.97 | 2026-03-27 | Wazuh wazuh-agent and wazuh-manager versions 2.1.0 before 4.8.0 contain multiple shell injection and untrusted search pa... |
| [CVE-2025-15615](https://nvd.nist.gov/vuln/detail/CVE-2025-15615) | 6.9 | MEDIUM | CWE-276 | No | 0.2% | 4.83 | 2026-03-27 | Wazuh Manager authd service in wazuh-manager packages through version 4.7.3 contains an improper restriction of client-i... |
| [CVE-2025-15381](https://nvd.nist.gov/vuln/detail/CVE-2025-15381) | 8.1 | HIGH | CWE-200 | No | 0.0% | 5.67 | 2026-03-27 | In the latest version of mlflow/mlflow, when the `basic-auth` app is enabled, tracing and assessment endpoints are not p... |
| [CVE-2026-4959](https://nvd.nist.gov/vuln/detail/CVE-2026-4959) | 6.9 | MEDIUM | CWE-287 | No | 0.1% | 4.83 | 2026-03-27 | A vulnerability was found in OpenBMB XAgent 1.0.0. This impacts the function check_user of the file XAgentServer/applica... |
| [CVE-2026-4958](https://nvd.nist.gov/vuln/detail/CVE-2026-4958) | 2.3 | LOW | CWE-285 | No | 0.0% | 1.61 | 2026-03-27 | A vulnerability has been found in OpenBMB XAgent 1.0.0. This affects the function ReplayServer.on_connect/ReplayServer.s... |
| [CVE-2026-32984](https://nvd.nist.gov/vuln/detail/CVE-2026-32984) | 5.3 | MEDIUM | CWE-125 | No | 0.1% | 3.71 | 2026-03-27 | Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corruption and malformed... |
| [CVE-2026-32983](https://nvd.nist.gov/vuln/detail/CVE-2026-32983) | 6.9 | MEDIUM | CWE-276 | No | 0.1% | 4.83 | 2026-03-27 | Wazuh Manager authd service in wazuh-manager packages through version 4.7.3 contains an improper restriction of client-i... |
| [CVE-2026-30534](https://nvd.nist.gov/vuln/detail/CVE-2026-30534) | 8.3 | HIGH | CWE-89 | No | 0.0% | 5.81 | 2026-03-27 | A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in admin/manage_category.php via... |
| [CVE-2026-30533](https://nvd.nist.gov/vuln/detail/CVE-2026-30533) | 9.8 | CRITICAL | CWE-89 | No | 0.0% | 6.86 | 2026-03-27 | A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/manage_product.php... |
| [CVE-2026-30532](https://nvd.nist.gov/vuln/detail/CVE-2026-30532) | 9.8 | CRITICAL | CWE-89 | No | 0.0% | 6.86 | 2026-03-27 | A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/view_product.php fi... |
| [CVE-2026-30531](https://nvd.nist.gov/vuln/detail/CVE-2026-30531) | 8.8 | HIGH | CWE-89 | No | 0.0% | 6.16 | 2026-03-27 | A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file (specifi... |
| [CVE-2026-30530](https://nvd.nist.gov/vuln/detail/CVE-2026-30530) | 9.8 | CRITICAL | CWE-89 | No | 0.0% | 6.86 | 2026-03-27 | A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file (specifi... |
| [CVE-2026-30529](https://nvd.nist.gov/vuln/detail/CVE-2026-30529) | 8.8 | HIGH | CWE-89 | No | 0.0% | 6.16 | 2026-03-27 | A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file (specifi... |
| [CVE-2026-30527](https://nvd.nist.gov/vuln/detail/CVE-2026-30527) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-27 | A Stored Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Categ... |
| [CVE-2026-30302](https://nvd.nist.gov/vuln/detail/CVE-2026-30302) | 10.0 | CRITICAL | CWE-78 | No | 0.5% | 7.01 | 2026-03-27 | The command auto-approval module in CodeRider-Kilo contains an OS Command Injection vulnerability, rendering its whiteli... |
| [CVE-2023-7340](https://nvd.nist.gov/vuln/detail/CVE-2023-7340) | 5.3 | MEDIUM | CWE-125 | No | 0.0% | 3.71 | 2026-03-27 | Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corruption and malformed... |
| [CVE-2026-5027](https://nvd.nist.gov/vuln/detail/CVE-2026-5027) | 8.8 | HIGH | CWE-22 | No | 0.1% | 6.16 | 2026-03-27 | The 'POST /api/v2/files' endpoint does not sanitize the 'filename' parameter from the multipart form data, allowing an a... |
| [CVE-2026-5025](https://nvd.nist.gov/vuln/detail/CVE-2026-5025) | 6.5 | MEDIUM | CWE-862 | No | 0.0% | 4.55 | 2026-03-27 | The '/logs' and '/logs-stream' endpoints in the log router allow any authenticated user to read the full application log... |
| [CVE-2026-5022](https://nvd.nist.gov/vuln/detail/CVE-2026-5022) | 6.3 | MEDIUM | CWE-862 | No | 0.1% | 4.41 | 2026-03-27 | The '/api/v1/files/images/{flow_id}/{file_name}' endpoint does not enforce any authentication or authorization checks, a... |
| [CVE-2026-5010](https://nvd.nist.gov/vuln/detail/CVE-2026-5010) | 5.1 | MEDIUM | CWE-79 | No | 0.1% | 3.57 | 2026-03-27 | A reflected Cross-Site Scripting (XSS) vulnerability has been discovered in Clickedu. This vulnerability allows an attac... |
| [CVE-2026-4980](https://nvd.nist.gov/vuln/detail/CVE-2026-4980) | 6.3 | MEDIUM | CWE-611 | No | 0.0% | 4.41 | 2026-03-27 | A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote at... |
| [CVE-2026-4957](https://nvd.nist.gov/vuln/detail/CVE-2026-4957) | 5.1 | MEDIUM | CWE-200 | No | 0.0% | 3.57 | 2026-03-27 | A flaw has been found in OpenBMB XAgent 1.0.0. The impacted element is the function FunctionHandler.handle_tool_call of... |
| [CVE-2026-4956](https://nvd.nist.gov/vuln/detail/CVE-2026-4956) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-27 | A vulnerability was detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.44. The affected element is an unknown f... |
| [CVE-2026-4955](https://nvd.nist.gov/vuln/detail/CVE-2026-4955) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-27 | A vulnerability was found in Shenzhen Ruiming Technology Streamax Crocus 1.3.44. This impacts an unknown function of the... |
| [CVE-2026-4954](https://nvd.nist.gov/vuln/detail/CVE-2026-4954) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-03-27 | A security vulnerability has been detected in mingSoft MCMS up to 5.5.0. Impacted is the function list of the file net/m... |
| [CVE-2026-4953](https://nvd.nist.gov/vuln/detail/CVE-2026-4953) | 6.9 | MEDIUM | CWE-918 | No | 0.1% | 4.83 | 2026-03-27 | A weakness has been identified in mingSoft MCMS up to 5.5.0. This issue affects the function catchImage of the file net/... |
| [CVE-2026-33766](https://nvd.nist.gov/vuln/detail/CVE-2026-33766) | 5.3 | MEDIUM | CWE-918 | No | 0.0% | 3.71 | 2026-03-27 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, `isSSRFSafeURL()` validates URLs aga... |
| [CVE-2026-33764](https://nvd.nist.gov/vuln/detail/CVE-2026-33764) | 4.3 | MEDIUM | CWE-639 | No | 0.0% | 3.01 | 2026-03-27 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the AI plugin's `save.json.php` endp... |
| [CVE-2026-33763](https://nvd.nist.gov/vuln/detail/CVE-2026-33763) | 5.3 | MEDIUM | CWE-307 | No | 0.1% | 3.71 | 2026-03-27 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `get_api_video_password_is_corre... |
| [CVE-2026-33761](https://nvd.nist.gov/vuln/detail/CVE-2026-33761) | 5.3 | MEDIUM | CWE-200 | No | 0.1% | 3.71 | 2026-03-27 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, three `list.json.php` endpoints in t... |
| [CVE-2026-33759](https://nvd.nist.gov/vuln/detail/CVE-2026-33759) | 5.3 | MEDIUM | CWE-639 | No | 0.0% | 3.71 | 2026-03-27 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `objects/playlistsVideos.json.ph... |
| [CVE-2026-33758](https://nvd.nist.gov/vuln/detail/CVE-2026-33758) | 9.4 | CRITICAL | CWE-20 | No | 0.1% | 6.58 | 2026-03-27 | OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao installations that h... |
| [CVE-2026-33757](https://nvd.nist.gov/vuln/detail/CVE-2026-33757) | 9.6 | CRITICAL | CWE-384 | No | 0.1% | 6.72 | 2026-03-27 | OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao does not prompt for... |
| [CVE-2026-33755](https://nvd.nist.gov/vuln/detail/CVE-2026-33755) | 8.8 | HIGH | CWE-89 | No | 0.0% | 6.16 | 2026-03-27 | Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.158, 25.0.92, a... |
| [CVE-2026-33750](https://nvd.nist.gov/vuln/detail/CVE-2026-33750) | 6.5 | MEDIUM | CWE-400 | No | 0.1% | 4.55 | 2026-03-27 | The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5,... |
| [CVE-2026-33748](https://nvd.nist.gov/vuln/detail/CVE-2026-33748) | 8.2 | HIGH | CWE-22 | No | 0.0% | 5.74 | 2026-03-27 | BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. P... |
| [CVE-2026-33433](https://nvd.nist.gov/vuln/detail/CVE-2026-33433) | 5.1 | MEDIUM | CWE-290 | No | 0.0% | 3.57 | 2026-03-27 | Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.42, 3.6.11, and 3.7.0-ea.3, when `headerField... |
| [CVE-2026-33284](https://nvd.nist.gov/vuln/detail/CVE-2026-33284) | 1.2 | LOW | CWE-20 | No | 0.1% | 0.84 | 2026-03-27 | GlobaLeaks is free and open-source whistleblowing software. Prior to version 5.0.89, the /api/support endpoint of GlobaL... |
| [CVE-2026-33206](https://nvd.nist.gov/vuln/detail/CVE-2026-33206) | 8.2 | HIGH | CWE-23 | No | 0.0% | 5.74 | 2026-03-27 | calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.... |
| [CVE-2026-33205](https://nvd.nist.gov/vuln/detail/CVE-2026-33205) | 4.8 | MEDIUM | CWE-918 | No | 0.0% | 3.36 | 2026-03-27 | calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.... |
| [CVE-2026-30689](https://nvd.nist.gov/vuln/detail/CVE-2026-30689) | 7.5 | HIGH | CWE-284 | No | 0.0% | 5.25 | 2026-03-27 | A blog.admin v.8.0 and before system's getinfobytoken API interface contains an improper access control which leads to s... |
| [CVE-2026-30637](https://nvd.nist.gov/vuln/detail/CVE-2026-30637) | 7.5 | HIGH | CWE-918 | No | 0.1% | 5.25 | 2026-03-27 | Server-Side Request Forgery (SSRF) vulnerability exists in the AnnounContent of the /admin/read.php in OTCMS V7.66 and b... |
| [CVE-2026-30407](https://nvd.nist.gov/vuln/detail/CVE-2026-30407) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-03-27 | Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further inv... |
| [CVE-2026-30304](https://nvd.nist.gov/vuln/detail/CVE-2026-30304) | 9.6 | CRITICAL | CWE-20 | No | 0.1% | 6.72 | 2026-03-27 | In its design for automatic terminal command execution, AI Code offers two options: Execute safe commands and execute al... |
| [CVE-2026-30303](https://nvd.nist.gov/vuln/detail/CVE-2026-30303) | 9.8 | CRITICAL | CWE-78 | No | 0.4% | 6.87 | 2026-03-27 | The command auto-approval module in Axon Code contains an OS Command Injection vulnerability, rendering its whitelist se... |
| [CVE-2026-29871](https://nvd.nist.gov/vuln/detail/CVE-2026-29871) | 7.5 | HIGH | CWE-22 | No | 0.1% | 5.25 | 2026-03-27 | A path traversal vulnerability exists in the awesome-llm-apps project in commit e46690f99c3f08be80a9877fab52acacf7ab8251... |
| [CVE-2026-28375](https://nvd.nist.gov/vuln/detail/CVE-2026-28375) | 6.5 | MEDIUM | CWE-400 | No | 0.0% | 4.55 | 2026-03-27 | A testdata data-source can be used to trigger out-of-memory crashes in Grafana. |
| [CVE-2026-27880](https://nvd.nist.gov/vuln/detail/CVE-2026-27880) | 7.5 | HIGH | CWE-787 | No | 0.0% | 5.25 | 2026-03-27 | The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cause out-of-memory cra... |
| [CVE-2026-27879](https://nvd.nist.gov/vuln/detail/CVE-2026-27879) | 6.5 | MEDIUM | CWE-787 | No | 0.0% | 4.55 | 2026-03-27 | A resample query can be used to trigger out-of-memory crashes in Grafana. |
| [CVE-2026-1496](https://nvd.nist.gov/vuln/detail/CVE-2026-1496) | 9.3 | CRITICAL | CWE-639 | No | 0.1% | 6.51 | 2026-03-27 | Vulnerable versions of Coverity Connect lack an error handler in the authentication logic for command line tooling that... |
| [CVE-2025-69988](https://nvd.nist.gov/vuln/detail/CVE-2025-69988) | 6.5 | MEDIUM | CWE-284 | No | 0.0% | 4.55 | 2026-03-27 | BS Producten Petcam 33.1.0.0818 is vulnerable to Incorrect Access Control. An unauthenticated attacker in physical proxi... |
| [CVE-2025-69986](https://nvd.nist.gov/vuln/detail/CVE-2025-69986) | 7.2 | HIGH | CWE-20 | No | 0.2% | 5.04 | 2026-03-27 | A buffer overflow vulnerability exists in the ONVIF GetStreamUri function of LSC Indoor Camera V7.6.32. The application... |
| [CVE-2025-61190](https://nvd.nist.gov/vuln/detail/CVE-2025-61190) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-03-27 | A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in DSpace JSPUI 6.5 within the search/discover... |
| [CVE-2024-11604](https://nvd.nist.gov/vuln/detail/CVE-2024-11604) | 7.3 | HIGH | CWE-532 | No | 0.0% | 5.11 | 2026-03-27 | Insertion of Sensitive Information into Log File vulnerability in the SCIM Driver module in OpenText IDM Driver and Exte... |
| [CVE-2026-32859](https://nvd.nist.gov/vuln/detail/CVE-2026-32859) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-03-27 | ByteDance Deer-Flow versions prior to commit 5dbb362 contain a stored cross-site scripting vulnerability in the artifact... |
| [CVE-2026-32695](https://nvd.nist.gov/vuln/detail/CVE-2026-32695) | 6.3 | MEDIUM | CWE-74 | No | 0.0% | 4.41 | 2026-03-27 | Traefik is an HTTP reverse proxy and load balancer. Prior to versions 3.6.11 and 3.7.0-ea.2, Traefik's Knative provider... |
| [CVE-2025-13478](https://nvd.nist.gov/vuln/detail/CVE-2025-13478) | 8.4 | HIGH | CWE-522 | No | 0.2% | 5.89 | 2026-03-27 | Cache misconfiguration vulnerability in OpenText Identity Manager on Windows, Linux allows remote authenticated users to... |
| [CVE-2026-4340](https://nvd.nist.gov/vuln/detail/CVE-2026-4340) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-03-27 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All r... |
| [CVE-2026-4622](https://nvd.nist.gov/vuln/detail/CVE-2026-4622) | 7.1 | HIGH | CWE-78 | No | 0.4% | 4.98 | 2026-03-27 | OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute arbitrary OS command... |
| [CVE-2026-4621](https://nvd.nist.gov/vuln/detail/CVE-2026-4621) | 6.3 | MEDIUM | CWE-912 | No | 0.1% | 4.41 | 2026-03-27 | Hidden Functionality vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to enable telnet via network. |
| [CVE-2026-4620](https://nvd.nist.gov/vuln/detail/CVE-2026-4620) | 7.1 | HIGH | CWE-78 | No | 0.4% | 4.98 | 2026-03-27 | OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute arbitrary OS command... |
| [CVE-2026-4619](https://nvd.nist.gov/vuln/detail/CVE-2026-4619) | 6.0 | MEDIUM | CWE-22 | No | 0.1% | 4.20 | 2026-03-27 | Path Traversal vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to wtite over any file via network. |
| [CVE-2026-4309](https://nvd.nist.gov/vuln/detail/CVE-2026-4309) | 6.3 | MEDIUM | CWE-862 | No | 0.1% | 4.41 | 2026-03-27 | Missing Authorization vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to get a specific device infor... |
| [CVE-2026-3457](https://nvd.nist.gov/vuln/detail/CVE-2026-3457) | 7.0 | HIGH | CWE-79 | No | 0.0% | 4.90 | 2026-03-27 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Thales Sent... |
| [CVE-2026-27860](https://nvd.nist.gov/vuln/detail/CVE-2026-27860) | 3.7 | LOW | CWE-90 | No | 0.1% | 2.59 | 2026-03-27 | If auth_username_chars is empty, it is possible to inject arbitrary LDAP filter to Dovecot's LDAP authentication. This l... |
| [CVE-2026-27859](https://nvd.nist.gov/vuln/detail/CVE-2026-27859) | 5.3 | MEDIUM | CWE-400 | No | 0.1% | 3.71 | 2026-03-27 | A mail message containing excessive amount of RFC 2231 MIME parameters causes LMTP to use too much CPU. A suitably forma... |
| [CVE-2026-27857](https://nvd.nist.gov/vuln/detail/CVE-2026-27857) | 4.3 | MEDIUM | CWE-400 | No | 0.0% | 3.01 | 2026-03-27 | Sending "NOOP (((...)))" command with 4000 parenthesis open+close results in ~1MB extra memory usage. Longer commands wi... |
| [CVE-2026-27856](https://nvd.nist.gov/vuln/detail/CVE-2026-27856) | 7.4 | HIGH | CWE-287 | No | 0.0% | 5.18 | 2026-03-27 | Doveadm credentials are verified using direct comparison which is susceptible to timing oracle attack. An attacker can u... |
| [CVE-2026-27855](https://nvd.nist.gov/vuln/detail/CVE-2026-27855) | 6.8 | MEDIUM | CWE-294 | No | 0.0% | 4.76 | 2026-03-27 | Dovecot OTP authentication is vulnerable to replay attack under specific conditions. If auth cache is enabled, and usern... |
| [CVE-2026-24031](https://nvd.nist.gov/vuln/detail/CVE-2026-24031) | 7.7 | HIGH | CWE-89 | No | 0.1% | 5.39 | 2026-03-27 | Dovecot SQL based authentication can be bypassed when auth_username_chars is cleared by admin. This vulnerability allows... |
| [CVE-2026-0394](https://nvd.nist.gov/vuln/detail/CVE-2026-0394) | 5.3 | MEDIUM | CWE-22 | No | 0.1% | 3.71 | 2026-03-27 | When dovecot has been configured to use per-domain passwd files, and they are placed one path component above /etc, or s... |
| [CVE-2025-59032](https://nvd.nist.gov/vuln/detail/CVE-2025-59032) | 7.5 | HIGH | CWE-20 | No | 0.1% | 5.25 | 2026-03-27 | ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be used to crash ManageSi... |
| [CVE-2025-59031](https://nvd.nist.gov/vuln/detail/CVE-2025-59031) | 4.3 | MEDIUM | CWE-200 | No | 0.0% | 3.01 | 2026-03-27 | Dovecot has provided a script to use for attachment to text conversion. This script unsafely handles zip-style attachmen... |
| [CVE-2025-59028](https://nvd.nist.gov/vuln/detail/CVE-2025-59028) | 5.3 | MEDIUM | CWE-20 | No | 0.1% | 3.71 | 2026-03-27 | When sending invalid base64 SASL data, login process is disconnected from the auth server, causing all active authentica... |
| [CVE-2026-4948](https://nvd.nist.gov/vuln/detail/CVE-2026-4948) | 5.5 | MEDIUM | CWE-279 | No | 0.0% | 3.85 | 2026-03-27 | A flaw was found in firewalld. A local unprivileged user can exploit this vulnerability by mis-authorizing two runtime D... |
| [CVE-2026-34353](https://nvd.nist.gov/vuln/detail/CVE-2026-34353) | 5.9 | MEDIUM | CWE-190 | No | 0.0% | 4.13 | 2026-03-27 | In OCaml through 4.14.3, Bigarray.reshape allows an integer overflow, and resultant reading of arbitrary memory, when un... |
| [CVE-2026-33559](https://nvd.nist.gov/vuln/detail/CVE-2026-33559) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-03-27 | WordPress Plugin "OpenStreetMap" provided by MiKa contains a cross-site scripting vulnerability. On the site with the af... |
| [CVE-2026-33366](https://nvd.nist.gov/vuln/detail/CVE-2026-33366) | 6.9 | MEDIUM | CWE-306 | No | 0.1% | 4.83 | 2026-03-27 | Missing authentication for critical function vulnerability in BUFFALO Wi-Fi router products may allow an attacker to for... |
| [CVE-2026-33280](https://nvd.nist.gov/vuln/detail/CVE-2026-33280) | 8.6 | HIGH | CWE-912 | No | 0.1% | 6.02 | 2026-03-27 | Hidden functionality issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to gain access to the pr... |
| [CVE-2026-32678](https://nvd.nist.gov/vuln/detail/CVE-2026-32678) | 8.7 | HIGH | CWE-288 | No | 0.1% | 6.09 | 2026-03-27 | Authentication bypass issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to alter critical confi... |
| [CVE-2026-32669](https://nvd.nist.gov/vuln/detail/CVE-2026-32669) | 8.7 | HIGH | CWE-94 | No | 0.0% | 6.09 | 2026-03-27 | Code injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary c... |
| [CVE-2026-27650](https://nvd.nist.gov/vuln/detail/CVE-2026-27650) | 8.6 | HIGH | CWE-78 | No | 0.1% | 6.02 | 2026-03-27 | OS Command Injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbit... |
| [CVE-2026-22744](https://nvd.nist.gov/vuln/detail/CVE-2026-22744) | 7.5 | HIGH | N/A | No | 0.0% | 5.25 | 2026-03-27 | In RedisFilterExpressionConverter of spring-ai-redis-store, when a user-controlled string is passed as a filter value fo... |
| [CVE-2026-22743](https://nvd.nist.gov/vuln/detail/CVE-2026-22743) | 7.5 | HIGH | CWE-89 | No | 0.1% | 5.25 | 2026-03-27 | Spring AI's spring-ai-neo4j-store contains a Cypher injection vulnerability in Neo4jVectorFilterExpressionConverter. Whe... |
| [CVE-2026-4910](https://nvd.nist.gov/vuln/detail/CVE-2026-4910) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-27 | A security vulnerability has been detected in Shenzhen Ruiming Technology Streamax Crocus up to 1.3.44. Affected is an u... |
| [CVE-2026-3098](https://nvd.nist.gov/vuln/detail/CVE-2026-3098) | 6.5 | MEDIUM | CWE-862 | No | 0.0% | 4.55 | 2026-03-27 | The Smart Slider 3 plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.5.1... |
| [CVE-2026-4909](https://nvd.nist.gov/vuln/detail/CVE-2026-4909) | 4.8 | MEDIUM | CWE-79 | No | 0.0% | 3.36 | 2026-03-27 | A weakness has been identified in code-projects Exam Form Submission 1.0. This impacts an unknown function of the file /... |
| [CVE-2026-4908](https://nvd.nist.gov/vuln/detail/CVE-2026-4908) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-27 | A security flaw has been discovered in code-projects Simple Laundry System 1.0. This affects an unknown function of the... |
| [CVE-2026-4907](https://nvd.nist.gov/vuln/detail/CVE-2026-4907) | 5.3 | MEDIUM | CWE-918 | No | 0.0% | 3.71 | 2026-03-27 | A vulnerability was identified in Page-Replica Page Replica up to e4a7f52e75093ee318b4d5a9a9db6751050d2ad0. The impacted... |
| [CVE-2026-4906](https://nvd.nist.gov/vuln/detail/CVE-2026-4906) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-27 | A vulnerability was determined in Tenda AC5 15.03.06.47. The affected element is the function decodePwd of the file /gof... |
| [CVE-2026-33935](https://nvd.nist.gov/vuln/detail/CVE-2026-33935) | 7.7 | HIGH | CWE-307 | No | 0.4% | 5.40 | 2026-03-27 | MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.72, an unauthenticated att... |
| [CVE-2026-33890](https://nvd.nist.gov/vuln/detail/CVE-2026-33890) | 8.9 | HIGH | CWE-284 | No | 0.3% | 6.24 | 2026-03-27 | MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.71, an unauthenticated att... |
| [CVE-2026-33747](https://nvd.nist.gov/vuln/detail/CVE-2026-33747) | 8.4 | HIGH | CWE-22 | No | 0.1% | 5.88 | 2026-03-27 | BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. P... |
| [CVE-2026-33745](https://nvd.nist.gov/vuln/detail/CVE-2026-33745) | 7.4 | HIGH | CWE-200 | No | 0.0% | 5.18 | 2026-03-27 | cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.39.0, the cpp-httplib HTTP... |
| [CVE-2026-33744](https://nvd.nist.gov/vuln/detail/CVE-2026-33744) | 7.8 | HIGH | CWE-94 | No | 0.0% | 5.46 | 2026-03-27 | BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.... |
| [CVE-2026-33735](https://nvd.nist.gov/vuln/detail/CVE-2026-33735) | 7.4 | HIGH | CWE-285 | No | 0.0% | 5.18 | 2026-03-27 | MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.69, an authorization bypas... |
| [CVE-2026-33730](https://nvd.nist.gov/vuln/detail/CVE-2026-33730) | 6.5 | MEDIUM | CWE-639 | No | 0.0% | 4.55 | 2026-03-27 | Open Source Point of Sale (opensourcepos) is a web based point of sale application written in PHP using CodeIgniter fram... |
| [CVE-2026-33729](https://nvd.nist.gov/vuln/detail/CVE-2026-33729) | 5.8 | MEDIUM | CWE-20 | No | 0.0% | 4.06 | 2026-03-27 | OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Z... |
| [CVE-2026-33728](https://nvd.nist.gov/vuln/detail/CVE-2026-33728) | 9.3 | CRITICAL | CWE-502 | No | 0.8% | 6.53 | 2026-03-27 | dd-trace-java is a Datadog APM client for Java. In versions of dd-trace-java 0.40.0 through prior to 1.60.2, the RMI ins... |
| [CVE-2026-33726](https://nvd.nist.gov/vuln/detail/CVE-2026-33726) | 5.4 | MEDIUM | CWE-284 | No | 0.0% | 3.78 | 2026-03-27 | Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.14, 1.... |
| [CVE-2026-33725](https://nvd.nist.gov/vuln/detail/CVE-2026-33725) | 7.2 | HIGH | CWE-502 | No | 0.3% | 5.05 | 2026-03-27 | Metabase is an open source business intelligence and embedded analytics tool. In Metabase Enterprise prior to versions 1... |
| [CVE-2026-33721](https://nvd.nist.gov/vuln/detail/CVE-2026-33721) | 5.3 | MEDIUM | CWE-787 | No | 0.2% | 3.72 | 2026-03-27 | MapServer is a system for developing web-based GIS applications. Starting in version 4.2 and prior to version 8.6.1, a h... |
| [CVE-2026-33718](https://nvd.nist.gov/vuln/detail/CVE-2026-33718) | 7.6 | HIGH | CWE-78 | No | 0.4% | 5.33 | 2026-03-27 | OpenHands is software for AI-driven development. Starting in version 1.5.0, a Command Injection vulnerability exists in... |
| [CVE-2026-33701](https://nvd.nist.gov/vuln/detail/CVE-2026-33701) | 9.3 | CRITICAL | CWE-502 | No | 0.4% | 6.52 | 2026-03-27 | OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. I... |
| [CVE-2026-33699](https://nvd.nist.gov/vuln/detail/CVE-2026-33699) | 4.6 | MEDIUM | CWE-835 | No | 0.0% | 3.22 | 2026-03-27 | pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.2 have a vulnerability in which an attack... |
| [CVE-2026-33693](https://nvd.nist.gov/vuln/detail/CVE-2026-33693) | 6.5 | MEDIUM | CWE-918 | No | 0.1% | 4.55 | 2026-03-27 | Lemmy is a link aggregator and forum for the fediverse. Prior to version 0.7.0-beta.9, the `v4_is_invalid()` function in... |
| [CVE-2026-4905](https://nvd.nist.gov/vuln/detail/CVE-2026-4905) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-27 | A vulnerability was found in Tenda AC5 15.03.06.47. Impacted is the function formWifiWpsOOB of the file /goform/WifiWpsO... |
| [CVE-2026-4904](https://nvd.nist.gov/vuln/detail/CVE-2026-4904) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-27 | A vulnerability has been found in Tenda AC5 15.03.06.47. This issue affects the function formSetCfm of the file /goform/... |
| [CVE-2026-33945](https://nvd.nist.gov/vuln/detail/CVE-2026-33945) | 9.9 | CRITICAL | CWE-22 | No | 0.1% | 6.93 | 2026-03-27 | Incus is a system container and virtual machine manager. Incus instances have an option to provide credentials to system... |
| [CVE-2026-33697](https://nvd.nist.gov/vuln/detail/CVE-2026-33697) | 7.5 | HIGH | CWE-322 | No | 0.0% | 5.25 | 2026-03-27 | Cocos AI is a confidential computing system for AI. The current implementation of attested TLS (aTLS) in CoCoS is vulner... |
| [CVE-2026-29071](https://nvd.nist.gov/vuln/detail/CVE-2026-29071) | 3.1 | LOW | CWE-639 | No | 0.0% | 2.17 | 2026-03-27 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.... |
| [CVE-2026-29070](https://nvd.nist.gov/vuln/detail/CVE-2026-29070) | 5.4 | MEDIUM | CWE-862 | No | 0.0% | 3.78 | 2026-03-27 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.... |
| [CVE-2026-28788](https://nvd.nist.gov/vuln/detail/CVE-2026-28788) | 7.1 | HIGH | CWE-639 | No | 0.0% | 4.97 | 2026-03-27 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.... |
| [CVE-2026-28786](https://nvd.nist.gov/vuln/detail/CVE-2026-28786) | 4.3 | MEDIUM | CWE-22 | No | 0.0% | 3.01 | 2026-03-27 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.... |
| [CVE-2026-27893](https://nvd.nist.gov/vuln/detail/CVE-2026-27893) | 8.8 | HIGH | CWE-693 | No | 0.0% | 6.16 | 2026-03-27 | vLLM is an inference and serving engine for large language models (LLMs). Starting in version 0.10.1 and prior to versio... |
| [CVE-2026-4903](https://nvd.nist.gov/vuln/detail/CVE-2026-4903) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-26 | A flaw has been found in Tenda AC5 15.03.06.47. This vulnerability affects the function formQuickIndex of the file /gofo... |
| [CVE-2026-4902](https://nvd.nist.gov/vuln/detail/CVE-2026-4902) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-26 | A vulnerability was detected in Tenda AC5 15.03.06.47. This affects the function fromAddressNat of the file /goform/addr... |
| [CVE-2026-34352](https://nvd.nist.gov/vuln/detail/CVE-2026-34352) | 8.5 | HIGH | CWE-732 | No | 0.0% | 5.95 | 2026-03-26 | In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the screen contents, or... |
| [CVE-2026-33897](https://nvd.nist.gov/vuln/detail/CVE-2026-33897) | 9.9 | CRITICAL | CWE-1336 | No | 0.1% | 6.93 | 2026-03-26 | Incus is a system container and virtual machine manager. Prior to version 6.23.0, instance template files can be used to... |
| [CVE-2026-33743](https://nvd.nist.gov/vuln/detail/CVE-2026-33743) | 6.5 | MEDIUM | CWE-770 | No | 0.0% | 4.55 | 2026-03-26 | Incus is a system container and virtual machine manager. Prior to version 6.23.0, a specially crafted storage bucket bac... |
| [CVE-2026-33711](https://nvd.nist.gov/vuln/detail/CVE-2026-33711) | 4.7 | MEDIUM | CWE-61 | No | 0.0% | 3.29 | 2026-03-26 | Incus is a system container and virtual machine manager. Incus provides an API to retrieve VM screenshots. That API reli... |
| [CVE-2026-33542](https://nvd.nist.gov/vuln/detail/CVE-2026-33542) | 5.7 | MEDIUM | CWE-295 | No | 0.0% | 3.99 | 2026-03-26 | Incus is a system container and virtual machine manager. Prior to version 6.23.0, a lack of validation of the image fing... |
| [CVE-2026-4900](https://nvd.nist.gov/vuln/detail/CVE-2026-4900) | 5.5 | MEDIUM | CWE-425 | No | 0.0% | 3.85 | 2026-03-26 | A weakness has been identified in code-projects Online Food Ordering System 1.0. This affects an unknown part of the fil... |
| [CVE-2026-4899](https://nvd.nist.gov/vuln/detail/CVE-2026-4899) | 4.8 | MEDIUM | CWE-79 | No | 0.0% | 3.36 | 2026-03-26 | A security flaw has been discovered in code-projects Online Food Ordering System 1.0. Affected by this issue is some unk... |
| [CVE-2026-4898](https://nvd.nist.gov/vuln/detail/CVE-2026-4898) | 5.3 | MEDIUM | CWE-79 | No | 0.0% | 3.71 | 2026-03-26 | A vulnerability was identified in code-projects Online Food Ordering System 1.0. Affected by this vulnerability is an un... |
| [CVE-2026-3650](https://nvd.nist.gov/vuln/detail/CVE-2026-3650) | 8.7 | HIGH | CWE-401 | No | 0.1% | 6.09 | 2026-03-26 | A memory leak exists in the Grassroots DICOM library (GDCM). The bug occurs when parsing malformed DICOM files with non-... |
| [CVE-2026-33687](https://nvd.nist.gov/vuln/detail/CVE-2026-33687) | 8.8 | HIGH | CWE-434 | No | 0.0% | 6.16 | 2026-03-26 | Sharp is a content management framework built for Laravel as a package. Versions prior to 9.20.0 contain a vulnerability... |
| [CVE-2026-33686](https://nvd.nist.gov/vuln/detail/CVE-2026-33686) | 8.8 | HIGH | CWE-22 | No | 0.1% | 6.16 | 2026-03-26 | Sharp is a content management framework built for Laravel as a package. Versions prior to 9.20.0 have a path traversal v... |
| [CVE-2026-33682](https://nvd.nist.gov/vuln/detail/CVE-2026-33682) | 4.7 | MEDIUM | CWE-918 | No | 0.0% | 3.29 | 2026-03-26 | Streamlit is a data oriented application development framework for python. Streamlit Open Source versions prior to 1.54.... |
| [CVE-2026-33674](https://nvd.nist.gov/vuln/detail/CVE-2026-33674) | 2.0 | LOW | CWE-1173 | No | 0.1% | 1.40 | 2026-03-26 | PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 improperly use the validation... |
| [CVE-2026-33673](https://nvd.nist.gov/vuln/detail/CVE-2026-33673) | 7.6 | HIGH | CWE-79 | No | 0.0% | 5.32 | 2026-03-26 | PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 are vulnerable to stored Cros... |
| [CVE-2026-33672](https://nvd.nist.gov/vuln/detail/CVE-2026-33672) | 5.3 | MEDIUM | CWE-1321 | No | 0.2% | 3.71 | 2026-03-26 | Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to a method inj... |
| [CVE-2026-33671](https://nvd.nist.gov/vuln/detail/CVE-2026-33671) | 7.5 | HIGH | CWE-1333 | No | 0.1% | 5.25 | 2026-03-26 | Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Regular Expr... |
| [CVE-2026-33670](https://nvd.nist.gov/vuln/detail/CVE-2026-33670) | 9.8 | CRITICAL | CWE-22 | No | 0.1% | 6.86 | 2026-03-26 | SiYuan is a personal knowledge management system. Prior to version 3.6.2, the /api/file/readDir interface was used to tr... |
| [CVE-2026-33669](https://nvd.nist.gov/vuln/detail/CVE-2026-33669) | 9.8 | CRITICAL | CWE-125 | No | 0.0% | 6.86 | 2026-03-26 | SiYuan is a personal knowledge management system. Prior to version 3.6.2, document IDs were retrieved via the /api/file/... |
| [CVE-2026-33664](https://nvd.nist.gov/vuln/detail/CVE-2026-33664) | 7.3 | HIGH | CWE-79 | No | 0.0% | 5.11 | 2026-03-26 | Kestra is an open-source, event-driven orchestration platform Versions up to and including 1.3.3 render user-supplied fl... |
| [CVE-2026-33661](https://nvd.nist.gov/vuln/detail/CVE-2026-33661) | 8.6 | HIGH | CWE-290 | No | 0.1% | 6.02 | 2026-03-26 | Pay is an open-source payment SDK extension package for various Chinese payment services. Prior to version 3.7.20, the `... |
| [CVE-2026-33653](https://nvd.nist.gov/vuln/detail/CVE-2026-33653) | 4.6 | MEDIUM | CWE-79 | No | 0.0% | 3.22 | 2026-03-26 | Ulloady is a file uploader script with multi-file upload support. A Stored Cross-Site Scripting (XSS) vulnerability exis... |
| [CVE-2026-1556](https://nvd.nist.gov/vuln/detail/CVE-2026-1556) | 6.9 | MEDIUM | CWE-200 | No | 0.0% | 4.83 | 2026-03-26 | Information disclosure in the file URI processing of File (Field) Paths in Drupal File (Field) Paths 7.x prior to 7.1.3... |
| [CVE-2025-12805](https://nvd.nist.gov/vuln/detail/CVE-2025-12805) | 8.1 | HIGH | CWE-653 | No | 0.0% | 5.67 | 2026-03-26 | A flaw was found in Red Hat OpenShift AI (RHOAI) llama-stack-operator. This vulnerability allows unauthorized access to... |
| [CVE-2026-4933](https://nvd.nist.gov/vuln/detail/CVE-2026-4933) | 7.5 | HIGH | CWE-863 | No | 0.0% | 5.25 | 2026-03-26 | Incorrect Authorization vulnerability in Drupal Unpublished Node Permissions allows Forceful Browsing.This issue affects... |
| [CVE-2026-4393](https://nvd.nist.gov/vuln/detail/CVE-2026-4393) | 4.3 | MEDIUM | CWE-352 | No | 0.0% | 3.01 | 2026-03-26 | Cross-Site Request Forgery (CSRF) vulnerability in Drupal Automated Logout allows Cross Site Request Forgery.This issue... |
| [CVE-2026-3573](https://nvd.nist.gov/vuln/detail/CVE-2026-3573) | 7.5 | HIGH | CWE-863 | No | 0.1% | 5.25 | 2026-03-26 | Incorrect Authorization vulnerability in Drupal AI (Artificial Intelligence) allows Resource Injection.This issue affect... |
| [CVE-2026-3532](https://nvd.nist.gov/vuln/detail/CVE-2026-3532) | 4.2 | MEDIUM | CWE-178 | No | 0.0% | 2.94 | 2026-03-26 | Improper Handling of Case Sensitivity vulnerability in Drupal OpenID Connect / OAuth client allows Privilege Escalation.... |
| [CVE-2026-3531](https://nvd.nist.gov/vuln/detail/CVE-2026-3531) | 6.5 | MEDIUM | CWE-288 | No | 0.0% | 4.55 | 2026-03-26 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal OpenID Connect / OAuth client allows Au... |
| [CVE-2026-3530](https://nvd.nist.gov/vuln/detail/CVE-2026-3530) | 4.3 | MEDIUM | CWE-918 | No | 0.0% | 3.01 | 2026-03-26 | Server-Side Request Forgery (SSRF) vulnerability in Drupal OpenID Connect / OAuth client allows Server Side Request Forg... |
| [CVE-2026-3529](https://nvd.nist.gov/vuln/detail/CVE-2026-3529) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-03-26 | Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Google Anal... |
| [CVE-2026-3528](https://nvd.nist.gov/vuln/detail/CVE-2026-3528) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-03-26 | Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Calculation... |
| [CVE-2026-3527](https://nvd.nist.gov/vuln/detail/CVE-2026-3527) | 6.5 | MEDIUM | CWE-306 | No | 0.0% | 4.55 | 2026-03-26 | Missing Authentication for Critical Function vulnerability in Drupal AJAX Dashboard allows Exploiting Incorrectly Config... |
| [CVE-2026-3526](https://nvd.nist.gov/vuln/detail/CVE-2026-3526) | 5.3 | MEDIUM | CWE-863 | No | 0.0% | 3.71 | 2026-03-26 | Incorrect Authorization vulnerability in Drupal File Access Fix (deprecated) allows Forceful Browsing.This issue affects... |
| [CVE-2026-3525](https://nvd.nist.gov/vuln/detail/CVE-2026-3525) | 5.3 | MEDIUM | CWE-863 | No | 0.0% | 3.71 | 2026-03-26 | Incorrect Authorization vulnerability in Drupal File Access Fix (deprecated) allows Forceful Browsing.This issue affects... |
| [CVE-2026-33742](https://nvd.nist.gov/vuln/detail/CVE-2026-33742) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-26 | Invoice Ninja is a source-available invoice, quote, project and time-tracking app built with Laravel. Product notes fiel... |
| [CVE-2026-33738](https://nvd.nist.gov/vuln/detail/CVE-2026-33738) | 4.8 | MEDIUM | CWE-79 | No | 0.1% | 3.36 | 2026-03-26 | Lychee is a free, open-source photo-management tool. Prior to version 7.5.3, the photo `description` field is stored wit... |
| [CVE-2026-33645](https://nvd.nist.gov/vuln/detail/CVE-2026-33645) | 7.1 | HIGH | CWE-22 | No | 0.1% | 4.97 | 2026-03-26 | Fireshare facilitates self-hosted media and link sharing. In version 1.5.1, an authenticated path traversal vulnerabilit... |
| [CVE-2026-33644](https://nvd.nist.gov/vuln/detail/CVE-2026-33644) | 2.3 | LOW | CWE-918 | No | 0.0% | 1.61 | 2026-03-26 | Lychee is a free, open-source photo-management tool. Prior to version 7.5.2, the SSRF protection in `PhotoUrlRule.php` c... |
| [CVE-2026-33640](https://nvd.nist.gov/vuln/detail/CVE-2026-33640) | 9.1 | CRITICAL | CWE-307 | No | 0.1% | 6.37 | 2026-03-26 | Outline is a service that allows for collaborative documentation. Outline implements an Email OTP login flow for users n... |
| [CVE-2026-33638](https://nvd.nist.gov/vuln/detail/CVE-2026-33638) | 5.3 | MEDIUM | CWE-862 | No | 0.1% | 3.71 | 2026-03-26 | Ech0 is an open-source, self-hosted publishing platform for personal idea sharing. Prior to version 4.2.0, `GET /api/all... |
| [CVE-2026-33635](https://nvd.nist.gov/vuln/detail/CVE-2026-33635) | 4.3 | MEDIUM | CWE-93 | No | 0.0% | 3.01 | 2026-03-26 | iCalendar is a Ruby library for dealing with iCalendar files in the iCalendar format defined by RFC-5545. Starting in ve... |
| [CVE-2026-33628](https://nvd.nist.gov/vuln/detail/CVE-2026-33628) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-26 | Invoice Ninja is a source-available invoice, quote, project and time-tracking app built with Laravel. Invoice line item... |
| [CVE-2026-33623](https://nvd.nist.gov/vuln/detail/CVE-2026-33623) | 6.7 | MEDIUM | CWE-78 | No | 0.1% | 4.69 | 2026-03-26 | PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab `v0.8.4` contai... |
| [CVE-2026-33622](https://nvd.nist.gov/vuln/detail/CVE-2026-33622) | 6.1 | MEDIUM | CWE-94 | No | 0.1% | 4.27 | 2026-03-26 | PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab `v0.8.3` throug... |
| [CVE-2026-33621](https://nvd.nist.gov/vuln/detail/CVE-2026-33621) | 4.8 | MEDIUM | CWE-290 | No | 0.0% | 3.36 | 2026-03-26 | PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab `v0.7.7` throug... |
| [CVE-2026-33620](https://nvd.nist.gov/vuln/detail/CVE-2026-33620) | 4.3 | MEDIUM | CWE-598 | No | 0.1% | 3.01 | 2026-03-26 | PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab `v0.7.8` throug... |
| [CVE-2026-33619](https://nvd.nist.gov/vuln/detail/CVE-2026-33619) | 4.1 | MEDIUM | CWE-918 | No | 0.0% | 2.87 | 2026-03-26 | PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab v0.8.3 contains... |
| [CVE-2026-33545](https://nvd.nist.gov/vuln/detail/CVE-2026-33545) | 5.3 | MEDIUM | CWE-89 | No | 0.0% | 3.71 | 2026-03-26 | MobSF is a mobile application security testing tool used. Prior to version 4.4.6, MobSF's `read_sqlite()` function in `m... |
| [CVE-2026-33541](https://nvd.nist.gov/vuln/detail/CVE-2026-33541) | 6.5 | MEDIUM | CWE-400 | No | 0.0% | 4.55 | 2026-03-26 | TSPortal is the WikiTide Foundation’s in-house platform used by the Trust and Safety team to manage reports, investigati... |
| [CVE-2026-33537](https://nvd.nist.gov/vuln/detail/CVE-2026-33537) | 5.3 | MEDIUM | CWE-918 | No | 0.0% | 3.71 | 2026-03-26 | Lychee is a free, open-source photo-management tool. The patch introduced for GHSA-cpgw-wgf3-xc6v (SSRF via `Photo::from... |
| [CVE-2026-33375](https://nvd.nist.gov/vuln/detail/CVE-2026-33375) | 6.5 | MEDIUM | CWE-400 | No | 0.0% | 4.55 | 2026-03-26 | The Grafana MSSQL data source plugin contains a logic flaw that allows a low-privileged user (Viewer) to bypass API rest... |
| [CVE-2026-2272](https://nvd.nist.gov/vuln/detail/CVE-2026-2272) | 4.3 | MEDIUM | CWE-190 | No | 0.1% | 3.01 | 2026-03-26 | A flaw was found in GIMP. An integer overflow vulnerability exists when processing ICO image files, specifically in the... |
| [CVE-2026-2271](https://nvd.nist.gov/vuln/detail/CVE-2026-2271) | 3.3 | LOW | CWE-190 | No | 0.1% | 2.31 | 2026-03-26 | A flaw was found in GIMP's PSP (Paint Shop Pro) file parser. A remote attacker could exploit an integer overflow vulnera... |
| [CVE-2026-2239](https://nvd.nist.gov/vuln/detail/CVE-2026-2239) | 2.8 | LOW | CWE-170 | No | 0.0% | 1.96 | 2026-03-26 | A flaw was found in GIMP. Heap-buffer-overflow vulnerability exists in the fread_pascal_string function when processing... |
| [CVE-2026-2100](https://nvd.nist.gov/vuln/detail/CVE-2026-2100) | 5.3 | MEDIUM | CWE-824 | No | 0.1% | 3.71 | 2026-03-26 | A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a... |
| [CVE-2026-21724](https://nvd.nist.gov/vuln/detail/CVE-2026-21724) | 5.4 | MEDIUM | CWE-285 | No | 0.0% | 3.78 | 2026-03-26 | A vulnerability has been discovered in Grafana OSS where an authorization bypass in the provisioning contact points API... |
| [CVE-2026-0968](https://nvd.nist.gov/vuln/detail/CVE-2026-0968) | 3.1 | LOW | CWE-476 | No | 0.0% | 2.17 | 2026-03-26 | A flaw was found in libssh in which a malicious SFTP (SSH File Transfer Protocol) server can exploit this by sending a m... |
| [CVE-2026-0967](https://nvd.nist.gov/vuln/detail/CVE-2026-0967) | 5.5 | MEDIUM | CWE-1333 | No | 0.1% | 3.85 | 2026-03-26 | A flaw was found in libssh. A remote attacker, by controlling client configuration files or known_hosts files, could cra... |
| [CVE-2026-0965](https://nvd.nist.gov/vuln/detail/CVE-2026-0965) | 3.3 | LOW | CWE-73 | No | 0.0% | 2.31 | 2026-03-26 | A flaw was found in libssh where it can attempt to open arbitrary files during configuration parsing. A local attacker c... |
| [CVE-2026-33632](https://nvd.nist.gov/vuln/detail/CVE-2026-33632) | 8.4 | HIGH | CWE-862 | No | 0.0% | 5.88 | 2026-03-26 | ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to version 4.... |
| [CVE-2026-33631](https://nvd.nist.gov/vuln/detail/CVE-2026-33631) | 8.7 | HIGH | CWE-862 | No | 0.0% | 6.09 | 2026-03-26 | ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. In versions on the... |
| [CVE-2026-33536](https://nvd.nist.gov/vuln/detail/CVE-2026-33536) | 5.1 | MEDIUM | CWE-121 | No | 0.0% | 3.57 | 2026-03-26 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-18 and 6.9... |
| [CVE-2026-33535](https://nvd.nist.gov/vuln/detail/CVE-2026-33535) | 4.0 | MEDIUM | CWE-787 | No | 0.0% | 2.80 | 2026-03-26 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-18 and 6.9... |
| [CVE-2026-33532](https://nvd.nist.gov/vuln/detail/CVE-2026-33532) | 4.3 | MEDIUM | CWE-674 | No | 0.1% | 3.01 | 2026-03-26 | `yaml` is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of `yaml` on the 1.x branc... |
| [CVE-2026-33531](https://nvd.nist.gov/vuln/detail/CVE-2026-33531) | 4.9 | MEDIUM | CWE-89 | No | 0.0% | 3.43 | 2026-03-26 | InvenTree is an Open Source Inventory Management System. Prior to version 1.2.6, a path traversal vulnerability in the r... |
| [CVE-2026-33530](https://nvd.nist.gov/vuln/detail/CVE-2026-33530) | 7.7 | HIGH | CWE-202 | No | 0.0% | 5.39 | 2026-03-26 | InvenTree is an Open Source Inventory Management System. Prior to version 1.2.6, certain API endpoints associated with b... |
| [CVE-2026-33529](https://nvd.nist.gov/vuln/detail/CVE-2026-33529) | 3.3 | LOW | CWE-22 | No | 0.1% | 2.31 | 2026-03-26 | Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. Prior to version 3.3.2, an authenticated path traver... |
| [CVE-2026-33528](https://nvd.nist.gov/vuln/detail/CVE-2026-33528) | 6.5 | MEDIUM | CWE-22 | No | 0.1% | 4.55 | 2026-03-26 | GoDoxy is a reverse proxy and container orchestrator for self-hosters. Prior to version 0.27.5, the file content API end... |
| [CVE-2026-33525](https://nvd.nist.gov/vuln/detail/CVE-2026-33525) | 0.5 | LOW | CWE-79 | No | 0.1% | 0.35 | 2026-03-26 | Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-o... |
| [CVE-2026-32287](https://nvd.nist.gov/vuln/detail/CVE-2026-32287) | 7.5 | HIGH | N/A | No | 0.1% | 5.25 | 2026-03-26 | Boolean XPath expressions that evaluate to true can cause an infinite loop in logicalQuery.Select, leading to 100% CPU u... |
| [CVE-2026-32286](https://nvd.nist.gov/vuln/detail/CVE-2026-32286) | 7.5 | HIGH | N/A | No | 0.1% | 5.25 | 2026-03-26 | The DataRow.Decode function fails to properly validate field lengths. A malicious or compromised PostgreSQL server can s... |
| [CVE-2026-32285](https://nvd.nist.gov/vuln/detail/CVE-2026-32285) | 7.5 | HIGH | N/A | No | 0.1% | 5.25 | 2026-03-26 | The Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negative... |
| [CVE-2026-32284](https://nvd.nist.gov/vuln/detail/CVE-2026-32284) | 7.5 | HIGH | N/A | No | 0.1% | 5.25 | 2026-03-26 | The msgpack decoder fails to properly validate the input buffer length when processing truncated fixext data (format cod... |
| [CVE-2026-2436](https://nvd.nist.gov/vuln/detail/CVE-2026-2436) | 6.5 | MEDIUM | CWE-825 | No | 0.1% | 4.55 | 2026-03-26 | A flaw was found in libsoup's SoupServer. A remote attacker could exploit a use-after-free vulnerability where the `soup... |
| [CVE-2023-7338](https://nvd.nist.gov/vuln/detail/CVE-2023-7338) | 7.7 | HIGH | CWE-78 | No | 0.3% | 5.40 | 2026-03-26 | Ruckus Unleashed contains a remote code execution vulnerability in the web-based management interface that allows authen... |
| [CVE-2021-4474](https://nvd.nist.gov/vuln/detail/CVE-2021-4474) | 6.9 | MEDIUM | CWE-552 | No | 0.1% | 4.83 | 2026-03-26 | Ruckus Access Point products contain an arbitrary file read vulnerability in the command-line interface that allows auth... |
| [CVE-2026-3190](https://nvd.nist.gov/vuln/detail/CVE-2026-3190) | 4.3 | MEDIUM | CWE-280 | No | 0.0% | 3.01 | 2026-03-26 | A flaw was found in Keycloak. The User-Managed Access (UMA) 2.0 Protection API endpoint for permission tickets fails to... |
| [CVE-2026-3121](https://nvd.nist.gov/vuln/detail/CVE-2026-3121) | 6.5 | MEDIUM | CWE-266 | No | 0.0% | 4.55 | 2026-03-26 | A flaw was found in Keycloak. An administrator with `manage-clients` permission can exploit a misconfiguration where thi... |
| [CVE-2026-33506](https://nvd.nist.gov/vuln/detail/CVE-2026-33506) | 8.8 | HIGH | CWE-87 | No | 0.1% | 6.16 | 2026-03-26 | Ory Polis, formerly known as BoxyHQ Jackson, bridges or proxies a SAML login flow to OAuth 2.0 or OpenID Connect. Versio... |
| [CVE-2026-33505](https://nvd.nist.gov/vuln/detail/CVE-2026-33505) | 7.2 | HIGH | CWE-89 | No | 0.0% | 5.04 | 2026-03-26 | Ory Keto is am open source authorization server for managing permissions at scale. Prior to version 26.2.0, the GetRelat... |
| [CVE-2026-33491](https://nvd.nist.gov/vuln/detail/CVE-2026-33491) | 7.8 | HIGH | CWE-121 | No | 0.0% | 5.46 | 2026-03-26 | Zen C is a systems programming language that compiles to human-readable GNU C/C11. Prior to version 0.4.4, a stack-based... |
| [CVE-2026-33153](https://nvd.nist.gov/vuln/detail/CVE-2026-33153) | 7.7 | HIGH | CWE-89 | No | 0.0% | 5.39 | 2026-03-26 | Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior t... |
| [CVE-2026-33152](https://nvd.nist.gov/vuln/detail/CVE-2026-33152) | 9.1 | CRITICAL | CWE-307 | No | 0.1% | 6.37 | 2026-03-26 | Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior t... |
| [CVE-2026-33149](https://nvd.nist.gov/vuln/detail/CVE-2026-33149) | 8.1 | HIGH | CWE-644 | No | 0.0% | 5.67 | 2026-03-26 | Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Versions up to and... |
| [CVE-2026-33148](https://nvd.nist.gov/vuln/detail/CVE-2026-33148) | 6.5 | MEDIUM | CWE-74 | No | 0.1% | 4.55 | 2026-03-26 | Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior t... |
| [CVE-2026-30463](https://nvd.nist.gov/vuln/detail/CVE-2026-30463) | 7.7 | HIGH | CWE-89 | No | 0.0% | 5.39 | 2026-03-26 | Daylight Studio FuelCMS v1.5.2 was discovered to contain a SQL injection vulnerability via the /controllers/Login.php co... |
| [CVE-2026-30458](https://nvd.nist.gov/vuln/detail/CVE-2026-30458) | 9.1 | CRITICAL | CWE-620 | No | 0.0% | 6.37 | 2026-03-26 | An issue in Daylight Studio FuelCMS v1.5.2 allows attackers to exfiltrate users' password reset tokens via a mail splitt... |
| [CVE-2026-30457](https://nvd.nist.gov/vuln/detail/CVE-2026-30457) | 9.8 | CRITICAL | CWE-94 | No | 0.1% | 6.86 | 2026-03-26 | An issue in the /parser/dwoo component of Daylight Studio FuelCMS v1.5.2 allows attackers to execute arbitrary code via... |
| [CVE-2026-29969](https://nvd.nist.gov/vuln/detail/CVE-2026-29969) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-03-26 | A cross-site scripting (XSS) vulnerability in the wff_cols_pref.css.aspx endpoint of staffwiki v7.0.1.19219 allows attac... |
| [CVE-2026-29055](https://nvd.nist.gov/vuln/detail/CVE-2026-29055) | 5.3 | MEDIUM | CWE-1230 | No | 0.0% | 3.71 | 2026-03-26 | Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior t... |
| [CVE-2026-28503](https://nvd.nist.gov/vuln/detail/CVE-2026-28503) | 5.5 | MEDIUM | CWE-639 | No | 0.0% | 3.85 | 2026-03-26 | Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior t... |
| [CVE-2026-26213](https://nvd.nist.gov/vuln/detail/CVE-2026-26213) | 8.7 | HIGH | CWE-78 | No | 0.2% | 6.10 | 2026-03-26 | thingino-firmware versions up to the firmware-2026-03-16 release contains an unauthenticated os command injection vulner... |
| [CVE-2026-33732](https://nvd.nist.gov/vuln/detail/CVE-2026-33732) | 4.8 | MEDIUM | CWE-706 | No | 0.0% | 3.36 | 2026-03-26 | srvx is a universal server based on web standards. Prior to version 0.11.13, a pathname parsing discrepancy in srvx's `F... |
| [CVE-2026-33504](https://nvd.nist.gov/vuln/detail/CVE-2026-33504) | 7.2 | HIGH | CWE-89 | No | 0.0% | 5.04 | 2026-03-26 | Ory Hydra is an OAuth 2.0 Server and OpenID Connect Provider. Prior to version 26.2.0, the listOAuth2Clients, listOAuth2... |
| [CVE-2026-33503](https://nvd.nist.gov/vuln/detail/CVE-2026-33503) | 7.2 | HIGH | CWE-89 | No | 0.0% | 5.04 | 2026-03-26 | Ory Kratos is an identity, user management and authentication system for cloud services. Prior to version 26.2.0, the Li... |
| [CVE-2026-33496](https://nvd.nist.gov/vuln/detail/CVE-2026-33496) | 8.1 | HIGH | CWE-305 | No | 0.2% | 5.67 | 2026-03-26 | ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based o... |
| [CVE-2026-33495](https://nvd.nist.gov/vuln/detail/CVE-2026-33495) | 6.5 | MEDIUM | CWE-862 | No | 0.0% | 4.55 | 2026-03-26 | ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based o... |
| [CVE-2026-33494](https://nvd.nist.gov/vuln/detail/CVE-2026-33494) | 10.0 | CRITICAL | CWE-23 | No | 0.1% | 7.00 | 2026-03-26 | ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based o... |
| [CVE-2026-33490](https://nvd.nist.gov/vuln/detail/CVE-2026-33490) | 3.7 | LOW | CWE-706 | No | 0.0% | 2.59 | 2026-03-26 | H3 is a minimal H(TTP) framework. In versions 2.0.0-0 through 2.0.1-rc.16, the `mount()` method in h3 uses a simple `sta... |
| [CVE-2026-33487](https://nvd.nist.gov/vuln/detail/CVE-2026-33487) | 7.5 | HIGH | CWE-347 | No | 0.0% | 5.25 | 2026-03-26 | goxmlsig provides XML Digital Signatures implemented in Go. Prior to version 1.6.0, the `validateSignature` function in... |
| [CVE-2026-33486](https://nvd.nist.gov/vuln/detail/CVE-2026-33486) | 6.8 | MEDIUM | CWE-918 | No | 0.0% | 4.76 | 2026-03-26 | Roadiz is a polymorphic content management system based on a node system that can handle many types of services. A vulne... |
| [CVE-2026-33481](https://nvd.nist.gov/vuln/detail/CVE-2026-33481) | 5.3 | MEDIUM | CWE-460 | No | 0.0% | 3.71 | 2026-03-26 | Syft is a a CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesys... |
| [CVE-2026-33477](https://nvd.nist.gov/vuln/detail/CVE-2026-33477) | 4.3 | MEDIUM | CWE-863 | No | 0.0% | 3.01 | 2026-03-26 | FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. In versiosn 2.3.... |
| [CVE-2026-32857](https://nvd.nist.gov/vuln/detail/CVE-2026-32857) | 7.8 | HIGH | CWE-918 | No | 0.0% | 5.46 | 2026-03-26 | Firecrawl version 2.8.0 and prior contain a server-side request forgery (SSRF) protection bypass vulnerability in the Pl... |
| [CVE-2026-3116](https://nvd.nist.gov/vuln/detail/CVE-2026-3116) | 4.9 | MEDIUM | CWE-400 | No | 0.0% | 3.43 | 2026-03-26 | Mattermost Plugins versions <=11.4 11.0.4 11.1.3 11.3.2 10.11.11.0 fail to validate incoming request size which allows a... |
| [CVE-2026-3115](https://nvd.nist.gov/vuln/detail/CVE-2026-3115) | 4.3 | MEDIUM | CWE-863 | No | 0.0% | 3.01 | 2026-03-26 | Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 11.4.0, 11.3.x <= 11.3.1 fail to apply view restric... |
| [CVE-2026-3114](https://nvd.nist.gov/vuln/detail/CVE-2026-3114) | 6.5 | MEDIUM | CWE-409 | No | 0.0% | 4.55 | 2026-03-26 | Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail to validate decompres... |
| [CVE-2026-3113](https://nvd.nist.gov/vuln/detail/CVE-2026-3113) | 5.0 | MEDIUM | CWE-732 | No | 0.0% | 3.50 | 2026-03-26 | Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail to set permissions on... |
| [CVE-2026-3112](https://nvd.nist.gov/vuln/detail/CVE-2026-3112) | 6.8 | MEDIUM | CWE-22 | No | 0.1% | 4.76 | 2026-03-26 | Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail to validate Advanced... |
| [CVE-2026-3109](https://nvd.nist.gov/vuln/detail/CVE-2026-3109) | 2.2 | LOW | CWE-754 | No | 0.0% | 1.54 | 2026-03-26 | Mattermost Plugins versions <=11.4 10.11.11.0 fail to validate webhook request timestamps which allows an attacker to co... |
| [CVE-2026-3108](https://nvd.nist.gov/vuln/detail/CVE-2026-3108) | 8.0 | HIGH | CWE-150 | No | 0.0% | 5.60 | 2026-03-26 | Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 11.4.0, 11.3.x <= 11.3.1 fail to sanitize user-cont... |
| [CVE-2026-34071](https://nvd.nist.gov/vuln/detail/CVE-2026-34071) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-26 | Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In version... |
| [CVE-2026-33636](https://nvd.nist.gov/vuln/detail/CVE-2026-33636) | 7.6 | HIGH | CWE-125 | No | 0.0% | 5.32 | 2026-03-26 | LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics)... |
| [CVE-2026-33470](https://nvd.nist.gov/vuln/detail/CVE-2026-33470) | 6.5 | MEDIUM | CWE-862 | No | 0.0% | 4.55 | 2026-03-26 | Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. In version 0.17.0, a low-... |
| [CVE-2026-33469](https://nvd.nist.gov/vuln/detail/CVE-2026-33469) | 6.5 | MEDIUM | CWE-863 | No | 0.0% | 4.55 | 2026-03-26 | Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. In version 0.17.0, an aut... |
| [CVE-2026-33468](https://nvd.nist.gov/vuln/detail/CVE-2026-33468) | 8.1 | HIGH | CWE-89 | No | 0.1% | 5.67 | 2026-03-26 | Kysely is a type-safe TypeScript SQL query builder. Prior to version 0.28.14, Kysely's `DefaultQueryCompiler.sanitizeStr... |
| [CVE-2026-33442](https://nvd.nist.gov/vuln/detail/CVE-2026-33442) | 8.1 | HIGH | CWE-89 | No | 0.1% | 5.67 | 2026-03-26 | Kysely is a type-safe TypeScript SQL query builder. In versions 0.28.12 and 0.28.13, the `sanitizeStringLiteral` method... |
| [CVE-2026-33438](https://nvd.nist.gov/vuln/detail/CVE-2026-33438) | 6.5 | MEDIUM | CWE-770 | No | 0.0% | 4.55 | 2026-03-26 | Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Versions st... |
| [CVE-2026-33430](https://nvd.nist.gov/vuln/detail/CVE-2026-33430) | 7.3 | HIGH | CWE-732 | No | 0.0% | 5.11 | 2026-03-26 | Briefcase is a tool for converting a Python project into a standalone native application. Starting in version 0.3.0 and... |
| [CVE-2026-33416](https://nvd.nist.gov/vuln/detail/CVE-2026-33416) | 7.5 | HIGH | CWE-416 | No | 0.0% | 5.25 | 2026-03-26 | LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics)... |
| [CVE-2026-33402](https://nvd.nist.gov/vuln/detail/CVE-2026-33402) | 1.3 | LOW | CWE-79 | No | 0.0% | 0.91 | 2026-03-26 | Sakai is a Collaboration and Learning Environment (CLE). In versions 23.0 through 23.4 and 25.0 through 25.1, group titl... |
| [CVE-2026-33015](https://nvd.nist.gov/vuln/detail/CVE-2026-33015) | 5.2 | MEDIUM | CWE-863 | No | 0.0% | 3.64 | 2026-03-26 | EVerest is an EV charging software stack. Prior to version 2026.02.0, even immediately after CSMS performs a RemoteStop... |
| [CVE-2026-33014](https://nvd.nist.gov/vuln/detail/CVE-2026-33014) | 5.2 | MEDIUM | CWE-863 | No | 0.0% | 3.64 | 2026-03-26 | EVerest is an EV charging software stack. Prior to version 2026.02.0, during RemoteStop processing, a delayed authorizat... |
| [CVE-2026-33009](https://nvd.nist.gov/vuln/detail/CVE-2026-33009) | 8.2 | HIGH | CWE-362 | No | 0.0% | 5.74 | 2026-03-26 | EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to C++ UB (potential memo... |
| [CVE-2026-32846](https://nvd.nist.gov/vuln/detail/CVE-2026-32846) | 8.7 | HIGH | CWE-22 | No | 0.1% | 6.09 | 2026-03-26 | OpenClaw through 2026.3.23 (fixed in commit 4797bbc) contains a path traversal vulnerability in media parsing that allow... |
| [CVE-2026-29905](https://nvd.nist.gov/vuln/detail/CVE-2026-29905) | 6.5 | MEDIUM | CWE-20 | No | 0.0% | 4.55 | 2026-03-26 | Kirby CMS through 5.1.4 allows an authenticated user with 'Editor' permissions to cause a persistent Denial of Service (... |
| [CVE-2026-29044](https://nvd.nist.gov/vuln/detail/CVE-2026-29044) | 5.0 | MEDIUM | CWE-863 | No | 0.0% | 3.50 | 2026-03-26 | EVerest is an EV charging software stack. Prior to version 2026.02.0, when WithdrawAuthorization is processed before the... |
| [CVE-2026-27828](https://nvd.nist.gov/vuln/detail/CVE-2026-27828) | 5.5 | MEDIUM | CWE-416 | No | 0.0% | 3.85 | 2026-03-26 | EVerest is an EV charging software stack. Prior to version 2026.02.0, ISO15118_chargerImpl::handle_session_setup uses v2... |
| [CVE-2026-27816](https://nvd.nist.gov/vuln/detail/CVE-2026-27816) | 5.5 | MEDIUM | CWE-787 | No | 0.0% | 3.85 | 2026-03-26 | EVerest is an EV charging software stack. Prior to versions to 2026.02.0, ISO15118_chargerImpl::handle_update_energy_tra... |
| [CVE-2026-27815](https://nvd.nist.gov/vuln/detail/CVE-2026-27815) | 5.5 | MEDIUM | CWE-787 | No | 0.0% | 3.85 | 2026-03-26 | EVerest is an EV charging software stack. Prior to versions to 2026.02.0, ISO15118_chargerImpl::handle_session_setup cop... |
| [CVE-2026-27814](https://nvd.nist.gov/vuln/detail/CVE-2026-27814) | 4.2 | MEDIUM | CWE-362 | No | 0.0% | 2.94 | 2026-03-26 | EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race (C++ UB) triggered by an A 1-phas... |
| [CVE-2026-27813](https://nvd.nist.gov/vuln/detail/CVE-2026-27813) | 5.3 | MEDIUM | CWE-416 | No | 0.0% | 3.71 | 2026-03-26 | EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to use-after-free. This i... |
| [CVE-2026-26074](https://nvd.nist.gov/vuln/detail/CVE-2026-26074) | 7.0 | HIGH | CWE-362 | No | 0.0% | 4.90 | 2026-03-26 | EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to possible `std::map<std... |
| [CVE-2026-26073](https://nvd.nist.gov/vuln/detail/CVE-2026-26073) | 5.9 | MEDIUM | CWE-122 | No | 0.1% | 4.13 | 2026-03-26 | EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to possible `std::queue`/... |
| [CVE-2026-4897](https://nvd.nist.gov/vuln/detail/CVE-2026-4897) | 5.5 | MEDIUM | CWE-770 | No | 0.0% | 3.85 | 2026-03-26 | A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to th... |
| [CVE-2026-33397](https://nvd.nist.gov/vuln/detail/CVE-2026-33397) | 6.9 | MEDIUM | CWE-601 | No | 0.1% | 4.83 | 2026-03-26 | The Angular SSR is a server-rise rendering tool for Angular applications. Versions on the 22.x branch prior to 22.0.0-ne... |
| [CVE-2026-30162](https://nvd.nist.gov/vuln/detail/CVE-2026-30162) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-03-26 | Cross Site Scripting (xss) vulnerability in Timo 2.0.3 via crafted links in the title field. |
| [CVE-2026-29976](https://nvd.nist.gov/vuln/detail/CVE-2026-29976) | 6.2 | MEDIUM | CWE-120 | No | 0.0% | 4.34 | 2026-03-26 | Buffer Overflow vulnerability in ZerBea hcxpcapngtool v. 7.0.1-43-g2ee308e allows a local attacker to obtain sensitive i... |
| [CVE-2026-29934](https://nvd.nist.gov/vuln/detail/CVE-2026-29934) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-03-26 | A reflected cross-site scripting (XSS) vulnerability in the /admin/menus component of Lightcms v2.0 allows attackers to... |
| [CVE-2026-29933](https://nvd.nist.gov/vuln/detail/CVE-2026-29933) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-03-26 | A reflected cross-site scripting (XSS) vulnerability in the /index/login.html component of YZMCMS v7.4 allows attackers... |
| [CVE-2026-28298](https://nvd.nist.gov/vuln/detail/CVE-2026-28298) | 5.9 | MEDIUM | CWE-79 | No | 0.1% | 4.13 | 2026-03-26 | SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting vulnerability, which when... |
| [CVE-2026-28297](https://nvd.nist.gov/vuln/detail/CVE-2026-28297) | 6.1 | MEDIUM | CWE-79 | No | 0.1% | 4.27 | 2026-03-26 | SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting vulnerability, which when... |
| [CVE-2026-27664](https://nvd.nist.gov/vuln/detail/CVE-2026-27664) | 8.7 | HIGH | CWE-787 | No | 0.1% | 6.09 | 2026-03-26 | A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.10), SICORE Base syst... |
| [CVE-2026-27663](https://nvd.nist.gov/vuln/detail/CVE-2026-27663) | 7.1 | HIGH | CWE-770 | No | 0.0% | 4.97 | 2026-03-26 | A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.10), RTUM85 RTU Base... |
| [CVE-2026-26072](https://nvd.nist.gov/vuln/detail/CVE-2026-26072) | 4.2 | MEDIUM | CWE-362 | No | 0.0% | 2.94 | 2026-03-26 | EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to `std::map<std::optiona... |
| [CVE-2026-26071](https://nvd.nist.gov/vuln/detail/CVE-2026-26071) | 4.2 | MEDIUM | CWE-362 | No | 0.0% | 2.94 | 2026-03-26 | EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to `std::string` concurre... |
| [CVE-2026-26070](https://nvd.nist.gov/vuln/detail/CVE-2026-26070) | 4.6 | MEDIUM | CWE-362 | No | 0.0% | 3.22 | 2026-03-26 | EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to `std::map<std::optiona... |
| [CVE-2026-26008](https://nvd.nist.gov/vuln/detail/CVE-2026-26008) | 7.5 | HIGH | CWE-125 | No | 0.1% | 5.25 | 2026-03-26 | EVerest is an EV charging software stack. Versions prior to 2026.02.0 have an out-of-bounds access (std::vector) that le... |
| [CVE-2026-23995](https://nvd.nist.gov/vuln/detail/CVE-2026-23995) | 8.4 | HIGH | CWE-121 | No | 0.0% | 5.88 | 2026-03-26 | EVerest is an EV charging software stack. Prior to version 2026.02.0, stack-based buffer overflow in CAN interface initi... |
| [CVE-2026-22790](https://nvd.nist.gov/vuln/detail/CVE-2026-22790) | 8.8 | HIGH | CWE-121 | No | 0.1% | 6.16 | 2026-03-26 | EVerest is an EV charging software stack. Prior to version 2026.02.0, `HomeplugMessage::setup_payload` trusts `len` afte... |
| [CVE-2026-22593](https://nvd.nist.gov/vuln/detail/CVE-2026-22593) | 8.4 | HIGH | CWE-193 | No | 0.0% | 5.88 | 2026-03-26 | EVerest is an EV charging software stack. Prior to version 2026.02.0, an off-by-one check in IsoMux certificate filename... |
| [CVE-2026-4877](https://nvd.nist.gov/vuln/detail/CVE-2026-4877) | 5.3 | MEDIUM | CWE-79 | No | 0.0% | 3.71 | 2026-03-26 | A security flaw has been discovered in itsourcecode Payroll Management System up to 1.0. This affects an unknown functio... |
| [CVE-2026-4876](https://nvd.nist.gov/vuln/detail/CVE-2026-4876) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-03-26 | A vulnerability was identified in itsourcecode Free Hotel Reservation System 1.0. The impacted element is an unknown fun... |
| [CVE-2026-33413](https://nvd.nist.gov/vuln/detail/CVE-2026-33413) | 8.8 | HIGH | CWE-862 | No | 0.0% | 6.16 | 2026-03-26 | etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9,... |
| [CVE-2026-33396](https://nvd.nist.gov/vuln/detail/CVE-2026-33396) | 9.9 | CRITICAL | CWE-78 | No | 0.8% | 6.96 | 2026-03-26 | OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.35, a low-privileged authentica... |
| [CVE-2026-33343](https://nvd.nist.gov/vuln/detail/CVE-2026-33343) | 0.0 | NONE | CWE-863 | No | 0.0% | 0.00 | 2026-03-26 | etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9,... |
| [CVE-2026-2511](https://nvd.nist.gov/vuln/detail/CVE-2026-2511) | 7.5 | HIGH | CWE-89 | No | 0.1% | 5.25 | 2026-03-26 | The JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress is vulnerable to SQL Injection via the `mu... |
| [CVE-2026-2389](https://nvd.nist.gov/vuln/detail/CVE-2026-2389) | 4.9 | MEDIUM | CWE-79 | No | 0.0% | 3.43 | 2026-03-26 | The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versio... |
| [CVE-2026-2231](https://nvd.nist.gov/vuln/detail/CVE-2026-2231) | 7.2 | HIGH | CWE-79 | No | 0.1% | 5.04 | 2026-03-26 | The Fluent Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in all vers... |
| [CVE-2026-1032](https://nvd.nist.gov/vuln/detail/CVE-2026-1032) | 4.3 | MEDIUM | CWE-352 | No | 0.0% | 3.01 | 2026-03-26 | The Conditional Menus plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and includ... |
| [CVE-2025-55264](https://nvd.nist.gov/vuln/detail/CVE-2025-55264) | 5.5 | MEDIUM | CWE-613 | No | 0.0% | 3.85 | 2026-03-26 | HCL Aftermarket DPC is affected by Failure to Invalidate Session on Password Change will allow attacker to access to a s... |
| [CVE-2025-55263](https://nvd.nist.gov/vuln/detail/CVE-2025-55263) | 7.3 | HIGH | CWE-798 | No | 0.0% | 5.11 | 2026-03-26 | HCL Aftermarket DPC is affected by Hardcoded Sensitive Data which allows attacker to gain access to the source code or i... |
| [CVE-2025-55262](https://nvd.nist.gov/vuln/detail/CVE-2025-55262) | 8.3 | HIGH | CWE-798 | No | 0.0% | 5.81 | 2026-03-26 | HCL Aftermarket DPC is affected by SQL Injection which allows attacker to exploit this vulnerability to retrieve sensiti... |
| [CVE-2025-55261](https://nvd.nist.gov/vuln/detail/CVE-2025-55261) | 8.1 | HIGH | CWE-284 | No | 0.0% | 5.67 | 2026-03-26 | HCL Aftermarket DPC is affected by Missing Functional Level Access Control which will allow attacker to escalate his pri... |
| [CVE-2019-25650](https://nvd.nist.gov/vuln/detail/CVE-2019-25650) | 8.6 | HIGH | CWE-787 | No | 0.0% | 6.02 | 2026-03-26 | River Past CamDo 3.7.6 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local att... |
| [CVE-2019-25649](https://nvd.nist.gov/vuln/detail/CVE-2019-25649) | 6.8 | MEDIUM | CWE-787 | No | 0.0% | 4.76 | 2026-03-26 | River Past Audio Converter 7.7.16 contains a local buffer overflow vulnerability in the activation code field that allow... |
| [CVE-2019-25648](https://nvd.nist.gov/vuln/detail/CVE-2019-25648) | 6.9 | MEDIUM | CWE-787 | No | 0.0% | 4.83 | 2026-03-26 | MyVideoConverter Pro 3.14 contains a local buffer overflow vulnerability that allows attackers to crash the application... |
| [CVE-2018-25219](https://nvd.nist.gov/vuln/detail/CVE-2018-25219) | 8.6 | HIGH | CWE-787 | No | 0.0% | 6.02 | 2026-03-26 | PassFab Excel Password Recovery 8.3.1 contains a structured exception handling buffer overflow vulnerability that allows... |
| [CVE-2018-25218](https://nvd.nist.gov/vuln/detail/CVE-2018-25218) | 8.6 | HIGH | CWE-787 | No | 0.0% | 6.02 | 2026-03-26 | PassFab RAR Password Recovery 9.3.2 contains a structured exception handler (SEH) buffer overflow vulnerability that all... |
| [CVE-2018-25217](https://nvd.nist.gov/vuln/detail/CVE-2018-25217) | 8.6 | HIGH | CWE-787 | No | 0.0% | 6.02 | 2026-03-26 | PDF Explorer 1.5.66.2 contains a structured exception handler (SEH) overflow vulnerability that allows local attackers t... |
| [CVE-2018-25216](https://nvd.nist.gov/vuln/detail/CVE-2018-25216) | 6.9 | MEDIUM | CWE-787 | No | 0.0% | 4.83 | 2026-03-26 | AnyBurn 4.3 contains a local buffer overflow vulnerability that allows local attackers to crash the application by suppl... |
| [CVE-2018-25215](https://nvd.nist.gov/vuln/detail/CVE-2018-25215) | 6.8 | MEDIUM | CWE-787 | No | 0.0% | 4.76 | 2026-03-26 | Excel Password Recovery Professional 8.2.0.0 contains a local buffer overflow vulnerability that allows attackers to cau... |
| [CVE-2018-25214](https://nvd.nist.gov/vuln/detail/CVE-2018-25214) | 6.9 | MEDIUM | CWE-787 | No | 0.0% | 4.83 | 2026-03-26 | MegaPing contains a local buffer overflow vulnerability that allows local attackers to crash the application by supplyin... |
| [CVE-2018-25213](https://nvd.nist.gov/vuln/detail/CVE-2018-25213) | 8.6 | HIGH | CWE-787 | No | 0.0% | 6.02 | 2026-03-26 | Nsauditor 3.0.28.0 contains a structured exception handling buffer overflow vulnerability that allows local attackers to... |
| [CVE-2018-25212](https://nvd.nist.gov/vuln/detail/CVE-2018-25212) | 8.6 | HIGH | CWE-787 | No | 0.0% | 6.02 | 2026-03-26 | Boxoft wav-wma Converter 1.0 contains a local buffer overflow vulnerability in structured exception handling that allows... |
| [CVE-2018-25211](https://nvd.nist.gov/vuln/detail/CVE-2018-25211) | 8.5 | HIGH | CWE-787 | No | 0.0% | 5.95 | 2026-03-26 | Allok Video Splitter 3.1.1217 contains a buffer overflow vulnerability that allows local attackers to cause a denial of... |
| [CVE-2026-4887](https://nvd.nist.gov/vuln/detail/CVE-2026-4887) | 6.1 | MEDIUM | CWE-193 | No | 0.1% | 4.27 | 2026-03-26 | A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an off-by-one error. A re... |
| [CVE-2026-4875](https://nvd.nist.gov/vuln/detail/CVE-2026-4875) | 5.1 | MEDIUM | CWE-284 | No | 0.0% | 3.57 | 2026-03-26 | A vulnerability was determined in itsourcecode Free Hotel Reservation System 1.0. The affected element is an unknown fun... |
| [CVE-2026-1961](https://nvd.nist.gov/vuln/detail/CVE-2026-1961) | 8.0 | HIGH | CWE-78 | No | 0.1% | 5.60 | 2026-03-26 | A flaw was found in Foreman. A remote attacker could exploit a command injection vulnerability in Foreman's WebSocket pr... |
| [CVE-2025-55277](https://nvd.nist.gov/vuln/detail/CVE-2025-55277) | 2.6 | LOW | CWE-1104 | No | 0.1% | 1.82 | 2026-03-26 | HCL Aftermarket DPC is affected by Use of Vulnerable/Outdated Versions vulnerability using which an attacker may make us... |
| [CVE-2025-55276](https://nvd.nist.gov/vuln/detail/CVE-2025-55276) | 3.1 | LOW | CWE-200 | No | 0.0% | 2.17 | 2026-03-26 | HCL Aftermarket DPC is affected by Internal IP Disclosure vulnerability will give attackers a clearer map of the organiz... |
| [CVE-2025-55275](https://nvd.nist.gov/vuln/detail/CVE-2025-55275) | 3.7 | LOW | CWE-557 | No | 0.0% | 2.59 | 2026-03-26 | HCL Aftermarket DPC is affected by Admin Session Concurrency vulnerability using which an attacker can exploit concurren... |
| [CVE-2025-55274](https://nvd.nist.gov/vuln/detail/CVE-2025-55274) | 2.6 | LOW | CWE-942 | No | 0.0% | 1.82 | 2026-03-26 | HCL Aftermarket DPC is affected by Cross-Origin Resource Sharing vulnerability. CORS misconfigurations includes the expo... |
| [CVE-2025-55273](https://nvd.nist.gov/vuln/detail/CVE-2025-55273) | 4.3 | MEDIUM | CWE-829 | No | 0.0% | 3.01 | 2026-03-26 | HCL Aftermarket DPC is affected by Cross Domain Script Include vulnerability where an attacker using external scripts ca... |
| [CVE-2025-55272](https://nvd.nist.gov/vuln/detail/CVE-2025-55272) | 3.1 | LOW | CWE-200 | No | 0.0% | 2.17 | 2026-03-26 | HCL Aftermarket DPC is affected by Banner Disclosure vulnerability where attackers gain insights into the system’s softw... |
| [CVE-2025-55271](https://nvd.nist.gov/vuln/detail/CVE-2025-55271) | 3.1 | LOW | CWE-113 | No | 0.0% | 2.17 | 2026-03-26 | HCL Aftermarket DPC is affected by HTTP Response Splitting vulnerability where in depending on how the web application h... |
| [CVE-2025-55270](https://nvd.nist.gov/vuln/detail/CVE-2025-55270) | 3.5 | LOW | CWE-20 | No | 0.1% | 2.45 | 2026-03-26 | HCL Aftermarket DPC is affected by Improper Input Validation which allows an attacker to inject executable code and can... |
| [CVE-2025-55269](https://nvd.nist.gov/vuln/detail/CVE-2025-55269) | 4.2 | MEDIUM | CWE-521 | No | 0.1% | 2.94 | 2026-03-26 | HCL Aftermarket DPC is affected by Weak Password Policy vulnerability, which makes it easier for attackers to guess weak... |
| [CVE-2025-55268](https://nvd.nist.gov/vuln/detail/CVE-2025-55268) | 4.3 | MEDIUM | CWE-799 | No | 0.1% | 3.01 | 2026-03-26 | HCL Aftermarket DPC is affected by Spamming Vulnerability which can allow the actor to excessive spamming can consume se... |
| [CVE-2025-55267](https://nvd.nist.gov/vuln/detail/CVE-2025-55267) | 5.7 | MEDIUM | CWE-434 | No | 0.0% | 3.99 | 2026-03-26 | HCL Aftermarket DPC is affected by Unrestricted File Upload vulnerability, allows attacker to upload and execute malicio... |
| [CVE-2025-55266](https://nvd.nist.gov/vuln/detail/CVE-2025-55266) | 5.9 | MEDIUM | CWE-384 | No | 0.0% | 4.13 | 2026-03-26 | HCL Aftermarket DPC is affected by Session Fixation which allows attacker to takeover the user's session and use it carr... |
| [CVE-2025-55265](https://nvd.nist.gov/vuln/detail/CVE-2025-55265) | 6.5 | MEDIUM | CWE-200 | No | 0.0% | 4.55 | 2026-03-26 | HCL Aftermarket DPC is affected by File Discovery which allows attacker could exploit this issue to read sensitive files... |
| [CVE-2025-41359](https://nvd.nist.gov/vuln/detail/CVE-2025-41359) | 8.5 | HIGH | CWE-428 | No | 0.0% | 5.95 | 2026-03-26 | Vulnerability related to an unquoted service path in Small HTTP Server 3.06.36, specifically affecting the executable lo... |
| [CVE-2025-41027](https://nvd.nist.gov/vuln/detail/CVE-2025-41027) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-03-26 | Reflected Cross Site Scripting (XSS) vulnerabilities in GDTaller. These vulnerabilities allows an attacker execute JavaS... |
| [CVE-2025-41026](https://nvd.nist.gov/vuln/detail/CVE-2025-41026) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-03-26 | Reflected Cross Site Scripting (XSS) vulnerabilities in GDTaller. These vulnerabilities allows an attacker execute JavaS... |
| [CVE-2025-41368](https://nvd.nist.gov/vuln/detail/CVE-2025-41368) | 8.7 | HIGH | CWE-22 | No | 0.0% | 6.09 | 2026-03-26 | Problem in the Small HTTP Server v3.06.36 service. An authenticated path traversal vulnerability in '/' allows remote us... |
| [CVE-2018-25210](https://nvd.nist.gov/vuln/detail/CVE-2018-25210) | 8.8 | HIGH | CWE-79 | No | 0.1% | 6.16 | 2026-03-26 | WebOfisi E-Ticaret 4.0 contains an SQL injection vulnerability in the 'urun' GET parameter of the endpoint that allows u... |
| [CVE-2018-25209](https://nvd.nist.gov/vuln/detail/CVE-2018-25209) | 8.8 | HIGH | CWE-89 | No | 0.3% | 6.17 | 2026-03-26 | OpenBiz Cubi Lite 3.0.8 contains a SQL injection vulnerability in the login form that allows unauthenticated attackers t... |
| [CVE-2018-25208](https://nvd.nist.gov/vuln/detail/CVE-2018-25208) | 8.8 | HIGH | CWE-89 | No | 0.1% | 6.16 | 2026-03-26 | qdPM 9.1 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information b... |
| [CVE-2018-25207](https://nvd.nist.gov/vuln/detail/CVE-2018-25207) | 7.1 | HIGH | CWE-89 | No | 0.1% | 4.97 | 2026-03-26 | Online Quiz Maker 1.0 contains SQL injection vulnerabilities in the catid and usern parameters that allow authenticated... |
| [CVE-2018-25206](https://nvd.nist.gov/vuln/detail/CVE-2018-25206) | 8.8 | HIGH | CWE-89 | No | 0.0% | 6.16 | 2026-03-26 | KomSeo Cart 1.3 contains an SQL injection vulnerability that allows attackers to inject SQL commands through the 'my_ite... |
| [CVE-2018-25205](https://nvd.nist.gov/vuln/detail/CVE-2018-25205) | 8.8 | HIGH | CWE-89 | No | 0.1% | 6.16 | 2026-03-26 | ASP.NET jVideo Kit 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL comma... |
| [CVE-2018-25204](https://nvd.nist.gov/vuln/detail/CVE-2018-25204) | 8.8 | HIGH | CWE-89 | No | 0.4% | 6.17 | 2026-03-26 | Library CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication b... |
| [CVE-2018-25203](https://nvd.nist.gov/vuln/detail/CVE-2018-25203) | 8.8 | HIGH | CWE-89 | No | 0.1% | 6.16 | 2026-03-26 | Online Store System CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate... |
| [CVE-2018-25202](https://nvd.nist.gov/vuln/detail/CVE-2018-25202) | 8.8 | HIGH | CWE-89 | No | 0.0% | 6.16 | 2026-03-26 | SAT CFDI 3.3 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting S... |
| [CVE-2018-25201](https://nvd.nist.gov/vuln/detail/CVE-2018-25201) | 7.1 | HIGH | CWE-89 | No | 0.1% | 4.97 | 2026-03-26 | School Management System CMS 1.0 contains an SQL injection vulnerability in the admin login functionality that allows at... |
| [CVE-2018-25195](https://nvd.nist.gov/vuln/detail/CVE-2018-25195) | 8.8 | HIGH | CWE-89 | No | 0.4% | 6.17 | 2026-03-26 | Wecodex Hotel CMS 1.0 contains an SQL injection vulnerability in the admin login functionality that allows unauthenticat... |
| [CVE-2018-25185](https://nvd.nist.gov/vuln/detail/CVE-2018-25185) | 8.8 | HIGH | CWE-89 | No | 0.1% | 6.16 | 2026-03-26 | Wecodex Restaurant CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate d... |
| [CVE-2018-25183](https://nvd.nist.gov/vuln/detail/CVE-2018-25183) | 8.8 | HIGH | CWE-89 | No | 0.4% | 6.17 | 2026-03-26 | Shipping System CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authenti... |
| [CVE-2026-4809](https://nvd.nist.gov/vuln/detail/CVE-2026-4809) | 9.3 | CRITICAL | CWE-434 | No | 0.5% | 6.53 | 2026-03-26 | plank/laravel-mediable through version 6.4.0 can allow upload of a dangerous file type when an application using the pac... |
| [CVE-2026-4274](https://nvd.nist.gov/vuln/detail/CVE-2026-4274) | 5.4 | MEDIUM | CWE-863 | No | 0.0% | 3.78 | 2026-03-26 | Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 11.4.0, 11.3.x <= 11.3.1 fail to restrict team-leve... |
| [CVE-2026-24068](https://nvd.nist.gov/vuln/detail/CVE-2026-24068) | 8.8 | HIGH | CWE-306 | No | 0.0% | 6.16 | 2026-03-26 | The VSL privileged helper does utilize NSXPC for IPC. The implementation of the "shouldAcceptNewConnection" function, wh... |
| [CVE-2026-4862](https://nvd.nist.gov/vuln/detail/CVE-2026-4862) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-03-26 | A security vulnerability has been detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the functio... |
| [CVE-2026-4262](https://nvd.nist.gov/vuln/detail/CVE-2026-4262) | 6.9 | MEDIUM | CWE-863 | No | 0.1% | 4.83 | 2026-03-26 | Vulnerability of incorrect authorization in HiJiffy Chatbot allows an attacker to download private messages from other u... |
| [CVE-2026-4861](https://nvd.nist.gov/vuln/detail/CVE-2026-4861) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-03-26 | A weakness has been identified in Wavlink WL-NU516U1 260227. This vulnerability affects the function ftext of the file /... |
| [CVE-2026-4860](https://nvd.nist.gov/vuln/detail/CVE-2026-4860) | 6.9 | MEDIUM | CWE-20 | No | 0.0% | 4.83 | 2026-03-26 | A security flaw has been discovered in 648540858 wvp-GB28181-pro up to 2.7.4. This affects the function GenericFastJsonR... |
| [CVE-2026-4874](https://nvd.nist.gov/vuln/detail/CVE-2026-4874) | 3.1 | LOW | CWE-918 | No | 0.0% | 2.17 | 2026-03-26 | A flaw was found in Keycloak. An authenticated attacker can perform Server-Side Request Forgery (SSRF) by manipulating t... |
| [CVE-2026-4850](https://nvd.nist.gov/vuln/detail/CVE-2026-4850) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-26 | A security flaw has been discovered in code-projects Simple Laundry System 1.0. Affected is an unknown function of the f... |
| [CVE-2026-4849](https://nvd.nist.gov/vuln/detail/CVE-2026-4849) | 5.3 | MEDIUM | CWE-79 | No | 0.0% | 3.71 | 2026-03-26 | A vulnerability was identified in code-projects Simple Laundry System 1.0. This impacts an unknown function of the file... |
| [CVE-2026-4848](https://nvd.nist.gov/vuln/detail/CVE-2026-4848) | 5.3 | MEDIUM | CWE-79 | No | 0.0% | 3.71 | 2026-03-26 | A vulnerability was determined in dameng100 muucmf 1.9.5.20260309. This affects an unknown function of the file /admin/e... |
| [CVE-2026-4847](https://nvd.nist.gov/vuln/detail/CVE-2026-4847) | 5.3 | MEDIUM | CWE-79 | No | 0.0% | 3.71 | 2026-03-26 | A vulnerability was found in dameng100 muucmf 1.9.5.20260309. The impacted element is an unknown function of the file /a... |
| [CVE-2026-32680](https://nvd.nist.gov/vuln/detail/CVE-2026-32680) | 8.5 | HIGH | CWE-276 | No | 0.0% | 5.95 | 2026-03-26 | The installer of RATOC RAID Monitoring Manager for Windows allows to customize the installation folder. If the installat... |
| [CVE-2026-28760](https://nvd.nist.gov/vuln/detail/CVE-2026-28760) | 8.4 | HIGH | CWE-427 | No | 0.0% | 5.88 | 2026-03-26 | The installer of RATOC RAID Monitoring Manager for Windows searches the current directory to load certain DLLs. If a use... |
| [CVE-2026-1890](https://nvd.nist.gov/vuln/detail/CVE-2026-1890) | 5.3 | MEDIUM | N/A | No | 0.1% | 3.71 | 2026-03-26 | The LeadConnector WordPress plugin before 3.0.22 does not have authorization in a REST route, allowing unauthenticated u... |
| [CVE-2026-1430](https://nvd.nist.gov/vuln/detail/CVE-2026-1430) | 4.8 | MEDIUM | N/A | No | 0.0% | 3.36 | 2026-03-26 | The WP Lightbox 2 WordPress plugin before 3.0.7 does not sanitise and escape some of its settings, which could allow hig... |
| [CVE-2025-15488](https://nvd.nist.gov/vuln/detail/CVE-2025-15488) | 6.5 | MEDIUM | N/A | No | 0.1% | 4.55 | 2026-03-26 | The Responsive Plus  WordPress plugin before 3.4.3 is vulnerable to arbitrary shortcode execution due to the software al... |
| [CVE-2025-15433](https://nvd.nist.gov/vuln/detail/CVE-2025-15433) | 6.8 | MEDIUM | N/A | No | 0.1% | 4.76 | 2026-03-26 | The Shared Files  WordPress plugin before 1.7.58 allows users with a role as low as Contributor to download any file on... |
| [CVE-2026-4846](https://nvd.nist.gov/vuln/detail/CVE-2026-4846) | 5.3 | MEDIUM | CWE-79 | No | 0.0% | 3.71 | 2026-03-26 | A vulnerability has been found in dameng100 muucmf 1.9.5.20260309. The affected element is an unknown function of the fi... |
| [CVE-2026-4845](https://nvd.nist.gov/vuln/detail/CVE-2026-4845) | 5.3 | MEDIUM | CWE-79 | No | 0.0% | 3.71 | 2026-03-26 | A flaw has been found in dameng100 muucmf 1.9.5.20260309. Impacted is an unknown function of the file /admin/Member/inde... |
| [CVE-2026-1206](https://nvd.nist.gov/vuln/detail/CVE-2026-1206) | 4.3 | MEDIUM | CWE-639 | No | 0.0% | 3.01 | 2026-03-26 | The Elementor Website Builder plugin for WordPress is vulnerable to Incorrect Authorization to Sensitive Information Exp... |
| [CVE-2026-4844](https://nvd.nist.gov/vuln/detail/CVE-2026-4844) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-26 | A vulnerability was detected in code-projects Online Food Ordering System 1.0. This issue affects some unknown processin... |
| [CVE-2026-4842](https://nvd.nist.gov/vuln/detail/CVE-2026-4842) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-26 | A security vulnerability has been detected in itsourcecode Online Enrollment System 1.0. This vulnerability affects unkn... |
| [CVE-2026-4841](https://nvd.nist.gov/vuln/detail/CVE-2026-4841) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-26 | A weakness has been identified in code-projects Online Food Ordering System 1.0. This affects an unknown part of the fil... |
| [CVE-2026-4840](https://nvd.nist.gov/vuln/detail/CVE-2026-4840) | 7.4 | HIGH | CWE-77 | No | 0.2% | 5.19 | 2026-03-26 | A security flaw has been discovered in Netcore Power 15AX up to 3.0.0.6938. Affected by this issue is the function setTo... |
| [CVE-2026-4389](https://nvd.nist.gov/vuln/detail/CVE-2026-4389) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-03-26 | The DSGVO snippet for Leaflet Map and its Extensions plugin for WordPress is vulnerable to Stored Cross-Site Scripting v... |
| [CVE-2026-4331](https://nvd.nist.gov/vuln/detail/CVE-2026-4331) | 4.3 | MEDIUM | CWE-862 | No | 0.0% | 3.01 | 2026-03-26 | The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthorized data loss in all... |
| [CVE-2026-4329](https://nvd.nist.gov/vuln/detail/CVE-2026-4329) | 7.2 | HIGH | CWE-79 | No | 0.2% | 5.04 | 2026-03-26 | The Blackhole for Bad Bots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the User-Agent HTTP hea... |
| [CVE-2026-4281](https://nvd.nist.gov/vuln/detail/CVE-2026-4281) | 5.3 | MEDIUM | CWE-862 | No | 0.2% | 3.72 | 2026-03-26 | The FormLift for Infusionsoft Web Forms plugin for WordPress is vulnerable to Missing Authorization in all versions up t... |
| [CVE-2026-4278](https://nvd.nist.gov/vuln/detail/CVE-2026-4278) | 6.4 | MEDIUM | CWE-79 | No | 0.1% | 4.48 | 2026-03-26 | The Simple Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sdc_menu' shortco... |
| [CVE-2026-33201](https://nvd.nist.gov/vuln/detail/CVE-2026-33201) | 7.0 | HIGH | CWE-489 | No | 0.0% | 4.90 | 2026-03-26 | Digital Photo Frame GH-WDF10A provided by GREEN HOUSE CO., LTD. contains an active debug code vulnerability. If this vul... |
| [CVE-2026-2931](https://nvd.nist.gov/vuln/detail/CVE-2026-2931) | 8.8 | HIGH | CWE-269 | No | 0.0% | 6.16 | 2026-03-26 | The Amelia Booking plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and includ... |
| [CVE-2026-4839](https://nvd.nist.gov/vuln/detail/CVE-2026-4839) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-26 | A vulnerability has been found in SourceCodester Food Ordering System 1.0. This affects an unknown function of the file... |
| [CVE-2026-4838](https://nvd.nist.gov/vuln/detail/CVE-2026-4838) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-26 | A flaw has been found in SourceCodester Malawi Online Market 1.0. The impacted element is an unknown function of the fil... |
| [CVE-2026-4335](https://nvd.nist.gov/vuln/detail/CVE-2026-4335) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-26 | The ShortPixel Image Optimizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the attachment post... |
| [CVE-2026-4075](https://nvd.nist.gov/vuln/detail/CVE-2026-4075) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-03-26 | The BWL Advanced FAQ Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'baf_sbox' s... |
| [CVE-2026-3328](https://nvd.nist.gov/vuln/detail/CVE-2026-3328) | 7.2 | HIGH | CWE-502 | No | 0.5% | 5.06 | 2026-03-26 | The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to PHP Object Injection via deserialization of the '... |
| [CVE-2026-1986](https://nvd.nist.gov/vuln/detail/CVE-2026-1986) | 6.1 | MEDIUM | CWE-79 | No | 0.1% | 4.27 | 2026-03-26 | The FloristPress for Woo – Customize your eCommerce store for your Florist plugin for WordPress is vulnerable to Reflect... |
| [CVE-2026-4836](https://nvd.nist.gov/vuln/detail/CVE-2026-4836) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-03-26 | A vulnerability was detected in code-projects Accounting System 1.0. The affected element is an unknown function of the... |
| [CVE-2026-4835](https://nvd.nist.gov/vuln/detail/CVE-2026-4835) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-03-26 | A security vulnerability has been detected in code-projects Accounting System 1.0. Impacted is an unknown function of th... |
| [CVE-2026-4833](https://nvd.nist.gov/vuln/detail/CVE-2026-4833) | 4.8 | MEDIUM | CWE-404 | No | 0.0% | 3.36 | 2026-03-26 | A weakness has been identified in Orc discount up to 3.0.1.2. This issue affects the function compile of the file markdo... |
| [CVE-2026-4831](https://nvd.nist.gov/vuln/detail/CVE-2026-4831) | 6.3 | MEDIUM | CWE-287 | No | 0.1% | 4.41 | 2026-03-26 | A security flaw has been discovered in kalcaddle kodbox 1.64. Impacted is the function can of the file /workspace/source... |
| [CVE-2026-4484](https://nvd.nist.gov/vuln/detail/CVE-2026-4484) | 8.8 | HIGH | CWE-862 | No | 0.0% | 6.16 | 2026-03-26 | The Masteriyo LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.6... |
| [CVE-2026-4830](https://nvd.nist.gov/vuln/detail/CVE-2026-4830) | 6.3 | MEDIUM | CWE-284 | No | 0.1% | 4.41 | 2026-03-26 | A vulnerability was identified in kalcaddle kodbox 1.64. This issue affects the function Add of the file app/controller/... |
| [CVE-2026-33942](https://nvd.nist.gov/vuln/detail/CVE-2026-33942) | 8.1 | HIGH | CWE-502 | No | 0.4% | 5.68 | 2026-03-26 | Saloon is a PHP library that gives users tools to build API integrations and SDKs. Versions prior to 4.0.0 used PHP's un... |
| [CVE-2026-33526](https://nvd.nist.gov/vuln/detail/CVE-2026-33526) | 9.2 | CRITICAL | CWE-416 | No | 1.7% | 6.49 | 2026-03-26 | Squid is a caching proxy for the Web. Prior to version 7.5, due to heap Use-After-Free, Squid is vulnerable to Denial of... |
| [CVE-2026-33515](https://nvd.nist.gov/vuln/detail/CVE-2026-33515) | 6.9 | MEDIUM | CWE-125 | No | 0.2% | 4.83 | 2026-03-26 | Squid is a caching proxy for the Web. Prior to version 7.5, due to improper input validation, Squid is vulnerable to out... |
| [CVE-2026-33287](https://nvd.nist.gov/vuln/detail/CVE-2026-33287) | 7.5 | HIGH | CWE-20 | No | 0.1% | 5.25 | 2026-03-26 | LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, the `repla... |
| [CVE-2026-33285](https://nvd.nist.gov/vuln/detail/CVE-2026-33285) | 7.5 | HIGH | CWE-20 | No | 0.1% | 5.25 | 2026-03-26 | LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, LiquidJS's... |
| [CVE-2026-33183](https://nvd.nist.gov/vuln/detail/CVE-2026-33183) | 8.0 | HIGH | CWE-22 | No | 0.0% | 5.60 | 2026-03-26 | Saloon is a PHP library that gives users tools to build API integrations and SDKs. Prior to version 4.0.0, fixture names... |
| [CVE-2026-33182](https://nvd.nist.gov/vuln/detail/CVE-2026-33182) | 6.6 | MEDIUM | CWE-522 | No | 0.0% | 4.62 | 2026-03-26 | Saloon is a PHP library that gives users tools to build API integrations and SDKs. Prior to version 4.0.0, when building... |
| [CVE-2026-32748](https://nvd.nist.gov/vuln/detail/CVE-2026-32748) | 8.7 | HIGH | CWE-413 | No | 1.3% | 6.13 | 2026-03-26 | Squid is a caching proxy for the Web. Prior to version 7.5, due to premature release of resource during expected lifetim... |
| [CVE-2026-4826](https://nvd.nist.gov/vuln/detail/CVE-2026-4826) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-03-26 | A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code... |
| [CVE-2026-4758](https://nvd.nist.gov/vuln/detail/CVE-2026-4758) | 8.8 | HIGH | CWE-22 | No | 0.3% | 6.17 | 2026-03-26 | The WP Job Portal plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation... |
| [CVE-2026-34056](https://nvd.nist.gov/vuln/detail/CVE-2026-34056) | 7.7 | HIGH | CWE-285 | No | 0.0% | 5.39 | 2026-03-26 | OpenEMR is a free and open source electronic health records and medical practice management application. A Broken Access... |
| [CVE-2026-34055](https://nvd.nist.gov/vuln/detail/CVE-2026-34055) | 8.1 | HIGH | CWE-639 | No | 0.0% | 5.67 | 2026-03-26 | OpenEMR is a free and open source electronic health records and medical practice management application. Prior to versio... |
| [CVE-2026-34053](https://nvd.nist.gov/vuln/detail/CVE-2026-34053) | 7.1 | HIGH | CWE-862 | No | 0.0% | 4.97 | 2026-03-26 | OpenEMR is a free and open source electronic health records and medical practice management application. Prior to versio... |
| [CVE-2026-34051](https://nvd.nist.gov/vuln/detail/CVE-2026-34051) | 5.4 | MEDIUM | CWE-285 | No | 0.0% | 3.78 | 2026-03-26 | OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior... |
| [CVE-2026-33934](https://nvd.nist.gov/vuln/detail/CVE-2026-33934) | 4.3 | MEDIUM | CWE-639 | No | 0.0% | 3.01 | 2026-03-26 | OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior... |
| [CVE-2026-33933](https://nvd.nist.gov/vuln/detail/CVE-2026-33933) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-03-26 | OpenEMR is a free and open source electronic health records and medical practice management application. Starting in ver... |
| [CVE-2026-33932](https://nvd.nist.gov/vuln/detail/CVE-2026-33932) | 7.6 | HIGH | CWE-79 | No | 0.0% | 5.32 | 2026-03-26 | OpenEMR is a free and open source electronic health records and medical practice management application. Prior to versio... |
| [CVE-2026-33931](https://nvd.nist.gov/vuln/detail/CVE-2026-33931) | 6.5 | MEDIUM | CWE-639 | No | 0.0% | 4.55 | 2026-03-26 | OpenEMR is a free and open source electronic health records and medical practice management application. Prior to versio... |
| [CVE-2026-33918](https://nvd.nist.gov/vuln/detail/CVE-2026-33918) | 7.6 | HIGH | CWE-862 | No | 0.0% | 5.32 | 2026-03-26 | OpenEMR is a free and open source electronic health records and medical practice management application. Prior to versio... |
| [CVE-2026-33917](https://nvd.nist.gov/vuln/detail/CVE-2026-33917) | 8.8 | HIGH | CWE-89 | No | 0.0% | 6.16 | 2026-03-26 | OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior... |
| [CVE-2026-33915](https://nvd.nist.gov/vuln/detail/CVE-2026-33915) | 5.4 | MEDIUM | CWE-862 | No | 0.0% | 3.78 | 2026-03-26 | OpenEMR is a free and open source electronic health records and medical practice management application. Prior to versio... |
| [CVE-2026-33914](https://nvd.nist.gov/vuln/detail/CVE-2026-33914) | 7.2 | HIGH | CWE-89 | No | 0.0% | 5.04 | 2026-03-26 | OpenEMR is a free and open source electronic health records and medical practice management application. Prior to versio... |
| [CVE-2026-30892](https://nvd.nist.gov/vuln/detail/CVE-2026-30892) | 0.0 | NONE | CWE-269 | No | 0.0% | 0.00 | 2026-03-26 | crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the  `crun exec` option... |
| [CVE-2026-4825](https://nvd.nist.gov/vuln/detail/CVE-2026-4825) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-03-25 | A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file /up... |
| [CVE-2026-33913](https://nvd.nist.gov/vuln/detail/CVE-2026-33913) | 7.7 | HIGH | CWE-611 | No | 0.1% | 5.39 | 2026-03-25 | OpenEMR is a free and open source electronic health records and medical practice management application. Prior to versio... |
| [CVE-2026-33912](https://nvd.nist.gov/vuln/detail/CVE-2026-33912) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-25 | OpenEMR is a free and open source electronic health records and medical practice management application. Prior to versio... |
| [CVE-2026-33911](https://nvd.nist.gov/vuln/detail/CVE-2026-33911) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-25 | OpenEMR is a free and open source electronic health records and medical practice management application. Prior to versio... |
| [CVE-2026-33910](https://nvd.nist.gov/vuln/detail/CVE-2026-33910) | 7.2 | HIGH | CWE-89 | No | 0.0% | 5.04 | 2026-03-25 | OpenEMR is a free and open source electronic health records and medical practice management application. Versions up to... |
| [CVE-2026-33909](https://nvd.nist.gov/vuln/detail/CVE-2026-33909) | 5.9 | MEDIUM | CWE-89 | No | 0.0% | 4.13 | 2026-03-25 | OpenEMR is a free and open source electronic health records and medical practice management application. Prior to versio... |
| [CVE-2026-33348](https://nvd.nist.gov/vuln/detail/CVE-2026-33348) | 8.7 | HIGH | CWE-79 | No | 0.1% | 6.09 | 2026-03-25 | OpenEMR is a free and open source electronic health records and medical practice management application. Users with the... |
| [CVE-2026-32120](https://nvd.nist.gov/vuln/detail/CVE-2026-32120) | 6.5 | MEDIUM | CWE-639 | No | 0.0% | 4.55 | 2026-03-25 | OpenEMR is a free and open source electronic health records and medical practice management application. Prior to versio... |
| [CVE-2026-29187](https://nvd.nist.gov/vuln/detail/CVE-2026-29187) | 8.1 | HIGH | CWE-89 | No | 0.0% | 5.67 | 2026-03-25 | OpenEMR is a free and open source electronic health records and medical practice management application. Prior to versio... |
| [CVE-2025-2535](https://nvd.nist.gov/vuln/detail/CVE-2025-2535) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-03-25 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. |
| [CVE-2026-4824](https://nvd.nist.gov/vuln/detail/CVE-2026-4824) | 7.3 | HIGH | CWE-266 | No | 0.0% | 5.11 | 2026-03-25 | A vulnerability has been found in Enter Software Iperius Backup up to 8.7.3. Affected by this issue is some unknown func... |
| [CVE-2026-4823](https://nvd.nist.gov/vuln/detail/CVE-2026-4823) | 2.0 | LOW | CWE-200 | No | 0.0% | 1.40 | 2026-03-25 | A flaw has been found in Enter Software Iperius Backup up to 8.7.3. Affected by this vulnerability is an unknown functio... |
| [CVE-2025-36187](https://nvd.nist.gov/vuln/detail/CVE-2025-36187) | 4.4 | MEDIUM | CWE-532 | No | 0.0% | 3.08 | 2026-03-25 | IBM Knowledge Catalog Standard Cartridge 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.1, 5.1.1, 5,1.2, 5.1.3, 5.2.0, 5.2.1 stores poten... |
| [CVE-2025-14684](https://nvd.nist.gov/vuln/detail/CVE-2025-14684) | 4.0 | MEDIUM | CWE-117 | No | 0.0% | 2.80 | 2026-03-25 | IBM Maximo Application Suite - Monitor Component 9.1, 9.0, 8.11, and 8.10 could allow an unauthorized user to inject dat... |
| [CVE-2026-4822](https://nvd.nist.gov/vuln/detail/CVE-2026-4822) | 7.3 | HIGH | CWE-377 | No | 0.0% | 5.11 | 2026-03-25 | A vulnerability was detected in Enter Software Iperius Backup up to 8.7.3. Affected is an unknown function of the file C... |
| [CVE-2026-33249](https://nvd.nist.gov/vuln/detail/CVE-2026-33249) | 4.3 | MEDIUM | CWE-863 | No | 0.0% | 3.01 | 2026-03-25 | NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Starting in version 2.11... |
| [CVE-2026-33248](https://nvd.nist.gov/vuln/detail/CVE-2026-33248) | 4.2 | MEDIUM | CWE-287 | No | 0.0% | 2.94 | 2026-03-25 | NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.1... |
| [CVE-2026-33223](https://nvd.nist.gov/vuln/detail/CVE-2026-33223) | 6.4 | MEDIUM | CWE-290 | No | 0.0% | 4.48 | 2026-03-25 | NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.1... |
| [CVE-2026-33222](https://nvd.nist.gov/vuln/detail/CVE-2026-33222) | 4.9 | MEDIUM | CWE-285 | No | 0.0% | 3.43 | 2026-03-25 | NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.1... |
| [CVE-2026-30976](https://nvd.nist.gov/vuln/detail/CVE-2026-30976) | 8.6 | HIGH | CWE-22 | No | 0.1% | 6.02 | 2026-03-25 | Sonarr is a PVR for Usenet and BitTorrent users. In versions on the 4.x branch prior to 4.0.17.2950, an unauthenticated... |
| [CVE-2026-30975](https://nvd.nist.gov/vuln/detail/CVE-2026-30975) | 8.1 | HIGH | CWE-290 | No | 0.1% | 5.67 | 2026-03-25 | Sonarr is a PVR for Usenet and BitTorrent users. Versions prior to 4.0.16.2942 have an authentication bypass that affect... |
| [CVE-2026-2485](https://nvd.nist.gov/vuln/detail/CVE-2026-2485) | 4.8 | MEDIUM | CWE-79 | No | 0.0% | 3.36 | 2026-03-25 | IBM Infosphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to stored cross-site scripting. This vulnerabi... |
| [CVE-2026-2484](https://nvd.nist.gov/vuln/detail/CVE-2026-2484) | 4.3 | MEDIUM | CWE-209 | No | 0.0% | 3.01 | 2026-03-25 | IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information exposure vulnerability caused... |
| [CVE-2026-2483](https://nvd.nist.gov/vuln/detail/CVE-2026-2483) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-25 | IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to cross-site scripting. This vulnerability al... |
| [CVE-2026-1561](https://nvd.nist.gov/vuln/detail/CVE-2026-1561) | 5.4 | MEDIUM | CWE-918 | No | 0.0% | 3.78 | 2026-03-25 | IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is vulnera... |
| [CVE-2026-1262](https://nvd.nist.gov/vuln/detail/CVE-2026-1262) | 4.3 | MEDIUM | CWE-209 | No | 0.0% | 3.01 | 2026-03-25 | IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability. |
| [CVE-2026-1015](https://nvd.nist.gov/vuln/detail/CVE-2026-1015) | 5.4 | MEDIUM | CWE-918 | No | 0.0% | 3.78 | 2026-03-25 | IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This ma... |
| [CVE-2026-1014](https://nvd.nist.gov/vuln/detail/CVE-2026-1014) | 6.5 | MEDIUM | CWE-319 | No | 0.0% | 4.55 | 2026-03-25 | IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to exposure of sensitive information via JSON... |
| [CVE-2025-64648](https://nvd.nist.gov/vuln/detail/CVE-2025-64648) | 5.9 | MEDIUM | CWE-319 | No | 0.0% | 4.13 | 2026-03-25 | IBM Concert 1.0.0 through 2.2.0 transmits data in clear text that could allow an attacker to obtain sensitive informatio... |
| [CVE-2025-64647](https://nvd.nist.gov/vuln/detail/CVE-2025-64647) | 5.9 | MEDIUM | CWE-1240 | No | 0.0% | 4.13 | 2026-03-25 | IBM Concert 1.0.0 through 2.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decry... |
| [CVE-2025-64646](https://nvd.nist.gov/vuln/detail/CVE-2025-64646) | 6.2 | MEDIUM | CWE-14 | No | 0.0% | 4.34 | 2026-03-25 | IBM Concert 1.0.0 through 2.2.0 could allow an attacker to access sensitive information in memory due to the buffer not... |
| [CVE-2025-36440](https://nvd.nist.gov/vuln/detail/CVE-2025-36440) | 5.1 | MEDIUM | CWE-522 | No | 0.0% | 3.57 | 2026-03-25 | IBM Concert 1.0.0 through 2.2.0 could allow a local user to obtain sensitive information due to missing function level a... |
| [CVE-2025-36438](https://nvd.nist.gov/vuln/detail/CVE-2025-36438) | 5.1 | MEDIUM | CWE-923 | No | 0.0% | 3.57 | 2026-03-25 | IBM Concert 1.0.0 through 2.2.0 could allow a privileged user to perform unauthorized actions due to improper restrictio... |
| [CVE-2025-36422](https://nvd.nist.gov/vuln/detail/CVE-2025-36422) | 4.3 | MEDIUM | CWE-352 | No | 0.0% | 3.01 | 2026-03-25 | IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 IBM InfoSphere DataStage Flow Designer is vulnerable to cros... |
| [CVE-2025-36258](https://nvd.nist.gov/vuln/detail/CVE-2025-36258) | 7.1 | HIGH | CWE-256 | No | 0.0% | 4.97 | 2026-03-25 | IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 product stores user credentials and other sensitive informat... |
| [CVE-2025-14974](https://nvd.nist.gov/vuln/detail/CVE-2025-14974) | 5.7 | MEDIUM | CWE-639 | No | 0.0% | 3.99 | 2026-03-25 | IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable due to Insecure Direct Object Reference (IDOR)... |
| [CVE-2025-14917](https://nvd.nist.gov/vuln/detail/CVE-2025-14917) | 6.7 | MEDIUM | CWE-1393 | No | 0.0% | 4.69 | 2026-03-25 | IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty could prov... |
| [CVE-2025-14915](https://nvd.nist.gov/vuln/detail/CVE-2025-14915) | 6.5 | MEDIUM | CWE-200 | No | 0.0% | 4.55 | 2026-03-25 | IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is affecte... |
| [CVE-2025-14912](https://nvd.nist.gov/vuln/detail/CVE-2025-14912) | 5.4 | MEDIUM | CWE-918 | No | 0.0% | 3.78 | 2026-03-25 | IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This ma... |
| [CVE-2025-14810](https://nvd.nist.gov/vuln/detail/CVE-2025-14810) | 6.3 | MEDIUM | CWE-613 | No | 0.0% | 4.41 | 2026-03-25 | IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 does not invalidate a session after privileges have been mod... |
| [CVE-2025-14808](https://nvd.nist.gov/vuln/detail/CVE-2025-14808) | 3.1 | LOW | CWE-598 | No | 0.0% | 2.17 | 2026-03-25 | IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information from... |
| [CVE-2025-14807](https://nvd.nist.gov/vuln/detail/CVE-2025-14807) | 6.5 | MEDIUM | CWE-644 | No | 0.0% | 4.55 | 2026-03-25 | IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to HTTP header injection, caused by improper v... |
| [CVE-2026-33247](https://nvd.nist.gov/vuln/detail/CVE-2026-33247) | 7.4 | HIGH | CWE-215 | No | 0.0% | 5.18 | 2026-03-25 | NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.1... |
| [CVE-2026-33246](https://nvd.nist.gov/vuln/detail/CVE-2026-33246) | 6.4 | MEDIUM | CWE-287 | No | 0.0% | 4.48 | 2026-03-25 | NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server offers a... |
| [CVE-2026-33219](https://nvd.nist.gov/vuln/detail/CVE-2026-33219) | 5.3 | MEDIUM | CWE-770 | No | 0.1% | 3.71 | 2026-03-25 | NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.1... |
| [CVE-2026-33218](https://nvd.nist.gov/vuln/detail/CVE-2026-33218) | 7.5 | HIGH | CWE-20 | No | 0.2% | 5.25 | 2026-03-25 | NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.1... |
| [CVE-2026-33217](https://nvd.nist.gov/vuln/detail/CVE-2026-33217) | 7.1 | HIGH | CWE-863 | No | 0.0% | 4.97 | 2026-03-25 | NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.1... |
| [CVE-2026-33216](https://nvd.nist.gov/vuln/detail/CVE-2026-33216) | 8.6 | HIGH | CWE-256 | No | 0.0% | 6.02 | 2026-03-25 | NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.1... |
| [CVE-2026-29785](https://nvd.nist.gov/vuln/detail/CVE-2026-29785) | 7.5 | HIGH | CWE-476 | No | 0.1% | 5.25 | 2026-03-25 | NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.1... |
| [CVE-2026-27889](https://nvd.nist.gov/vuln/detail/CVE-2026-27889) | 7.5 | HIGH | CWE-190 | No | 0.1% | 5.25 | 2026-03-25 | NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Starting in version 2.2.... |
| [CVE-2025-70888](https://nvd.nist.gov/vuln/detail/CVE-2025-70888) | 9.8 | CRITICAL | CWE-269 | No | 0.1% | 6.86 | 2026-03-25 | An issue in mtrojnar Osslsigncode affected at v2.10 and before allows a remote attacker to escalate privileges via the o... |
| [CVE-2025-14790](https://nvd.nist.gov/vuln/detail/CVE-2025-14790) | 6.5 | MEDIUM | CWE-522 | No | 0.0% | 4.55 | 2026-03-25 | IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information due... |
| [CVE-2025-12708](https://nvd.nist.gov/vuln/detail/CVE-2025-12708) | 6.2 | MEDIUM | CWE-798 | No | 0.0% | 4.34 | 2026-03-25 | IBM Concert 1.0.0 through 2.2.0 contains hard-coded credentials that could be obtained by a local user. |
| [CVE-2026-33809](https://nvd.nist.gov/vuln/detail/CVE-2026-33809) | 5.3 | MEDIUM | N/A | No | 0.0% | 3.71 | 2026-03-25 | A maliciously crafted TIFF file can cause image decoding to attempt to allocate up 4GiB of memory, causing either excess... |
| [CVE-2026-33751](https://nvd.nist.gov/vuln/detail/CVE-2026-33751) | 6.3 | MEDIUM | CWE-90 | No | 0.1% | 4.41 | 2026-03-25 | n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, a flaw in the LDAP n... |
| [CVE-2026-33749](https://nvd.nist.gov/vuln/detail/CVE-2026-33749) | 6.3 | MEDIUM | CWE-79 | No | 0.0% | 4.41 | 2026-03-25 | n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, an authenticated use... |
| [CVE-2026-33724](https://nvd.nist.gov/vuln/detail/CVE-2026-33724) | 6.3 | MEDIUM | CWE-639 | No | 0.0% | 4.41 | 2026-03-25 | n8n is an open source workflow automation platform. Prior to version 2.5.0, when the Source Control feature is configure... |
| [CVE-2026-33722](https://nvd.nist.gov/vuln/detail/CVE-2026-33722) | 7.3 | HIGH | CWE-863 | No | 0.0% | 5.11 | 2026-03-25 | n8n is an open source workflow automation platform. Prior to versions 2.6.4 and 1.123.23, an authenticated user without... |
| [CVE-2026-33720](https://nvd.nist.gov/vuln/detail/CVE-2026-33720) | 6.3 | MEDIUM | CWE-863 | No | 0.0% | 4.41 | 2026-03-25 | n8n is an open source workflow automation platform. Prior to version 2.8.0, when the `N8N_SKIP_AUTH_ON_OAUTH_CALLBACK` e... |
| [CVE-2026-27602](https://nvd.nist.gov/vuln/detail/CVE-2026-27602) | 7.2 | HIGH | CWE-78 | No | 0.1% | 5.04 | 2026-03-25 | Modoboa is a mail hosting and management platform. Prior to version 2.7.1, `exec_cmd()` in `modoboa/lib/sysutils.py` alw... |
| [CVE-2026-1001](https://nvd.nist.gov/vuln/detail/CVE-2026-1001) | 4.8 | MEDIUM | CWE-79 | No | 0.0% | 3.36 | 2026-03-25 | Domoticz versions prior to 2026.1 contain a stored cross-site scripting vulnerability in the Add Hardware and rename dev... |
| [CVE-2025-70952](https://nvd.nist.gov/vuln/detail/CVE-2025-70952) | 7.5 | HIGH | CWE-22 | No | 0.3% | 5.26 | 2026-03-25 | pf4j before 20c2f80 has a path traversal vulnerability in the extract() function of Unzip.java, where improper handling... |
| [CVE-2025-70887](https://nvd.nist.gov/vuln/detail/CVE-2025-70887) | 8.8 | HIGH | CWE-269 | No | 0.1% | 6.16 | 2026-03-25 | An issue in ralphje Signify before v.0.9.2 allows a remote attacker to escalate privileges via the signed_data.py and th... |
| [CVE-2026-33713](https://nvd.nist.gov/vuln/detail/CVE-2026-33713) | 8.7 | HIGH | CWE-89 | No | 0.0% | 6.09 | 2026-03-25 | n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26, an authenticated use... |
| [CVE-2026-33696](https://nvd.nist.gov/vuln/detail/CVE-2026-33696) | 9.4 | CRITICAL | CWE-1321 | No | 0.3% | 6.59 | 2026-03-25 | n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.27, an authenticated use... |
| [CVE-2026-33665](https://nvd.nist.gov/vuln/detail/CVE-2026-33665) | 8.8 | HIGH | CWE-287 | No | 0.0% | 6.16 | 2026-03-25 | n8n is an open source workflow automation platform. Prior to versions 2.4.0 and 1.121.0, when LDAP authentication is ena... |
| [CVE-2026-33663](https://nvd.nist.gov/vuln/detail/CVE-2026-33663) | 8.5 | HIGH | CWE-639 | No | 0.0% | 5.95 | 2026-03-25 | n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.27, an authenticated use... |
| [CVE-2026-33660](https://nvd.nist.gov/vuln/detail/CVE-2026-33660) | 9.4 | CRITICAL | CWE-94 | No | 0.1% | 6.58 | 2026-03-25 | n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26, an authenticated use... |
| [CVE-2026-30587](https://nvd.nist.gov/vuln/detail/CVE-2026-30587) | 8.7 | HIGH | CWE-79 | No | 0.0% | 6.09 | 2026-03-25 | Multiple Stored XSS vulnerabilities exist in Seafile Server version 13.0.15,13.0.16-pro,12.0.14 and prior and fixed in 1... |
| [CVE-2026-27496](https://nvd.nist.gov/vuln/detail/CVE-2026-27496) | 7.1 | HIGH | CWE-908 | No | 0.0% | 4.97 | 2026-03-25 | n8n is an open source workflow automation platform. Prior to versions 1.123.22, 2.9.3, and 2.10.1, an authenticated user... |
| [CVE-2025-67030](https://nvd.nist.gov/vuln/detail/CVE-2025-67030) | 8.8 | HIGH | CWE-22 | No | 0.2% | 6.17 | 2026-03-25 | Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before 6d... |
| [CVE-2026-3988](https://nvd.nist.gov/vuln/detail/CVE-2026-3988) | 7.5 | HIGH | CWE-407 | No | 0.1% | 5.25 | 2026-03-25 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.8.7, 18.9 before 18.9.3, and 1... |
| [CVE-2026-3857](https://nvd.nist.gov/vuln/detail/CVE-2026-3857) | 8.1 | HIGH | CWE-352 | No | 0.0% | 5.67 | 2026-03-25 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.8.7, 18.9 before 18.9.3, and... |
| [CVE-2026-34085](https://nvd.nist.gov/vuln/detail/CVE-2026-34085) | 5.9 | MEDIUM | CWE-193 | No | 0.0% | 4.13 | 2026-03-25 | fontconfig before 2.17.1 has an off-by-one error in allocation during sfnt capability handling, leading to a one-byte ou... |
| [CVE-2026-32573](https://nvd.nist.gov/vuln/detail/CVE-2026-32573) | 9.1 | CRITICAL | CWE-94 | No | 0.1% | 6.37 | 2026-03-25 | Improper Control of Generation of Code ('Code Injection') vulnerability in Nelio Software Nelio AB Testing nelio-ab-test... |
| [CVE-2026-32567](https://nvd.nist.gov/vuln/detail/CVE-2026-32567) | 6.8 | MEDIUM | CWE-22 | No | 0.1% | 4.76 | 2026-03-25 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in icopydoc YML for Yandex... |
| [CVE-2026-32562](https://nvd.nist.gov/vuln/detail/CVE-2026-32562) | 5.4 | MEDIUM | CWE-862 | No | 0.0% | 3.78 | 2026-03-25 | Missing Authorization vulnerability in WP Folio Team PPWP password-protect-page allows Exploiting Incorrectly Configured... |
| [CVE-2026-32546](https://nvd.nist.gov/vuln/detail/CVE-2026-32546) | 7.5 | HIGH | CWE-862 | No | 0.0% | 5.25 | 2026-03-25 | Missing Authorization vulnerability in StellarWP Restrict Content restrict-content allows Exploiting Incorrectly Configu... |
| [CVE-2026-32545](https://nvd.nist.gov/vuln/detail/CVE-2026-32545) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Taboola Taboola Pi... |
| [CVE-2026-32544](https://nvd.nist.gov/vuln/detail/CVE-2026-32544) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OOPSpam Team OOPSp... |
| [CVE-2026-32542](https://nvd.nist.gov/vuln/detail/CVE-2026-32542) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeFusion Fusion... |
| [CVE-2026-32541](https://nvd.nist.gov/vuln/detail/CVE-2026-32541) | 6.5 | MEDIUM | CWE-862 | No | 0.0% | 4.55 | 2026-03-25 | Missing Authorization vulnerability in Premmerce Premmerce Redirect Manager premmerce-redirect-manager allows Exploiting... |
| [CVE-2026-32540](https://nvd.nist.gov/vuln/detail/CVE-2026-32540) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bookly Bookly book... |
| [CVE-2026-32539](https://nvd.nist.gov/vuln/detail/CVE-2026-32539) | 9.3 | CRITICAL | CWE-89 | No | 0.0% | 6.51 | 2026-03-25 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PublishPress Publi... |
| [CVE-2026-32538](https://nvd.nist.gov/vuln/detail/CVE-2026-32538) | 7.5 | HIGH | CWE-201 | No | 0.0% | 5.25 | 2026-03-25 | Insertion of Sensitive Information Into Sent Data vulnerability in Noor Alam SMTP Mailer smtp-mailer allows Retrieve Emb... |
| [CVE-2026-32537](https://nvd.nist.gov/vuln/detail/CVE-2026-32537) | 7.5 | HIGH | CWE-98 | No | 0.1% | 5.25 | 2026-03-25 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-32536](https://nvd.nist.gov/vuln/detail/CVE-2026-32536) | 9.9 | CRITICAL | CWE-434 | No | 0.0% | 6.93 | 2026-03-25 | Unrestricted Upload of File with Dangerous Type vulnerability in halfdata Green Downloads halfdata-paypal-green-download... |
| [CVE-2026-32535](https://nvd.nist.gov/vuln/detail/CVE-2026-32535) | 6.5 | MEDIUM | CWE-639 | No | 0.0% | 4.55 | 2026-03-25 | Authorization Bypass Through User-Controlled Key vulnerability in JoomSky JS Help Desk js-support-ticket allows Exploiti... |
| [CVE-2026-32534](https://nvd.nist.gov/vuln/detail/CVE-2026-32534) | 8.5 | HIGH | CWE-89 | No | 0.0% | 5.95 | 2026-03-25 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoomSky JS Help De... |
| [CVE-2026-32533](https://nvd.nist.gov/vuln/detail/CVE-2026-32533) | 6.5 | MEDIUM | CWE-639 | No | 0.0% | 4.55 | 2026-03-25 | Authorization Bypass Through User-Controlled Key vulnerability in LatePoint LatePoint latepoint allows Exploiting Incorr... |
| [CVE-2026-32532](https://nvd.nist.gov/vuln/detail/CVE-2026-32532) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeHunk Contact... |
| [CVE-2026-32531](https://nvd.nist.gov/vuln/detail/CVE-2026-32531) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-25 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-32530](https://nvd.nist.gov/vuln/detail/CVE-2026-32530) | 8.8 | HIGH | CWE-266 | No | 0.0% | 6.16 | 2026-03-25 | Incorrect Privilege Assignment vulnerability in WPFunnels Creator LMS creatorlms allows Privilege Escalation.This issue... |
| [CVE-2026-32529](https://nvd.nist.gov/vuln/detail/CVE-2026-32529) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in don-themes Molla m... |
| [CVE-2026-32528](https://nvd.nist.gov/vuln/detail/CVE-2026-32528) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in don-themes Riode r... |
| [CVE-2026-32527](https://nvd.nist.gov/vuln/detail/CVE-2026-32527) | 6.5 | MEDIUM | CWE-862 | No | 0.1% | 4.55 | 2026-03-25 | Missing Authorization vulnerability in CRM Perks WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Nin... |
| [CVE-2026-32526](https://nvd.nist.gov/vuln/detail/CVE-2026-32526) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VillaTheme Abandon... |
| [CVE-2026-32525](https://nvd.nist.gov/vuln/detail/CVE-2026-32525) | 9.9 | CRITICAL | CWE-94 | No | 0.1% | 6.93 | 2026-03-25 | Improper Control of Generation of Code ('Code Injection') vulnerability in jetmonsters JetFormBuilder jetformbuilder all... |
| [CVE-2026-32524](https://nvd.nist.gov/vuln/detail/CVE-2026-32524) | 9.1 | CRITICAL | CWE-434 | No | 0.1% | 6.37 | 2026-03-25 | Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow Photo Engine wplr-sync allows Upload a Web S... |
| [CVE-2026-32523](https://nvd.nist.gov/vuln/detail/CVE-2026-32523) | 9.9 | CRITICAL | CWE-434 | No | 0.0% | 6.93 | 2026-03-25 | Unrestricted Upload of File with Dangerous Type vulnerability in denishua WPJAM Basic wpjam-basic allows Using Malicious... |
| [CVE-2026-32522](https://nvd.nist.gov/vuln/detail/CVE-2026-32522) | 8.6 | HIGH | CWE-22 | No | 0.1% | 6.02 | 2026-03-25 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish WooCommerce Sup... |
| [CVE-2026-32521](https://nvd.nist.gov/vuln/detail/CVE-2026-32521) | 6.5 | MEDIUM | CWE-79 | No | 0.0% | 4.55 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Northern Beaches W... |
| [CVE-2026-32520](https://nvd.nist.gov/vuln/detail/CVE-2026-32520) | 9.8 | CRITICAL | CWE-266 | No | 0.1% | 6.86 | 2026-03-25 | Incorrect Privilege Assignment vulnerability in Andrew Munro / AffiliateWP RewardsWP rewardswp allows Privilege Escalati... |
| [CVE-2026-32519](https://nvd.nist.gov/vuln/detail/CVE-2026-32519) | 9.0 | CRITICAL | CWE-266 | No | 0.1% | 6.30 | 2026-03-25 | Incorrect Privilege Assignment vulnerability in Bit Apps Bit SMTP bit-smtp allows Privilege Escalation.This issue affect... |
| [CVE-2026-32518](https://nvd.nist.gov/vuln/detail/CVE-2026-32518) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in imithemes Gaea gae... |
| [CVE-2026-32517](https://nvd.nist.gov/vuln/detail/CVE-2026-32517) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kleor Contact Mana... |
| [CVE-2026-32516](https://nvd.nist.gov/vuln/detail/CVE-2026-32516) | 8.5 | HIGH | CWE-89 | No | 0.0% | 5.95 | 2026-03-25 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav Mirac... |
| [CVE-2026-32515](https://nvd.nist.gov/vuln/detail/CVE-2026-32515) | 7.5 | HIGH | CWE-862 | No | 0.0% | 5.25 | 2026-03-25 | Missing Authorization vulnerability in kamleshyadav Miraculous miraculous allows Exploiting Incorrectly Configured Acces... |
| [CVE-2026-32514](https://nvd.nist.gov/vuln/detail/CVE-2026-32514) | 6.5 | MEDIUM | CWE-862 | No | 0.0% | 4.55 | 2026-03-25 | Missing Authorization vulnerability in Anton Voytenko Petitioner petitioner allows Exploiting Incorrectly Configured Acc... |
| [CVE-2026-32513](https://nvd.nist.gov/vuln/detail/CVE-2026-32513) | 8.8 | HIGH | CWE-502 | No | 0.1% | 6.16 | 2026-03-25 | Deserialization of Untrusted Data vulnerability in Miguel Useche JS Archive List jquery-archive-list-widget allows Objec... |
| [CVE-2026-32512](https://nvd.nist.gov/vuln/detail/CVE-2026-32512) | 9.8 | CRITICAL | CWE-502 | No | 0.1% | 6.86 | 2026-03-25 | Deserialization of Untrusted Data vulnerability in Edge-Themes Pelicula pelicula-video-production-and-movie-theme allows... |
| [CVE-2026-32511](https://nvd.nist.gov/vuln/detail/CVE-2026-32511) | 5.4 | MEDIUM | CWE-502 | No | 0.1% | 3.78 | 2026-03-25 | Deserialization of Untrusted Data vulnerability in Mikado-Themes Stål stal allows Object Injection.This issue affects St... |
| [CVE-2026-32510](https://nvd.nist.gov/vuln/detail/CVE-2026-32510) | 5.4 | MEDIUM | CWE-502 | No | 0.1% | 3.78 | 2026-03-25 | Deserialization of Untrusted Data vulnerability in Edge-Themes Kamperen kamperen allows Object Injection.This issue affe... |
| [CVE-2026-32509](https://nvd.nist.gov/vuln/detail/CVE-2026-32509) | 5.4 | MEDIUM | CWE-502 | No | 0.1% | 3.78 | 2026-03-25 | Deserialization of Untrusted Data vulnerability in Edge-Themes Gracey gracey allows Object Injection.This issue affects... |
| [CVE-2026-32508](https://nvd.nist.gov/vuln/detail/CVE-2026-32508) | 5.4 | MEDIUM | CWE-502 | No | 0.1% | 3.78 | 2026-03-25 | Deserialization of Untrusted Data vulnerability in Mikado-Themes Halstein halstein allows Object Injection.This issue af... |
| [CVE-2026-32507](https://nvd.nist.gov/vuln/detail/CVE-2026-32507) | 5.4 | MEDIUM | CWE-502 | No | 0.1% | 3.78 | 2026-03-25 | Deserialization of Untrusted Data vulnerability in Elated-Themes Leroux leroux allows Object Injection.This issue affect... |
| [CVE-2026-32506](https://nvd.nist.gov/vuln/detail/CVE-2026-32506) | 5.4 | MEDIUM | CWE-502 | No | 0.1% | 3.78 | 2026-03-25 | Deserialization of Untrusted Data vulnerability in Edge-Themes Archicon archicon allows Object Injection.This issue affe... |
| [CVE-2026-32505](https://nvd.nist.gov/vuln/detail/CVE-2026-32505) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-25 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-32504](https://nvd.nist.gov/vuln/detail/CVE-2026-32504) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-25 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-32503](https://nvd.nist.gov/vuln/detail/CVE-2026-32503) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-25 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-32502](https://nvd.nist.gov/vuln/detail/CVE-2026-32502) | 9.8 | CRITICAL | CWE-502 | No | 0.1% | 6.86 | 2026-03-25 | Deserialization of Untrusted Data vulnerability in Select-Themes Borgholm borgholm-marketing-agency-theme allows Object... |
| [CVE-2026-32501](https://nvd.nist.gov/vuln/detail/CVE-2026-32501) | 7.1 | HIGH | CWE-862 | No | 0.0% | 4.97 | 2026-03-25 | Missing Authorization vulnerability in wp-configurator WP Configurator Pro wp-configurator-pro allows Exploiting Incorre... |
| [CVE-2026-32500](https://nvd.nist.gov/vuln/detail/CVE-2026-32500) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-25 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-32499](https://nvd.nist.gov/vuln/detail/CVE-2026-32499) | 9.3 | CRITICAL | CWE-89 | No | 0.0% | 6.51 | 2026-03-25 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in QuantumCloud ChatB... |
| [CVE-2026-32498](https://nvd.nist.gov/vuln/detail/CVE-2026-32498) | 7.5 | HIGH | CWE-862 | No | 0.0% | 5.25 | 2026-03-25 | Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-mana... |
| [CVE-2026-32497](https://nvd.nist.gov/vuln/detail/CVE-2026-32497) | 5.3 | MEDIUM | CWE-1390 | No | 0.0% | 3.71 | 2026-03-25 | Weak Authentication vulnerability in PickPlugins User Verification user-verification allows Authentication Abuse.This is... |
| [CVE-2026-32496](https://nvd.nist.gov/vuln/detail/CVE-2026-32496) | 6.7 | MEDIUM | CWE-22 | No | 0.1% | 4.69 | 2026-03-25 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in NYSL Spam Protect for Co... |
| [CVE-2026-32495](https://nvd.nist.gov/vuln/detail/CVE-2026-32495) | 7.5 | HIGH | CWE-862 | No | 0.0% | 5.25 | 2026-03-25 | Missing Authorization vulnerability in Link Software LLC WP Terms Popup wp-terms-popup allows Exploiting Incorrectly Con... |
| [CVE-2026-32494](https://nvd.nist.gov/vuln/detail/CVE-2026-32494) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Image Slid... |
| [CVE-2026-32493](https://nvd.nist.gov/vuln/detail/CVE-2026-32493) | 0.0 | NONE | CWE-79 | No | 0.0% | 0.00 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eyecix JobSearch w... |
| [CVE-2026-32492](https://nvd.nist.gov/vuln/detail/CVE-2026-32492) | 5.3 | MEDIUM | CWE-290 | No | 0.0% | 3.71 | 2026-03-25 | Authentication Bypass by Spoofing vulnerability in Joe Dolson My Tickets my-tickets allows Identity Spoofing.This issue... |
| [CVE-2026-32491](https://nvd.nist.gov/vuln/detail/CVE-2026-32491) | 6.5 | MEDIUM | CWE-79 | No | 0.0% | 4.55 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jgwhite33 WP Revie... |
| [CVE-2026-32490](https://nvd.nist.gov/vuln/detail/CVE-2026-32490) | 6.5 | MEDIUM | CWE-79 | No | 0.0% | 4.55 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jgwhite33 WP TripA... |
| [CVE-2026-32489](https://nvd.nist.gov/vuln/detail/CVE-2026-32489) | 6.5 | MEDIUM | CWE-862 | No | 0.1% | 4.55 | 2026-03-25 | Missing Authorization vulnerability in bPlugins B Blocks b-blocks allows Exploiting Incorrectly Configured Access Contro... |
| [CVE-2026-32488](https://nvd.nist.gov/vuln/detail/CVE-2026-32488) | 8.1 | HIGH | CWE-266 | No | 0.1% | 5.67 | 2026-03-25 | Incorrect Privilege Assignment vulnerability in wpeverest User Registration user-registration allows Privilege Escalatio... |
| [CVE-2026-32485](https://nvd.nist.gov/vuln/detail/CVE-2026-32485) | 7.5 | HIGH | CWE-862 | No | 0.0% | 5.25 | 2026-03-25 | Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured... |
| [CVE-2026-32484](https://nvd.nist.gov/vuln/detail/CVE-2026-32484) | 8.8 | HIGH | CWE-502 | No | 0.1% | 6.16 | 2026-03-25 | Deserialization of Untrusted Data vulnerability in BoldGrid weForms weforms allows Object Injection.This issue affects w... |
| [CVE-2026-32483](https://nvd.nist.gov/vuln/detail/CVE-2026-32483) | 6.5 | MEDIUM | CWE-862 | No | 0.0% | 4.55 | 2026-03-25 | Missing Authorization vulnerability in codepeople Contact Form Email contact-form-to-email allows Exploiting Incorrectly... |
| [CVE-2026-32482](https://nvd.nist.gov/vuln/detail/CVE-2026-32482) | 9.9 | CRITICAL | CWE-434 | No | 0.0% | 6.93 | 2026-03-25 | Unrestricted Upload of File with Dangerous Type vulnerability in deothemes Ona ona allows Upload a Web Shell to a Web Se... |
| [CVE-2026-32441](https://nvd.nist.gov/vuln/detail/CVE-2026-32441) | 7.7 | HIGH | CWE-862 | No | 0.0% | 5.39 | 2026-03-25 | Missing Authorization vulnerability in WebToffee Comments Import & Export comments-import-export-woocommerce allows Expl... |
| [CVE-2026-31921](https://nvd.nist.gov/vuln/detail/CVE-2026-31921) | 8.2 | HIGH | CWE-862 | No | 0.1% | 5.74 | 2026-03-25 | Missing Authorization vulnerability in Devteam HaywoodTech Product Rearrange for WooCommerce products-rearrange-woocomme... |
| [CVE-2026-31920](https://nvd.nist.gov/vuln/detail/CVE-2026-31920) | 9.3 | CRITICAL | CWE-89 | No | 0.0% | 6.51 | 2026-03-25 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Devteam HaywoodTec... |
| [CVE-2026-31914](https://nvd.nist.gov/vuln/detail/CVE-2026-31914) | 6.5 | MEDIUM | CWE-79 | No | 0.0% | 4.55 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hookandhook WP Cou... |
| [CVE-2026-31913](https://nvd.nist.gov/vuln/detail/CVE-2026-31913) | 8.6 | HIGH | CWE-22 | No | 0.1% | 6.02 | 2026-03-25 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Whitebox-Studio Scape sc... |
| [CVE-2026-2995](https://nvd.nist.gov/vuln/detail/CVE-2026-2995) | 7.7 | HIGH | CWE-80 | No | 0.1% | 5.39 | 2026-03-25 | GitLab has remediated an issue in GitLab EE affecting all versions from 15.4 before 18.8.7, 18.9 before 18.9.3, and 18.1... |
| [CVE-2026-2973](https://nvd.nist.gov/vuln/detail/CVE-2026-2973) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-25 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.8.7, 18.9 before 18.9.3, and 1... |
| [CVE-2026-2745](https://nvd.nist.gov/vuln/detail/CVE-2026-2745) | 6.8 | MEDIUM | CWE-288 | No | 0.1% | 4.76 | 2026-03-25 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 7.11 before 18.8.7, 18.9 before 18.9.3, and 1... |
| [CVE-2026-2726](https://nvd.nist.gov/vuln/detail/CVE-2026-2726) | 4.3 | MEDIUM | CWE-863 | No | 0.0% | 3.01 | 2026-03-25 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.8.7, 18.9 before 18.9.3, and... |
| [CVE-2026-2414](https://nvd.nist.gov/vuln/detail/CVE-2026-2414) | 5.6 | MEDIUM | CWE-639 | No | 0.0% | 3.92 | 2026-03-25 | Authorization bypass through User-Controlled key vulnerability in HYPR Server allows Privilege Escalation.This issue aff... |
| [CVE-2026-29092](https://nvd.nist.gov/vuln/detail/CVE-2026-29092) | 4.9 | MEDIUM | CWE-613 | No | 0.0% | 3.43 | 2026-03-25 | Kiteworks is a private data network (PDN). Prior to version 9.2.1, a vulnerability in Kiteworks Email Protection Gateway... |
| [CVE-2026-27659](https://nvd.nist.gov/vuln/detail/CVE-2026-27659) | 4.6 | MEDIUM | CWE-352 | No | 0.0% | 3.22 | 2026-03-25 | Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 11.4.0, 11.3.x <= 11.3.1 fail to properly validate... |
| [CVE-2026-27656](https://nvd.nist.gov/vuln/detail/CVE-2026-27656) | 5.7 | MEDIUM | CWE-303 | No | 0.0% | 3.99 | 2026-03-25 | Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail to properly validate... |
| [CVE-2026-27095](https://nvd.nist.gov/vuln/detail/CVE-2026-27095) | 9.8 | CRITICAL | CWE-502 | No | 0.1% | 6.86 | 2026-03-25 | Deserialization of Untrusted Data vulnerability in magepeopleteam Bus Ticket Booking with Seat Reservation bus-ticket-bo... |
| [CVE-2026-27088](https://nvd.nist.gov/vuln/detail/CVE-2026-27088) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in G5Theme Darna Fram... |
| [CVE-2026-27087](https://nvd.nist.gov/vuln/detail/CVE-2026-27087) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in G5Theme Wolverine... |
| [CVE-2026-27084](https://nvd.nist.gov/vuln/detail/CVE-2026-27084) | 9.8 | CRITICAL | CWE-502 | No | 0.1% | 6.86 | 2026-03-25 | Deserialization of Untrusted Data vulnerability in ThemeREX Buisson buisson allows Object Injection.This issue affects B... |
| [CVE-2026-27083](https://nvd.nist.gov/vuln/detail/CVE-2026-27083) | 9.8 | CRITICAL | CWE-502 | No | 0.1% | 6.86 | 2026-03-25 | Deserialization of Untrusted Data vulnerability in ThemeREX Work & Travel Company work-travel-company allows Object Inje... |
| [CVE-2026-27082](https://nvd.nist.gov/vuln/detail/CVE-2026-27082) | 9.8 | CRITICAL | CWE-502 | No | 0.1% | 6.86 | 2026-03-25 | Deserialization of Untrusted Data vulnerability in ThemeREX Love Story lovestory allows Object Injection.This issue affe... |
| [CVE-2026-27081](https://nvd.nist.gov/vuln/detail/CVE-2026-27081) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-25 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-27080](https://nvd.nist.gov/vuln/detail/CVE-2026-27080) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-25 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-27079](https://nvd.nist.gov/vuln/detail/CVE-2026-27079) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-25 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-27078](https://nvd.nist.gov/vuln/detail/CVE-2026-27078) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-25 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-27077](https://nvd.nist.gov/vuln/detail/CVE-2026-27077) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-25 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-27076](https://nvd.nist.gov/vuln/detail/CVE-2026-27076) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-25 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-27075](https://nvd.nist.gov/vuln/detail/CVE-2026-27075) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-25 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-27073](https://nvd.nist.gov/vuln/detail/CVE-2026-27073) | 7.5 | HIGH | CWE-798 | No | 0.0% | 5.25 | 2026-03-25 | Use of Hard-coded Credentials vulnerability in Addi Addi &#8211; Cuotas que se adaptan a ti buy-now-pay-later-addi allow... |
| [CVE-2026-27071](https://nvd.nist.gov/vuln/detail/CVE-2026-27071) | 9.1 | CRITICAL | CWE-862 | No | 0.1% | 6.37 | 2026-03-25 | Missing Authorization vulnerability in Arraytics WPCafe wp-cafe allows Exploiting Incorrectly Configured Access Control... |
| [CVE-2026-27054](https://nvd.nist.gov/vuln/detail/CVE-2026-27054) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci... |
| [CVE-2026-27051](https://nvd.nist.gov/vuln/detail/CVE-2026-27051) | 9.8 | CRITICAL | CWE-266 | No | 0.1% | 6.86 | 2026-03-25 | Incorrect Privilege Assignment vulnerability in uxper Golo golo allows Privilege Escalation.This issue affects Golo: fro... |
| [CVE-2026-27049](https://nvd.nist.gov/vuln/detail/CVE-2026-27049) | 9.8 | CRITICAL | CWE-288 | No | 0.1% | 6.86 | 2026-03-25 | Authentication Bypass Using an Alternate Path or Channel vulnerability in NooTheme Jobica Core jobica-core allows Authen... |
| [CVE-2026-27048](https://nvd.nist.gov/vuln/detail/CVE-2026-27048) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-25 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-27047](https://nvd.nist.gov/vuln/detail/CVE-2026-27047) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-25 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-27046](https://nvd.nist.gov/vuln/detail/CVE-2026-27046) | 6.5 | MEDIUM | CWE-862 | No | 0.0% | 4.55 | 2026-03-25 | Missing Authorization vulnerability in Kaira StoreCustomizer woocustomizer allows Exploiting Incorrectly Configured Acce... |
| [CVE-2026-27045](https://nvd.nist.gov/vuln/detail/CVE-2026-27045) | 8.8 | HIGH | CWE-502 | No | 0.1% | 6.16 | 2026-03-25 | Deserialization of Untrusted Data vulnerability in sbthemes WooCommerce Infinite Scroll sb-woocommerce-infinite-scroll a... |
| [CVE-2026-27044](https://nvd.nist.gov/vuln/detail/CVE-2026-27044) | 9.9 | CRITICAL | CWE-94 | No | 0.1% | 6.93 | 2026-03-25 | Improper Control of Generation of Code ('Code Injection') vulnerability in TotalSuite Total Poll Lite totalpoll-lite all... |
| [CVE-2026-27040](https://nvd.nist.gov/vuln/detail/CVE-2026-27040) | 8.8 | HIGH | CWE-22 | No | 0.1% | 6.16 | 2026-03-25 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AA-Team WZone woozone al... |
| [CVE-2026-27039](https://nvd.nist.gov/vuln/detail/CVE-2026-27039) | 8.5 | HIGH | CWE-89 | No | 0.0% | 5.95 | 2026-03-25 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team WZone wooz... |
| [CVE-2026-26233](https://nvd.nist.gov/vuln/detail/CVE-2026-26233) | 4.3 | MEDIUM | CWE-400 | No | 0.1% | 3.01 | 2026-03-25 | Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail to rate limit login r... |
| [CVE-2026-25645](https://nvd.nist.gov/vuln/detail/CVE-2026-25645) | 4.4 | MEDIUM | CWE-377 | No | 0.0% | 3.08 | 2026-03-25 | Requests is a HTTP library. Prior to version 2.33.0, the `requests.utils.extract_zipped_paths()` utility function uses a... |
| [CVE-2026-25469](https://nvd.nist.gov/vuln/detail/CVE-2026-25469) | 6.5 | MEDIUM | CWE-862 | No | 0.1% | 4.55 | 2026-03-25 | Missing Authorization vulnerability in ViaBill for WooCommerce ViaBill &#8211; WooCommerce viabill-woocommerce allows Ex... |
| [CVE-2026-25465](https://nvd.nist.gov/vuln/detail/CVE-2026-25465) | 6.5 | MEDIUM | CWE-79 | No | 0.0% | 4.55 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople CP Mult... |
| [CVE-2026-25464](https://nvd.nist.gov/vuln/detail/CVE-2026-25464) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-25 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-25462](https://nvd.nist.gov/vuln/detail/CVE-2026-25462) | 6.5 | MEDIUM | CWE-862 | No | 0.1% | 4.55 | 2026-03-25 | Missing Authorization vulnerability in avalex avalex avalex allows Exploiting Incorrectly Configured Access Control Secu... |
| [CVE-2026-25461](https://nvd.nist.gov/vuln/detail/CVE-2026-25461) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in purethemes Listeo... |
| [CVE-2026-25460](https://nvd.nist.gov/vuln/detail/CVE-2026-25460) | 6.3 | MEDIUM | CWE-862 | No | 0.0% | 4.41 | 2026-03-25 | Missing Authorization vulnerability in LiquidThemes Ave Core ave-core allows Exploiting Incorrectly Configured Access Co... |
| [CVE-2026-25458](https://nvd.nist.gov/vuln/detail/CVE-2026-25458) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-25 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-25457](https://nvd.nist.gov/vuln/detail/CVE-2026-25457) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-25 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-25456](https://nvd.nist.gov/vuln/detail/CVE-2026-25456) | 7.5 | HIGH | CWE-862 | No | 0.0% | 5.25 | 2026-03-25 | Missing Authorization vulnerability in Aarsiv Groups Automated FedEx live/manual rates with shipping labels a2z-fedex-sh... |
| [CVE-2026-25455](https://nvd.nist.gov/vuln/detail/CVE-2026-25455) | 6.5 | MEDIUM | CWE-862 | No | 0.0% | 4.55 | 2026-03-25 | Missing Authorization vulnerability in PickPlugins Product Slider for WooCommerce woocommerce-products-slider allows Exp... |
| [CVE-2026-25454](https://nvd.nist.gov/vuln/detail/CVE-2026-25454) | 6.5 | MEDIUM | CWE-862 | No | 0.0% | 4.55 | 2026-03-25 | Missing Authorization vulnerability in MVPThemes The League the-league allows Exploiting Incorrectly Configured Access C... |
| [CVE-2026-25452](https://nvd.nist.gov/vuln/detail/CVE-2026-25452) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDO Remoji remoji... |
| [CVE-2026-25447](https://nvd.nist.gov/vuln/detail/CVE-2026-25447) | 9.1 | CRITICAL | CWE-94 | No | 0.1% | 6.37 | 2026-03-25 | Improper Control of Generation of Code ('Code Injection') vulnerability in Jonathan Daggerhart Widget Wrangler widget-wr... |
| [CVE-2026-25437](https://nvd.nist.gov/vuln/detail/CVE-2026-25437) | 6.5 | MEDIUM | CWE-862 | No | 0.1% | 4.55 | 2026-03-25 | Missing Authorization vulnerability in سید محمدامین هاشمی GZSEO gzseo allows Exploiting Incorrectly Configured Access Co... |
| [CVE-2026-25435](https://nvd.nist.gov/vuln/detail/CVE-2026-25435) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevart Booking c... |
| [CVE-2026-25430](https://nvd.nist.gov/vuln/detail/CVE-2026-25430) | 6.5 | MEDIUM | CWE-862 | No | 0.0% | 4.55 | 2026-03-25 | Missing Authorization vulnerability in CRM Perks Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja... |
| [CVE-2026-25429](https://nvd.nist.gov/vuln/detail/CVE-2026-25429) | 9.8 | CRITICAL | CWE-502 | No | 0.1% | 6.86 | 2026-03-25 | Deserialization of Untrusted Data vulnerability in wpdive Nexa Blocks nexa-blocks allows Object Injection.This issue aff... |
| [CVE-2026-25417](https://nvd.nist.gov/vuln/detail/CVE-2026-25417) | 6.5 | MEDIUM | CWE-79 | No | 0.0% | 4.55 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss ProfileG... |
| [CVE-2026-25414](https://nvd.nist.gov/vuln/detail/CVE-2026-25414) | 8.8 | HIGH | CWE-266 | No | 0.0% | 6.16 | 2026-03-25 | Incorrect Privilege Assignment vulnerability in iqonicdesign WPBookit Pro wpbookit-pro allows Privilege Escalation.This... |
| [CVE-2026-25413](https://nvd.nist.gov/vuln/detail/CVE-2026-25413) | 9.9 | CRITICAL | CWE-434 | No | 0.0% | 6.93 | 2026-03-25 | Unrestricted Upload of File with Dangerous Type vulnerability in iqonicdesign WPBookit Pro wpbookit-pro allows Using Mal... |
| [CVE-2026-25406](https://nvd.nist.gov/vuln/detail/CVE-2026-25406) | 8.8 | HIGH | CWE-288 | No | 0.1% | 6.16 | 2026-03-25 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeum Tutor LMS Pro tutor-pro allows Authent... |
| [CVE-2026-25401](https://nvd.nist.gov/vuln/detail/CVE-2026-25401) | 7.5 | HIGH | CWE-862 | No | 0.0% | 5.25 | 2026-03-25 | Missing Authorization vulnerability in Arni Cinco WPCargo Track & Trace wpcargo allows Exploiting Incorrectly Configured... |
| [CVE-2026-25400](https://nvd.nist.gov/vuln/detail/CVE-2026-25400) | 8.8 | HIGH | CWE-502 | No | 0.1% | 6.16 | 2026-03-25 | Deserialization of Untrusted Data vulnerability in thememount Apicona apicona allows Object Injection.This issue affects... |
| [CVE-2026-25398](https://nvd.nist.gov/vuln/detail/CVE-2026-25398) | 6.5 | MEDIUM | CWE-862 | No | 0.0% | 4.55 | 2026-03-25 | Missing Authorization vulnerability in Webilia Inc. Vertex Addons for Elementor addons-for-elementor-builder allows Expl... |
| [CVE-2026-25397](https://nvd.nist.gov/vuln/detail/CVE-2026-25397) | 7.5 | HIGH | CWE-35 | No | 0.0% | 5.25 | 2026-03-25 | Path Traversal: '.../...//' vulnerability in Snowray Software File Uploader for WooCommerce file-uploader-for-woocommerc... |
| [CVE-2026-25396](https://nvd.nist.gov/vuln/detail/CVE-2026-25396) | 7.5 | HIGH | CWE-862 | No | 0.0% | 5.25 | 2026-03-25 | Missing Authorization vulnerability in CoderPress Commerce Coinbase For WooCommerce commerce-coinbase-for-woocommerce al... |
| [CVE-2026-25390](https://nvd.nist.gov/vuln/detail/CVE-2026-25390) | 6.5 | MEDIUM | CWE-862 | No | 0.0% | 4.55 | 2026-03-25 | Missing Authorization vulnerability in Saad Iqbal New User Approve new-user-approve allows Exploiting Incorrectly Config... |
| [CVE-2026-25383](https://nvd.nist.gov/vuln/detail/CVE-2026-25383) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Iqonic Design Kivi... |
| [CVE-2026-25382](https://nvd.nist.gov/vuln/detail/CVE-2026-25382) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-25 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-25381](https://nvd.nist.gov/vuln/detail/CVE-2026-25381) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-25 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-25380](https://nvd.nist.gov/vuln/detail/CVE-2026-25380) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-25 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-25379](https://nvd.nist.gov/vuln/detail/CVE-2026-25379) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-25 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-25377](https://nvd.nist.gov/vuln/detail/CVE-2026-25377) | 9.3 | CRITICAL | CWE-89 | No | 0.0% | 6.51 | 2026-03-25 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in eyecix Addon Jobse... |
| [CVE-2026-25376](https://nvd.nist.gov/vuln/detail/CVE-2026-25376) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eyecix Addon Jobse... |
| [CVE-2026-25373](https://nvd.nist.gov/vuln/detail/CVE-2026-25373) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ProgressionStudios... |
| [CVE-2026-25371](https://nvd.nist.gov/vuln/detail/CVE-2026-25371) | 9.3 | CRITICAL | CWE-89 | No | 0.0% | 6.51 | 2026-03-25 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in King-Theme Lumise... |
| [CVE-2026-25366](https://nvd.nist.gov/vuln/detail/CVE-2026-25366) | 9.9 | CRITICAL | CWE-94 | No | 0.1% | 6.93 | 2026-03-25 | Improper Control of Generation of Code ('Code Injection') vulnerability in Themeisle Woody ad snippets insert-php allows... |
| [CVE-2026-25365](https://nvd.nist.gov/vuln/detail/CVE-2026-25365) | 6.5 | MEDIUM | CWE-862 | No | 0.0% | 4.55 | 2026-03-25 | Missing Authorization vulnerability in Özgür KARALAR Kargo Takip kargo-takip-turkiye allows Exploiting Incorrectly Confi... |
| [CVE-2026-25361](https://nvd.nist.gov/vuln/detail/CVE-2026-25361) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in magepeopleteam WpE... |
| [CVE-2026-25360](https://nvd.nist.gov/vuln/detail/CVE-2026-25360) | 8.8 | HIGH | CWE-502 | No | 0.1% | 6.16 | 2026-03-25 | Deserialization of Untrusted Data vulnerability in rascals Vex vex allows Object Injection.This issue affects Vex: from... |
| [CVE-2026-25359](https://nvd.nist.gov/vuln/detail/CVE-2026-25359) | 8.8 | HIGH | CWE-502 | No | 0.1% | 6.16 | 2026-03-25 | Deserialization of Untrusted Data vulnerability in rascals Pendulum pendulum allows Object Injection.This issue affects... |
| [CVE-2026-25358](https://nvd.nist.gov/vuln/detail/CVE-2026-25358) | 8.8 | HIGH | CWE-502 | No | 0.1% | 6.16 | 2026-03-25 | Deserialization of Untrusted Data vulnerability in rascals Meloo meloo allows Object Injection.This issue affects Meloo:... |
| [CVE-2026-25357](https://nvd.nist.gov/vuln/detail/CVE-2026-25357) | 8.1 | HIGH | CWE-288 | No | 0.0% | 5.67 | 2026-03-25 | Authentication Bypass Using an Alternate Path or Channel vulnerability in azzaroco Ultimate Membership Pro indeed-member... |
| [CVE-2026-25356](https://nvd.nist.gov/vuln/detail/CVE-2026-25356) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Yobazar y... |
| [CVE-2026-25355](https://nvd.nist.gov/vuln/detail/CVE-2026-25355) | 6.5 | MEDIUM | CWE-79 | No | 0.0% | 4.55 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Sanzo san... |
| [CVE-2026-25354](https://nvd.nist.gov/vuln/detail/CVE-2026-25354) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Reebox re... |
| [CVE-2026-25353](https://nvd.nist.gov/vuln/detail/CVE-2026-25353) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Nooni noo... |
| [CVE-2026-25352](https://nvd.nist.gov/vuln/detail/CVE-2026-25352) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup MyDecor m... |
| [CVE-2026-25351](https://nvd.nist.gov/vuln/detail/CVE-2026-25351) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup MyMedi my... |
| [CVE-2026-25350](https://nvd.nist.gov/vuln/detail/CVE-2026-25350) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Miti miti... |
| [CVE-2026-25349](https://nvd.nist.gov/vuln/detail/CVE-2026-25349) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Loobek lo... |
| [CVE-2026-25347](https://nvd.nist.gov/vuln/detail/CVE-2026-25347) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Acato WP REST Cach... |
| [CVE-2026-25346](https://nvd.nist.gov/vuln/detail/CVE-2026-25346) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro FAQ Builde... |
| [CVE-2026-25345](https://nvd.nist.gov/vuln/detail/CVE-2026-25345) | 9.9 | CRITICAL | CWE-1284 | No | 0.1% | 6.93 | 2026-03-25 | Improper Validation of Specified Quantity in Input vulnerability in GalleryCreator SimpLy Gallery simply-gallery-block a... |
| [CVE-2026-25344](https://nvd.nist.gov/vuln/detail/CVE-2026-25344) | 6.5 | MEDIUM | CWE-497 | No | 0.0% | 4.55 | 2026-03-25 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RadiusTheme Review Schema re... |
| [CVE-2026-25342](https://nvd.nist.gov/vuln/detail/CVE-2026-25342) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kutethemes Boutiqu... |
| [CVE-2026-25341](https://nvd.nist.gov/vuln/detail/CVE-2026-25341) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RSJoomla! RSFirewa... |
| [CVE-2026-25340](https://nvd.nist.gov/vuln/detail/CVE-2026-25340) | 9.3 | CRITICAL | CWE-89 | No | 0.0% | 6.51 | 2026-03-25 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NooTheme Jobmonste... |
| [CVE-2026-25339](https://nvd.nist.gov/vuln/detail/CVE-2026-25339) | 6.5 | MEDIUM | CWE-201 | No | 0.0% | 4.55 | 2026-03-25 | Insertion of Sensitive Information Into Sent Data vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allo... |
| [CVE-2026-25334](https://nvd.nist.gov/vuln/detail/CVE-2026-25334) | 8.1 | HIGH | CWE-266 | No | 0.1% | 5.67 | 2026-03-25 | Incorrect Privilege Assignment vulnerability in wordpresschef Salon Booking System Pro salon-booking-plugin-pro allows P... |
| [CVE-2026-25328](https://nvd.nist.gov/vuln/detail/CVE-2026-25328) | 6.8 | MEDIUM | CWE-22 | No | 0.1% | 4.76 | 2026-03-25 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in add-ons.org Product File... |
| [CVE-2026-25327](https://nvd.nist.gov/vuln/detail/CVE-2026-25327) | 6.5 | MEDIUM | CWE-862 | No | 0.1% | 4.55 | 2026-03-25 | Missing Authorization vulnerability in Rustaurius Five Star Restaurant Reservations restaurant-reservations allows Explo... |
| [CVE-2026-25317](https://nvd.nist.gov/vuln/detail/CVE-2026-25317) | 7.5 | HIGH | CWE-862 | No | 0.1% | 5.25 | 2026-03-25 | Missing Authorization vulnerability in tychesoftwares Print Invoice & Delivery Notes for WooCommerce woocommerce-deliver... |
| [CVE-2026-25309](https://nvd.nist.gov/vuln/detail/CVE-2026-25309) | 7.5 | HIGH | CWE-862 | No | 0.0% | 5.25 | 2026-03-25 | Missing Authorization vulnerability in PublishPress PublishPress Authors publishpress-authors allows Exploiting Incorrec... |
| [CVE-2026-25306](https://nvd.nist.gov/vuln/detail/CVE-2026-25306) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore Core... |
| [CVE-2026-25304](https://nvd.nist.gov/vuln/detail/CVE-2026-25304) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Jaroti ja... |
| [CVE-2026-25035](https://nvd.nist.gov/vuln/detail/CVE-2026-25035) | 9.8 | CRITICAL | CWE-288 | No | 0.1% | 6.86 | 2026-03-25 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Wasiliy Strecker / ContestGallery developer Co... |
| [CVE-2026-25034](https://nvd.nist.gov/vuln/detail/CVE-2026-25034) | 6.5 | MEDIUM | CWE-862 | No | 0.1% | 4.55 | 2026-03-25 | Missing Authorization vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Exploiting Incorr... |
| [CVE-2026-25033](https://nvd.nist.gov/vuln/detail/CVE-2026-25033) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uixthemes Motta Ad... |
| [CVE-2026-25032](https://nvd.nist.gov/vuln/detail/CVE-2026-25032) | 9.8 | CRITICAL | CWE-502 | No | 0.1% | 6.86 | 2026-03-25 | Deserialization of Untrusted Data vulnerability in park_of_ideas Ricky ricky allows Object Injection.This issue affects... |
| [CVE-2026-25031](https://nvd.nist.gov/vuln/detail/CVE-2026-25031) | 9.8 | CRITICAL | CWE-502 | No | 0.1% | 6.86 | 2026-03-25 | Deserialization of Untrusted Data vulnerability in park_of_ideas Tasty Daily tastydaily allows Object Injection.This iss... |
| [CVE-2026-25030](https://nvd.nist.gov/vuln/detail/CVE-2026-25030) | 9.8 | CRITICAL | CWE-502 | No | 0.1% | 6.86 | 2026-03-25 | Deserialization of Untrusted Data vulnerability in park_of_ideas Goldish goldish allows Object Injection.This issue affe... |
| [CVE-2026-25029](https://nvd.nist.gov/vuln/detail/CVE-2026-25029) | 9.8 | CRITICAL | CWE-502 | No | 0.1% | 6.86 | 2026-03-25 | Deserialization of Untrusted Data vulnerability in park_of_ideas KIDZ kidz allows Object Injection.This issue affects KI... |
| [CVE-2026-25026](https://nvd.nist.gov/vuln/detail/CVE-2026-25026) | 7.5 | HIGH | CWE-862 | No | 0.0% | 5.25 | 2026-03-25 | Missing Authorization vulnerability in RadiusTheme Team tlp-team allows Exploiting Incorrectly Configured Access Control... |
| [CVE-2026-25025](https://nvd.nist.gov/vuln/detail/CVE-2026-25025) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e4jvikwp VikRestau... |
| [CVE-2026-25018](https://nvd.nist.gov/vuln/detail/CVE-2026-25018) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in stmcan NaturaLife... |
| [CVE-2026-25017](https://nvd.nist.gov/vuln/detail/CVE-2026-25017) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-25 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-25013](https://nvd.nist.gov/vuln/detail/CVE-2026-25013) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WHMCSdes Phox Host... |
| [CVE-2026-25009](https://nvd.nist.gov/vuln/detail/CVE-2026-25009) | 6.5 | MEDIUM | CWE-862 | No | 0.1% | 4.55 | 2026-03-25 | Missing Authorization vulnerability in raratheme Education Zone education-zone allows Exploiting Incorrectly Configured... |
| [CVE-2026-25007](https://nvd.nist.gov/vuln/detail/CVE-2026-25007) | 8.5 | HIGH | CWE-89 | No | 0.0% | 5.95 | 2026-03-25 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Element Invader El... |
| [CVE-2026-25002](https://nvd.nist.gov/vuln/detail/CVE-2026-25002) | 7.5 | HIGH | CWE-288 | No | 0.0% | 5.25 | 2026-03-25 | Authentication Bypass Using an Alternate Path or Channel vulnerability in ThimPress LearnPress &#8211; Sepay Payment lea... |
| [CVE-2026-25001](https://nvd.nist.gov/vuln/detail/CVE-2026-25001) | 8.5 | HIGH | CWE-94 | No | 0.1% | 5.95 | 2026-03-25 | Improper Control of Generation of Code ('Code Injection') vulnerability in Saad Iqbal Post Snippets post-snippets allows... |
| [CVE-2026-24993](https://nvd.nist.gov/vuln/detail/CVE-2026-24993) | 9.3 | CRITICAL | CWE-89 | No | 0.0% | 6.51 | 2026-03-25 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFactory Advanced... |
| [CVE-2026-24989](https://nvd.nist.gov/vuln/detail/CVE-2026-24989) | 9.8 | CRITICAL | CWE-502 | No | 0.1% | 6.86 | 2026-03-25 | Deserialization of Untrusted Data vulnerability in FantasticPlugins SUMO Affiliates Pro affs allows Object Injection.Thi... |
| [CVE-2026-24987](https://nvd.nist.gov/vuln/detail/CVE-2026-24987) | 6.5 | MEDIUM | CWE-862 | No | 0.0% | 4.55 | 2026-03-25 | Missing Authorization vulnerability in activity-log.com WP System Log winterlock allows Exploiting Incorrectly Configure... |
| [CVE-2026-24983](https://nvd.nist.gov/vuln/detail/CVE-2026-24983) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UpSolution UpSolut... |
| [CVE-2026-24981](https://nvd.nist.gov/vuln/detail/CVE-2026-24981) | 8.8 | HIGH | CWE-502 | No | 0.1% | 6.16 | 2026-03-25 | Deserialization of Untrusted Data vulnerability in NooTheme Visionary Core noo-visionary-core allows Object Injection.Th... |
| [CVE-2026-24980](https://nvd.nist.gov/vuln/detail/CVE-2026-24980) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NooTheme Visionary... |
| [CVE-2026-24979](https://nvd.nist.gov/vuln/detail/CVE-2026-24979) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NooTheme Jobica Co... |
| [CVE-2026-24978](https://nvd.nist.gov/vuln/detail/CVE-2026-24978) | 8.8 | HIGH | CWE-502 | No | 0.1% | 6.16 | 2026-03-25 | Deserialization of Untrusted Data vulnerability in NooTheme Jobica Core jobica-core allows Object Injection.This issue a... |
| [CVE-2026-24977](https://nvd.nist.gov/vuln/detail/CVE-2026-24977) | 8.5 | HIGH | CWE-89 | No | 0.0% | 5.95 | 2026-03-25 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NooTheme Organici... |
| [CVE-2026-24976](https://nvd.nist.gov/vuln/detail/CVE-2026-24976) | 8.8 | HIGH | CWE-502 | No | 0.1% | 6.16 | 2026-03-25 | Deserialization of Untrusted Data vulnerability in NooTheme Organici Library noo-organici-library allows Object Injectio... |
| [CVE-2026-24975](https://nvd.nist.gov/vuln/detail/CVE-2026-24975) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NooTheme Organici... |
| [CVE-2026-24974](https://nvd.nist.gov/vuln/detail/CVE-2026-24974) | 8.8 | HIGH | CWE-502 | No | 0.1% | 6.16 | 2026-03-25 | Deserialization of Untrusted Data vulnerability in NooTheme CitiLights noo-citilights allows Object Injection.This issue... |
| [CVE-2026-24973](https://nvd.nist.gov/vuln/detail/CVE-2026-24973) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NooTheme CitiLight... |
| [CVE-2026-24972](https://nvd.nist.gov/vuln/detail/CVE-2026-24972) | 6.5 | MEDIUM | CWE-862 | No | 0.0% | 4.55 | 2026-03-25 | Missing Authorization vulnerability in Elated-Themes Elated Listing eltd-listing allows Exploiting Incorrectly Configure... |
| [CVE-2026-24971](https://nvd.nist.gov/vuln/detail/CVE-2026-24971) | 9.8 | CRITICAL | CWE-266 | No | 0.1% | 6.86 | 2026-03-25 | Incorrect Privilege Assignment vulnerability in Elated-Themes Search & Go searchgo allows Privilege Escalation.This issu... |
| [CVE-2026-24970](https://nvd.nist.gov/vuln/detail/CVE-2026-24970) | 7.7 | HIGH | CWE-22 | No | 0.1% | 5.39 | 2026-03-25 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in designingmedia Energox e... |
| [CVE-2026-24969](https://nvd.nist.gov/vuln/detail/CVE-2026-24969) | 7.7 | HIGH | CWE-22 | No | 0.0% | 5.39 | 2026-03-25 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in designingmedia Instant V... |
| [CVE-2026-24968](https://nvd.nist.gov/vuln/detail/CVE-2026-24968) | 9.8 | CRITICAL | CWE-266 | No | 0.1% | 6.86 | 2026-03-25 | Incorrect Privilege Assignment vulnerability in Xagio SEO Xagio SEO xagio-seo allows Privilege Escalation.This issue aff... |
| [CVE-2026-24964](https://nvd.nist.gov/vuln/detail/CVE-2026-24964) | 6.4 | MEDIUM | CWE-918 | No | 0.0% | 4.48 | 2026-03-25 | Server-Side Request Forgery (SSRF) vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-... |
| [CVE-2026-24391](https://nvd.nist.gov/vuln/detail/CVE-2026-24391) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeMakers Car De... |
| [CVE-2026-24382](https://nvd.nist.gov/vuln/detail/CVE-2026-24382) | 7.5 | HIGH | CWE-862 | No | 0.0% | 5.25 | 2026-03-25 | Missing Authorization vulnerability in wproyal News Magazine X news-magazine-x allows Exploiting Incorrectly Configured... |
| [CVE-2026-24378](https://nvd.nist.gov/vuln/detail/CVE-2026-24378) | 9.8 | CRITICAL | CWE-502 | No | 0.1% | 6.86 | 2026-03-25 | Deserialization of Untrusted Data vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Obje... |
| [CVE-2026-24376](https://nvd.nist.gov/vuln/detail/CVE-2026-24376) | 6.5 | MEDIUM | CWE-862 | No | 0.0% | 4.55 | 2026-03-25 | Missing Authorization vulnerability in Javier Casares WPVulnerability wpvulnerability allows Exploiting Incorrectly Conf... |
| [CVE-2026-24373](https://nvd.nist.gov/vuln/detail/CVE-2026-24373) | 8.1 | HIGH | CWE-266 | No | 0.1% | 5.67 | 2026-03-25 | Incorrect Privilege Assignment vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submis... |
| [CVE-2026-24372](https://nvd.nist.gov/vuln/detail/CVE-2026-24372) | 7.5 | HIGH | CWE-290 | No | 0.0% | 5.25 | 2026-03-25 | Authentication Bypass by Spoofing vulnerability in WP Swings Subscriptions for WooCommerce subscriptions-for-woocommerce... |
| [CVE-2026-24370](https://nvd.nist.gov/vuln/detail/CVE-2026-24370) | 6.5 | MEDIUM | CWE-79 | No | 0.0% | 4.55 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Theme-one The Grid... |
| [CVE-2026-24369](https://nvd.nist.gov/vuln/detail/CVE-2026-24369) | 7.1 | HIGH | CWE-862 | No | 0.0% | 4.97 | 2026-03-25 | Missing Authorization vulnerability in Theme-one The Grid the-grid allows Exploiting Incorrectly Configured Access Contr... |
| [CVE-2026-24364](https://nvd.nist.gov/vuln/detail/CVE-2026-24364) | 6.5 | MEDIUM | CWE-862 | No | 0.0% | 4.55 | 2026-03-25 | Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured... |
| [CVE-2026-24363](https://nvd.nist.gov/vuln/detail/CVE-2026-24363) | 7.5 | HIGH | CWE-862 | No | 0.0% | 5.25 | 2026-03-25 | Missing Authorization vulnerability in loopus WP Cost Estimation & Payment Forms Builder WP_Estimation_Form allows Explo... |
| [CVE-2026-24362](https://nvd.nist.gov/vuln/detail/CVE-2026-24362) | 6.4 | MEDIUM | CWE-862 | No | 0.0% | 4.48 | 2026-03-25 | Missing Authorization vulnerability in bdthemes Ultimate Post Kit ultimate-post-kit allows Exploiting Incorrectly Config... |
| [CVE-2026-24359](https://nvd.nist.gov/vuln/detail/CVE-2026-24359) | 8.8 | HIGH | CWE-288 | No | 0.1% | 6.16 | 2026-03-25 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Dokan, Inc. Dokan dokan-lite allows Authentica... |
| [CVE-2026-23979](https://nvd.nist.gov/vuln/detail/CVE-2026-23979) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Softwebmedia Gyan... |
| [CVE-2026-23977](https://nvd.nist.gov/vuln/detail/CVE-2026-23977) | 7.5 | HIGH | CWE-862 | No | 0.0% | 5.25 | 2026-03-25 | Missing Authorization vulnerability in WPFactory Helpdesk Support Ticket System for WooCommerce support-ticket-system-fo... |
| [CVE-2026-23973](https://nvd.nist.gov/vuln/detail/CVE-2026-23973) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxper Golo golo al... |
| [CVE-2026-23972](https://nvd.nist.gov/vuln/detail/CVE-2026-23972) | 6.5 | MEDIUM | CWE-862 | No | 0.0% | 4.55 | 2026-03-25 | Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocomme... |
| [CVE-2026-23971](https://nvd.nist.gov/vuln/detail/CVE-2026-23971) | 8.1 | HIGH | CWE-502 | No | 0.1% | 5.67 | 2026-03-25 | Deserialization of Untrusted Data vulnerability in xtemos WoodMart woodmart allows Object Injection.This issue affects W... |
| [CVE-2026-23807](https://nvd.nist.gov/vuln/detail/CVE-2026-23807) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Socio WP Telegr... |
| [CVE-2026-23806](https://nvd.nist.gov/vuln/detail/CVE-2026-23806) | 7.5 | HIGH | CWE-862 | No | 0.0% | 5.25 | 2026-03-25 | Missing Authorization vulnerability in BlueGlass Interactive AG Jobs for WordPress job-postings allows Exploiting Incorr... |
| [CVE-2026-23636](https://nvd.nist.gov/vuln/detail/CVE-2026-23636) | 5.5 | MEDIUM | CWE-434 | No | 0.1% | 3.85 | 2026-03-25 | Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, the manager of a form... |
| [CVE-2026-23635](https://nvd.nist.gov/vuln/detail/CVE-2026-23635) | 6.5 | MEDIUM | CWE-523 | No | 0.0% | 4.55 | 2026-03-25 | Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, a misconfiguration of... |
| [CVE-2026-22524](https://nvd.nist.gov/vuln/detail/CVE-2026-22524) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themepassion Legac... |
| [CVE-2026-22523](https://nvd.nist.gov/vuln/detail/CVE-2026-22523) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themepassion Ultra... |
| [CVE-2026-22520](https://nvd.nist.gov/vuln/detail/CVE-2026-22520) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in G5Theme Handmade F... |
| [CVE-2026-22516](https://nvd.nist.gov/vuln/detail/CVE-2026-22516) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-25 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-22515](https://nvd.nist.gov/vuln/detail/CVE-2026-22515) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-25 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-22514](https://nvd.nist.gov/vuln/detail/CVE-2026-22514) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-25 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-22513](https://nvd.nist.gov/vuln/detail/CVE-2026-22513) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-25 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-22512](https://nvd.nist.gov/vuln/detail/CVE-2026-22512) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-25 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-22511](https://nvd.nist.gov/vuln/detail/CVE-2026-22511) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-25 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-22510](https://nvd.nist.gov/vuln/detail/CVE-2026-22510) | 8.1 | HIGH | CWE-502 | No | 0.1% | 5.67 | 2026-03-25 | Deserialization of Untrusted Data vulnerability in AncoraThemes Melody melodyschool allows Object Injection.This issue a... |
| [CVE-2026-22509](https://nvd.nist.gov/vuln/detail/CVE-2026-22509) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-25 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-22508](https://nvd.nist.gov/vuln/detail/CVE-2026-22508) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-25 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-22507](https://nvd.nist.gov/vuln/detail/CVE-2026-22507) | 9.8 | CRITICAL | CWE-502 | No | 0.1% | 6.86 | 2026-03-25 | Deserialization of Untrusted Data vulnerability in AncoraThemes Beelove beelove allows Object Injection.This issue affec... |
| [CVE-2026-22506](https://nvd.nist.gov/vuln/detail/CVE-2026-22506) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-25 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-22505](https://nvd.nist.gov/vuln/detail/CVE-2026-22505) | 8.1 | HIGH | CWE-502 | No | 0.1% | 5.67 | 2026-03-25 | Deserialization of Untrusted Data vulnerability in AncoraThemes Morning Records morning-records allows Object Injection.... |
| [CVE-2026-22504](https://nvd.nist.gov/vuln/detail/CVE-2026-22504) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-25 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-22503](https://nvd.nist.gov/vuln/detail/CVE-2026-22503) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-25 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-22502](https://nvd.nist.gov/vuln/detail/CVE-2026-22502) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-25 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-22500](https://nvd.nist.gov/vuln/detail/CVE-2026-22500) | 9.8 | CRITICAL | CWE-502 | No | 0.1% | 6.86 | 2026-03-25 | Deserialization of Untrusted Data vulnerability in axiomthemes m2 \| Construction and Tools Store m2-ce allows Object In... |
| [CVE-2026-22499](https://nvd.nist.gov/vuln/detail/CVE-2026-22499) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-25 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-22498](https://nvd.nist.gov/vuln/detail/CVE-2026-22498) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-25 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-22496](https://nvd.nist.gov/vuln/detail/CVE-2026-22496) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-25 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-22495](https://nvd.nist.gov/vuln/detail/CVE-2026-22495) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-25 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-22494](https://nvd.nist.gov/vuln/detail/CVE-2026-22494) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-25 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-22493](https://nvd.nist.gov/vuln/detail/CVE-2026-22493) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-25 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-22491](https://nvd.nist.gov/vuln/detail/CVE-2026-22491) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wphocus My auction... |
| [CVE-2026-22485](https://nvd.nist.gov/vuln/detail/CVE-2026-22485) | 6.5 | MEDIUM | CWE-862 | No | 0.0% | 4.55 | 2026-03-25 | Missing Authorization vulnerability in Ruhul Amin My Album Gallery my-album-gallery allows Exploiting Incorrectly Config... |
| [CVE-2026-22484](https://nvd.nist.gov/vuln/detail/CVE-2026-22484) | 9.3 | CRITICAL | CWE-89 | No | 0.0% | 6.51 | 2026-03-25 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in pebas Lisfinity Co... |
| [CVE-2026-22480](https://nvd.nist.gov/vuln/detail/CVE-2026-22480) | 7.2 | HIGH | CWE-502 | No | 0.1% | 5.04 | 2026-03-25 | Deserialization of Untrusted Data vulnerability in WebToffee Product Feed for WooCommerce webtoffee-product-feed allows... |
| [CVE-2026-22448](https://nvd.nist.gov/vuln/detail/CVE-2026-22448) | 7.5 | HIGH | CWE-22 | No | 0.1% | 5.25 | 2026-03-25 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in flexcubed PitchPrint pit... |
| [CVE-2026-20719](https://nvd.nist.gov/vuln/detail/CVE-2026-20719) | 4.3 | MEDIUM | CWE-754 | No | 0.1% | 3.01 | 2026-03-25 | Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail to prevent rendering... |
| [CVE-2026-1724](https://nvd.nist.gov/vuln/detail/CVE-2026-1724) | 6.8 | MEDIUM | CWE-306 | No | 0.0% | 4.76 | 2026-03-25 | GitLab has remediated an issue in GitLab EE affecting all versions from 18.5 before 18.8.7, 18.9 before 18.9.3, and 18.1... |
| [CVE-2026-1712](https://nvd.nist.gov/vuln/detail/CVE-2026-1712) | 5.8 | MEDIUM | CWE-266 | No | 0.0% | 4.06 | 2026-03-25 | Incorrect privilege assignment vulnerability in HYPR Server allows Privilege Escalation.This issue affects HYPR Server:... |
| [CVE-2025-69358](https://nvd.nist.gov/vuln/detail/CVE-2025-69358) | 7.5 | HIGH | CWE-862 | No | 0.1% | 5.25 | 2026-03-25 | Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incor... |
| [CVE-2025-69347](https://nvd.nist.gov/vuln/detail/CVE-2025-69347) | 8.5 | HIGH | CWE-639 | No | 0.0% | 5.95 | 2026-03-25 | Authorization Bypass Through User-Controlled Key vulnerability in Convers Lab WPSubscription subscription allows Exploit... |
| [CVE-2025-69096](https://nvd.nist.gov/vuln/detail/CVE-2025-69096) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in G5Theme Zorka zork... |
| [CVE-2025-14595](https://nvd.nist.gov/vuln/detail/CVE-2025-14595) | 4.3 | MEDIUM | CWE-862 | No | 0.0% | 3.01 | 2026-03-25 | GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.8.7, 18.9 before 18.9.3, and 18.1... |
| [CVE-2025-13436](https://nvd.nist.gov/vuln/detail/CVE-2025-13436) | 6.5 | MEDIUM | CWE-770 | No | 0.0% | 4.55 | 2026-03-25 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 before 18.8.7, 18.9 before 18.9.3, and 1... |
| [CVE-2025-13078](https://nvd.nist.gov/vuln/detail/CVE-2025-13078) | 6.5 | MEDIUM | CWE-1284 | No | 0.0% | 4.55 | 2026-03-25 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.10 before 18.8.7, 18.9 before 18.9.3, and... |
| [CVE-2026-3218](https://nvd.nist.gov/vuln/detail/CVE-2026-3218) | 4.8 | MEDIUM | CWE-79 | No | 0.0% | 3.36 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Responsive... |
| [CVE-2026-3217](https://nvd.nist.gov/vuln/detail/CVE-2026-3217) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal SAML SSO -... |
| [CVE-2026-3216](https://nvd.nist.gov/vuln/detail/CVE-2026-3216) | 5.0 | MEDIUM | CWE-918 | No | 0.0% | 3.50 | 2026-03-25 | Server-Side Request Forgery (SSRF) vulnerability in Drupal Drupal Canvas allows Server Side Request Forgery.This issue a... |
| [CVE-2026-3215](https://nvd.nist.gov/vuln/detail/CVE-2026-3215) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Islandora a... |
| [CVE-2026-3214](https://nvd.nist.gov/vuln/detail/CVE-2026-3214) | 6.5 | MEDIUM | CWE-288 | No | 0.0% | 4.55 | 2026-03-25 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal CAPTCHA allows Functionality Bypass.Thi... |
| [CVE-2026-3213](https://nvd.nist.gov/vuln/detail/CVE-2026-3213) | 4.7 | MEDIUM | CWE-79 | No | 0.0% | 3.29 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Anti-Spam b... |
| [CVE-2026-3212](https://nvd.nist.gov/vuln/detail/CVE-2026-3212) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Tagify allo... |
| [CVE-2026-3211](https://nvd.nist.gov/vuln/detail/CVE-2026-3211) | 4.3 | MEDIUM | CWE-352 | No | 0.0% | 3.01 | 2026-03-25 | Cross-Site Request Forgery (CSRF) vulnerability in Drupal Theme Negotiation by Rules allows Cross Site Request Forgery.T... |
| [CVE-2026-3210](https://nvd.nist.gov/vuln/detail/CVE-2026-3210) | 5.3 | MEDIUM | CWE-863 | No | 0.0% | 3.71 | 2026-03-25 | Incorrect Authorization vulnerability in Drupal Material Icons allows Forceful Browsing.This issue affects Material Icon... |
| [CVE-2026-2349](https://nvd.nist.gov/vuln/detail/CVE-2026-2349) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal UI Icons al... |
| [CVE-2026-2348](https://nvd.nist.gov/vuln/detail/CVE-2026-2348) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Quick Edit... |
| [CVE-2026-26833](https://nvd.nist.gov/vuln/detail/CVE-2026-26833) | 9.8 | CRITICAL | CWE-78 | No | 0.4% | 6.87 | 2026-03-25 | thumbler through 1.1.2 allows OS command injection via the input, output, time, or size parameter in the thumbnail() fun... |
| [CVE-2026-26832](https://nvd.nist.gov/vuln/detail/CVE-2026-26832) | 9.8 | CRITICAL | CWE-78 | No | 0.3% | 6.87 | 2026-03-25 | node-tesseract-ocr is an npm package that provides a Node.js wrapper for Tesseract OCR. In all versions through 2.2.1, t... |
| [CVE-2026-26831](https://nvd.nist.gov/vuln/detail/CVE-2026-26831) | 9.8 | CRITICAL | CWE-78 | No | 0.4% | 6.87 | 2026-03-25 | textract through 2.5.0 is vulnerable to OS Command Injection via the file path parameter in multiple extractors. When pr... |
| [CVE-2026-24750](https://nvd.nist.gov/vuln/detail/CVE-2026-24750) | 7.6 | HIGH | CWE-79 | No | 0.0% | 5.32 | 2026-03-25 | Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, an authenticated attac... |
| [CVE-2026-1917](https://nvd.nist.gov/vuln/detail/CVE-2026-1917) | 4.3 | MEDIUM | CWE-288 | No | 0.0% | 3.01 | 2026-03-25 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Login Disable allows Functionality Bypa... |
| [CVE-2024-58341](https://nvd.nist.gov/vuln/detail/CVE-2024-58341) | 8.8 | HIGH | CWE-89 | No | 0.1% | 6.16 | 2026-03-25 | OpenCart Core 4.0.2.3 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate databas... |
| [CVE-2026-4363](https://nvd.nist.gov/vuln/detail/CVE-2026-4363) | 3.7 | LOW | CWE-863 | No | 0.0% | 2.59 | 2026-03-25 | GitLab has remediated an issue in GitLab EE affecting all versions from 18.1 before 18.8.7, 18.9 before 18.9.3, and 18.1... |
| [CVE-2026-3126](https://nvd.nist.gov/vuln/detail/CVE-2026-3126) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-03-25 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. |
| [CVE-2026-33268](https://nvd.nist.gov/vuln/detail/CVE-2026-33268) | 6.9 | MEDIUM | CWE-400 | No | 0.1% | 4.83 | 2026-03-25 | Nanoleaf Lines 12.3.2 does not authenticate firmware file uploads. A remote, unauthenticated attacker can upload firmwar... |
| [CVE-2026-26830](https://nvd.nist.gov/vuln/detail/CVE-2026-26830) | 9.8 | CRITICAL | CWE-94 | No | 0.8% | 6.88 | 2026-03-25 | pdf-image (npm package) through version 2.0.0 allows OS command injection via the pdfFilePath parameter. The constructGe... |
| [CVE-2026-23514](https://nvd.nist.gov/vuln/detail/CVE-2026-23514) | 8.8 | HIGH | CWE-282 | No | 0.0% | 6.16 | 2026-03-25 | Kiteworks is a private data network (PDN). Versions 9.2.0 and 9.2.1 of Kiteworks Core have an access control vulnerabili... |
| [CVE-2025-59707](https://nvd.nist.gov/vuln/detail/CVE-2025-59707) | 9.8 | CRITICAL | CWE-290 | No | 0.3% | 6.87 | 2026-03-25 | In N2W before 4.3.2 and 4.4.x before 4.4.1, there is potential remote code execution and account credentials theft becau... |
| [CVE-2025-59706](https://nvd.nist.gov/vuln/detail/CVE-2025-59706) | 9.8 | CRITICAL | CWE-290 | No | 0.3% | 6.87 | 2026-03-25 | In N2W before 4.3.2 and 4.4.0 before 4.4.1, improper validation of API request parameters enables remote code execution. |
| [CVE-2025-32991](https://nvd.nist.gov/vuln/detail/CVE-2025-32991) | 9.0 | CRITICAL | CWE-362 | No | 0.3% | 6.31 | 2026-03-25 | In N2WS Backup & Recovery before 4.4.0, a two-step attack against the RESTful API results in remote code execution. |
| [CVE-2026-4816](https://nvd.nist.gov/vuln/detail/CVE-2026-4816) | 4.8 | MEDIUM | CWE-79 | No | 0.0% | 3.36 | 2026-03-25 | A Reflected Cross Site Scripting (XSS) vulnerability has been found in Support Board v3.7.7. This vulnerability allows a... |
| [CVE-2026-4815](https://nvd.nist.gov/vuln/detail/CVE-2026-4815) | 8.7 | HIGH | CWE-89 | No | 0.0% | 6.09 | 2026-03-25 | A SQL Injection vulnerability has been found in Support Board v3.7.7. This vulnerability allows an attacker to retrieve,... |
| [CVE-2026-28529](https://nvd.nist.gov/vuln/detail/CVE-2026-28529) | 8.5 | HIGH | CWE-416 | No | 0.0% | 5.95 | 2026-03-25 | cryptodev-linux version 1.14 and prior contain a page reference handling flaw in the get_userbuf function of the /dev/cr... |
| [CVE-2024-51348](https://nvd.nist.gov/vuln/detail/CVE-2024-51348) | 8.8 | HIGH | CWE-121 | No | 0.2% | 6.17 | 2026-03-25 | A stack-based buffer overflow vulnerability in the P2P API service in BS Producten Petcam with firmware 33.1.0.0818 allo... |
| [CVE-2024-51347](https://nvd.nist.gov/vuln/detail/CVE-2024-51347) | 7.2 | HIGH | CWE-120 | No | 0.1% | 5.04 | 2026-03-25 | A buffer overflow vulnerability in the dgiot binary in LSC Smart Indoor IP Camera V7.6.32. The flaw exists in the handli... |
| [CVE-2024-51346](https://nvd.nist.gov/vuln/detail/CVE-2024-51346) | 7.7 | HIGH | CWE-330 | No | 0.0% | 5.39 | 2026-03-25 | An issue in Eufy Homebase 2 version 3.3.4.1h allows a local attacker to obtain sensitive information via the cryptograph... |
| [CVE-2026-23333](https://nvd.nist.gov/vuln/detail/CVE-2026-23333) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-03-25 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. |
| [CVE-2026-23320](https://nvd.nist.gov/vuln/detail/CVE-2026-23320) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-03-25 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. |
| [CVE-2026-32326](https://nvd.nist.gov/vuln/detail/CVE-2026-32326) | 6.9 | MEDIUM | CWE-306 | No | 0.1% | 4.83 | 2026-03-25 | SHARP routers do not perform authentication for some web APIs. The device information may be retrieved without authentic... |
| [CVE-2026-33253](https://nvd.nist.gov/vuln/detail/CVE-2026-33253) | 8.4 | HIGH | CWE-428 | No | 0.0% | 5.88 | 2026-03-25 | SANUPS SOFTWARE provided by SANYO DENKI CO., LTD. registers Windows services with unquoted file paths. A user with the w... |
| [CVE-2026-2343](https://nvd.nist.gov/vuln/detail/CVE-2026-2343) | 5.3 | MEDIUM | N/A | No | 0.0% | 3.71 | 2026-03-25 | The PeproDev Ultimate Invoice WordPress plugin through 2.2.5 has a bulk download invoices action that generates ZIP arch... |
| [CVE-2026-26306](https://nvd.nist.gov/vuln/detail/CVE-2026-26306) | 8.4 | HIGH | CWE-427 | No | 0.0% | 5.88 | 2026-03-25 | The installer for OM Workspace (Windows Edition) Ver 2.4 and earlier insecurely loads Dynamic Link Libraries (DLLs), whi... |
| [CVE-2026-2072](https://nvd.nist.gov/vuln/detail/CVE-2026-2072) | 8.2 | HIGH | CWE-79 | No | 0.0% | 5.74 | 2026-03-25 | Cross-Site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor (Analytics probe component), Hitachi Ops... |
| [CVE-2026-1166](https://nvd.nist.gov/vuln/detail/CVE-2026-1166) | 4.3 | MEDIUM | CWE-601 | No | 0.0% | 3.01 | 2026-03-25 | Open Redirect vulnerability in Hitachi Ops Center Administrator.This issue affects Hitachi Ops Center Administrator: fro... |
| [CVE-2026-4784](https://nvd.nist.gov/vuln/detail/CVE-2026-4784) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-25 | A vulnerability was found in code-projects Simple Laundry System 1.0. This affects an unknown function of the file /chec... |
| [CVE-2026-4766](https://nvd.nist.gov/vuln/detail/CVE-2026-4766) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-03-25 | The Easy Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Gallery shortcode post... |
| [CVE-2026-4783](https://nvd.nist.gov/vuln/detail/CVE-2026-4783) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-03-25 | A vulnerability has been found in itsourcecode College Management System 1.0. The impacted element is an unknown functio... |
| [CVE-2026-28895](https://nvd.nist.gov/vuln/detail/CVE-2026-28895) | 4.6 | MEDIUM | CWE-284 | No | 0.0% | 3.22 | 2026-03-25 | The issue was addressed with improved checks. This issue is fixed in iOS 26.4 and iPadOS 26.4. An attacker with physical... |
| [CVE-2026-28894](https://nvd.nist.gov/vuln/detail/CVE-2026-28894) | 7.5 | HIGH | CWE-20 | No | 0.2% | 5.26 | 2026-03-25 | A denial-of-service issue was addressed with improved input validation. This issue is fixed in iOS 26.4 and iPadOS 26.4,... |
| [CVE-2026-28893](https://nvd.nist.gov/vuln/detail/CVE-2026-28893) | 3.3 | LOW | NVD-CWE-noinfo | No | 0.0% | 2.31 | 2026-03-25 | A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Tahoe 26.4. A docu... |
| [CVE-2026-28892](https://nvd.nist.gov/vuln/detail/CVE-2026-28892) | 5.5 | MEDIUM | NVD-CWE-noinfo | No | 0.0% | 3.85 | 2026-03-25 | A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7.5, macOS So... |
| [CVE-2026-28891](https://nvd.nist.gov/vuln/detail/CVE-2026-28891) | 8.1 | HIGH | CWE-362 | No | 0.0% | 5.67 | 2026-03-25 | A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.... |
| [CVE-2026-28890](https://nvd.nist.gov/vuln/detail/CVE-2026-28890) | 5.5 | MEDIUM | CWE-125 | No | 0.0% | 3.85 | 2026-03-25 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 26.4. An app may be able... |
| [CVE-2026-28889](https://nvd.nist.gov/vuln/detail/CVE-2026-28889) | 6.2 | MEDIUM | CWE-269 | No | 0.0% | 4.34 | 2026-03-25 | A permissions issue was addressed with additional restrictions. This issue is fixed in Xcode 26.4. An app may be able to... |
| [CVE-2026-28888](https://nvd.nist.gov/vuln/detail/CVE-2026-28888) | 5.1 | MEDIUM | CWE-362 | No | 0.0% | 3.57 | 2026-03-25 | A race condition was addressed with improved state handling. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 1... |
| [CVE-2026-28886](https://nvd.nist.gov/vuln/detail/CVE-2026-28886) | 5.9 | MEDIUM | CWE-476 | No | 0.1% | 4.13 | 2026-03-25 | A null pointer dereference was addressed with improved input validation. This issue is fixed in iOS 18.7.7 and iPadOS 18... |
| [CVE-2026-28882](https://nvd.nist.gov/vuln/detail/CVE-2026-28882) | 4.0 | MEDIUM | NVD-CWE-noinfo | No | 0.0% | 2.80 | 2026-03-25 | This issue was addressed with improved checks. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 2... |
| [CVE-2026-28881](https://nvd.nist.gov/vuln/detail/CVE-2026-28881) | 5.5 | MEDIUM | NVD-CWE-noinfo | No | 0.0% | 3.85 | 2026-03-25 | A privacy issue was addressed by moving sensitive data. This issue is fixed in macOS Tahoe 26.4. An app may be able to a... |
| [CVE-2026-28880](https://nvd.nist.gov/vuln/detail/CVE-2026-28880) | 6.5 | MEDIUM | CWE-284 | No | 0.1% | 4.55 | 2026-03-25 | A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS... |
| [CVE-2026-28879](https://nvd.nist.gov/vuln/detail/CVE-2026-28879) | 6.5 | MEDIUM | CWE-416 | No | 0.0% | 4.55 | 2026-03-25 | A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.... |
| [CVE-2026-28878](https://nvd.nist.gov/vuln/detail/CVE-2026-28878) | 6.5 | MEDIUM | CWE-200 | No | 0.1% | 4.55 | 2026-03-25 | A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4... |
| [CVE-2026-28877](https://nvd.nist.gov/vuln/detail/CVE-2026-28877) | 5.5 | MEDIUM | NVD-CWE-noinfo | No | 0.0% | 3.85 | 2026-03-25 | An authorization issue was addressed with improved state management. This issue is fixed in iOS 26.4 and iPadOS 26.4, ma... |
| [CVE-2026-28876](https://nvd.nist.gov/vuln/detail/CVE-2026-28876) | 7.5 | HIGH | CWE-284 | No | 0.1% | 5.25 | 2026-03-25 | A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in i... |
| [CVE-2026-28875](https://nvd.nist.gov/vuln/detail/CVE-2026-28875) | 7.5 | HIGH | CWE-120 | No | 0.1% | 5.25 | 2026-03-25 | A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 26.4 and iPadOS 26.4. A remote... |
| [CVE-2026-28874](https://nvd.nist.gov/vuln/detail/CVE-2026-28874) | 7.5 | HIGH | CWE-400 | No | 0.1% | 5.25 | 2026-03-25 | The issue was addressed with improved checks. This issue is fixed in iOS 26.4 and iPadOS 26.4. A remote attacker may cau... |
| [CVE-2026-28871](https://nvd.nist.gov/vuln/detail/CVE-2026-28871) | 4.3 | MEDIUM | CWE-79 | No | 0.0% | 3.01 | 2026-03-25 | A logic issue was addressed with improved checks. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS... |
| [CVE-2026-28870](https://nvd.nist.gov/vuln/detail/CVE-2026-28870) | 5.5 | MEDIUM | NVD-CWE-noinfo | No | 0.0% | 3.85 | 2026-03-25 | An information leakage was addressed with additional validation. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS... |
| [CVE-2026-28868](https://nvd.nist.gov/vuln/detail/CVE-2026-28868) | 5.5 | MEDIUM | CWE-532 | No | 0.0% | 3.85 | 2026-03-25 | A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.... |
| [CVE-2026-28867](https://nvd.nist.gov/vuln/detail/CVE-2026-28867) | 6.2 | MEDIUM | NVD-CWE-noinfo | No | 0.0% | 4.34 | 2026-03-25 | This issue was addressed with improved authentication. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and... |
| [CVE-2026-28866](https://nvd.nist.gov/vuln/detail/CVE-2026-28866) | 6.2 | MEDIUM | CWE-59 | No | 0.0% | 4.34 | 2026-03-25 | This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS... |
| [CVE-2026-28865](https://nvd.nist.gov/vuln/detail/CVE-2026-28865) | 7.5 | HIGH | CWE-285 | No | 0.1% | 5.25 | 2026-03-25 | An authentication issue was addressed with improved state management. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.... |
| [CVE-2026-28864](https://nvd.nist.gov/vuln/detail/CVE-2026-28864) | 3.3 | LOW | CWE-863 | No | 0.0% | 2.31 | 2026-03-25 | This issue was addressed with improved permissions checking. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26... |
| [CVE-2026-28863](https://nvd.nist.gov/vuln/detail/CVE-2026-28863) | 6.5 | MEDIUM | NVD-CWE-noinfo | No | 0.0% | 4.55 | 2026-03-25 | A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.4 and iPadOS 26.4, tvOS 26... |
| [CVE-2026-28862](https://nvd.nist.gov/vuln/detail/CVE-2026-28862) | 5.3 | MEDIUM | CWE-284 | No | 0.1% | 3.71 | 2026-03-25 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia... |
| [CVE-2026-28861](https://nvd.nist.gov/vuln/detail/CVE-2026-28861) | 4.3 | MEDIUM | NVD-CWE-noinfo | No | 0.0% | 3.01 | 2026-03-25 | A logic issue was addressed with improved state management. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18... |
| [CVE-2026-28859](https://nvd.nist.gov/vuln/detail/CVE-2026-28859) | 4.3 | MEDIUM | CWE-125 | No | 0.0% | 3.01 | 2026-03-25 | The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, mac... |
| [CVE-2026-28858](https://nvd.nist.gov/vuln/detail/CVE-2026-28858) | 9.8 | CRITICAL | CWE-120 | No | 0.1% | 6.86 | 2026-03-25 | A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 26.4 and iPadOS 26.4. A remote... |
| [CVE-2026-28857](https://nvd.nist.gov/vuln/detail/CVE-2026-28857) | 6.5 | MEDIUM | CWE-125 | No | 0.0% | 4.55 | 2026-03-25 | The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, mac... |
| [CVE-2026-28856](https://nvd.nist.gov/vuln/detail/CVE-2026-28856) | 4.6 | MEDIUM | CWE-284 | No | 0.0% | 3.22 | 2026-03-25 | The issue was addressed with improved authentication. This issue is fixed in iOS 26.4 and iPadOS 26.4, visionOS 26.4, wa... |
| [CVE-2026-28855](https://nvd.nist.gov/vuln/detail/CVE-2026-28855) | 7.5 | HIGH | CWE-284 | No | 0.0% | 5.25 | 2026-03-25 | A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS T... |
| [CVE-2026-28852](https://nvd.nist.gov/vuln/detail/CVE-2026-28852) | 5.5 | MEDIUM | CWE-20 | No | 0.0% | 3.85 | 2026-03-25 | A stack overflow was addressed with improved input validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS... |
| [CVE-2026-28845](https://nvd.nist.gov/vuln/detail/CVE-2026-28845) | 5.5 | MEDIUM | CWE-285 | No | 0.0% | 3.85 | 2026-03-25 | An authorization issue was addressed with improved state management. This issue is fixed in macOS Tahoe 26.4. An app may... |
| [CVE-2026-28844](https://nvd.nist.gov/vuln/detail/CVE-2026-28844) | 6.5 | MEDIUM | NVD-CWE-noinfo | No | 0.0% | 4.55 | 2026-03-25 | A file access issue was addressed with improved input validation. This issue is fixed in macOS Tahoe 26.4. An attacker m... |
| [CVE-2026-28842](https://nvd.nist.gov/vuln/detail/CVE-2026-28842) | 7.5 | HIGH | CWE-122 | No | 0.1% | 5.25 | 2026-03-25 | The issue was addressed with improved bounds checks. This issue is fixed in macOS Tahoe 26.4. A buffer overflow may resu... |
| [CVE-2026-28841](https://nvd.nist.gov/vuln/detail/CVE-2026-28841) | 6.2 | MEDIUM | CWE-120 | No | 0.0% | 4.34 | 2026-03-25 | A buffer overflow was addressed with improved size validation. This issue is fixed in macOS Tahoe 26.4. A buffer overflo... |
| [CVE-2026-28839](https://nvd.nist.gov/vuln/detail/CVE-2026-28839) | 5.3 | MEDIUM | CWE-285 | No | 0.0% | 3.71 | 2026-03-25 | The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Ta... |
| [CVE-2026-28838](https://nvd.nist.gov/vuln/detail/CVE-2026-28838) | 5.3 | MEDIUM | NVD-CWE-noinfo | No | 0.0% | 3.71 | 2026-03-25 | A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.5, mac... |
| [CVE-2026-28837](https://nvd.nist.gov/vuln/detail/CVE-2026-28837) | 7.5 | HIGH | CWE-284 | No | 0.0% | 5.25 | 2026-03-25 | A logic issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.4. An app may be able to access... |
| [CVE-2026-28835](https://nvd.nist.gov/vuln/detail/CVE-2026-28835) | 6.5 | MEDIUM | CWE-416 | No | 0.0% | 4.55 | 2026-03-25 | A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Sequoia 15.7.5, macOS... |
| [CVE-2026-28834](https://nvd.nist.gov/vuln/detail/CVE-2026-28834) | 5.1 | MEDIUM | CWE-362 | No | 0.0% | 3.57 | 2026-03-25 | A race condition was addressed with improved state handling. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 1... |
| [CVE-2026-28833](https://nvd.nist.gov/vuln/detail/CVE-2026-28833) | 6.2 | MEDIUM | NVD-CWE-noinfo | No | 0.0% | 4.34 | 2026-03-25 | A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS T... |
| [CVE-2026-28832](https://nvd.nist.gov/vuln/detail/CVE-2026-28832) | 8.4 | HIGH | CWE-125 | No | 0.0% | 5.88 | 2026-03-25 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.7.5, macOS So... |
| [CVE-2026-28831](https://nvd.nist.gov/vuln/detail/CVE-2026-28831) | 5.5 | MEDIUM | NVD-CWE-noinfo | No | 0.0% | 3.85 | 2026-03-25 | An authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.7.5, macOS... |
| [CVE-2026-28829](https://nvd.nist.gov/vuln/detail/CVE-2026-28829) | 5.5 | MEDIUM | CWE-732 | No | 0.0% | 3.85 | 2026-03-25 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonom... |
| [CVE-2026-28828](https://nvd.nist.gov/vuln/detail/CVE-2026-28828) | 5.3 | MEDIUM | CWE-284 | No | 0.0% | 3.71 | 2026-03-25 | A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7.5, macOS So... |
| [CVE-2026-28827](https://nvd.nist.gov/vuln/detail/CVE-2026-28827) | 9.3 | CRITICAL | CWE-22 | No | 0.0% | 6.51 | 2026-03-25 | A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in m... |
| [CVE-2026-28826](https://nvd.nist.gov/vuln/detail/CVE-2026-28826) | 4.0 | MEDIUM | NVD-CWE-noinfo | No | 0.0% | 2.80 | 2026-03-25 | A logic issue was addressed with improved restrictions. This issue is fixed in macOS Tahoe 26.4. A malicious app may be... |
| [CVE-2026-28825](https://nvd.nist.gov/vuln/detail/CVE-2026-28825) | 5.5 | MEDIUM | CWE-787 | No | 0.0% | 3.85 | 2026-03-25 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.7.5, m... |
| [CVE-2026-28824](https://nvd.nist.gov/vuln/detail/CVE-2026-28824) | 5.3 | MEDIUM | CWE-284 | No | 0.0% | 3.71 | 2026-03-25 | An authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.7.5, macOS... |
| [CVE-2026-28823](https://nvd.nist.gov/vuln/detail/CVE-2026-28823) | 4.9 | MEDIUM | CWE-284 | No | 0.0% | 3.43 | 2026-03-25 | A path handling issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26.4. An app with root... |
| [CVE-2026-28822](https://nvd.nist.gov/vuln/detail/CVE-2026-28822) | 6.2 | MEDIUM | CWE-843 | No | 0.0% | 4.34 | 2026-03-25 | A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 26.4 and iPadOS 26.4, mac... |
| [CVE-2026-28821](https://nvd.nist.gov/vuln/detail/CVE-2026-28821) | 8.4 | HIGH | CWE-20 | No | 0.0% | 5.88 | 2026-03-25 | A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the pro... |
| [CVE-2026-28820](https://nvd.nist.gov/vuln/detail/CVE-2026-28820) | 5.3 | MEDIUM | NVD-CWE-noinfo | No | 0.0% | 3.71 | 2026-03-25 | This issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.4. An app may be able to access sen... |
| [CVE-2026-28818](https://nvd.nist.gov/vuln/detail/CVE-2026-28818) | 5.3 | MEDIUM | CWE-284 | No | 0.0% | 3.71 | 2026-03-25 | A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14... |
| [CVE-2026-28817](https://nvd.nist.gov/vuln/detail/CVE-2026-28817) | 8.1 | HIGH | CWE-362 | No | 0.0% | 5.67 | 2026-03-25 | A race condition was addressed with improved state handling. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 1... |
| [CVE-2026-28816](https://nvd.nist.gov/vuln/detail/CVE-2026-28816) | 4.0 | MEDIUM | CWE-22 | No | 0.0% | 2.80 | 2026-03-25 | A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma... |
| [CVE-2026-20701](https://nvd.nist.gov/vuln/detail/CVE-2026-20701) | 7.5 | HIGH | CWE-693 | No | 0.1% | 5.25 | 2026-03-25 | An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS S... |
| [CVE-2026-20699](https://nvd.nist.gov/vuln/detail/CVE-2026-20699) | 6.2 | MEDIUM | CWE-347 | No | 0.0% | 4.34 | 2026-03-25 | A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issu... |
| [CVE-2026-20698](https://nvd.nist.gov/vuln/detail/CVE-2026-20698) | 7.8 | HIGH | CWE-787 | No | 0.0% | 5.46 | 2026-03-25 | The issue was addressed with improved memory handling. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4... |
| [CVE-2026-20697](https://nvd.nist.gov/vuln/detail/CVE-2026-20697) | 5.3 | MEDIUM | CWE-284 | No | 0.0% | 3.71 | 2026-03-25 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonom... |
| [CVE-2026-20695](https://nvd.nist.gov/vuln/detail/CVE-2026-20695) | 6.2 | MEDIUM | NVD-CWE-noinfo | No | 0.0% | 4.34 | 2026-03-25 | An information disclosure issue was addressed with improved memory management. This issue is fixed in macOS Sequoia 15.7... |
| [CVE-2026-20694](https://nvd.nist.gov/vuln/detail/CVE-2026-20694) | 5.5 | MEDIUM | CWE-59 | No | 0.0% | 3.85 | 2026-03-25 | This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sequ... |
| [CVE-2026-20693](https://nvd.nist.gov/vuln/detail/CVE-2026-20693) | 4.9 | MEDIUM | CWE-732 | No | 0.0% | 3.43 | 2026-03-25 | This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14... |
| [CVE-2026-20692](https://nvd.nist.gov/vuln/detail/CVE-2026-20692) | 5.3 | MEDIUM | NVD-CWE-noinfo | No | 0.0% | 3.71 | 2026-03-25 | A privacy issue was addressed with improved handling of user preferences. This issue is fixed in iOS 26.4 and iPadOS 26.... |
| [CVE-2026-20691](https://nvd.nist.gov/vuln/detail/CVE-2026-20691) | 4.3 | MEDIUM | CWE-497 | No | 0.0% | 3.01 | 2026-03-25 | An authorization issue was addressed with improved state management. This issue is fixed in Safari 26.4, iOS 26.4 and iP... |
| [CVE-2026-20690](https://nvd.nist.gov/vuln/detail/CVE-2026-20690) | 6.5 | MEDIUM | CWE-125 | No | 0.0% | 4.55 | 2026-03-25 | An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.7 and iPadOS... |
| [CVE-2026-20688](https://nvd.nist.gov/vuln/detail/CVE-2026-20688) | 9.3 | CRITICAL | CWE-22 | No | 0.0% | 6.51 | 2026-03-25 | A path handling issue was addressed with improved validation. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Seq... |
| [CVE-2026-20687](https://nvd.nist.gov/vuln/detail/CVE-2026-20687) | 7.1 | HIGH | CWE-416 | No | 0.0% | 4.97 | 2026-03-25 | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.... |
| [CVE-2026-20686](https://nvd.nist.gov/vuln/detail/CVE-2026-20686) | 5.3 | MEDIUM | CWE-20 | No | 0.1% | 3.71 | 2026-03-25 | This issue was addressed with improved input validation. This issue is fixed in iOS 26.3 and iPadOS 26.3. An app may be... |
| [CVE-2026-20684](https://nvd.nist.gov/vuln/detail/CVE-2026-20684) | 3.3 | LOW | NVD-CWE-noinfo | No | 0.0% | 2.31 | 2026-03-25 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.4. An app may bypa... |
| [CVE-2026-20670](https://nvd.nist.gov/vuln/detail/CVE-2026-20670) | 5.5 | MEDIUM | NVD-CWE-noinfo | No | 0.0% | 3.85 | 2026-03-25 | An authorization issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.8.4, macOS T... |
| [CVE-2026-20668](https://nvd.nist.gov/vuln/detail/CVE-2026-20668) | 5.5 | MEDIUM | CWE-532 | No | 0.0% | 3.85 | 2026-03-25 | A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.... |
| [CVE-2026-20665](https://nvd.nist.gov/vuln/detail/CVE-2026-20665) | 6.5 | MEDIUM | CWE-693 | No | 0.2% | 4.55 | 2026-03-25 | This issue was addressed through improved state management. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18... |
| [CVE-2026-20664](https://nvd.nist.gov/vuln/detail/CVE-2026-20664) | 4.3 | MEDIUM | CWE-787 | No | 0.0% | 3.01 | 2026-03-25 | The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, mac... |
| [CVE-2026-20657](https://nvd.nist.gov/vuln/detail/CVE-2026-20657) | 6.5 | MEDIUM | CWE-119 | No | 0.0% | 4.55 | 2026-03-25 | The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, macOS Sequoi... |
| [CVE-2026-20651](https://nvd.nist.gov/vuln/detail/CVE-2026-20651) | 6.2 | MEDIUM | CWE-377 | No | 0.0% | 4.34 | 2026-03-25 | A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sequoia 15.7.5, ma... |
| [CVE-2026-20639](https://nvd.nist.gov/vuln/detail/CVE-2026-20639) | 7.5 | HIGH | CWE-190 | No | 0.1% | 5.25 | 2026-03-25 | An integer overflow was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.7.5, macOS Son... |
| [CVE-2026-20637](https://nvd.nist.gov/vuln/detail/CVE-2026-20637) | 6.2 | MEDIUM | CWE-416 | No | 0.0% | 4.34 | 2026-03-25 | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.... |
| [CVE-2026-20633](https://nvd.nist.gov/vuln/detail/CVE-2026-20633) | 5.5 | MEDIUM | CWE-59 | No | 0.0% | 3.85 | 2026-03-25 | This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 1... |
| [CVE-2026-20632](https://nvd.nist.gov/vuln/detail/CVE-2026-20632) | 5.3 | MEDIUM | CWE-284 | No | 0.0% | 3.71 | 2026-03-25 | A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in m... |
| [CVE-2026-20631](https://nvd.nist.gov/vuln/detail/CVE-2026-20631) | 8.8 | HIGH | NVD-CWE-noinfo | No | 0.0% | 6.16 | 2026-03-25 | A logic issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.4. A user may be able to elevate... |
| [CVE-2026-20622](https://nvd.nist.gov/vuln/detail/CVE-2026-20622) | 7.5 | HIGH | CWE-284 | No | 0.0% | 5.25 | 2026-03-25 | A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sequoia 15.7.4, ma... |
| [CVE-2026-20607](https://nvd.nist.gov/vuln/detail/CVE-2026-20607) | 4.0 | MEDIUM | CWE-269 | No | 0.0% | 2.80 | 2026-03-25 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonom... |
| [CVE-2025-43534](https://nvd.nist.gov/vuln/detail/CVE-2025-43534) | 6.8 | MEDIUM | CWE-284 | No | 0.0% | 4.76 | 2026-03-25 | A path handling issue was addressed with improved validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 2... |
| [CVE-2026-4781](https://nvd.nist.gov/vuln/detail/CVE-2026-4781) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-03-25 | A flaw has been found in SourceCodester Sales and Inventory System 1.0. The affected element is an unknown function of t... |
| [CVE-2026-4780](https://nvd.nist.gov/vuln/detail/CVE-2026-4780) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-03-25 | A vulnerability was detected in SourceCodester Sales and Inventory System 1.0. Impacted is an unknown function of the fi... |
| [CVE-2026-4779](https://nvd.nist.gov/vuln/detail/CVE-2026-4779) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-03-24 | A security vulnerability has been detected in SourceCodester Sales and Inventory System 1.0. This issue affects some unk... |
| [CVE-2026-4778](https://nvd.nist.gov/vuln/detail/CVE-2026-4778) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-03-24 | A weakness has been identified in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code... |
| [CVE-2026-4777](https://nvd.nist.gov/vuln/detail/CVE-2026-4777) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-03-24 | A security flaw has been discovered in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of th... |
| [CVE-2026-4433](https://nvd.nist.gov/vuln/detail/CVE-2026-4433) | 4.8 | MEDIUM | CWE-16 | No | 0.0% | 3.36 | 2026-03-24 | An SSH misconfigurations exists in Tenable OT that led to the potential exfiltration of socket, port, and service inform... |
| [CVE-2026-4371](https://nvd.nist.gov/vuln/detail/CVE-2026-4371) | 7.4 | HIGH | CWE-126 | No | 0.1% | 5.18 | 2026-03-24 | A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside th... |
| [CVE-2026-3912](https://nvd.nist.gov/vuln/detail/CVE-2026-3912) | 8.7 | HIGH | CWE-20 | No | 0.0% | 6.09 | 2026-03-24 | Injection vulnerabilities due to validation/sanitisation of user-supplied input in ActiveMatrix BusinessWorks and Enterp... |
| [CVE-2026-3889](https://nvd.nist.gov/vuln/detail/CVE-2026-3889) | 6.5 | MEDIUM | CWE-451 | No | 0.0% | 4.55 | 2026-03-24 | Spoofing issue in Thunderbird. This vulnerability was fixed in Thunderbird 149 and Thunderbird 140.9. |
| [CVE-2026-33215](https://nvd.nist.gov/vuln/detail/CVE-2026-33215) | 6.5 | MEDIUM | CWE-287 | No | 0.0% | 4.55 | 2026-03-24 | NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server provides... |
| [CVE-2026-24159](https://nvd.nist.gov/vuln/detail/CVE-2026-24159) | 7.8 | HIGH | CWE-502 | No | 0.1% | 5.46 | 2026-03-24 | NVIDIA NeMo Framework contains a vulnerability where an attacker may cause remote code execution. A successful exploit o... |
| [CVE-2026-24158](https://nvd.nist.gov/vuln/detail/CVE-2026-24158) | 7.5 | HIGH | CWE-789 | No | 0.1% | 5.25 | 2026-03-24 | NVIDIA Triton Inference Server contains a vulnerability in the HTTP endpoint where an attacker may cause a denial of ser... |
| [CVE-2026-24157](https://nvd.nist.gov/vuln/detail/CVE-2026-24157) | 7.8 | HIGH | CWE-502 | No | 0.1% | 5.46 | 2026-03-24 | NVIDIA NeMo Framework contains a vulnerability in checkpoint loading where an attacker could cause remote code execution... |
| [CVE-2026-24152](https://nvd.nist.gov/vuln/detail/CVE-2026-24152) | 7.8 | HIGH | CWE-502 | No | 0.1% | 5.46 | 2026-03-24 | NVIDIA Megatron-LM contains a vulnerability in checkpoint loading where an Attacker may cause an RCE by convincing a use... |
| [CVE-2026-24151](https://nvd.nist.gov/vuln/detail/CVE-2026-24151) | 7.8 | HIGH | CWE-502 | No | 0.1% | 5.46 | 2026-03-24 | NVIDIA Megatron-LM contains a vulnerability in inferencing where an Attacker may cause an RCE by convincing a user to lo... |
| [CVE-2026-24150](https://nvd.nist.gov/vuln/detail/CVE-2026-24150) | 7.8 | HIGH | CWE-502 | No | 0.1% | 5.46 | 2026-03-24 | NVIDIA Megatron-LM contains a vulnerability in checkpoint loading where an Attacker may cause an RCE by convincing a use... |
| [CVE-2026-24141](https://nvd.nist.gov/vuln/detail/CVE-2026-24141) | 7.8 | HIGH | CWE-502 | No | 0.1% | 5.46 | 2026-03-24 | NVIDIA Model Optimizer for Windows and Linux contains a vulnerability in the ONNX quantization feature, where a user cou... |
| [CVE-2026-21790](https://nvd.nist.gov/vuln/detail/CVE-2026-21790) | 6.3 | MEDIUM | CWE-346 | No | 0.0% | 4.41 | 2026-03-24 | HCL Traveler is susceptible to a weak default HTTP header validation vulnerability, which could allow an attacker to byp... |
| [CVE-2025-33254](https://nvd.nist.gov/vuln/detail/CVE-2025-33254) | 7.5 | HIGH | CWE-362 | No | 0.0% | 5.25 | 2026-03-24 | NVIDIA Triton Inference Server contains a vulnerability where an attacker may cause internal state corruption. A success... |
| [CVE-2025-33248](https://nvd.nist.gov/vuln/detail/CVE-2025-33248) | 7.8 | HIGH | CWE-502 | No | 0.1% | 5.46 | 2026-03-24 | NVIDIA Megatron-LM contains a vulnerability in the hybrid conversion script where an Attacker may cause an RCE by convin... |
| [CVE-2025-33247](https://nvd.nist.gov/vuln/detail/CVE-2025-33247) | 7.8 | HIGH | CWE-502 | No | 0.3% | 5.47 | 2026-03-24 | NVIDIA Megatron LM contains a vulnerability in quantization configuration loading, which could allow remote code executi... |
| [CVE-2025-33244](https://nvd.nist.gov/vuln/detail/CVE-2025-33244) | 9.0 | CRITICAL | CWE-502 | No | 0.1% | 6.30 | 2026-03-24 | NVIDIA APEX for Linux contains a vulnerability where an unauthorized attacker could cause a deserialization of untrusted... |
| [CVE-2025-33242](https://nvd.nist.gov/vuln/detail/CVE-2025-33242) | 5.9 | MEDIUM | CWE-1234 | No | 0.0% | 4.13 | 2026-03-24 | NVIDIA B300 MCU contains a vulnerability in the CX8 MCU that could allow a malicious actor to modify unsupported registr... |
| [CVE-2025-33238](https://nvd.nist.gov/vuln/detail/CVE-2025-33238) | 7.5 | HIGH | CWE-362 | No | 0.0% | 5.25 | 2026-03-24 | NVIDIA Triton Inference Server Sagemaker HTTP server contains a vulnerability where an attacker may cause an exception.... |
| [CVE-2025-33216](https://nvd.nist.gov/vuln/detail/CVE-2025-33216) | 6.8 | MEDIUM | CWE-131 | No | 0.0% | 4.76 | 2026-03-24 | NVIDIA SNAP-4 Container contains a vulnerability in the configuration interface where an attacker on a VM may cause an i... |
| [CVE-2025-33215](https://nvd.nist.gov/vuln/detail/CVE-2025-33215) | 6.8 | MEDIUM | CWE-823 | No | 0.0% | 4.76 | 2026-03-24 | NVIDIA SNAP-4 Container contains a vulnerability in the VIRTIO-BLK component where a malicious guest VM may cause use of... |
| [CVE-2026-33511](https://nvd.nist.gov/vuln/detail/CVE-2026-33511) | 8.8 | HIGH | CWE-639 | No | 0.1% | 6.16 | 2026-03-24 | pyLoad is a free and open-source download manager written in Python. From version 0.4.20 to before version 0.5.0b3.dev97... |
| [CVE-2026-33509](https://nvd.nist.gov/vuln/detail/CVE-2026-33509) | 7.5 | HIGH | CWE-269 | No | 0.1% | 5.25 | 2026-03-24 | pyLoad is a free and open-source download manager written in Python. From version 0.4.0 to before version 0.5.0b3.dev97,... |
| [CVE-2026-33419](https://nvd.nist.gov/vuln/detail/CVE-2026-33419) | 9.1 | CRITICAL | CWE-204 | No | 0.0% | 6.37 | 2026-03-24 | MinIO is a high-performance object storage system. Prior to RELEASE.2026-03-17T21-25-16Z, MinIO AIStor's STS (Security T... |
| [CVE-2026-33412](https://nvd.nist.gov/vuln/detail/CVE-2026-33412) | 5.6 | MEDIUM | CWE-78 | No | 0.0% | 3.92 | 2026-03-24 | Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in... |
| [CVE-2026-33353](https://nvd.nist.gov/vuln/detail/CVE-2026-33353) | 7.1 | HIGH | CWE-200 | No | 0.0% | 4.97 | 2026-03-24 | Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0.11.6, an authoriza... |
| [CVE-2026-33349](https://nvd.nist.gov/vuln/detail/CVE-2026-33349) | 5.9 | MEDIUM | CWE-1284 | No | 0.0% | 4.13 | 2026-03-24 | fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. From version 4.0.... |
| [CVE-2026-33347](https://nvd.nist.gov/vuln/detail/CVE-2026-33347) | 6.3 | MEDIUM | CWE-79 | No | 0.0% | 4.41 | 2026-03-24 | league/commonmark is a PHP Markdown parser. From version 2.3.0 to before version 2.8.2, the DomainFilteringAdapter in th... |
| [CVE-2026-33345](https://nvd.nist.gov/vuln/detail/CVE-2026-33345) | 6.5 | MEDIUM | CWE-639 | No | 0.0% | 4.55 | 2026-03-24 | solidtime is an open-source time-tracking app. Prior to version 0.11.6, the project detail endpoint GET /api/v1/organiza... |
| [CVE-2026-33344](https://nvd.nist.gov/vuln/detail/CVE-2026-33344) | 8.1 | HIGH | CWE-22 | No | 0.0% | 5.67 | 2026-03-24 | Dagu is a workflow engine with a built-in Web user interface. From version 2.0.0 to before version 2.3.1, the fix for CV... |
| [CVE-2026-33332](https://nvd.nist.gov/vuln/detail/CVE-2026-33332) | 6.9 | MEDIUM | CWE-20 | No | 0.0% | 4.83 | 2026-03-24 | NiceGUI is a Python-based UI framework. Prior to version 3.9.0, NiceGUI's app.add_media_file() and app.add_media_files()... |
| [CVE-2026-33331](https://nvd.nist.gov/vuln/detail/CVE-2026-33331) | 8.2 | HIGH | CWE-79 | No | 0.0% | 5.74 | 2026-03-24 | oRPC is an tool that helps build APIs that are end-to-end type-safe and adhere to OpenAPI standards. Prior to version 1.... |
| [CVE-2026-33330](https://nvd.nist.gov/vuln/detail/CVE-2026-33330) | 7.1 | HIGH | CWE-863 | No | 0.0% | 4.97 | 2026-03-24 | FileRise is a self-hosted web file manager / WebDAV server. Prior to version 3.10.0, a broken access control issue in Fi... |
| [CVE-2026-33329](https://nvd.nist.gov/vuln/detail/CVE-2026-33329) | 8.1 | HIGH | CWE-22 | No | 0.1% | 5.67 | 2026-03-24 | FileRise is a self-hosted web file manager / WebDAV server. From version 1.0.1 to before version 3.10.0, the resumableId... |
| [CVE-2026-33326](https://nvd.nist.gov/vuln/detail/CVE-2026-33326) | 4.3 | MEDIUM | CWE-863 | No | 0.0% | 3.01 | 2026-03-24 | Keystone is a content management system for Node.js. Prior to version 6.5.2, {field}.isFilterable access control can be... |
| [CVE-2026-33322](https://nvd.nist.gov/vuln/detail/CVE-2026-33322) | 9.2 | CRITICAL | CWE-287 | No | 0.0% | 6.44 | 2026-03-24 | MinIO is a high-performance object storage system. From RELEASE.2022-11-08T05-27-07Z to before RELEASE.2026-03-17T21-25-... |
| [CVE-2026-33314](https://nvd.nist.gov/vuln/detail/CVE-2026-33314) | 6.5 | MEDIUM | CWE-287 | No | 0.0% | 4.55 | 2026-03-24 | pyLoad is a free and open-source download manager written in Python. Prior to version 0.5.0b3.dev97, a Host Header Spoof... |
| [CVE-2026-32948](https://nvd.nist.gov/vuln/detail/CVE-2026-32948) | 6.7 | MEDIUM | CWE-78 | No | 0.0% | 4.69 | 2026-03-24 | sbt is a build tool for Scala, Java, and others. From version 0.9.5 to before version 1.12.7, on Windows, sbt uses Proce... |
| [CVE-2026-21783](https://nvd.nist.gov/vuln/detail/CVE-2026-21783) | 4.3 | MEDIUM | CWE-209 | No | 0.0% | 3.01 | 2026-03-24 | HCL Traveler is affected by sensitive information disclosure.  The application generates some error messages that provid... |
| [CVE-2026-33769](https://nvd.nist.gov/vuln/detail/CVE-2026-33769) | 2.9 | LOW | CWE-20 | No | 0.1% | 2.03 | 2026-03-24 | Astro is a web framework. From version 2.10.10 to before version 5.18.1, this issue concerns Astro's remotePatterns path... |
| [CVE-2026-33768](https://nvd.nist.gov/vuln/detail/CVE-2026-33768) | 6.5 | MEDIUM | CWE-441 | No | 0.1% | 4.55 | 2026-03-24 | Astro is a web framework. Prior to version 10.0.2, the @astrojs/vercel serverless entrypoint reads the x-astro-path head... |
| [CVE-2026-33627](https://nvd.nist.gov/vuln/detail/CVE-2026-33627) | 7.1 | HIGH | CWE-200 | No | 0.1% | 4.97 | 2026-03-24 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version... |
| [CVE-2026-33624](https://nvd.nist.gov/vuln/detail/CVE-2026-33624) | 2.1 | LOW | CWE-367 | No | 0.0% | 1.47 | 2026-03-24 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version... |
| [CVE-2026-33539](https://nvd.nist.gov/vuln/detail/CVE-2026-33539) | 8.6 | HIGH | CWE-89 | No | 0.1% | 6.02 | 2026-03-24 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version... |
| [CVE-2026-33538](https://nvd.nist.gov/vuln/detail/CVE-2026-33538) | 8.7 | HIGH | CWE-400 | No | 0.1% | 6.09 | 2026-03-24 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version... |
| [CVE-2026-33527](https://nvd.nist.gov/vuln/detail/CVE-2026-33527) | 5.3 | MEDIUM | CWE-863 | No | 0.0% | 3.71 | 2026-03-24 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version... |
| [CVE-2026-33508](https://nvd.nist.gov/vuln/detail/CVE-2026-33508) | 8.2 | HIGH | CWE-674 | No | 0.1% | 5.74 | 2026-03-24 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version... |
| [CVE-2026-33498](https://nvd.nist.gov/vuln/detail/CVE-2026-33498) | 8.7 | HIGH | CWE-674 | No | 0.1% | 6.09 | 2026-03-24 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version... |
| [CVE-2026-33429](https://nvd.nist.gov/vuln/detail/CVE-2026-33429) | 6.3 | MEDIUM | CWE-203 | No | 0.0% | 4.41 | 2026-03-24 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version... |
| [CVE-2026-33421](https://nvd.nist.gov/vuln/detail/CVE-2026-33421) | 7.1 | HIGH | CWE-863 | No | 0.0% | 4.97 | 2026-03-24 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version... |
| [CVE-2026-33417](https://nvd.nist.gov/vuln/detail/CVE-2026-33417) | 6.5 | MEDIUM | CWE-613 | No | 0.0% | 4.55 | 2026-03-24 | Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.2, password reset tokens in... |
| [CVE-2026-33409](https://nvd.nist.gov/vuln/detail/CVE-2026-33409) | 7.0 | HIGH | CWE-287 | No | 0.1% | 4.90 | 2026-03-24 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version... |
| [CVE-2026-33323](https://nvd.nist.gov/vuln/detail/CVE-2026-33323) | 6.3 | MEDIUM | CWE-204 | No | 0.0% | 4.41 | 2026-03-24 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version... |
| [CVE-2026-30932](https://nvd.nist.gov/vuln/detail/CVE-2026-30932) | 8.6 | HIGH | CWE-74 | No | 0.1% | 6.02 | 2026-03-24 | Froxlor is open source server administration software. Prior to version 2.3.5, the DomainZones.add API endpoint (accessi... |
| [CVE-2026-2417](https://nvd.nist.gov/vuln/detail/CVE-2026-2417) | 9.3 | CRITICAL | CWE-306 | No | 0.1% | 6.51 | 2026-03-24 | A Missing Authentication for Critical Function vulnerability in Pharos Controls Mosaic Show Controller firmware version... |
| [CVE-2026-29772](https://nvd.nist.gov/vuln/detail/CVE-2026-29772) | 5.9 | MEDIUM | CWE-770 | No | 0.0% | 4.13 | 2026-03-24 | Astro is a web framework. Prior to version 10.0.0, Astro's Server Islands POST handler buffers and parses the full reque... |
| [CVE-2026-23924](https://nvd.nist.gov/vuln/detail/CVE-2026-23924) | 6.1 | MEDIUM | CWE-88 | No | 0.1% | 4.27 | 2026-03-24 | Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.container_info' parameters when forwarding them to t... |
| [CVE-2026-23923](https://nvd.nist.gov/vuln/detail/CVE-2026-23923) | 6.9 | MEDIUM | CWE-470 | No | 0.1% | 4.83 | 2026-03-24 | An unauthenticated attacker can exploit the Frontend 'validate' action to blindly instantiate arbitrary PHP classes. The... |
| [CVE-2026-23921](https://nvd.nist.gov/vuln/detail/CVE-2026-23921) | 8.7 | HIGH | CWE-89 | No | 0.0% | 6.09 | 2026-03-24 | A low privilege Zabbix user with API access can exploit a blind SQL injection vulnerability in include/classes/api/CApiS... |
| [CVE-2026-23920](https://nvd.nist.gov/vuln/detail/CVE-2026-23920) | 7.7 | HIGH | CWE-78 | No | 0.1% | 5.39 | 2026-03-24 | Host and event action script input is validated with a regex (set by the administrator), but the validation runs in mult... |
| [CVE-2026-23919](https://nvd.nist.gov/vuln/detail/CVE-2026-23919) | 7.1 | HIGH | CWE-488 | No | 0.0% | 4.97 | 2026-03-24 | For performance reasons Zabbix Server/Proxy reuses JavaScript (Duktape) contexts (used in script items, JavaScript repro... |
| [CVE-2026-1995](https://nvd.nist.gov/vuln/detail/CVE-2026-1995) | 7.8 | HIGH | N/A | No | 0.0% | 5.46 | 2026-03-24 | IDrive’s id_service.exe process runs with elevated privileges and regularly reads from several files under the C:\Progra... |
| [CVE-2026-33407](https://nvd.nist.gov/vuln/detail/CVE-2026-33407) | 8.3 | HIGH | CWE-918 | No | 0.1% | 5.81 | 2026-03-24 | Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, Wallos endpoints/logos/se... |
| [CVE-2026-33401](https://nvd.nist.gov/vuln/detail/CVE-2026-33401) | 7.1 | HIGH | CWE-918 | No | 0.0% | 4.97 | 2026-03-24 | Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, the patch introduced in c... |
| [CVE-2026-33400](https://nvd.nist.gov/vuln/detail/CVE-2026-33400) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-24 | Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, a stored cross-site scrip... |
| [CVE-2026-33399](https://nvd.nist.gov/vuln/detail/CVE-2026-33399) | 7.7 | HIGH | CWE-918 | No | 0.0% | 5.39 | 2026-03-24 | Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, the SSRF fix applied in v... |
| [CVE-2026-33162](https://nvd.nist.gov/vuln/detail/CVE-2026-33162) | 4.9 | MEDIUM | CWE-285 | No | 0.0% | 3.43 | 2026-03-24 | Craft CMS is a content management system (CMS). From version 5.3.0 to before version 5.9.14, an authenticated control pa... |
| [CVE-2026-33161](https://nvd.nist.gov/vuln/detail/CVE-2026-33161) | 1.3 | LOW | CWE-200 | No | 0.0% | 0.91 | 2026-03-24 | Craft CMS is a content management system (CMS). From version 4.0.0-RC1 to before version 4.17.8 and from version 5.0.0-R... |
| [CVE-2026-33160](https://nvd.nist.gov/vuln/detail/CVE-2026-33160) | 2.7 | LOW | CWE-639 | No | 0.0% | 1.89 | 2026-03-24 | Craft CMS is a content management system (CMS). From version 4.0.0-RC1 to before version 4.17.8 and from version 5.0.0-R... |
| [CVE-2026-33159](https://nvd.nist.gov/vuln/detail/CVE-2026-33159) | 6.9 | MEDIUM | CWE-306 | No | 0.1% | 4.83 | 2026-03-24 | Craft CMS is a content management system (CMS). From version 4.0.0-RC1 to before version 4.17.8 and from version 5.0.0-R... |
| [CVE-2026-33158](https://nvd.nist.gov/vuln/detail/CVE-2026-33158) | 4.9 | MEDIUM | CWE-639 | No | 0.0% | 3.43 | 2026-03-24 | Craft CMS is a content management system (CMS). From version 4.0.0-RC1 to before version 4.17.8 and from version 5.0.0-R... |
| [CVE-2026-33157](https://nvd.nist.gov/vuln/detail/CVE-2026-33157) | 8.6 | HIGH | CWE-470 | No | 0.1% | 6.02 | 2026-03-24 | Craft CMS is a content management system (CMS). From version 5.6.0 to before version 5.9.13, a Remote Code Execution (RC... |
| [CVE-2026-32854](https://nvd.nist.gov/vuln/detail/CVE-2026-32854) | 6.3 | MEDIUM | CWE-476 | No | 1.8% | 4.46 | 2026-03-24 | LibVNCServer versions 0.9.15 and prior (fixed in commit dc78dee) contain null pointer dereference vulnerabilities in the... |
| [CVE-2026-32853](https://nvd.nist.gov/vuln/detail/CVE-2026-32853) | 6.9 | MEDIUM | CWE-125 | No | 0.0% | 4.83 | 2026-03-24 | LibVNCServer versions 0.9.15 and prior (fixed in commit 009008e) contain a heap out-of-bounds read vulnerability in the... |
| [CVE-2026-26809](https://nvd.nist.gov/vuln/detail/CVE-2026-26809) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-03-24 | Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further inv... |
| [CVE-2026-33340](https://nvd.nist.gov/vuln/detail/CVE-2026-33340) | 9.1 | CRITICAL | CWE-306 | No | 16.3% | 6.86 | 2026-03-24 | LoLLMs WEBUI provides the Web user interface for Lord of Large Language and Multi modal Systems. A critical Server-Side... |
| [CVE-2026-33700](https://nvd.nist.gov/vuln/detail/CVE-2026-33700) | 6.9 | MEDIUM | CWE-639 | No | 0.0% | 4.83 | 2026-03-24 | Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.1, the `DELETE /api/v1/projects/:pr... |
| [CVE-2026-33680](https://nvd.nist.gov/vuln/detail/CVE-2026-33680) | 7.5 | HIGH | CWE-285 | No | 0.0% | 5.25 | 2026-03-24 | Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.2, the `LinkSharing.ReadAll()` meth... |
| [CVE-2026-33679](https://nvd.nist.gov/vuln/detail/CVE-2026-33679) | 6.4 | MEDIUM | CWE-918 | No | 0.0% | 4.48 | 2026-03-24 | Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.1, the `DownloadImage` function in... |
| [CVE-2026-33678](https://nvd.nist.gov/vuln/detail/CVE-2026-33678) | 8.1 | HIGH | CWE-639 | No | 0.0% | 5.67 | 2026-03-24 | Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.1, `TaskAttachment.ReadOne()` queri... |
| [CVE-2026-33677](https://nvd.nist.gov/vuln/detail/CVE-2026-33677) | 6.5 | MEDIUM | CWE-200 | No | 0.0% | 4.55 | 2026-03-24 | Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.1, the `GET /api/v1/projects/:proje... |
| [CVE-2026-33676](https://nvd.nist.gov/vuln/detail/CVE-2026-33676) | 6.5 | MEDIUM | CWE-863 | No | 0.0% | 4.55 | 2026-03-24 | Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.1, when the Vikunja API returns tas... |
| [CVE-2026-33675](https://nvd.nist.gov/vuln/detail/CVE-2026-33675) | 6.4 | MEDIUM | CWE-918 | No | 0.0% | 4.48 | 2026-03-24 | Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.1, the migration helper functions `... |
| [CVE-2026-33668](https://nvd.nist.gov/vuln/detail/CVE-2026-33668) | 7.1 | HIGH | CWE-285 | No | 0.2% | 4.98 | 2026-03-24 | Vikunja is an open-source self-hosted task management platform. Starting in version 0.18.0 and prior to version 2.2.1, w... |
| [CVE-2026-33474](https://nvd.nist.gov/vuln/detail/CVE-2026-33474) | 6.5 | MEDIUM | CWE-400 | No | 0.0% | 4.55 | 2026-03-24 | Vikunja is an open-source self-hosted task management platform. Starting in version 1.0.0-rc0 and prior to version 2.2.0... |
| [CVE-2026-33473](https://nvd.nist.gov/vuln/detail/CVE-2026-33473) | 5.7 | MEDIUM | CWE-287 | No | 0.0% | 3.99 | 2026-03-24 | Vikunja is an open-source self-hosted task management platform. Starting in version 0.13 and prior to version 2.2.1, any... |
| [CVE-2026-33335](https://nvd.nist.gov/vuln/detail/CVE-2026-33335) | 6.4 | MEDIUM | CWE-939 | No | 0.0% | 4.48 | 2026-03-24 | Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, t... |
| [CVE-2026-33334](https://nvd.nist.gov/vuln/detail/CVE-2026-33334) | 6.5 | MEDIUM | CWE-94 | No | 0.1% | 4.55 | 2026-03-24 | Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, t... |
| [CVE-2026-29840](https://nvd.nist.gov/vuln/detail/CVE-2026-29840) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-24 | JiZhiCMS v2.5.6 and before contains a Stored Cross-Site Scripting (XSS) vulnerability in the release function within app... |
| [CVE-2026-29839](https://nvd.nist.gov/vuln/detail/CVE-2026-29839) | 8.8 | HIGH | CWE-352 | No | 0.0% | 6.16 | 2026-03-24 | DedeCMS v5.7.118 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability in /sys_task_add.php. |
| [CVE-2025-71275](https://nvd.nist.gov/vuln/detail/CVE-2025-71275) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-03-24 | Rejected reason: This CVE was rejected due to being a duplicate of CVE-2024-45519. |
| [CVE-2026-4775](https://nvd.nist.gov/vuln/detail/CVE-2026-4775) | 7.8 | HIGH | CWE-190 | No | 0.1% | 5.46 | 2026-03-24 | A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the... |
| [CVE-2026-33554](https://nvd.nist.gov/vuln/detail/CVE-2026-33554) | 7.5 | HIGH | CWE-121 | No | 0.1% | 5.25 | 2026-03-24 | ipmi-oem in FreeIPMI before 1.16.17 has exploitable buffer overflows on response messages. The Intelligent Platform Mana... |
| [CVE-2026-33316](https://nvd.nist.gov/vuln/detail/CVE-2026-33316) | 8.1 | HIGH | CWE-284 | No | 0.0% | 5.67 | 2026-03-24 | Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.0, a flaw in Vikunja’s password res... |
| [CVE-2026-33315](https://nvd.nist.gov/vuln/detail/CVE-2026-33315) | 6.9 | MEDIUM | CWE-288 | No | 0.1% | 4.83 | 2026-03-24 | Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.0, the Caldav endpoint allows login... |
| [CVE-2026-33313](https://nvd.nist.gov/vuln/detail/CVE-2026-33313) | 5.3 | MEDIUM | CWE-639 | No | 0.0% | 3.71 | 2026-03-24 | Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.0, an authenticated user can read a... |
| [CVE-2026-30662](https://nvd.nist.gov/vuln/detail/CVE-2026-30662) | 6.5 | MEDIUM | CWE-400 | No | 0.0% | 4.55 | 2026-03-24 | ConcreteCMS v9.4.7 contains a Denial of Service (DoS) vulnerability in the File Manager component. The 'download' method... |
| [CVE-2026-30661](https://nvd.nist.gov/vuln/detail/CVE-2026-30661) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-03-24 | iCMS v8.0.0 contains a Cross-Site Scripting (XSS) vulnerability in the User Management component, specifically within th... |
| [CVE-2026-30655](https://nvd.nist.gov/vuln/detail/CVE-2026-30655) | 6.5 | MEDIUM | CWE-89 | No | 0.0% | 4.55 | 2026-03-24 | SQL injection in Solicitante::resetaSenha() in esiclivre/esiclivre v0.2.2 and earlier allows unauthenticated remote atta... |
| [CVE-2026-30653](https://nvd.nist.gov/vuln/detail/CVE-2026-30653) | 7.5 | HIGH | NVD-CWE-noinfo | No | 0.2% | 5.26 | 2026-03-24 | An issue in Free5GC v.4.2.0 and before allows a remote attacker to cause a denial of service via the function HandleAuth... |
| [CVE-2026-28753](https://nvd.nist.gov/vuln/detail/CVE-2026-28753) | 6.3 | MEDIUM | CWE-93 | No | 0.0% | 4.41 | 2026-03-24 | NGINX Plus and NGINX Open Source have a vulnerability in the ngx_mail_smtp_module module due to the improper handling of... |
| [CVE-2026-27654](https://nvd.nist.gov/vuln/detail/CVE-2026-27654) | 8.8 | HIGH | CWE-122 | No | 0.0% | 6.16 | 2026-03-24 | NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_dav_module module that might allow an attacker to... |
| [CVE-2026-27651](https://nvd.nist.gov/vuln/detail/CVE-2026-27651) | 8.7 | HIGH | CWE-476 | No | 0.0% | 6.09 | 2026-03-24 | When the ngx_mail_auth_http_module module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause... |
| [CVE-2026-33497](https://nvd.nist.gov/vuln/detail/CVE-2026-33497) | 8.7 | HIGH | CWE-22 | No | 0.0% | 6.09 | 2026-03-24 | Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.1, in the download_p... |
| [CVE-2026-33484](https://nvd.nist.gov/vuln/detail/CVE-2026-33484) | 7.5 | HIGH | CWE-284 | No | 0.0% | 5.25 | 2026-03-24 | Langflow is a tool for building and deploying AI-powered agents and workflows. In versions 1.0.0 through 1.8.1, the `/ap... |
| [CVE-2026-33418](https://nvd.nist.gov/vuln/detail/CVE-2026-33418) | 7.5 | HIGH | CWE-185 | No | 0.1% | 5.25 | 2026-03-24 | DiceBear is an avatar library for designers and developers. Prior to version 9.4.2, the `ensureSize()` function in `@dic... |
| [CVE-2026-33311](https://nvd.nist.gov/vuln/detail/CVE-2026-33311) | 4.7 | MEDIUM | CWE-79 | No | 0.0% | 3.29 | 2026-03-24 | DiceBear is an avatar library for designers and developers. Starting in version 5.0.0 and prior to versions 5.4.4, 6.1.4... |
| [CVE-2026-33310](https://nvd.nist.gov/vuln/detail/CVE-2026-33310) | 8.8 | HIGH | CWE-78 | No | 0.1% | 6.16 | 2026-03-24 | Intake is a package for finding, investigating, loading and disseminating data. Prior to version 2.0.9, the shell() synt... |
| [CVE-2026-4729](https://nvd.nist.gov/vuln/detail/CVE-2026-4729) | 9.8 | CRITICAL | CWE-120 | No | 0.0% | 6.86 | 2026-03-24 | Memory safety bugs present in Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption a... |
| [CVE-2026-4728](https://nvd.nist.gov/vuln/detail/CVE-2026-4728) | 6.5 | MEDIUM | CWE-290 | No | 0.0% | 4.55 | 2026-03-24 | Spoofing issue in the Privacy: Anti-Tracking component. This vulnerability was fixed in Firefox 149 and Thunderbird 149. |
| [CVE-2026-4727](https://nvd.nist.gov/vuln/detail/CVE-2026-4727) | 7.5 | HIGH | CWE-400 | No | 0.0% | 5.25 | 2026-03-24 | Denial-of-service in the Libraries component in NSS. This vulnerability was fixed in Firefox 149 and Thunderbird 149. |
| [CVE-2026-4726](https://nvd.nist.gov/vuln/detail/CVE-2026-4726) | 7.5 | HIGH | CWE-400 | No | 0.0% | 5.25 | 2026-03-24 | Denial-of-service in the XML component. This vulnerability was fixed in Firefox 149 and Thunderbird 149. |
| [CVE-2026-4725](https://nvd.nist.gov/vuln/detail/CVE-2026-4725) | 10.0 | CRITICAL | CWE-416 | No | 0.0% | 7.00 | 2026-03-24 | Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149 an... |
| [CVE-2026-4724](https://nvd.nist.gov/vuln/detail/CVE-2026-4724) | 9.1 | CRITICAL | CWE-758 | No | 0.0% | 6.37 | 2026-03-24 | Undefined behavior in the Audio/Video component. This vulnerability was fixed in Firefox 149 and Thunderbird 149. |
| [CVE-2026-4723](https://nvd.nist.gov/vuln/detail/CVE-2026-4723) | 9.8 | CRITICAL | CWE-416 | No | 0.0% | 6.86 | 2026-03-24 | Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 149 and Thunderbird 149. |
| [CVE-2026-4722](https://nvd.nist.gov/vuln/detail/CVE-2026-4722) | 8.8 | HIGH | NVD-CWE-noinfo | No | 0.0% | 6.16 | 2026-03-24 | Privilege escalation in the IPC component. This vulnerability was fixed in Firefox 149 and Thunderbird 149. |
| [CVE-2026-4721](https://nvd.nist.gov/vuln/detail/CVE-2026-4721) | 9.8 | CRITICAL | CWE-120 | No | 0.0% | 6.86 | 2026-03-24 | Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird... |
| [CVE-2026-4720](https://nvd.nist.gov/vuln/detail/CVE-2026-4720) | 9.8 | CRITICAL | CWE-120 | No | 0.0% | 6.86 | 2026-03-24 | Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these b... |
| [CVE-2026-4719](https://nvd.nist.gov/vuln/detail/CVE-2026-4719) | 7.5 | HIGH | CWE-754 | No | 0.0% | 5.25 | 2026-03-24 | Incorrect boundary conditions in the Graphics: Text component. This vulnerability was fixed in Firefox 149, Firefox ESR... |
| [CVE-2026-4718](https://nvd.nist.gov/vuln/detail/CVE-2026-4718) | 8.1 | HIGH | CWE-758 | No | 0.0% | 5.67 | 2026-03-24 | Undefined behavior in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, T... |
| [CVE-2026-4717](https://nvd.nist.gov/vuln/detail/CVE-2026-4717) | 9.8 | CRITICAL | NVD-CWE-noinfo | No | 0.0% | 6.86 | 2026-03-24 | Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunde... |
| [CVE-2026-4716](https://nvd.nist.gov/vuln/detail/CVE-2026-4716) | 9.1 | CRITICAL | CWE-908 | No | 0.0% | 6.37 | 2026-03-24 | Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component. This vulnerability was fixed in... |
| [CVE-2026-4715](https://nvd.nist.gov/vuln/detail/CVE-2026-4715) | 9.1 | CRITICAL | CWE-908 | No | 0.0% | 6.37 | 2026-03-24 | Uninitialized memory in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9... |
| [CVE-2026-4714](https://nvd.nist.gov/vuln/detail/CVE-2026-4714) | 7.5 | HIGH | CWE-754 | No | 0.0% | 5.25 | 2026-03-24 | Incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 149, Firefox ESR 140... |
| [CVE-2026-4713](https://nvd.nist.gov/vuln/detail/CVE-2026-4713) | 7.5 | HIGH | CWE-754 | No | 0.0% | 5.25 | 2026-03-24 | Incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9,... |
| [CVE-2026-4712](https://nvd.nist.gov/vuln/detail/CVE-2026-4712) | 7.5 | HIGH | NVD-CWE-noinfo | No | 0.0% | 5.25 | 2026-03-24 | Information disclosure in the Widget: Cocoa component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, T... |
| [CVE-2026-4711](https://nvd.nist.gov/vuln/detail/CVE-2026-4711) | 9.8 | CRITICAL | CWE-416 | No | 0.0% | 6.86 | 2026-03-24 | Use-after-free in the Widget: Cocoa component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbi... |
| [CVE-2026-4710](https://nvd.nist.gov/vuln/detail/CVE-2026-4710) | 9.8 | CRITICAL | NVD-CWE-noinfo | No | 0.0% | 6.86 | 2026-03-24 | Incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 149, Firefox ESR 140... |
| [CVE-2026-4709](https://nvd.nist.gov/vuln/detail/CVE-2026-4709) | 7.5 | HIGH | CWE-754 | No | 0.0% | 5.25 | 2026-03-24 | Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability was fixed in Firefox 149, Firefox ES... |
| [CVE-2026-4708](https://nvd.nist.gov/vuln/detail/CVE-2026-4708) | 7.5 | HIGH | CWE-754 | No | 0.0% | 5.25 | 2026-03-24 | Incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9,... |
| [CVE-2026-4707](https://nvd.nist.gov/vuln/detail/CVE-2026-4707) | 7.5 | HIGH | CWE-754 | No | 0.0% | 5.25 | 2026-03-24 | Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox... |
| [CVE-2026-4706](https://nvd.nist.gov/vuln/detail/CVE-2026-4706) | 7.5 | HIGH | CWE-754 | No | 0.0% | 5.25 | 2026-03-24 | Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox... |
| [CVE-2026-4705](https://nvd.nist.gov/vuln/detail/CVE-2026-4705) | 9.8 | CRITICAL | NVD-CWE-noinfo | No | 0.0% | 6.86 | 2026-03-24 | Undefined behavior in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, T... |
| [CVE-2026-4704](https://nvd.nist.gov/vuln/detail/CVE-2026-4704) | 7.5 | HIGH | NVD-CWE-noinfo | No | 0.0% | 5.25 | 2026-03-24 | Denial-of-service in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Th... |
| [CVE-2026-4702](https://nvd.nist.gov/vuln/detail/CVE-2026-4702) | 9.8 | CRITICAL | CWE-843 | No | 0.0% | 6.86 | 2026-03-24 | JIT miscompilation in the JavaScript Engine component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, T... |
| [CVE-2026-4701](https://nvd.nist.gov/vuln/detail/CVE-2026-4701) | 9.8 | CRITICAL | CWE-416 | No | 0.0% | 6.86 | 2026-03-24 | Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thund... |
| [CVE-2026-4700](https://nvd.nist.gov/vuln/detail/CVE-2026-4700) | 9.8 | CRITICAL | NVD-CWE-noinfo | No | 0.0% | 6.86 | 2026-03-24 | Mitigation bypass in the Networking: HTTP component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thu... |
| [CVE-2026-4699](https://nvd.nist.gov/vuln/detail/CVE-2026-4699) | 7.5 | HIGH | CWE-754 | No | 0.0% | 5.25 | 2026-03-24 | Incorrect boundary conditions in the Layout: Text and Fonts component. This vulnerability was fixed in Firefox 149, Fire... |
| [CVE-2026-4698](https://nvd.nist.gov/vuln/detail/CVE-2026-4698) | 9.8 | CRITICAL | CWE-843 | No | 0.0% | 6.86 | 2026-03-24 | JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 149, Firefox ESR 115... |
| [CVE-2026-4697](https://nvd.nist.gov/vuln/detail/CVE-2026-4697) | 7.5 | HIGH | CWE-754 | No | 0.0% | 5.25 | 2026-03-24 | Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 149, Fir... |
| [CVE-2026-4696](https://nvd.nist.gov/vuln/detail/CVE-2026-4696) | 9.8 | CRITICAL | CWE-416 | No | 0.0% | 6.86 | 2026-03-24 | Use-after-free in the Layout: Text and Fonts component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34,... |
| [CVE-2026-4695](https://nvd.nist.gov/vuln/detail/CVE-2026-4695) | 7.5 | HIGH | CWE-754 | No | 0.0% | 5.25 | 2026-03-24 | Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 149, Fir... |
| [CVE-2026-4694](https://nvd.nist.gov/vuln/detail/CVE-2026-4694) | 7.5 | HIGH | CWE-190 | No | 0.0% | 5.25 | 2026-03-24 | Incorrect boundary conditions, integer overflow in the Graphics component. This vulnerability was fixed in Firefox 149,... |
| [CVE-2026-4693](https://nvd.nist.gov/vuln/detail/CVE-2026-4693) | 7.5 | HIGH | CWE-754 | No | 0.0% | 5.25 | 2026-03-24 | Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 149, Firef... |
| [CVE-2026-4692](https://nvd.nist.gov/vuln/detail/CVE-2026-4692) | 10.0 | CRITICAL | NVD-CWE-noinfo | No | 0.0% | 7.00 | 2026-03-24 | Sandbox escape in the Responsive Design Mode component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34,... |
| [CVE-2026-4691](https://nvd.nist.gov/vuln/detail/CVE-2026-4691) | 9.8 | CRITICAL | CWE-416 | No | 0.0% | 6.86 | 2026-03-24 | Use-after-free in the CSS Parsing and Computation component. This vulnerability was fixed in Firefox 149, Firefox ESR 11... |
| [CVE-2026-4690](https://nvd.nist.gov/vuln/detail/CVE-2026-4690) | 8.6 | HIGH | CWE-190 | No | 0.0% | 6.02 | 2026-03-24 | Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability was fix... |
| [CVE-2026-4689](https://nvd.nist.gov/vuln/detail/CVE-2026-4689) | 10.0 | CRITICAL | CWE-190 | No | 0.0% | 7.00 | 2026-03-24 | Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability was fix... |
| [CVE-2026-4688](https://nvd.nist.gov/vuln/detail/CVE-2026-4688) | 10.0 | CRITICAL | CWE-416 | No | 0.0% | 7.00 | 2026-03-24 | Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 14... |
| [CVE-2026-4687](https://nvd.nist.gov/vuln/detail/CVE-2026-4687) | 8.6 | HIGH | CWE-754 | No | 0.0% | 6.02 | 2026-03-24 | Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability was fixed in Firefox... |
| [CVE-2026-4686](https://nvd.nist.gov/vuln/detail/CVE-2026-4686) | 7.5 | HIGH | CWE-754 | No | 0.0% | 5.25 | 2026-03-24 | Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox... |
| [CVE-2026-4685](https://nvd.nist.gov/vuln/detail/CVE-2026-4685) | 7.5 | HIGH | CWE-754 | No | 0.0% | 5.25 | 2026-03-24 | Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox... |
| [CVE-2026-4684](https://nvd.nist.gov/vuln/detail/CVE-2026-4684) | 7.5 | HIGH | CWE-362 | No | 0.0% | 5.25 | 2026-03-24 | Race condition, use-after-free in the Graphics: WebRender component. This vulnerability was fixed in Firefox 149, Firefo... |
| [CVE-2026-33309](https://nvd.nist.gov/vuln/detail/CVE-2026-33309) | 9.9 | CRITICAL | CWE-22 | No | 0.1% | 6.93 | 2026-03-24 | Langflow is a tool for building and deploying AI-powered agents and workflows. Versions 1.2.0 through 1.8.1 have a bypas... |
| [CVE-2025-64998](https://nvd.nist.gov/vuln/detail/CVE-2025-64998) | 7.3 | HIGH | CWE-522 | No | 0.0% | 5.11 | 2026-03-24 | Exposure of session signing secret in Checkmk <2.4.0p23, <2.3.0p45 and 2.2.0 allows an administrator of a remote site wi... |
| [CVE-2019-25647](https://nvd.nist.gov/vuln/detail/CVE-2019-25647) | 8.7 | HIGH | CWE-434 | No | 0.3% | 6.10 | 2026-03-24 | PhreeBooks ERP 5.2.3 contains a remote code execution vulnerability in the image manager that allows authenticated attac... |
| [CVE-2019-25646](https://nvd.nist.gov/vuln/detail/CVE-2019-25646) | 9.3 | CRITICAL | CWE-787 | No | 0.5% | 6.52 | 2026-03-24 | Tabs Mail Carrier 2.5.1 contains a buffer overflow vulnerability in the MAIL FROM SMTP command that allows remote attack... |
| [CVE-2019-25645](https://nvd.nist.gov/vuln/detail/CVE-2019-25645) | 6.9 | MEDIUM | CWE-226 | No | 0.0% | 4.83 | 2026-03-24 | WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 contains a denial of service vulnerability that allows local attackers to crash... |
| [CVE-2019-25644](https://nvd.nist.gov/vuln/detail/CVE-2019-25644) | 6.9 | MEDIUM | CWE-787 | No | 0.0% | 4.83 | 2026-03-24 | WinMPG Video Convert 9.3.5 and older versions contain a buffer overflow vulnerability in the registration dialog that al... |
| [CVE-2019-25643](https://nvd.nist.gov/vuln/detail/CVE-2019-25643) | 8.8 | HIGH | CWE-89 | No | 0.1% | 6.16 | 2026-03-24 | eNdonesia Portal v8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute ar... |
| [CVE-2019-25642](https://nvd.nist.gov/vuln/detail/CVE-2019-25642) | 8.8 | HIGH | CWE-89 | No | 0.1% | 6.16 | 2026-03-24 | Bootstrapy CMS contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary... |
| [CVE-2019-25641](https://nvd.nist.gov/vuln/detail/CVE-2019-25641) | 8.8 | HIGH | CWE-89 | No | 0.1% | 6.16 | 2026-03-24 | Netartmedia Vlog System contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate data... |
| [CVE-2019-25640](https://nvd.nist.gov/vuln/detail/CVE-2019-25640) | 8.8 | HIGH | CWE-89 | No | 0.1% | 6.16 | 2026-03-24 | Inout Article Base CMS contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate databas... |
| [CVE-2019-25639](https://nvd.nist.gov/vuln/detail/CVE-2019-25639) | 8.8 | HIGH | CWE-89 | No | 0.1% | 6.16 | 2026-03-24 | Matrimony Website Script M-Plus contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to... |
| [CVE-2019-25638](https://nvd.nist.gov/vuln/detail/CVE-2019-25638) | 7.1 | HIGH | CWE-89 | No | 0.1% | 4.97 | 2026-03-24 | Meeplace Business Review Script contains an SQL injection vulnerability that allows unauthenticated attackers to execute... |
| [CVE-2019-25637](https://nvd.nist.gov/vuln/detail/CVE-2019-25637) | 8.6 | HIGH | CWE-787 | No | 0.0% | 6.02 | 2026-03-24 | X-NetStat Pro 5.63 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code... |
| [CVE-2019-25636](https://nvd.nist.gov/vuln/detail/CVE-2019-25636) | 8.8 | HIGH | CWE-89 | No | 0.1% | 6.16 | 2026-03-24 | Zeeways Jobsite CMS contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database... |
| [CVE-2019-25635](https://nvd.nist.gov/vuln/detail/CVE-2019-25635) | 8.8 | HIGH | CWE-89 | No | 0.1% | 6.16 | 2026-03-24 | Zeeways Matrimony CMS contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate... |
| [CVE-2019-25634](https://nvd.nist.gov/vuln/detail/CVE-2019-25634) | 8.6 | HIGH | CWE-787 | No | 0.0% | 6.02 | 2026-03-24 | Base64 Decoder 1.1.2 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitra... |
| [CVE-2019-25633](https://nvd.nist.gov/vuln/detail/CVE-2019-25633) | 8.6 | HIGH | CWE-787 | No | 0.0% | 6.02 | 2026-03-24 | AIDA64 Extreme 5.99.4900 contains a structured exception handling buffer overflow vulnerability that allows local attack... |
| [CVE-2019-25632](https://nvd.nist.gov/vuln/detail/CVE-2019-25632) | 6.9 | MEDIUM | CWE-306 | No | 0.0% | 4.83 | 2026-03-24 | phpFileManager 1.7.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitra... |
| [CVE-2019-25631](https://nvd.nist.gov/vuln/detail/CVE-2019-25631) | 8.6 | HIGH | CWE-787 | No | 0.0% | 6.02 | 2026-03-24 | AIDA64 Business 5.99.4900 contains a structured exception handling buffer overflow vulnerability that allows local attac... |
| [CVE-2019-25630](https://nvd.nist.gov/vuln/detail/CVE-2019-25630) | 8.7 | HIGH | CWE-434 | No | 0.7% | 6.11 | 2026-03-24 | PhreeBooks ERP 5.2.3 contains an arbitrary file upload vulnerability in the Image Manager component that allows authenti... |
| [CVE-2019-25629](https://nvd.nist.gov/vuln/detail/CVE-2019-25629) | 8.6 | HIGH | CWE-787 | No | 0.0% | 6.02 | 2026-03-24 | AIDA64 Extreme 5.99.4900 contains a structured exception handler buffer overflow vulnerability in the logging functional... |
| [CVE-2019-25628](https://nvd.nist.gov/vuln/detail/CVE-2019-25628) | 9.3 | CRITICAL | CWE-787 | No | 0.2% | 6.52 | 2026-03-24 | Download Accelerator Plus DAP 10.0.6.0 contains a structured exception handler buffer overflow vulnerability that allows... |
| [CVE-2019-25627](https://nvd.nist.gov/vuln/detail/CVE-2019-25627) | 8.6 | HIGH | CWE-434 | No | 0.0% | 6.02 | 2026-03-24 | FlexHEX 2.71 contains a local buffer overflow vulnerability in the Stream Name field that allows local attackers to exec... |
| [CVE-2019-25626](https://nvd.nist.gov/vuln/detail/CVE-2019-25626) | 8.6 | HIGH | CWE-434 | No | 0.0% | 6.02 | 2026-03-24 | River Past Cam Do 3.7.6 contains a local buffer overflow vulnerability in the activation code input field that allows lo... |
| [CVE-2026-3509](https://nvd.nist.gov/vuln/detail/CVE-2026-3509) | 7.5 | HIGH | CWE-134 | No | 0.1% | 5.25 | 2026-03-24 | An unauthenticated remote attacker may be able to control the format string of messages processed by the Audit Log of th... |
| [CVE-2025-41660](https://nvd.nist.gov/vuln/detail/CVE-2025-41660) | 8.8 | HIGH | CWE-669 | No | 0.2% | 6.17 | 2026-03-24 | A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enab... |
| [CVE-2026-4756](https://nvd.nist.gov/vuln/detail/CVE-2026-4756) | 7.8 | HIGH | CWE-787 | No | 0.0% | 5.46 | 2026-03-24 | Out-of-bounds Write vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before... |
| [CVE-2026-4755](https://nvd.nist.gov/vuln/detail/CVE-2026-4755) | 9.8 | CRITICAL | CWE-20 | No | 0.1% | 6.86 | 2026-03-24 | CWE-20 vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11. |
| [CVE-2026-4754](https://nvd.nist.gov/vuln/detail/CVE-2026-4754) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-03-24 | CWE-79 vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11. |
| [CVE-2026-33852](https://nvd.nist.gov/vuln/detail/CVE-2026-33852) | 7.5 | HIGH | CWE-401 | No | 0.0% | 5.25 | 2026-03-24 | Missing Release of Memory after Effective Lifetime vulnerability in MolotovCherry Android-ImageMagick7.This issue affect... |
| [CVE-2026-4753](https://nvd.nist.gov/vuln/detail/CVE-2026-4753) | 9.1 | CRITICAL | CWE-125 | No | 0.1% | 6.37 | 2026-03-24 | Out-of-bounds Read vulnerability in slajerek RetroDebugger.This issue affects RetroDebugger: before v0.64.72. |
| [CVE-2026-4752](https://nvd.nist.gov/vuln/detail/CVE-2026-4752) | 6.4 | MEDIUM | CWE-416 | No | 0.0% | 4.48 | 2026-03-24 | Use After Free vulnerability in No-Chicken Echo-Mate.This issue affects Echo-Mate: before V250329. |
| [CVE-2026-4751](https://nvd.nist.gov/vuln/detail/CVE-2026-4751) | 5.3 | MEDIUM | CWE-476 | No | 0.1% | 3.71 | 2026-03-24 | NULL Pointer Dereference vulnerability in tmate-io tmate.This issue affects tmate: before 2.4.0. |
| [CVE-2026-4750](https://nvd.nist.gov/vuln/detail/CVE-2026-4750) | 9.1 | CRITICAL | CWE-125 | No | 0.1% | 6.37 | 2026-03-24 | Out-of-bounds Read vulnerability in fabiangreffrath woof.This issue affects woof: before woof_15.3.0. |
| [CVE-2026-4749](https://nvd.nist.gov/vuln/detail/CVE-2026-4749) | 6.5 | MEDIUM | N/A | No | 0.0% | 4.55 | 2026-03-24 | NVD-CWE-noinfo vulnerability in albfan miraclecast.This issue affects miraclecast: before v1.0. |
| [CVE-2026-33856](https://nvd.nist.gov/vuln/detail/CVE-2026-33856) | 7.5 | HIGH | CWE-401 | No | 0.0% | 5.25 | 2026-03-24 | Missing Release of Memory after Effective Lifetime vulnerability in MolotovCherry Android-ImageMagick7.This issue affect... |
| [CVE-2026-33855](https://nvd.nist.gov/vuln/detail/CVE-2026-33855) | 5.5 | MEDIUM | CWE-190 | No | 0.0% | 3.85 | 2026-03-24 | Integer Overflow or Wraparound vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagic... |
| [CVE-2026-33854](https://nvd.nist.gov/vuln/detail/CVE-2026-33854) | 8.8 | HIGH | CWE-787 | No | 0.1% | 6.16 | 2026-03-24 | Out-of-bounds Write vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before... |
| [CVE-2026-33853](https://nvd.nist.gov/vuln/detail/CVE-2026-33853) | 5.5 | MEDIUM | CWE-476 | No | 0.0% | 3.85 | 2026-03-24 | NULL Pointer Dereference vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: be... |
| [CVE-2026-33851](https://nvd.nist.gov/vuln/detail/CVE-2026-33851) | 7.8 | HIGH | CWE-119 | No | 0.0% | 5.46 | 2026-03-24 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in joncampbell123 doslib.This issu... |
| [CVE-2026-33850](https://nvd.nist.gov/vuln/detail/CVE-2026-33850) | 7.8 | HIGH | CWE-787 | No | 0.0% | 5.46 | 2026-03-24 | Out-of-bounds Write vulnerability in WujekFoliarz DualSenseY-v2.This issue affects DualSenseY-v2: before 54. |
| [CVE-2026-33849](https://nvd.nist.gov/vuln/detail/CVE-2026-33849) | 8.8 | HIGH | CWE-119 | No | 0.0% | 6.16 | 2026-03-24 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in linkingvision rapidvms.This iss... |
| [CVE-2026-33848](https://nvd.nist.gov/vuln/detail/CVE-2026-33848) | 8.8 | HIGH | CWE-119 | No | 0.0% | 6.16 | 2026-03-24 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in linkingvision rapidvms.This iss... |
| [CVE-2026-33847](https://nvd.nist.gov/vuln/detail/CVE-2026-33847) | 7.8 | HIGH | CWE-119 | No | 0.0% | 5.46 | 2026-03-24 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in linkingvision rapidvms.This iss... |
| [CVE-2026-4662](https://nvd.nist.gov/vuln/detail/CVE-2026-4662) | 7.5 | HIGH | CWE-89 | No | 0.1% | 5.25 | 2026-03-24 | The JetEngine plugin for WordPress is vulnerable to SQL Injection via the `listing_load_more` AJAX action in all version... |
| [CVE-2026-4640](https://nvd.nist.gov/vuln/detail/CVE-2026-4640) | 8.7 | HIGH | CWE-306 | No | 0.1% | 6.09 | 2026-03-24 | Vitals ESP developed by Galaxy Software Services has a Missing Authentication vulnerability, allowing unauthenticated re... |
| [CVE-2026-4639](https://nvd.nist.gov/vuln/detail/CVE-2026-4639) | 8.7 | HIGH | CWE-863 | No | 0.1% | 6.09 | 2026-03-24 | Vitals ESP developed by Galaxy Software Services has a Incorrect Authorization vulnerability, allowing authenticated rem... |
| [CVE-2026-4632](https://nvd.nist.gov/vuln/detail/CVE-2026-4632) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-24 | A weakness has been identified in itsourcecode Online Enrollment System 1.0. This vulnerability affects unknown code of... |
| [CVE-2026-4627](https://nvd.nist.gov/vuln/detail/CVE-2026-4627) | 8.6 | HIGH | CWE-77 | No | 0.3% | 6.03 | 2026-03-24 | A vulnerability was found in D-Link DIR-825 and DIR-825R 1.0.5/4.5.1. Affected is the function handler_update_system_tim... |
| [CVE-2026-4283](https://nvd.nist.gov/vuln/detail/CVE-2026-4283) | 9.1 | CRITICAL | CWE-862 | No | 0.1% | 6.37 | 2026-03-24 | The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to unauthorized account destruction in all versions up to,... |
| [CVE-2026-3260](https://nvd.nist.gov/vuln/detail/CVE-2026-3260) | 5.9 | MEDIUM | CWE-770 | No | 0.6% | 4.15 | 2026-03-24 | A flaw was found in Undertow. A remote attacker could exploit this vulnerability by sending an HTTP GET request containi... |
| [CVE-2026-3138](https://nvd.nist.gov/vuln/detail/CVE-2026-3138) | 6.5 | MEDIUM | CWE-862 | No | 0.1% | 4.55 | 2026-03-24 | The Product Filter for WooCommerce by WBW plugin for WordPress is vulnerable to unauthorized data loss due to a missing... |
| [CVE-2026-4739](https://nvd.nist.gov/vuln/detail/CVE-2026-4739) | 9.4 | CRITICAL | CWE-190 | No | 0.1% | 6.58 | 2026-03-24 | Integer Overflow or Wraparound vulnerability in InsightSoftwareConsortium ITK (‎Modules/ThirdParty/Expat/src/expat modul... |
| [CVE-2026-4733](https://nvd.nist.gov/vuln/detail/CVE-2026-4733) | 5.3 | MEDIUM | CWE-200 | No | 0.1% | 3.71 | 2026-03-24 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ixray-team ixray-1.6-stcop.This issue affect... |
| [CVE-2026-4626](https://nvd.nist.gov/vuln/detail/CVE-2026-4626) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-03-24 | A vulnerability has been found in projectworlds Lawyer Management System 1.0. This impacts an unknown function of the fi... |
| [CVE-2026-4625](https://nvd.nist.gov/vuln/detail/CVE-2026-4625) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-24 | A flaw has been found in SourceCodester Online Admission System 1.0. This affects an unknown function of the file /progr... |
| [CVE-2026-4624](https://nvd.nist.gov/vuln/detail/CVE-2026-4624) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-24 | A vulnerability was detected in SourceCodester Online Library Management System 1.0. The impacted element is an unknown... |
| [CVE-2026-4623](https://nvd.nist.gov/vuln/detail/CVE-2026-4623) | 6.9 | MEDIUM | CWE-918 | No | 0.1% | 4.83 | 2026-03-24 | A security vulnerability has been detected in DefaultFuction Jeson-Customer-Relationship-Management-System up to 1b4679c... |
| [CVE-2026-33308](https://nvd.nist.gov/vuln/detail/CVE-2026-33308) | 6.8 | MEDIUM | CWE-295 | No | 0.0% | 4.76 | 2026-03-24 | Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS. Prior to version 0.13.0, code for client certificate verifi... |
| [CVE-2026-3079](https://nvd.nist.gov/vuln/detail/CVE-2026-3079) | 6.5 | MEDIUM | CWE-89 | No | 0.0% | 4.55 | 2026-03-24 | The LearnDash LMS plugin for WordPress is vulnerable to blind time-based SQL Injection via the 'filters[orderby_order]'... |
| [CVE-2026-33307](https://nvd.nist.gov/vuln/detail/CVE-2026-33307) | 7.5 | HIGH | CWE-121 | No | 0.0% | 5.25 | 2026-03-24 | Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS. In versions prior to 0.12.3 and 0.13.0, code for client cer... |
| [CVE-2026-4680](https://nvd.nist.gov/vuln/detail/CVE-2026-4680) | 8.8 | HIGH | CWE-416 | No | 0.1% | 6.16 | 2026-03-24 | Use after free in FedCM in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to execute arbitrary code ins... |
| [CVE-2026-4679](https://nvd.nist.gov/vuln/detail/CVE-2026-4679) | 8.8 | HIGH | CWE-472 | No | 0.1% | 6.16 | 2026-03-24 | Integer overflow in Fonts in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds... |
| [CVE-2026-4678](https://nvd.nist.gov/vuln/detail/CVE-2026-4678) | 8.8 | HIGH | CWE-416 | No | 0.1% | 6.16 | 2026-03-24 | Use after free in WebGPU in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to execute arbitrary code in... |
| [CVE-2026-4677](https://nvd.nist.gov/vuln/detail/CVE-2026-4677) | 8.8 | HIGH | CWE-125 | No | 0.1% | 6.16 | 2026-03-24 | Inappropriate implementation in WebAudio in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform a... |
| [CVE-2026-4676](https://nvd.nist.gov/vuln/detail/CVE-2026-4676) | 8.8 | HIGH | CWE-416 | No | 0.1% | 6.16 | 2026-03-24 | Use after free in Dawn in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to potentially perform a sandb... |
| [CVE-2026-4675](https://nvd.nist.gov/vuln/detail/CVE-2026-4675) | 8.8 | HIGH | CWE-122 | No | 0.1% | 6.16 | 2026-03-24 | Heap buffer overflow in WebGL in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bo... |
| [CVE-2026-4674](https://nvd.nist.gov/vuln/detail/CVE-2026-4674) | 8.8 | HIGH | CWE-125 | No | 0.1% | 6.16 | 2026-03-24 | Out of bounds read in CSS in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform out of bounds me... |
| [CVE-2026-4673](https://nvd.nist.gov/vuln/detail/CVE-2026-4673) | 8.8 | HIGH | CWE-122 | No | 0.1% | 6.16 | 2026-03-24 | Heap buffer overflow in WebAudio in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of... |
| [CVE-2026-4617](https://nvd.nist.gov/vuln/detail/CVE-2026-4617) | 6.9 | MEDIUM | CWE-266 | No | 0.1% | 4.83 | 2026-03-24 | A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0. The impacted element... |
| [CVE-2026-4616](https://nvd.nist.gov/vuln/detail/CVE-2026-4616) | 4.8 | MEDIUM | CWE-79 | No | 0.0% | 3.36 | 2026-03-24 | A security flaw has been discovered in bolo-blog up to 2.6.4. The affected element is an unknown function of the file /c... |
| [CVE-2026-33320](https://nvd.nist.gov/vuln/detail/CVE-2026-33320) | 6.2 | MEDIUM | CWE-674 | No | 0.0% | 4.34 | 2026-03-24 | Dasel is a command-line tool and library for querying, modifying, and transforming data structures. Starting in version... |
| [CVE-2026-33306](https://nvd.nist.gov/vuln/detail/CVE-2026-33306) | 4.5 | MEDIUM | CWE-190 | No | 0.0% | 3.15 | 2026-03-24 | bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt() password hashing algorithm. Prior to version 3.1.22, an integer o... |
| [CVE-2026-33298](https://nvd.nist.gov/vuln/detail/CVE-2026-33298) | 7.8 | HIGH | CWE-122 | No | 0.0% | 5.46 | 2026-03-24 | llama.cpp is an inference of several LLM models in C/C++. Prior to b7824, an integer overflow vulnerability in the `ggml... |
| [CVE-2026-22739](https://nvd.nist.gov/vuln/detail/CVE-2026-22739) | 8.6 | HIGH | CWE-22 | No | 13.2% | 6.42 | 2026-03-24 | Vulnerability in Spring Cloud when substituting the profile parameter from a request made to the Spring Cloud Config Ser... |
| [CVE-2026-4615](https://nvd.nist.gov/vuln/detail/CVE-2026-4615) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-24 | A vulnerability was identified in SourceCodester Online Catering Reservation 1.0. Impacted is an unknown function of the... |
| [CVE-2026-4614](https://nvd.nist.gov/vuln/detail/CVE-2026-4614) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-03-24 | A vulnerability was determined in itsourcecode sanitize or validate this input 1.0. This issue affects some unknown proc... |
| [CVE-2026-4613](https://nvd.nist.gov/vuln/detail/CVE-2026-4613) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-24 | A vulnerability was found in SourceCodester E-Commerce Site 1.0. This vulnerability affects unknown code of the file /pr... |
| [CVE-2026-4056](https://nvd.nist.gov/vuln/detail/CVE-2026-4056) | 5.4 | MEDIUM | CWE-862 | No | 0.0% | 3.78 | 2026-03-24 | The User Registration & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a miss... |
| [CVE-2026-4021](https://nvd.nist.gov/vuln/detail/CVE-2026-4021) | 8.1 | HIGH | CWE-287 | No | 0.1% | 5.67 | 2026-03-24 | The Contest Gallery plugin for WordPress is vulnerable to an authentication bypass leading to admin account takeover in... |
| [CVE-2026-4001](https://nvd.nist.gov/vuln/detail/CVE-2026-4001) | 9.8 | CRITICAL | CWE-95 | No | 0.2% | 6.87 | 2026-03-24 | The Woocommerce Custom Product Addons Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up... |
| [CVE-2026-3533](https://nvd.nist.gov/vuln/detail/CVE-2026-3533) | 8.8 | HIGH | CWE-434 | No | 0.2% | 6.17 | 2026-03-24 | The Jupiter X Core plugin for WordPress is vulnerable to limited file uploads due to missing authorization on import_pop... |
| [CVE-2026-33286](https://nvd.nist.gov/vuln/detail/CVE-2026-33286) | 9.1 | CRITICAL | CWE-913 | No | 0.1% | 6.37 | 2026-03-24 | Graphiti is a framework that sits on top of models and exposes them via a JSON:API-compliant interface. Versions prior t... |
| [CVE-2026-33283](https://nvd.nist.gov/vuln/detail/CVE-2026-33283) | 6.5 | MEDIUM | CWE-476 | No | 0.0% | 4.55 | 2026-03-24 | Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing malformed UL NAS Tra... |
| [CVE-2026-33282](https://nvd.nist.gov/vuln/detail/CVE-2026-33282) | 7.5 | HIGH | CWE-476 | No | 0.0% | 5.25 | 2026-03-24 | Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing a malformed NGAP Loc... |
| [CVE-2026-33281](https://nvd.nist.gov/vuln/detail/CVE-2026-33281) | 6.5 | MEDIUM | CWE-129 | No | 0.0% | 4.55 | 2026-03-24 | Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing NGAP messages with i... |
| [CVE-2026-33252](https://nvd.nist.gov/vuln/detail/CVE-2026-33252) | 7.1 | HIGH | CWE-352 | No | 0.0% | 4.97 | 2026-03-24 | The Go MCP SDK used Go's standard encoding/json. Prior to version 1.4.1, the Go SDK's Streamable HTTP transport accepted... |
| [CVE-2026-33250](https://nvd.nist.gov/vuln/detail/CVE-2026-33250) | 7.5 | HIGH | CWE-20 | No | 0.2% | 5.26 | 2026-03-24 | Freeciv21 is a free open source, turn-based, empire-building strategy game. Versions prior to 3.1.1 crash with a stack o... |
| [CVE-2026-33242](https://nvd.nist.gov/vuln/detail/CVE-2026-33242) | 7.5 | HIGH | CWE-22 | No | 0.0% | 5.25 | 2026-03-24 | Salvo is a Rust web framework. Versions 0.39.0 through 0.89.2 have a Path Traversal and Access Control Bypass vulnerabil... |
| [CVE-2026-33241](https://nvd.nist.gov/vuln/detail/CVE-2026-33241) | 8.7 | HIGH | CWE-770 | No | 0.0% | 6.09 | 2026-03-24 | Salvo is a Rust web framework. Prior to version 0.89.3, Salvo's form data parsing implementations (`form_data()` method... |
| [CVE-2026-33211](https://nvd.nist.gov/vuln/detail/CVE-2026-33211) | 9.6 | CRITICAL | CWE-22 | No | 0.0% | 6.72 | 2026-03-24 | Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and... |
| [CVE-2026-33202](https://nvd.nist.gov/vuln/detail/CVE-2026-33202) | 6.6 | MEDIUM | CWE-74 | No | 0.0% | 4.62 | 2026-03-24 | Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, a... |
| [CVE-2026-33195](https://nvd.nist.gov/vuln/detail/CVE-2026-33195) | 8.0 | HIGH | CWE-22 | No | 0.0% | 5.60 | 2026-03-24 | Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, a... |
| [CVE-2026-33176](https://nvd.nist.gov/vuln/detail/CVE-2026-33176) | 6.6 | MEDIUM | CWE-400 | No | 0.0% | 4.62 | 2026-03-24 | Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to v... |
| [CVE-2026-33174](https://nvd.nist.gov/vuln/detail/CVE-2026-33174) | 6.6 | MEDIUM | CWE-789 | No | 0.0% | 4.62 | 2026-03-24 | Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, a... |
| [CVE-2026-33173](https://nvd.nist.gov/vuln/detail/CVE-2026-33173) | 5.3 | MEDIUM | CWE-925 | No | 0.0% | 3.71 | 2026-03-24 | Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, a... |
| [CVE-2026-33170](https://nvd.nist.gov/vuln/detail/CVE-2026-33170) | 5.3 | MEDIUM | CWE-79 | No | 0.0% | 3.71 | 2026-03-24 | Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to v... |
| [CVE-2026-33169](https://nvd.nist.gov/vuln/detail/CVE-2026-33169) | 6.9 | MEDIUM | CWE-400 | No | 0.0% | 4.83 | 2026-03-24 | Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. `NumberToD... |
| [CVE-2026-4306](https://nvd.nist.gov/vuln/detail/CVE-2026-4306) | 7.5 | HIGH | CWE-89 | No | 0.1% | 5.25 | 2026-03-23 | The WP Job Portal plugin for WordPress is vulnerable to SQL Injection via the 'radius' parameter in all versions up to,... |
| [CVE-2026-4066](https://nvd.nist.gov/vuln/detail/CVE-2026-4066) | 4.3 | MEDIUM | CWE-862 | No | 0.0% | 3.01 | 2026-03-23 | The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability ch... |
| [CVE-2026-3225](https://nvd.nist.gov/vuln/detail/CVE-2026-3225) | 4.3 | MEDIUM | CWE-862 | No | 0.0% | 3.01 | 2026-03-23 | The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized deletion of quiz question answe... |
| [CVE-2026-33168](https://nvd.nist.gov/vuln/detail/CVE-2026-33168) | 2.3 | LOW | CWE-79 | No | 0.0% | 1.61 | 2026-03-23 | Action View provides conventions and helpers for building web pages with the Rails framework. Prior to versions 8.1.2.1,... |
| [CVE-2026-33167](https://nvd.nist.gov/vuln/detail/CVE-2026-33167) | 1.3 | LOW | CWE-79 | No | 0.0% | 0.91 | 2026-03-23 | Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.... |
| [CVE-2026-33046](https://nvd.nist.gov/vuln/detail/CVE-2026-33046) | 7.7 | HIGH | CWE-22 | No | 0.1% | 5.39 | 2026-03-23 | Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In vers... |
| [CVE-2026-2412](https://nvd.nist.gov/vuln/detail/CVE-2026-2412) | 6.5 | MEDIUM | CWE-89 | No | 0.0% | 4.55 | 2026-03-23 | The Quiz and Survey Master (QSM) plugin for WordPress is vulnerable to SQL Injection via the 'merged_question' parameter... |
| [CVE-2026-4612](https://nvd.nist.gov/vuln/detail/CVE-2026-4612) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-23 | A vulnerability has been found in itsourcecode Free Hotel Reservation System 1.0. This affects an unknown part of the fi... |
| [CVE-2026-4611](https://nvd.nist.gov/vuln/detail/CVE-2026-4611) | 8.6 | HIGH | CWE-77 | No | 1.3% | 6.06 | 2026-03-23 | A flaw has been found in TOTOLINK X6000R 9.4.0cu.1360_B20241207/9.4.0cu.1498_B20250826. Affected by this issue is the fu... |
| [CVE-2026-33634](https://nvd.nist.gov/vuln/detail/CVE-2026-33634) | 9.4 | CRITICAL | CWE-506 | Yes | 21.2% | 7.21 | 2026-03-23 | Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy... |
| [CVE-2026-32913](https://nvd.nist.gov/vuln/detail/CVE-2026-32913) | 8.8 | HIGH | CWE-522 | No | 0.0% | 6.16 | 2026-03-23 | OpenClaw before 2026.3.7 contains an improper header validation vulnerability in fetchWithSsrFGuard that forwards custom... |
| [CVE-2026-32912](https://nvd.nist.gov/vuln/detail/CVE-2026-32912) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-03-23 | Rejected reason: This CVE ID has been rejected. |
| [CVE-2026-32911](https://nvd.nist.gov/vuln/detail/CVE-2026-32911) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-03-23 | Rejected reason: This CVE ID has been rejected. |
| [CVE-2026-32910](https://nvd.nist.gov/vuln/detail/CVE-2026-32910) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-03-23 | Rejected reason: This CVE ID has been rejected. |
| [CVE-2026-32909](https://nvd.nist.gov/vuln/detail/CVE-2026-32909) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-03-23 | Rejected reason: This CVE ID has been rejected. |
| [CVE-2026-32908](https://nvd.nist.gov/vuln/detail/CVE-2026-32908) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-03-23 | Rejected reason: This CVE ID has been rejected. |
| [CVE-2026-32907](https://nvd.nist.gov/vuln/detail/CVE-2026-32907) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-03-23 | Rejected reason: This CVE ID has been rejected. |
| [CVE-2026-32904](https://nvd.nist.gov/vuln/detail/CVE-2026-32904) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-03-23 | Rejected reason: This CVE ID has been rejected. |
| [CVE-2026-32903](https://nvd.nist.gov/vuln/detail/CVE-2026-32903) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-03-23 | Rejected reason: This CVE ID has been rejected. |
| [CVE-2026-32902](https://nvd.nist.gov/vuln/detail/CVE-2026-32902) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-03-23 | Rejected reason: This CVE ID has been rejected. |
| [CVE-2026-32901](https://nvd.nist.gov/vuln/detail/CVE-2026-32901) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-03-23 | Rejected reason: This CVE ID has been rejected. |
| [CVE-2026-32900](https://nvd.nist.gov/vuln/detail/CVE-2026-32900) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-03-23 | Rejected reason: This CVE ID has been rejected. |
| [CVE-2026-32300](https://nvd.nist.gov/vuln/detail/CVE-2026-32300) | 8.1 | HIGH | CWE-285 | No | 0.0% | 5.67 | 2026-03-23 | Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the... |
| [CVE-2026-32299](https://nvd.nist.gov/vuln/detail/CVE-2026-32299) | 7.5 | HIGH | CWE-284 | No | 0.0% | 5.25 | 2026-03-23 | Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the... |
| [CVE-2026-32279](https://nvd.nist.gov/vuln/detail/CVE-2026-32279) | 6.8 | MEDIUM | CWE-918 | No | 0.0% | 4.76 | 2026-03-23 | Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the... |
| [CVE-2026-32278](https://nvd.nist.gov/vuln/detail/CVE-2026-32278) | 8.2 | HIGH | CWE-434 | No | 0.0% | 5.74 | 2026-03-23 | Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the... |
| [CVE-2026-32277](https://nvd.nist.gov/vuln/detail/CVE-2026-32277) | 8.7 | HIGH | CWE-79 | No | 0.0% | 6.09 | 2026-03-23 | Connect-CMS is a content management system. In versions 1.35.0 through 1.41.0 and 2.35.0 through 2.41.0, a DOM-based Cro... |
| [CVE-2026-32276](https://nvd.nist.gov/vuln/detail/CVE-2026-32276) | 8.8 | HIGH | CWE-94 | No | 0.1% | 6.16 | 2026-03-23 | Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the... |
| [CVE-2026-32066](https://nvd.nist.gov/vuln/detail/CVE-2026-32066) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-03-23 | Rejected reason: This CVE ID has been rejected. |
| [CVE-2026-32047](https://nvd.nist.gov/vuln/detail/CVE-2026-32047) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-03-23 | Rejected reason: This CVE ID has been rejected. |
| [CVE-2026-32012](https://nvd.nist.gov/vuln/detail/CVE-2026-32012) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-03-23 | Rejected reason: This CVE ID has been rejected. |
| [CVE-2026-29111](https://nvd.nist.gov/vuln/detail/CVE-2026-29111) | 5.5 | MEDIUM | CWE-269 | No | 0.0% | 3.85 | 2026-03-23 | systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unprivileged IPC API call... |
| [CVE-2026-28483](https://nvd.nist.gov/vuln/detail/CVE-2026-28483) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-03-23 | Rejected reason: This CVE ID has been rejected. |
| [CVE-2026-28455](https://nvd.nist.gov/vuln/detail/CVE-2026-28455) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-03-23 | Rejected reason: This CVE ID has been rejected. |
| [CVE-2026-27646](https://nvd.nist.gov/vuln/detail/CVE-2026-27646) | 5.8 | MEDIUM | CWE-863 | No | 0.0% | 4.06 | 2026-03-23 | OpenClaw versions prior to 2026.3.7 contain a sandbox escape vulnerability in the /acp spawn command that allows authori... |
| [CVE-2026-27183](https://nvd.nist.gov/vuln/detail/CVE-2026-27183) | 2.1 | LOW | CWE-863 | No | 0.0% | 1.47 | 2026-03-23 | OpenClaw versions prior to 2026.3.7 contain a shell approval gating bypass vulnerability in system.run dispatch-wrapper... |
| [CVE-2026-22173](https://nvd.nist.gov/vuln/detail/CVE-2026-22173) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-03-23 | Rejected reason: This CVE ID has been rejected. |
| [CVE-2026-1940](https://nvd.nist.gov/vuln/detail/CVE-2026-1940) | 5.1 | MEDIUM | CWE-125 | No | 0.0% | 3.57 | 2026-03-23 | An incomplete fix for CVE-2024-47778 allows an out-of-bounds read in gst_wavparse_adtl_chunk() function. The patch added... |
| [CVE-2025-60949](https://nvd.nist.gov/vuln/detail/CVE-2025-60949) | 9.3 | CRITICAL | CWE-200 | No | 0.0% | 6.51 | 2026-03-23 | Census CSWeb 8.0.1 allows "app/config" to be reachable via HTTP in some deployments. A remote, unauthenticated attacker... |
| [CVE-2025-60948](https://nvd.nist.gov/vuln/detail/CVE-2025-60948) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-03-23 | Census CSWeb 8.0.1 allows stored cross-site scripting in user supplied fields. A remote, authenticated attacker could st... |
| [CVE-2025-60947](https://nvd.nist.gov/vuln/detail/CVE-2025-60947) | 8.7 | HIGH | CWE-434 | No | 0.3% | 6.10 | 2026-03-23 | Census CSWeb 8.0.1 allows arbitrary file upload. A remote, authenticated attacker could upload a malicious file, possibl... |
| [CVE-2025-60946](https://nvd.nist.gov/vuln/detail/CVE-2025-60946) | 8.7 | HIGH | CWE-22 | No | 0.2% | 6.09 | 2026-03-23 | Census CSWeb 8.0.1 allows arbitrary file path input. A remote, authenticated attacker could access unintended file direc... |
| [CVE-2026-4597](https://nvd.nist.gov/vuln/detail/CVE-2026-4597) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-03-23 | A security flaw has been discovered in 648540858 wvp-GB28181-pro up to 2.7.4. Impacted is the function selectAll of the... |
| [CVE-2026-4368](https://nvd.nist.gov/vuln/detail/CVE-2026-4368) | 7.7 | HIGH | N/A | No | 0.0% | 5.39 | 2026-03-23 | Race Condition in NetScaler ADC and NetScaler Gateway when appliance is configured as Gateway (SSL VPN, ICA Proxy, CVPN,... |
| [CVE-2026-3055](https://nvd.nist.gov/vuln/detail/CVE-2026-3055) | 9.3 | CRITICAL | CWE-125 | Yes | 53.8% | 8.12 | 2026-03-23 | Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory ove... |
| [CVE-2026-23882](https://nvd.nist.gov/vuln/detail/CVE-2026-23882) | 8.6 | HIGH | CWE-78 | No | 0.1% | 6.02 | 2026-03-23 | Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the MCP (Model Context Protocol) server creati... |
| [CVE-2026-23488](https://nvd.nist.gov/vuln/detail/CVE-2026-23488) | 6.9 | MEDIUM | CWE-639 | No | 0.0% | 4.83 | 2026-03-23 | Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the /api/v1/comment/create endpoint has an una... |
| [CVE-2026-23487](https://nvd.nist.gov/vuln/detail/CVE-2026-23487) | 6.0 | MEDIUM | CWE-639 | No | 0.0% | 4.20 | 2026-03-23 | Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, there is an IDOR vulnerability where user.deta... |
| [CVE-2026-23486](https://nvd.nist.gov/vuln/detail/CVE-2026-23486) | 6.9 | MEDIUM | CWE-200 | No | 0.0% | 4.83 | 2026-03-23 | Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, a publicly accessible endpoint exposes all use... |
| [CVE-2026-23485](https://nvd.nist.gov/vuln/detail/CVE-2026-23485) | 6.9 | MEDIUM | CWE-22 | No | 0.1% | 4.83 | 2026-03-23 | Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the filePath parameter accepts path traversal... |
| [CVE-2026-23484](https://nvd.nist.gov/vuln/detail/CVE-2026-23484) | 5.3 | MEDIUM | CWE-22 | No | 0.0% | 3.71 | 2026-03-23 | Blinko is an AI-powered card note-taking project. In versions from 1.8.3 and prior, the fileName parameter is not filter... |
| [CVE-2026-23483](https://nvd.nist.gov/vuln/detail/CVE-2026-23483) | 6.9 | MEDIUM | CWE-22 | No | 0.0% | 4.83 | 2026-03-23 | Blinko is an AI-powered card note-taking project. In versions from 1.8.3 and prior, the plugin file server endpoint uses... |
| [CVE-2026-23482](https://nvd.nist.gov/vuln/detail/CVE-2026-23482) | 8.2 | HIGH | CWE-22 | No | 0.0% | 5.74 | 2026-03-23 | Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the file server endpoint does not perform perm... |
| [CVE-2026-23481](https://nvd.nist.gov/vuln/detail/CVE-2026-23481) | 5.3 | MEDIUM | CWE-22 | No | 0.0% | 3.71 | 2026-03-23 | Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, there is an authenticated arbitrary file write... |
| [CVE-2026-23480](https://nvd.nist.gov/vuln/detail/CVE-2026-23480) | 5.3 | MEDIUM | CWE-288 | No | 0.0% | 3.71 | 2026-03-23 | Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, there is a privilege escalation vulnerability.... |
| [CVE-2026-4596](https://nvd.nist.gov/vuln/detail/CVE-2026-4596) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-03-23 | A vulnerability was identified in projectworlds Lawyer Management System 1.0. This issue affects some unknown processing... |
| [CVE-2026-33548](https://nvd.nist.gov/vuln/detail/CVE-2026-33548) | 8.6 | HIGH | CWE-79 | No | 0.0% | 6.02 | 2026-03-23 | Mantis Bug Tracker (MantisBT) is an open source issue tracker. In version 2.28.0, improper escaping of tag names retriev... |
| [CVE-2026-33517](https://nvd.nist.gov/vuln/detail/CVE-2026-33517) | 8.6 | HIGH | CWE-79 | No | 0.0% | 6.02 | 2026-03-23 | Mantis Bug Tracker (MantisBT) is an open source issue tracker. In version 2.28.0, when deleting a Tag (tag_delete.php),... |
| [CVE-2026-32879](https://nvd.nist.gov/vuln/detail/CVE-2026-32879) | 4.9 | MEDIUM | CWE-287 | No | 0.0% | 3.43 | 2026-03-23 | New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Starting in ver... |
| [CVE-2026-32852](https://nvd.nist.gov/vuln/detail/CVE-2026-32852) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-03-23 | MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the webmail interface that... |
| [CVE-2026-32851](https://nvd.nist.gov/vuln/detail/CVE-2026-32851) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-03-23 | MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the webmail interface that... |
| [CVE-2026-32850](https://nvd.nist.gov/vuln/detail/CVE-2026-32850) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-03-23 | MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the webmail interface that... |
| [CVE-2026-30886](https://nvd.nist.gov/vuln/detail/CVE-2026-30886) | 6.5 | MEDIUM | CWE-639 | No | 0.0% | 4.55 | 2026-03-23 | New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to versio... |
| [CVE-2026-30849](https://nvd.nist.gov/vuln/detail/CVE-2026-30849) | 9.3 | CRITICAL | CWE-305 | No | 0.1% | 6.51 | 2026-03-23 | Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions prior to 2.28.1 running on MySQL family database... |
| [CVE-2026-2298](https://nvd.nist.gov/vuln/detail/CVE-2026-2298) | 9.4 | CRITICAL | CWE-88 | No | 0.1% | 6.58 | 2026-03-23 | Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Salesforce Marketing... |
| [CVE-2026-27131](https://nvd.nist.gov/vuln/detail/CVE-2026-27131) | 5.5 | MEDIUM | CWE-200 | No | 0.0% | 3.85 | 2026-03-23 | The Sprig Plugin for Craft CMS is a reactive Twig component framework for Craft CMS. Starting in version 2.0.0 and prior... |
| [CVE-2025-52204](https://nvd.nist.gov/vuln/detail/CVE-2025-52204) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-03-23 | A Cross-Site Scripting (XSS) vulnerability exists in Znuny::ITSM 6.5.x in the customer.pl endpoint via the OTRSCustomerI... |
| [CVE-2024-46879](https://nvd.nist.gov/vuln/detail/CVE-2024-46879) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-23 | A Reflected Cross-Site Scripting (XSS) vulnerability exists in the POST request data zipPath of tiki-admin_system.php in... |
| [CVE-2024-46878](https://nvd.nist.gov/vuln/detail/CVE-2024-46878) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-23 | A Cross-Site Scripting (XSS) vulnerability exists in the page parameter of tiki-editpage.php in Tiki version 26.3 and ea... |
| [CVE-2026-4595](https://nvd.nist.gov/vuln/detail/CVE-2026-4595) | 4.8 | MEDIUM | CWE-79 | No | 0.0% | 3.36 | 2026-03-23 | A vulnerability was determined in code-projects Exam Form Submission 1.0. This vulnerability affects unknown code of the... |
| [CVE-2026-33723](https://nvd.nist.gov/vuln/detail/CVE-2026-33723) | 7.1 | HIGH | CWE-89 | No | 0.0% | 4.97 | 2026-03-23 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `Subscribe::save()` method in `o... |
| [CVE-2026-33719](https://nvd.nist.gov/vuln/detail/CVE-2026-33719) | 8.6 | HIGH | CWE-306 | No | 0.1% | 6.02 | 2026-03-23 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the CDN plugin endpoints `plugin/CDN... |
| [CVE-2026-33717](https://nvd.nist.gov/vuln/detail/CVE-2026-33717) | 8.8 | HIGH | CWE-434 | No | 0.1% | 6.16 | 2026-03-23 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `downloadVideoFromDownloadURL()`... |
| [CVE-2026-33716](https://nvd.nist.gov/vuln/detail/CVE-2026-33716) | 9.4 | CRITICAL | CWE-287 | No | 0.1% | 6.58 | 2026-03-23 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the standalone live stream control e... |
| [CVE-2026-33690](https://nvd.nist.gov/vuln/detail/CVE-2026-33690) | 5.3 | MEDIUM | CWE-348 | No | 0.0% | 3.71 | 2026-03-23 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `getRealIpAddr()` function in `o... |
| [CVE-2026-33688](https://nvd.nist.gov/vuln/detail/CVE-2026-33688) | 5.3 | MEDIUM | CWE-204 | No | 0.1% | 3.71 | 2026-03-23 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the password recovery endpoint at `o... |
| [CVE-2026-33685](https://nvd.nist.gov/vuln/detail/CVE-2026-33685) | 5.3 | MEDIUM | CWE-862 | No | 0.1% | 3.71 | 2026-03-23 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `plugin/AD_Server/reports.json.p... |
| [CVE-2026-33683](https://nvd.nist.gov/vuln/detail/CVE-2026-33683) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-23 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, a sanitization order-of-operations f... |
| [CVE-2026-33681](https://nvd.nist.gov/vuln/detail/CVE-2026-33681) | 7.2 | HIGH | CWE-22 | No | 0.1% | 5.04 | 2026-03-23 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `objects/pluginRunDatabaseScript... |
| [CVE-2026-33651](https://nvd.nist.gov/vuln/detail/CVE-2026-33651) | 8.1 | HIGH | CWE-89 | No | 0.0% | 5.67 | 2026-03-23 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `remindMe.json.php` endpoint pas... |
| [CVE-2026-33650](https://nvd.nist.gov/vuln/detail/CVE-2026-33650) | 7.6 | HIGH | CWE-863 | No | 0.0% | 5.32 | 2026-03-23 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, a user with the "Videos Moderator" p... |
| [CVE-2026-33649](https://nvd.nist.gov/vuln/detail/CVE-2026-33649) | 8.1 | HIGH | CWE-352 | No | 0.0% | 5.67 | 2026-03-23 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `plugin/Permissions/setPermissio... |
| [CVE-2026-33648](https://nvd.nist.gov/vuln/detail/CVE-2026-33648) | 8.8 | HIGH | CWE-78 | No | 0.1% | 6.16 | 2026-03-23 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the restreamer endpoint constructs a... |
| [CVE-2026-33647](https://nvd.nist.gov/vuln/detail/CVE-2026-33647) | 8.8 | HIGH | CWE-434 | No | 0.3% | 6.17 | 2026-03-23 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `ImageGallery::saveFile()` metho... |
| [CVE-2026-33513](https://nvd.nist.gov/vuln/detail/CVE-2026-33513) | 8.6 | HIGH | CWE-22 | No | 0.2% | 6.03 | 2026-03-23 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, an unauthenticated API endpoint (`AP... |
| [CVE-2026-33512](https://nvd.nist.gov/vuln/detail/CVE-2026-33512) | 7.5 | HIGH | CWE-287 | No | 0.0% | 5.25 | 2026-03-23 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the API plugin exposes a `decryptStr... |
| [CVE-2026-26209](https://nvd.nist.gov/vuln/detail/CVE-2026-26209) | 7.5 | HIGH | CWE-674 | No | 0.1% | 5.25 | 2026-03-23 | cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) serialization format. Versions... |
| [CVE-2026-25075](https://nvd.nist.gov/vuln/detail/CVE-2026-25075) | 8.7 | HIGH | CWE-191 | No | 0.2% | 6.09 | 2026-03-23 | strongSwan versions 4.5.0 prior to 6.0.5 contain an integer underflow vulnerability in the EAP-TTLS AVP parser that allo... |
| [CVE-2026-0898](https://nvd.nist.gov/vuln/detail/CVE-2026-0898) | 9.0 | CRITICAL | CWE-284 | No | 0.1% | 6.30 | 2026-03-23 | An arbitrary file-write vulnerability in Pega Browser Extension (PBE) affects Pega Robot Studio developers who are autom... |
| [CVE-2025-15606](https://nvd.nist.gov/vuln/detail/CVE-2025-15606) | 7.1 | HIGH | CWE-20 | No | 0.1% | 4.97 | 2026-03-23 | A Denial-of-Service (DoS) vulnerability in the httpd component of TP-Link's TD-W8961N v4.0 due to improper input sanitiz... |
| [CVE-2026-4594](https://nvd.nist.gov/vuln/detail/CVE-2026-4594) | 6.9 | MEDIUM | CWE-89 | No | 0.0% | 4.83 | 2026-03-23 | A vulnerability has been found in erupts erupt up to 1.13.3. Affected by this issue is the function geneEruptHqlOrderBy... |
| [CVE-2025-15605](https://nvd.nist.gov/vuln/detail/CVE-2025-15605) | 8.5 | HIGH | CWE-321 | No | 0.0% | 5.95 | 2026-03-23 | A hardcoded cryptographic key within the configuration mechanism on TP-Link Archer NX200, NX210, NX500 and NX600 enables... |
| [CVE-2025-15519](https://nvd.nist.gov/vuln/detail/CVE-2025-15519) | 8.5 | HIGH | CWE-78 | No | 0.1% | 5.95 | 2026-03-23 | Improper input handling in a modem-management administrative CLI command on TP-Link Archer NX200, NX210, NX500 and NX600... |
| [CVE-2025-15518](https://nvd.nist.gov/vuln/detail/CVE-2025-15518) | 8.5 | HIGH | CWE-78 | No | 0.1% | 5.95 | 2026-03-23 | Improper input handling in a wireless-control administrative CLI command on TP-Link Archer NX200, NX210, NX500 and NX600... |
| [CVE-2025-15517](https://nvd.nist.gov/vuln/detail/CVE-2025-15517) | 8.6 | HIGH | CWE-306 | No | 0.1% | 6.02 | 2026-03-23 | A missing authentication check in the HTTP server on TP-Link Archer NX200, NX210, NX500 and NX600 to certain cgi endpoin... |
| [CVE-2026-4593](https://nvd.nist.gov/vuln/detail/CVE-2026-4593) | 5.3 | MEDIUM | CWE-89 | No | 0.0% | 3.71 | 2026-03-23 | A flaw has been found in erupts erupt bis 1.13.3. Affected by this vulnerability is the function EruptDataQuery of the f... |
| [CVE-2026-33507](https://nvd.nist.gov/vuln/detail/CVE-2026-33507) | 8.8 | HIGH | CWE-352 | No | 0.1% | 6.16 | 2026-03-23 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `objects/pluginImport.json.php`... |
| [CVE-2026-33502](https://nvd.nist.gov/vuln/detail/CVE-2026-33502) | 9.3 | CRITICAL | CWE-918 | No | 0.1% | 6.51 | 2026-03-23 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, an unauthenticated server-side reque... |
| [CVE-2026-33501](https://nvd.nist.gov/vuln/detail/CVE-2026-33501) | 5.3 | MEDIUM | CWE-862 | No | 0.1% | 3.71 | 2026-03-23 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the endpoint `plugin/Permissions/Vie... |
| [CVE-2026-33500](https://nvd.nist.gov/vuln/detail/CVE-2026-33500) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-23 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the fix for CVE-2026-27568 (GHSA-rcq... |
| [CVE-2026-33499](https://nvd.nist.gov/vuln/detail/CVE-2026-33499) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-03-23 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `view/forbiddenPage.php` and `vi... |
| [CVE-2026-30007](https://nvd.nist.gov/vuln/detail/CVE-2026-30007) | 6.2 | MEDIUM | CWE-416 | No | 0.0% | 4.34 | 2026-03-23 | XnSoft NConvert 7.230 is vulnerable to Use-After-Free via a crafted .tiff file |
| [CVE-2026-30006](https://nvd.nist.gov/vuln/detail/CVE-2026-30006) | 6.2 | MEDIUM | CWE-120 | No | 0.0% | 4.34 | 2026-03-23 | XnSoft NConvert 7.230 is vulnerable to Stack Buffer Overrun via a crafted .tiff file. |
| [CVE-2026-26829](https://nvd.nist.gov/vuln/detail/CVE-2026-26829) | 7.5 | HIGH | CWE-476 | No | 1.2% | 5.28 | 2026-03-23 | A NULL pointer dereference in the safe_atou64 function (src/misc.c) of owntone-server through commit c4d57aa allows atta... |
| [CVE-2026-26828](https://nvd.nist.gov/vuln/detail/CVE-2026-26828) | 7.5 | HIGH | CWE-476 | No | 0.1% | 5.25 | 2026-03-23 | A NULL pointer dereference in the daap_reply_playlists function (src/httpd_daap.c) of owntone-server commit 3d1652d allo... |
| [CVE-2026-24516](https://nvd.nist.gov/vuln/detail/CVE-2026-24516) | 8.8 | HIGH | CWE-94 | No | 0.3% | 6.17 | 2026-03-23 | A command injection vulnerability exists in DigitalOcean Droplet Agent through 1.3.2. The troubleshooting actioner compo... |
| [CVE-2026-4592](https://nvd.nist.gov/vuln/detail/CVE-2026-4592) | 6.3 | MEDIUM | CWE-287 | No | 0.1% | 4.41 | 2026-03-23 | A security vulnerability has been detected in kalcaddle kodbox 1.64. This impacts the function loginAfter/tfaVerify of t... |
| [CVE-2026-4591](https://nvd.nist.gov/vuln/detail/CVE-2026-4591) | 5.1 | MEDIUM | CWE-77 | No | 0.3% | 3.58 | 2026-03-23 | A weakness has been identified in kalcaddle kodbox 1.64. This affects the function checkBin of the file /workspace/sourc... |
| [CVE-2026-33493](https://nvd.nist.gov/vuln/detail/CVE-2026-33493) | 7.1 | HIGH | CWE-22 | No | 0.1% | 4.97 | 2026-03-23 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `objects/import.json.php` endpoi... |
| [CVE-2026-33492](https://nvd.nist.gov/vuln/detail/CVE-2026-33492) | 7.3 | HIGH | CWE-384 | No | 0.1% | 5.11 | 2026-03-23 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, AVideo's `_session_start()` function... |
| [CVE-2026-33488](https://nvd.nist.gov/vuln/detail/CVE-2026-33488) | 7.4 | HIGH | CWE-326 | No | 0.0% | 5.18 | 2026-03-23 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `createKeys()` function in the L... |
| [CVE-2026-32845](https://nvd.nist.gov/vuln/detail/CVE-2026-32845) | 6.9 | MEDIUM | CWE-190 | No | 0.0% | 4.83 | 2026-03-23 | cgltf version 1.15 and prior contain an integer overflow vulnerability in the cgltf_validate() function when validating... |
| [CVE-2024-51226](https://nvd.nist.gov/vuln/detail/CVE-2024-51226) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-03-23 | A stored cross-site scripting (XSS) vulnerability in the component /admin/search-vehicle.php of Phpgurukul Vehicle Recor... |
| [CVE-2024-51225](https://nvd.nist.gov/vuln/detail/CVE-2024-51225) | 4.8 | MEDIUM | CWE-79 | No | 0.0% | 3.36 | 2026-03-23 | A stored cross-site scripting (XSS) vulnerability in the component /admin/add-brand.php of Phpgurukul Vehicle Record Man... |
| [CVE-2024-51224](https://nvd.nist.gov/vuln/detail/CVE-2024-51224) | 4.8 | MEDIUM | CWE-79 | No | 0.0% | 3.36 | 2026-03-23 | Multiple cross-site scripting (XSS) vulnerabilities in the component /admin/edit-vehicle.php of Phpgurukul Vehicle Recor... |
| [CVE-2024-51223](https://nvd.nist.gov/vuln/detail/CVE-2024-51223) | 4.8 | MEDIUM | CWE-79 | No | 0.0% | 3.36 | 2026-03-23 | A stored cross-site scripting (XSS) vulnerability in the component /admin/profile.php of Phpgurukul Vehicle Record Manag... |
| [CVE-2024-51222](https://nvd.nist.gov/vuln/detail/CVE-2024-51222) | 4.8 | MEDIUM | CWE-79 | No | 0.0% | 3.36 | 2026-03-23 | A stored cross-site scripting (XSS) vulnerability in the component /admin/profile.php of Phpgurukul Vehicle Record Manag... |
| [CVE-2026-4590](https://nvd.nist.gov/vuln/detail/CVE-2026-4590) | 2.3 | LOW | CWE-352 | No | 0.0% | 1.61 | 2026-03-23 | A security flaw has been discovered in kalcaddle kodbox 1.64. The impacted element is an unknown function of the file /w... |
| [CVE-2026-4404](https://nvd.nist.gov/vuln/detail/CVE-2026-4404) | 9.4 | CRITICAL | CWE-798 | No | 0.1% | 6.58 | 2026-03-23 | Use of hard coded credentials in GoHarbor Harbor version 2.15.0 and below, allows attackers to use the default password... |
| [CVE-2026-33485](https://nvd.nist.gov/vuln/detail/CVE-2026-33485) | 7.5 | HIGH | CWE-89 | No | 0.2% | 5.26 | 2026-03-23 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the RTMP `on_publish` callback at `p... |
| [CVE-2026-33483](https://nvd.nist.gov/vuln/detail/CVE-2026-33483) | 7.5 | HIGH | CWE-770 | No | 0.4% | 5.26 | 2026-03-23 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `aVideoEncoderChunk.json.php` en... |
| [CVE-2026-33482](https://nvd.nist.gov/vuln/detail/CVE-2026-33482) | 8.1 | HIGH | CWE-78 | No | 0.1% | 5.67 | 2026-03-23 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `sanitizeFFmpegCommand()` functi... |
| [CVE-2026-33480](https://nvd.nist.gov/vuln/detail/CVE-2026-33480) | 8.6 | HIGH | CWE-918 | No | 0.0% | 6.02 | 2026-03-23 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `isSSRFSafeURL()` function in AV... |
| [CVE-2026-33479](https://nvd.nist.gov/vuln/detail/CVE-2026-33479) | 8.8 | HIGH | CWE-94 | No | 0.1% | 6.16 | 2026-03-23 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the Gallery plugin's `saveSort.json.... |
| [CVE-2026-33478](https://nvd.nist.gov/vuln/detail/CVE-2026-33478) | 10.0 | CRITICAL | CWE-78 | No | 20.6% | 7.62 | 2026-03-23 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, multiple vulnerabilities in AVideo's... |
| [CVE-2026-33354](https://nvd.nist.gov/vuln/detail/CVE-2026-33354) | 7.6 | HIGH | CWE-73 | No | 0.0% | 5.32 | 2026-03-23 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, `POST /objects/aVideoEncoder.json.ph... |
| [CVE-2026-4647](https://nvd.nist.gov/vuln/detail/CVE-2026-4647) | 6.1 | MEDIUM | CWE-125 | No | 0.0% | 4.27 | 2026-03-23 | A flaw was found in the GNU Binutils BFD library, a widely used component for handling binary files such as object files... |
| [CVE-2026-4645](https://nvd.nist.gov/vuln/detail/CVE-2026-4645) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-03-23 | Rejected reason: Duplicate of CVE-2026-32287 |
| [CVE-2026-4589](https://nvd.nist.gov/vuln/detail/CVE-2026-4589) | 5.3 | MEDIUM | CWE-918 | No | 0.0% | 3.71 | 2026-03-23 | A vulnerability was identified in kalcaddle kodbox 1.64. The affected element is the function PathDriverUrl of the file... |
| [CVE-2026-33352](https://nvd.nist.gov/vuln/detail/CVE-2026-33352) | 9.8 | CRITICAL | CWE-89 | No | 0.0% | 6.86 | 2026-03-23 | WWBN AVideo is an open source video platform. Prior to version 26.0, an unauthenticated SQL injection vulnerability exis... |
| [CVE-2026-33351](https://nvd.nist.gov/vuln/detail/CVE-2026-33351) | 9.1 | CRITICAL | CWE-918 | No | 0.1% | 6.37 | 2026-03-23 | WWBN AVideo is an open source video platform. Prior to version 26.0, a Server-Side Request Forgery (SSRF) vulnerability... |
| [CVE-2026-33297](https://nvd.nist.gov/vuln/detail/CVE-2026-33297) | 5.1 | MEDIUM | CWE-639 | No | 0.0% | 3.57 | 2026-03-23 | WWBN AVideo is an open source video platform. Prior to version 26.0, the `setPassword.json.php` endpoint in the Customiz... |
| [CVE-2025-41008](https://nvd.nist.gov/vuln/detail/CVE-2025-41008) | 9.3 | CRITICAL | CWE-89 | No | 0.0% | 6.51 | 2026-03-23 | SQL injection vulnerability in Sinturno. This vulnerability allows an attacker to retrieve, create, update, and delete d... |
| [CVE-2019-25625](https://nvd.nist.gov/vuln/detail/CVE-2019-25625) | 6.9 | MEDIUM | CWE-1285 | No | 0.0% | 4.83 | 2026-03-23 | Blob Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by prov... |
| [CVE-2019-25624](https://nvd.nist.gov/vuln/detail/CVE-2019-25624) | 6.9 | MEDIUM | CWE-606 | No | 0.0% | 4.83 | 2026-03-23 | Liquid Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by pr... |
| [CVE-2019-25623](https://nvd.nist.gov/vuln/detail/CVE-2019-25623) | 6.9 | MEDIUM | CWE-641 | No | 0.0% | 4.83 | 2026-03-23 | Luminance Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by... |
| [CVE-2019-25622](https://nvd.nist.gov/vuln/detail/CVE-2019-25622) | 6.9 | MEDIUM | CWE-1285 | No | 0.0% | 4.83 | 2026-03-23 | Paint Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by pro... |
| [CVE-2019-25621](https://nvd.nist.gov/vuln/detail/CVE-2019-25621) | 6.9 | MEDIUM | CWE-807 | No | 0.0% | 4.83 | 2026-03-23 | Pixel Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by pro... |
| [CVE-2019-25620](https://nvd.nist.gov/vuln/detail/CVE-2019-25620) | 6.9 | MEDIUM | CWE-168 | No | 0.0% | 4.83 | 2026-03-23 | Tree Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by prov... |
| [CVE-2026-4587](https://nvd.nist.gov/vuln/detail/CVE-2026-4587) | 6.3 | MEDIUM | CWE-287 | No | 0.0% | 4.41 | 2026-03-23 | A vulnerability was found in HybridAuth up to 3.12.2. This issue affects some unknown processing of the file src/HttpCli... |
| [CVE-2026-4586](https://nvd.nist.gov/vuln/detail/CVE-2026-4586) | 5.3 | MEDIUM | CWE-284 | No | 0.0% | 3.71 | 2026-03-23 | A vulnerability was found in CodePhiliaX Chat2DB up to 0.3.7. This affects the function Upload of the file chat2db-serve... |
| [CVE-2026-31851](https://nvd.nist.gov/vuln/detail/CVE-2026-31851) | 7.7 | HIGH | CWE-307 | No | 0.0% | 5.39 | 2026-03-23 | Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement rate limiting or account lockout mec... |
| [CVE-2026-31850](https://nvd.nist.gov/vuln/detail/CVE-2026-31850) | 6.8 | MEDIUM | CWE-256 | No | 0.0% | 4.76 | 2026-03-23 | Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 stores sensitive information, including administrative... |
| [CVE-2026-31849](https://nvd.nist.gov/vuln/detail/CVE-2026-31849) | 7.2 | HIGH | CWE-352 | No | 0.0% | 5.04 | 2026-03-23 | Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement CSRF protections on state-changing e... |
| [CVE-2026-31848](https://nvd.nist.gov/vuln/detail/CVE-2026-31848) | 8.7 | HIGH | CWE-312 | No | 0.0% | 6.09 | 2026-03-23 | Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 uses the ecos_pw cookie for authentication, which conta... |
| [CVE-2026-31847](https://nvd.nist.gov/vuln/detail/CVE-2026-31847) | 8.5 | HIGH | CWE-912 | No | 0.0% | 5.95 | 2026-03-23 | Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.0... |
| [CVE-2025-41007](https://nvd.nist.gov/vuln/detail/CVE-2025-41007) | 9.3 | CRITICAL | CWE-89 | No | 0.0% | 6.51 | 2026-03-23 | SQL Injection in Cuantis. This vulnerability allows an attacker to retrieve, create, update and delete databases through... |
| [CVE-2026-4585](https://nvd.nist.gov/vuln/detail/CVE-2026-4585) | 8.9 | HIGH | CWE-77 | No | 0.2% | 6.24 | 2026-03-23 | A vulnerability has been found in Tiandy Easy7 Integrated Management Platform up to 7.17.0. This vulnerability affects u... |
| [CVE-2026-4584](https://nvd.nist.gov/vuln/detail/CVE-2026-4584) | 2.3 | LOW | CWE-310 | No | 0.0% | 1.61 | 2026-03-23 | A flaw has been found in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. This affects an unknown part of the component Car... |
| [CVE-2026-32969](https://nvd.nist.gov/vuln/detail/CVE-2026-32969) | 7.5 | HIGH | CWE-89 | No | 0.2% | 5.26 | 2026-03-23 | An unauthenticated remote attacker can exploit a Pre-Auth blind SQL Injection vulnerability in the userinfo endpoint’s a... |
| [CVE-2026-32968](https://nvd.nist.gov/vuln/detail/CVE-2026-32968) | 9.8 | CRITICAL | CWE-78 | No | 0.1% | 6.86 | 2026-03-23 | Due to the improper neutralisation of special elements used in an OS command, an unauthenticated remote attacker can exp... |
| [CVE-2026-31846](https://nvd.nist.gov/vuln/detail/CVE-2026-31846) | 7.1 | HIGH | CWE-306 | No | 0.0% | 4.97 | 2026-03-23 | Missing authentication in the /goform/ate endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 a... |
| [CVE-2026-4633](https://nvd.nist.gov/vuln/detail/CVE-2026-4633) | 3.7 | LOW | CWE-209 | No | 0.0% | 2.59 | 2026-03-23 | A flaw was found in Keycloak. A remote attacker can exploit differential error messages during the identity-first login... |
| [CVE-2026-4583](https://nvd.nist.gov/vuln/detail/CVE-2026-4583) | 2.3 | LOW | CWE-287 | No | 0.0% | 1.61 | 2026-03-23 | A vulnerability was detected in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. Affected by this issue is some unknown fun... |
| [CVE-2026-4582](https://nvd.nist.gov/vuln/detail/CVE-2026-4582) | 2.3 | LOW | CWE-287 | No | 0.0% | 1.61 | 2026-03-23 | A security vulnerability has been detected in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. Affected by this vulnerabili... |
| [CVE-2026-4581](https://nvd.nist.gov/vuln/detail/CVE-2026-4581) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-23 | A weakness has been identified in code-projects Simple Laundry System 1.0. Affected is an unknown function of the file /... |
| [CVE-2026-4628](https://nvd.nist.gov/vuln/detail/CVE-2026-4628) | 4.3 | MEDIUM | CWE-284 | No | 0.0% | 3.01 | 2026-03-23 | A flaw was found in Keycloak. An improper Access Control vulnerability in Keycloak’s User-Managed Access (UMA) resource_... |
| [CVE-2026-4580](https://nvd.nist.gov/vuln/detail/CVE-2026-4580) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-23 | A security flaw has been discovered in code-projects Simple Laundry System 1.0. This impacts an unknown function of the... |
| [CVE-2026-4579](https://nvd.nist.gov/vuln/detail/CVE-2026-4579) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-23 | A vulnerability was identified in code-projects Simple Laundry System 1.0. This affects an unknown function of the file... |
| [CVE-2026-4578](https://nvd.nist.gov/vuln/detail/CVE-2026-4578) | 4.8 | MEDIUM | CWE-79 | No | 0.0% | 3.36 | 2026-03-23 | A vulnerability was determined in code-projects Exam Form Submission 1.0. The impacted element is an unknown function of... |
| [CVE-2026-3587](https://nvd.nist.gov/vuln/detail/CVE-2026-3587) | 10.0 | CRITICAL | CWE-912 | No | 0.1% | 7.00 | 2026-03-23 | An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface, l... |
| [CVE-2026-4577](https://nvd.nist.gov/vuln/detail/CVE-2026-4577) | 4.8 | MEDIUM | CWE-79 | No | 0.0% | 3.36 | 2026-03-23 | A vulnerability was found in code-projects Exam Form Submission 1.0. The affected element is an unknown function of the... |
| [CVE-2025-6229](https://nvd.nist.gov/vuln/detail/CVE-2025-6229) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-03-23 | The Sina Extension for Elementor (Header Builder, Footer Builter, Theme Builder, Slider, Gallery, Form, Modal, Data Tabl... |
| [CVE-2026-4603](https://nvd.nist.gov/vuln/detail/CVE-2026-4603) | 5.1 | MEDIUM | CWE-369 | No | 0.0% | 3.57 | 2026-03-23 | Versions of the package jsrsasign before 11.1.1 are vulnerable to Division by zero due to the RSASetPublic/KEYUTIL parsi... |
| [CVE-2026-4602](https://nvd.nist.gov/vuln/detail/CVE-2026-4602) | 7.7 | HIGH | CWE-681 | No | 0.1% | 5.39 | 2026-03-23 | Versions of the package jsrsasign before 11.1.1 are vulnerable to Incorrect Conversion between Numeric Types due to hand... |
| [CVE-2026-4601](https://nvd.nist.gov/vuln/detail/CVE-2026-4601) | 9.4 | CRITICAL | CWE-325 | No | 0.0% | 6.58 | 2026-03-23 | Versions of the package jsrsasign before 11.1.1 are vulnerable to Missing Cryptographic Step via the KJUR.crypto.DSA.sig... |
| [CVE-2026-4600](https://nvd.nist.gov/vuln/detail/CVE-2026-4600) | 9.1 | CRITICAL | CWE-347 | No | 0.0% | 6.37 | 2026-03-23 | Versions of the package jsrsasign before 11.1.1 are vulnerable to Improper Verification of Cryptographic Signature via t... |
| [CVE-2026-4599](https://nvd.nist.gov/vuln/detail/CVE-2026-4599) | 9.3 | CRITICAL | CWE-1023 | No | 0.0% | 6.51 | 2026-03-23 | Versions of the package jsrsasign from 7.0.0 and before 11.1.1 are vulnerable to Incomplete Comparison with Missing Fact... |
| [CVE-2026-4598](https://nvd.nist.gov/vuln/detail/CVE-2026-4598) | 7.7 | HIGH | CWE-835 | No | 0.1% | 5.39 | 2026-03-23 | Versions of the package jsrsasign before 11.1.1 are vulnerable to Infinite loop via the bnModInverse function in ext/jsb... |
| [CVE-2026-4576](https://nvd.nist.gov/vuln/detail/CVE-2026-4576) | 4.8 | MEDIUM | CWE-79 | No | 0.0% | 3.36 | 2026-03-23 | A vulnerability has been found in code-projects Exam Form Submission 1.0. Impacted is an unknown function of the file /a... |
| [CVE-2026-4575](https://nvd.nist.gov/vuln/detail/CVE-2026-4575) | 4.8 | MEDIUM | CWE-79 | No | 0.0% | 3.36 | 2026-03-23 | A flaw has been found in code-projects Exam Form Submission 1.0. This issue affects some unknown processing of the file... |
| [CVE-2026-4574](https://nvd.nist.gov/vuln/detail/CVE-2026-4574) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-03-23 | A vulnerability was detected in SourceCodester Simple E-learning System 1.0. This vulnerability affects unknown code of... |
| [CVE-2026-4573](https://nvd.nist.gov/vuln/detail/CVE-2026-4573) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-03-23 | A security vulnerability has been detected in SourceCodester Simple E-learning System 1.0. This affects an unknown part... |
| [CVE-2026-1969](https://nvd.nist.gov/vuln/detail/CVE-2026-1969) | 5.3 | MEDIUM | CWE-434 | No | 0.1% | 3.71 | 2026-03-23 | The trx_addons WordPress plugin before 2.38.5 does not correctly validate file types in one of its AJAX action, allowing... |
| [CVE-2025-10734](https://nvd.nist.gov/vuln/detail/CVE-2025-10734) | 5.3 | MEDIUM | CWE-922 | No | 0.0% | 3.71 | 2026-03-23 | The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for... |
| [CVE-2025-10731](https://nvd.nist.gov/vuln/detail/CVE-2025-10731) | 5.3 | MEDIUM | CWE-285 | No | 0.1% | 3.71 | 2026-03-23 | The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for... |
| [CVE-2025-10679](https://nvd.nist.gov/vuln/detail/CVE-2025-10679) | 7.3 | HIGH | CWE-94 | No | 0.2% | 5.12 | 2026-03-23 | The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for... |
| [CVE-2026-4572](https://nvd.nist.gov/vuln/detail/CVE-2026-4572) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-03-23 | A weakness has been identified in SourceCodester Sales and Inventory System 1.0. Affected by this issue is some unknown... |
| [CVE-2026-4571](https://nvd.nist.gov/vuln/detail/CVE-2026-4571) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-03-23 | A security flaw has been discovered in SourceCodester Sales and Inventory System 1.0. Affected by this vulnerability is... |
| [CVE-2026-4570](https://nvd.nist.gov/vuln/detail/CVE-2026-4570) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-03-23 | A vulnerability was identified in SourceCodester Sales and Inventory System 1.0. Affected is an unknown function of the... |
| [CVE-2025-10736](https://nvd.nist.gov/vuln/detail/CVE-2025-10736) | 6.5 | MEDIUM | CWE-285 | No | 0.1% | 4.55 | 2026-03-23 | The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for... |
| [CVE-2026-4569](https://nvd.nist.gov/vuln/detail/CVE-2026-4569) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-03-23 | A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This impacts an unknown function of the... |
| [CVE-2026-4568](https://nvd.nist.gov/vuln/detail/CVE-2026-4568) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-03-23 | A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown function of the file... |
| [CVE-2026-4567](https://nvd.nist.gov/vuln/detail/CVE-2026-4567) | 8.9 | HIGH | CWE-119 | No | 0.1% | 6.23 | 2026-03-23 | A vulnerability has been found in Tenda A15 15.13.07.13. The impacted element is the function UploadCfg of the file /cgi... |
| [CVE-2026-4566](https://nvd.nist.gov/vuln/detail/CVE-2026-4566) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-03-23 | A flaw has been found in Belkin F9K1122 1.00.33. The affected element is the function formWISP5G of the file /goform/for... |
| [CVE-2026-4565](https://nvd.nist.gov/vuln/detail/CVE-2026-4565) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-23 | A vulnerability was detected in Tenda AC21 16.03.08.16. Impacted is the function formSetQosBand of the file /goform/SetN... |
| [CVE-2026-4564](https://nvd.nist.gov/vuln/detail/CVE-2026-4564) | 5.1 | MEDIUM | CWE-74 | No | 0.1% | 3.57 | 2026-03-23 | A security vulnerability has been detected in yangzongzhuan RuoYi up to 4.8.2. This issue affects some unknown processin... |
| [CVE-2026-4563](https://nvd.nist.gov/vuln/detail/CVE-2026-4563) | 5.3 | MEDIUM | CWE-285 | No | 0.0% | 3.71 | 2026-03-23 | A weakness has been identified in MacCMS up to 2025.1000.4052. This vulnerability affects the function order_info of the... |
| [CVE-2026-4562](https://nvd.nist.gov/vuln/detail/CVE-2026-4562) | 6.9 | MEDIUM | CWE-287 | No | 0.1% | 4.83 | 2026-03-23 | A security flaw has been discovered in MacCMS 2025.1000.4052. This affects an unknown part of the file application/api/c... |
| [CVE-2026-2580](https://nvd.nist.gov/vuln/detail/CVE-2026-2580) | 7.5 | HIGH | CWE-89 | No | 0.1% | 5.25 | 2026-03-23 | The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnera... |
| [CVE-2026-4558](https://nvd.nist.gov/vuln/detail/CVE-2026-4558) | 7.4 | HIGH | CWE-77 | No | 0.2% | 5.19 | 2026-03-22 | A flaw has been found in Linksys MR9600 2.0.6.206937. Affected is the function smartConnectConfigure of the file SmartCo... |
| [CVE-2026-4557](https://nvd.nist.gov/vuln/detail/CVE-2026-4557) | 5.3 | MEDIUM | CWE-79 | No | 0.0% | 3.71 | 2026-03-22 | A vulnerability was detected in code-projects Exam Form Submission 1.0. This impacts an unknown function of the file /ad... |
| [CVE-2026-4555](https://nvd.nist.gov/vuln/detail/CVE-2026-4555) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-03-22 | A weakness has been identified in D-Link DIR-513 1.10. The impacted element is the function formEasySetTimezone of the f... |
| [CVE-2026-4554](https://nvd.nist.gov/vuln/detail/CVE-2026-4554) | 5.3 | MEDIUM | CWE-74 | No | 0.8% | 3.74 | 2026-03-22 | A security flaw has been discovered in Tenda F453 1.0.0.3. The affected element is the function FormWriteFacMac of the f... |
| [CVE-2026-33319](https://nvd.nist.gov/vuln/detail/CVE-2026-33319) | 5.9 | MEDIUM | CWE-78 | No | 0.0% | 4.13 | 2026-03-22 | WWBN AVideo is an open source video platform. Prior to version 26.0, the `uploadVideoToLinkedIn()` method in the SocialM... |
| [CVE-2026-33296](https://nvd.nist.gov/vuln/detail/CVE-2026-33296) | 2.1 | LOW | CWE-601 | No | 0.0% | 1.47 | 2026-03-22 | WWBN AVideo is an open source video platform. Prior to version 26.0, WWBN/AVideo contains an open redirect vulnerability... |
| [CVE-2026-33295](https://nvd.nist.gov/vuln/detail/CVE-2026-33295) | 8.2 | HIGH | CWE-79 | No | 0.0% | 5.74 | 2026-03-22 | WWBN AVideo is an open source video platform. Prior to version 26.0, WWBN/AVideo contains a stored cross-site scripting... |
| [CVE-2026-33294](https://nvd.nist.gov/vuln/detail/CVE-2026-33294) | 5.0 | MEDIUM | CWE-918 | No | 0.0% | 3.50 | 2026-03-22 | WWBN AVideo is an open source video platform. Prior to version 26.0, the BulkEmbed plugin's save endpoint (`plugin/BulkE... |
| [CVE-2026-33293](https://nvd.nist.gov/vuln/detail/CVE-2026-33293) | 8.1 | HIGH | CWE-22 | No | 0.0% | 5.67 | 2026-03-22 | WWBN AVideo is an open source video platform. Prior to version 26.0, the `deleteDump` parameter in `plugin/CloneSite/clo... |
| [CVE-2026-33292](https://nvd.nist.gov/vuln/detail/CVE-2026-33292) | 7.5 | HIGH | CWE-22 | No | 0.0% | 5.25 | 2026-03-22 | WWBN AVideo is an open source video platform. Prior to version 26.0, the HLS streaming endpoint (`view/hls.php`) is vuln... |
| [CVE-2026-4553](https://nvd.nist.gov/vuln/detail/CVE-2026-4553) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-03-22 | A vulnerability was identified in Tenda F453 1.0.0.3. Impacted is the function fromNatlimit of the file /goform/Natlimit... |
| [CVE-2026-4552](https://nvd.nist.gov/vuln/detail/CVE-2026-4552) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-22 | A vulnerability was determined in Tenda F453 1.0.0.3. This issue affects the function fromVirtualSer of the file /goform... |
| [CVE-2026-4551](https://nvd.nist.gov/vuln/detail/CVE-2026-4551) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-22 | A vulnerability was found in Tenda F453 1.0.0.3. This vulnerability affects the function fromSafeClientFilter of the fil... |
| [CVE-2026-4550](https://nvd.nist.gov/vuln/detail/CVE-2026-4550) | 5.1 | MEDIUM | CWE-74 | No | 0.0% | 3.57 | 2026-03-22 | A vulnerability has been found in code-projects Simple Gym Management System up to 1.0. This affects an unknown part of... |
| [CVE-2026-4549](https://nvd.nist.gov/vuln/detail/CVE-2026-4549) | 2.3 | LOW | CWE-285 | No | 0.0% | 1.61 | 2026-03-22 | A flaw has been found in mickasmt next-saas-stripe-starter 1.0.0. Affected by this issue is the function openCustomerPor... |
| [CVE-2026-4548](https://nvd.nist.gov/vuln/detail/CVE-2026-4548) | 5.3 | MEDIUM | CWE-266 | No | 0.0% | 3.71 | 2026-03-22 | A vulnerability was detected in mickasmt next-saas-stripe-starter 1.0.0. Affected by this vulnerability is the function... |
| [CVE-2026-4547](https://nvd.nist.gov/vuln/detail/CVE-2026-4547) | 5.3 | MEDIUM | CWE-840 | No | 0.0% | 3.71 | 2026-03-22 | A security vulnerability has been detected in mickasmt next-saas-stripe-starter 1.0.0. Affected is the function generate... |
| [CVE-2026-4546](https://nvd.nist.gov/vuln/detail/CVE-2026-4546) | 7.3 | HIGH | CWE-426 | No | 0.0% | 5.11 | 2026-03-22 | A weakness has been identified in Flos Freeware Notepad2 4.2.25. This impacts an unknown function in the library TextSha... |
| [CVE-2019-25619](https://nvd.nist.gov/vuln/detail/CVE-2019-25619) | 8.6 | HIGH | CWE-787 | No | 0.0% | 6.02 | 2026-03-22 | FTP Shell Server 6.83 contains a buffer overflow vulnerability in the 'Account name to ban' field that allows local atta... |
| [CVE-2019-25618](https://nvd.nist.gov/vuln/detail/CVE-2019-25618) | 6.9 | MEDIUM | CWE-73 | No | 0.0% | 4.83 | 2026-03-22 | AdminExpress 1.2.5 contains a denial of service vulnerability that allows local attackers to crash the application by su... |
| [CVE-2019-25617](https://nvd.nist.gov/vuln/detail/CVE-2019-25617) | 6.9 | MEDIUM | CWE-226 | No | 0.0% | 4.83 | 2026-03-22 | Ease Audio Converter 5.30 contains a denial of service vulnerability in the Audio Cutter function that allows local atta... |
| [CVE-2019-25616](https://nvd.nist.gov/vuln/detail/CVE-2019-25616) | 6.9 | MEDIUM | CWE-434 | No | 0.0% | 4.83 | 2026-03-22 | AnMing MP3 CD Burner 2.0 contains a buffer overflow vulnerability that allows local attackers to crash the application b... |
| [CVE-2019-25615](https://nvd.nist.gov/vuln/detail/CVE-2019-25615) | 8.6 | HIGH | CWE-787 | No | 0.0% | 6.02 | 2026-03-22 | Lavavo CD Ripper 4.20 contains a structured exception handling (SEH) buffer overflow vulnerability that allows local att... |
| [CVE-2019-25614](https://nvd.nist.gov/vuln/detail/CVE-2019-25614) | 9.3 | CRITICAL | CWE-787 | No | 0.6% | 6.53 | 2026-03-22 | Free Float FTP 1.0 contains a buffer overflow vulnerability in the STOR command handler that allows remote attackers to... |
| [CVE-2019-25613](https://nvd.nist.gov/vuln/detail/CVE-2019-25613) | 8.7 | HIGH | CWE-940 | No | 0.3% | 6.10 | 2026-03-22 | Easy Chat Server 3.1 contains a denial of service vulnerability that allows remote attackers to crash the application by... |
| [CVE-2019-25612](https://nvd.nist.gov/vuln/detail/CVE-2019-25612) | 8.5 | HIGH | CWE-787 | No | 0.0% | 5.95 | 2026-03-22 | Admin Express 1.2.5.485 contains a local structured exception handling buffer overflow vulnerability that allows local a... |
| [CVE-2019-25611](https://nvd.nist.gov/vuln/detail/CVE-2019-25611) | 8.6 | HIGH | CWE-787 | No | 0.0% | 6.02 | 2026-03-22 | MiniFtp contains a buffer overflow vulnerability in the parseconf_load_setting function that allows local attackers to e... |
| [CVE-2019-25610](https://nvd.nist.gov/vuln/detail/CVE-2019-25610) | 7.1 | HIGH | CWE-22 | No | 0.3% | 4.98 | 2026-03-22 | NetNumber Titan Master 7.9.1 contains a path traversal vulnerability in the drp endpoint that allows authenticated users... |
| [CVE-2019-25609](https://nvd.nist.gov/vuln/detail/CVE-2019-25609) | 8.6 | HIGH | CWE-787 | No | 0.0% | 6.02 | 2026-03-22 | JetAudio jetCast Server 2.0 contains a stack-based buffer overflow vulnerability in the Log Directory configuration fiel... |
| [CVE-2019-25608](https://nvd.nist.gov/vuln/detail/CVE-2019-25608) | 8.6 | HIGH | CWE-520 | No | 0.0% | 6.02 | 2026-03-22 | Iperius Backup 6.1.0 contains a privilege escalation vulnerability that allows low-privilege users to execute arbitrary... |
| [CVE-2019-25607](https://nvd.nist.gov/vuln/detail/CVE-2019-25607) | 8.6 | HIGH | CWE-787 | No | 0.0% | 6.02 | 2026-03-22 | Axessh 4.2 contains a stack-based buffer overflow vulnerability in the log file name field that allows local attackers t... |
| [CVE-2019-25606](https://nvd.nist.gov/vuln/detail/CVE-2019-25606) | 6.8 | MEDIUM | CWE-787 | No | 0.0% | 4.76 | 2026-03-22 | Fast AVI MPEG Joiner 1.2.0812 contains a buffer overflow vulnerability that allows local attackers to crash the applicat... |
| [CVE-2019-25605](https://nvd.nist.gov/vuln/detail/CVE-2019-25605) | 8.7 | HIGH | CWE-612 | No | 0.0% | 6.09 | 2026-03-22 | EquityPandit 1.0 contains an insecure logging vulnerability that allows attackers to capture sensitive user credentials... |
| [CVE-2019-25604](https://nvd.nist.gov/vuln/detail/CVE-2019-25604) | 8.6 | HIGH | CWE-787 | No | 0.0% | 6.02 | 2026-03-22 | DVDXPlayer Pro 5.5 contains a local buffer overflow vulnerability with structured exception handling that allows local a... |
| [CVE-2019-25603](https://nvd.nist.gov/vuln/detail/CVE-2019-25603) | 8.6 | HIGH | CWE-787 | No | 0.0% | 6.02 | 2026-03-22 | TuneClone 2.20 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attackers t... |
| [CVE-2019-25602](https://nvd.nist.gov/vuln/detail/CVE-2019-25602) | 6.8 | MEDIUM | CWE-1260 | No | 0.0% | 4.76 | 2026-03-22 | GSearch 1.0.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by input... |
| [CVE-2019-25601](https://nvd.nist.gov/vuln/detail/CVE-2019-25601) | 6.9 | MEDIUM | CWE-787 | No | 0.0% | 4.83 | 2026-03-22 | UltraVNC Launcher 1.2.2.4 contains a buffer overflow vulnerability in the Path vncviewer.exe property field that allows... |
| [CVE-2019-25600](https://nvd.nist.gov/vuln/detail/CVE-2019-25600) | 7.1 | HIGH | CWE-787 | No | 0.0% | 4.97 | 2026-03-22 | UltraVNC Viewer 1.2.2.4 contains a denial of service vulnerability that allows attackers to crash the application by sup... |
| [CVE-2019-25599](https://nvd.nist.gov/vuln/detail/CVE-2019-25599) | 6.9 | MEDIUM | CWE-466 | No | 0.0% | 4.83 | 2026-03-22 | Backup Key Recovery 2.2.4 contains a denial of service vulnerability that allows local attackers to crash the applicatio... |
| [CVE-2019-25598](https://nvd.nist.gov/vuln/detail/CVE-2019-25598) | 6.9 | MEDIUM | CWE-787 | No | 0.0% | 4.83 | 2026-03-22 | HeidiSQL Portable 10.1.0.5464 contains a denial of service vulnerability that allows local attackers to crash the applic... |
| [CVE-2019-25597](https://nvd.nist.gov/vuln/detail/CVE-2019-25597) | 6.9 | MEDIUM | CWE-787 | No | 0.0% | 4.83 | 2026-03-22 | NSauditor 3.1.2.0 contains a buffer overflow vulnerability in the SNMP Auditor Community field that allows local attacke... |
| [CVE-2019-25596](https://nvd.nist.gov/vuln/detail/CVE-2019-25596) | 6.9 | MEDIUM | CWE-1287 | No | 0.0% | 4.83 | 2026-03-22 | SpotAuditor 5.2.6 contains a denial of service vulnerability in the registration dialog that allows local attackers to c... |
| [CVE-2019-25595](https://nvd.nist.gov/vuln/detail/CVE-2019-25595) | 6.9 | MEDIUM | CWE-469 | No | 0.0% | 4.83 | 2026-03-22 | jetAudio 8.1.7.20702 Basic contains a denial of service vulnerability that allows local attackers to crash the applicati... |
| [CVE-2019-25594](https://nvd.nist.gov/vuln/detail/CVE-2019-25594) | 6.9 | MEDIUM | CWE-807 | No | 0.0% | 4.83 | 2026-03-22 | ASPRunner.NET 10.1 contains a denial of service vulnerability that allows local attackers to crash the application by su... |
| [CVE-2019-25593](https://nvd.nist.gov/vuln/detail/CVE-2019-25593) | 6.8 | MEDIUM | CWE-1285 | No | 0.0% | 4.76 | 2026-03-22 | jetCast Server 2.0 contains a denial of service vulnerability that allows local attackers to crash the application by su... |
| [CVE-2019-25592](https://nvd.nist.gov/vuln/detail/CVE-2019-25592) | 6.9 | MEDIUM | CWE-1260 | No | 0.0% | 4.83 | 2026-03-22 | PHPRunner 10.1 contains a denial of service vulnerability that allows local attackers to crash the application by supply... |
| [CVE-2019-25591](https://nvd.nist.gov/vuln/detail/CVE-2019-25591) | 6.9 | MEDIUM | CWE-787 | No | 0.0% | 4.83 | 2026-03-22 | DNSS Domain Name Search Software 2.1.8 contains a buffer overflow vulnerability in the registration code input field tha... |
| [CVE-2019-25590](https://nvd.nist.gov/vuln/detail/CVE-2019-25590) | 6.9 | MEDIUM | CWE-1282 | No | 0.0% | 4.83 | 2026-03-22 | Axessh 4.2 contains a denial of service vulnerability in the logging configuration that allows local attackers to crash... |
| [CVE-2026-4115](https://nvd.nist.gov/vuln/detail/CVE-2026-4115) | 6.3 | MEDIUM | CWE-345 | No | 0.0% | 4.41 | 2026-03-22 | A vulnerability was detected in PuTTY 0.83. Affected is the function eddsa_verify of the file crypto/ecc-ssh.c of the co... |
| [CVE-2026-4545](https://nvd.nist.gov/vuln/detail/CVE-2026-4545) | 7.3 | HIGH | CWE-426 | No | 0.0% | 5.11 | 2026-03-22 | A security flaw has been discovered in Flos Freeware Notepad2 4.2.25. This affects an unknown function in the library PR... |
| [CVE-2026-4544](https://nvd.nist.gov/vuln/detail/CVE-2026-4544) | 4.8 | MEDIUM | CWE-79 | No | 0.0% | 3.36 | 2026-03-22 | A vulnerability was determined in Wavlink WL-WN578W2 221110. This affects an unknown function of the file /cgi-bin/login... |
| [CVE-2026-4543](https://nvd.nist.gov/vuln/detail/CVE-2026-4543) | 5.3 | MEDIUM | CWE-74 | No | 0.3% | 3.72 | 2026-03-22 | A vulnerability was found in Wavlink WL-WN578W2 221110. The impacted element is an unknown function of the file /cgi-bin... |
| [CVE-2026-4542](https://nvd.nist.gov/vuln/detail/CVE-2026-4542) | 5.3 | MEDIUM | CWE-22 | No | 0.0% | 3.71 | 2026-03-22 | A vulnerability has been found in SSCMS 4.7.0. The affected element is an unknown function of the file LayerImageControl... |
| [CVE-2026-4541](https://nvd.nist.gov/vuln/detail/CVE-2026-4541) | 2.0 | LOW | CWE-345 | No | 0.0% | 1.40 | 2026-03-22 | A flaw has been found in janmojzis tinyssh up to 20250501. Impacted is an unknown function of the file tinyssh/crypto_si... |
| [CVE-2026-4540](https://nvd.nist.gov/vuln/detail/CVE-2026-4540) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-22 | A vulnerability was detected in projectworlds Online Notes Sharing System 1.0. This issue affects some unknown processin... |
| [CVE-2026-4539](https://nvd.nist.gov/vuln/detail/CVE-2026-4539) | 4.8 | MEDIUM | CWE-400 | No | 0.0% | 3.36 | 2026-03-22 | A security flaw has been discovered in pygments up to 2.19.2. The impacted element is the function AdlLexer of the file... |
| [CVE-2026-4538](https://nvd.nist.gov/vuln/detail/CVE-2026-4538) | 4.8 | MEDIUM | CWE-20 | No | 0.0% | 3.36 | 2026-03-22 | A vulnerability was identified in PyTorch 2.10.0. The affected element is an unknown function of the component pt2 Loadi... |
| [CVE-2026-4537](https://nvd.nist.gov/vuln/detail/CVE-2026-4537) | 5.1 | MEDIUM | CWE-74 | No | 0.3% | 3.58 | 2026-03-22 | A vulnerability was determined in Cudy TR1200 R46-2.4.15-20250721-164017. Impacted is the function action_ipsec_conn of... |
| [CVE-2026-4536](https://nvd.nist.gov/vuln/detail/CVE-2026-4536) | 6.9 | MEDIUM | CWE-284 | No | 0.1% | 4.83 | 2026-03-22 | A vulnerability was found in Acrel Environmental Monitoring Cloud Platform 1.1.0. This issue affects some unknown proces... |
| [CVE-2026-4535](https://nvd.nist.gov/vuln/detail/CVE-2026-4535) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-22 | A vulnerability has been found in Tenda FH451 1.0.0.9. This vulnerability affects the function WrlclientSet of the file... |
| [CVE-2026-4534](https://nvd.nist.gov/vuln/detail/CVE-2026-4534) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-22 | A flaw has been found in Tenda FH451 1.0.0.9. This affects the function formWrlExtraSet of the file /goform/WrlExtraSet.... |
| [CVE-2026-4314](https://nvd.nist.gov/vuln/detail/CVE-2026-4314) | 8.8 | HIGH | CWE-269 | No | 0.0% | 6.16 | 2026-03-22 | The 'The Ultimate WordPress Toolkit – WP Extended' plugin for WordPress is vulnerable to Privilege Escalation in all ver... |
| [CVE-2026-3427](https://nvd.nist.gov/vuln/detail/CVE-2026-3427) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-03-22 | The Yoast SEO – Advanced SEO with real-time guidance and built-in AI plugin for WordPress is vulnerable to Stored Cross-... |
| [CVE-2026-4533](https://nvd.nist.gov/vuln/detail/CVE-2026-4533) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-03-22 | A vulnerability was detected in code-projects Simple Food Ordering System 1.0. Affected by this issue is some unknown fu... |
| [CVE-2026-33550](https://nvd.nist.gov/vuln/detail/CVE-2026-33550) | 2.0 | LOW | CWE-308 | No | 0.0% | 1.40 | 2026-03-22 | SOGo before 5.12.5 does not renew the OTP if a user disables/enables it, and has a too short length (only 12 digits inst... |
| [CVE-2026-33549](https://nvd.nist.gov/vuln/detail/CVE-2026-33549) | 6.7 | MEDIUM | CWE-688 | No | 0.0% | 4.69 | 2026-03-22 | SPIP 4.4.10 through 4.4.12 before 4.4.13 allows unintended privilege assignment (of administrator privileges) during the... |
| [CVE-2025-71276](https://nvd.nist.gov/vuln/detail/CVE-2025-71276) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-03-22 | SOGo before 5.12.5 is prone to a XSS vulnerability with events, tasks, and contacts categories. |
| [CVE-2026-4532](https://nvd.nist.gov/vuln/detail/CVE-2026-4532) | 5.5 | MEDIUM | CWE-425 | No | 0.0% | 3.85 | 2026-03-22 | A security vulnerability has been detected in code-projects Simple Food Ordering System up to 1.0. Affected by this vuln... |
| [CVE-2026-4531](https://nvd.nist.gov/vuln/detail/CVE-2026-4531) | 6.9 | MEDIUM | CWE-404 | No | 0.1% | 4.83 | 2026-03-22 | A weakness has been identified in Free5GC 4.1.0. Affected is the function HandleRegistrationComplete of the file interna... |
| [CVE-2019-25589](https://nvd.nist.gov/vuln/detail/CVE-2019-25589) | 6.9 | MEDIUM | CWE-787 | No | 0.0% | 4.83 | 2026-03-22 | ZOC Terminal 7.23.4 contains a buffer overflow vulnerability in the Shell field of Program Settings that allows local at... |
| [CVE-2019-25588](https://nvd.nist.gov/vuln/detail/CVE-2019-25588) | 6.9 | MEDIUM | CWE-1282 | No | 0.0% | 4.83 | 2026-03-22 | BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the DNS Address field that allows local... |
| [CVE-2019-25587](https://nvd.nist.gov/vuln/detail/CVE-2019-25587) | 6.9 | MEDIUM | CWE-1282 | No | 0.0% | 4.83 | 2026-03-22 | BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the Storage-Path configuration paramete... |
| [CVE-2019-25586](https://nvd.nist.gov/vuln/detail/CVE-2019-25586) | 6.9 | MEDIUM | CWE-466 | No | 0.0% | 4.83 | 2026-03-22 | Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplyi... |
| [CVE-2019-25585](https://nvd.nist.gov/vuln/detail/CVE-2019-25585) | 6.9 | MEDIUM | CWE-1260 | No | 0.0% | 4.83 | 2026-03-22 | Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplyi... |
| [CVE-2019-25584](https://nvd.nist.gov/vuln/detail/CVE-2019-25584) | 6.9 | MEDIUM | CWE-787 | No | 0.0% | 4.83 | 2026-03-22 | RarmaRadio 2.72.3 contains a buffer overflow vulnerability in the Server field of the Network settings that allows local... |
| [CVE-2019-25583](https://nvd.nist.gov/vuln/detail/CVE-2019-25583) | 6.9 | MEDIUM | CWE-1282 | No | 0.0% | 4.83 | 2026-03-22 | RarmaRadio 2.72.3 contains a denial of service vulnerability in the Username field that allows local attackers to crash... |
| [CVE-2026-4530](https://nvd.nist.gov/vuln/detail/CVE-2026-4530) | 4.8 | MEDIUM | CWE-74 | No | 0.0% | 3.36 | 2026-03-22 | A security flaw has been discovered in apconw Aix-DB up to 1.2.3. This impacts an unknown function of the file agent/tex... |
| [CVE-2026-4529](https://nvd.nist.gov/vuln/detail/CVE-2026-4529) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-21 | A vulnerability was identified in D-Link DHP-1320 1.00WWB04. This affects the function redirect_count_down_page of the c... |
| [CVE-2026-3629](https://nvd.nist.gov/vuln/detail/CVE-2026-3629) | 8.1 | HIGH | CWE-269 | No | 0.1% | 5.67 | 2026-03-21 | The Import and export users and customers plugin for WordPress is vulnerable to privilege escalation in all versions up... |
| [CVE-2026-4528](https://nvd.nist.gov/vuln/detail/CVE-2026-4528) | 6.9 | MEDIUM | CWE-918 | No | 0.1% | 4.83 | 2026-03-21 | A vulnerability was determined in trueleaf ApiFlow 0.9.7. The impacted element is the function validateUrlSecurity of th... |
| [CVE-2026-2756](https://nvd.nist.gov/vuln/detail/CVE-2026-2756) | 2.3 | LOW | CWE-287 | No | 0.0% | 1.61 | 2026-03-21 | A security vulnerability has been detected in OmniPEMF NeoRhythm up to 20260308. This affects an unknown function of the... |
| [CVE-2019-25582](https://nvd.nist.gov/vuln/detail/CVE-2019-25582) | 7.1 | HIGH | CWE-434 | No | 0.1% | 4.97 | 2026-03-21 | i-doit CMDB 1.12 contains an arbitrary file download vulnerability that allows authenticated attackers to download sensi... |
| [CVE-2019-25581](https://nvd.nist.gov/vuln/detail/CVE-2019-25581) | 8.8 | HIGH | CWE-89 | No | 0.2% | 6.17 | 2026-03-21 | i-doit CMDB 1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL... |
| [CVE-2019-25580](https://nvd.nist.gov/vuln/detail/CVE-2019-25580) | 8.8 | HIGH | CWE-434 | No | 0.1% | 6.16 | 2026-03-21 | ownDMS 4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL querie... |
| [CVE-2019-25579](https://nvd.nist.gov/vuln/detail/CVE-2019-25579) | 8.7 | HIGH | CWE-22 | No | 3.3% | 6.19 | 2026-03-21 | phpTransformer 2016.9 contains a directory traversal vulnerability that allows unauthenticated attackers to access arbit... |
| [CVE-2019-25578](https://nvd.nist.gov/vuln/detail/CVE-2019-25578) | 8.8 | HIGH | CWE-89 | No | 0.0% | 6.16 | 2026-03-21 | phpTransformer 2016.9 contains an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL quer... |
| [CVE-2019-25577](https://nvd.nist.gov/vuln/detail/CVE-2019-25577) | 6.8 | MEDIUM | CWE-22 | No | 0.0% | 4.76 | 2026-03-21 | SeoToaster Ecommerce 3.0.0 contains a local file inclusion vulnerability that allows authenticated attackers to read arb... |
| [CVE-2019-25576](https://nvd.nist.gov/vuln/detail/CVE-2019-25576) | 8.8 | HIGH | CWE-89 | No | 0.1% | 6.16 | 2026-03-21 | Kepler Wallpaper Script 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arb... |
| [CVE-2019-25575](https://nvd.nist.gov/vuln/detail/CVE-2019-25575) | 8.8 | HIGH | CWE-89 | No | 0.1% | 6.16 | 2026-03-21 | SimplePress CMS 1.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary... |
| [CVE-2019-25574](https://nvd.nist.gov/vuln/detail/CVE-2019-25574) | 7.1 | HIGH | CWE-22 | No | 1.8% | 5.02 | 2026-03-21 | Green CMS 2.x contains a path traversal vulnerability that allows authenticated attackers to download arbitrary files an... |
| [CVE-2019-25573](https://nvd.nist.gov/vuln/detail/CVE-2019-25573) | 7.1 | HIGH | CWE-89 | No | 0.1% | 4.97 | 2026-03-21 | Green CMS 2.x contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queri... |
| [CVE-2026-4516](https://nvd.nist.gov/vuln/detail/CVE-2026-4516) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-03-21 | A vulnerability was found in Foundation Agents MetaGPT up to 0.8.1. This vulnerability affects unknown code of the file... |
| [CVE-2019-25572](https://nvd.nist.gov/vuln/detail/CVE-2019-25572) | 6.9 | MEDIUM | CWE-1260 | No | 0.0% | 4.83 | 2026-03-21 | NordVPN 6.19.6 contains a denial of service vulnerability that allows local attackers to crash the application by submit... |
| [CVE-2019-25571](https://nvd.nist.gov/vuln/detail/CVE-2019-25571) | 6.9 | MEDIUM | CWE-226 | No | 0.0% | 4.83 | 2026-03-21 | MediaMonkey 4.1.23 contains a denial of service vulnerability that allows local attackers to crash the application by op... |
| [CVE-2019-25570](https://nvd.nist.gov/vuln/detail/CVE-2019-25570) | 6.8 | MEDIUM | CWE-1260 | No | 0.0% | 4.76 | 2026-03-21 | RealTerm Serial Terminal 2.0.0.70 contains a denial of service vulnerability that allows local attackers to crash the ap... |
| [CVE-2019-25569](https://nvd.nist.gov/vuln/detail/CVE-2019-25569) | 6.9 | MEDIUM | CWE-787 | No | 0.0% | 4.83 | 2026-03-21 | RealTerm Serial Terminal 2.0.0.70 contains a stack-based buffer overflow vulnerability in the Echo Port field that allow... |
| [CVE-2019-25568](https://nvd.nist.gov/vuln/detail/CVE-2019-25568) | 9.3 | CRITICAL | CWE-306 | No | 0.1% | 6.51 | 2026-03-21 | Memu Play 6.0.7 contains an insecure file permissions vulnerability that allows low-privilege users to escalate privileg... |
| [CVE-2019-25567](https://nvd.nist.gov/vuln/detail/CVE-2019-25567) | 6.9 | MEDIUM | CWE-787 | No | 0.0% | 4.83 | 2026-03-21 | Valentina Studio 9.0.5 Linux contains a buffer overflow vulnerability in the Host field of the connection dialog that al... |
| [CVE-2019-25566](https://nvd.nist.gov/vuln/detail/CVE-2019-25566) | 6.9 | MEDIUM | CWE-787 | No | 0.0% | 4.83 | 2026-03-21 | TransMac 12.3 contains a buffer overflow vulnerability in the volume name field that allows local attackers to crash the... |
| [CVE-2019-25565](https://nvd.nist.gov/vuln/detail/CVE-2019-25565) | 6.9 | MEDIUM | CWE-787 | No | 0.0% | 4.83 | 2026-03-21 | Magic Iso Maker 5.5 build 281 contains a buffer overflow vulnerability in the Serial Code registration field that allows... |
| [CVE-2019-25564](https://nvd.nist.gov/vuln/detail/CVE-2019-25564) | 6.8 | MEDIUM | CWE-787 | No | 0.0% | 4.76 | 2026-03-21 | PCHelpWareV2 1.0.0.5 contains a denial of service vulnerability that allows local attackers to crash the application by... |
| [CVE-2019-25563](https://nvd.nist.gov/vuln/detail/CVE-2019-25563) | 6.9 | MEDIUM | CWE-226 | No | 0.0% | 4.83 | 2026-03-21 | PCHelpWareV2 1.0.0.5 contains a denial of service vulnerability that allows local attackers to crash the application by... |
| [CVE-2019-25562](https://nvd.nist.gov/vuln/detail/CVE-2019-25562) | 6.8 | MEDIUM | CWE-787 | No | 0.0% | 4.76 | 2026-03-21 | jetAudio 8.1.7 contains a buffer overflow vulnerability in the video converter component that allows local attackers to... |
| [CVE-2019-25561](https://nvd.nist.gov/vuln/detail/CVE-2019-25561) | 6.9 | MEDIUM | CWE-787 | No | 0.0% | 4.83 | 2026-03-21 | Lyric Maker 2.0.1.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by sup... |
| [CVE-2019-25560](https://nvd.nist.gov/vuln/detail/CVE-2019-25560) | 8.7 | HIGH | CWE-226 | No | 0.1% | 6.09 | 2026-03-21 | Lyric Video Creator 2.1 contains a denial of service vulnerability that allows attackers to crash the application by pro... |
| [CVE-2019-25559](https://nvd.nist.gov/vuln/detail/CVE-2019-25559) | 6.8 | MEDIUM | CWE-1260 | No | 0.0% | 4.76 | 2026-03-21 | SpotPaltalk 1.1.5 contains a denial of service vulnerability in the registration code input field that allows local atta... |
| [CVE-2019-25558](https://nvd.nist.gov/vuln/detail/CVE-2019-25558) | 6.9 | MEDIUM | CWE-787 | No | 0.0% | 4.83 | 2026-03-21 | Selfie Studio 2.17 contains a denial of service vulnerability in the Resize Image function that allows local attackers t... |
| [CVE-2019-25557](https://nvd.nist.gov/vuln/detail/CVE-2019-25557) | 6.9 | MEDIUM | CWE-775 | No | 0.0% | 4.83 | 2026-03-21 | TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability that allows local attackers to crash the applic... |
| [CVE-2019-25556](https://nvd.nist.gov/vuln/detail/CVE-2019-25556) | 6.9 | MEDIUM | CWE-787 | No | 0.0% | 4.83 | 2026-03-21 | TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability in the Resize Image function that allows local... |
| [CVE-2019-25555](https://nvd.nist.gov/vuln/detail/CVE-2019-25555) | 6.9 | MEDIUM | CWE-131 | No | 0.0% | 4.83 | 2026-03-21 | TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability in the Script Recorder component that allows lo... |
| [CVE-2019-25554](https://nvd.nist.gov/vuln/detail/CVE-2019-25554) | 6.8 | MEDIUM | CWE-787 | No | 0.0% | 4.76 | 2026-03-21 | Tomabo MP4 Converter 3.25.22 contains a denial of service vulnerability that allows local attackers to crash the applica... |
| [CVE-2019-25553](https://nvd.nist.gov/vuln/detail/CVE-2019-25553) | 6.9 | MEDIUM | CWE-226 | No | 0.0% | 4.83 | 2026-03-21 | CEWE PHOTO IMPORTER 6.4.3 contains a denial of service vulnerability that allows local attackers to crash the applicatio... |
| [CVE-2019-25552](https://nvd.nist.gov/vuln/detail/CVE-2019-25552) | 8.7 | HIGH | CWE-836 | No | 0.0% | 6.09 | 2026-03-21 | CEWE PHOTO SHOW 6.4.3 contains a denial of service vulnerability that allows attackers to crash the application by submi... |
| [CVE-2019-25551](https://nvd.nist.gov/vuln/detail/CVE-2019-25551) | 6.9 | MEDIUM | CWE-1282 | No | 0.0% | 4.83 | 2026-03-21 | Sandboxie 5.30 contains a denial of service vulnerability that allows local attackers to crash the application by supply... |
| [CVE-2019-25550](https://nvd.nist.gov/vuln/detail/CVE-2019-25550) | 6.9 | MEDIUM | CWE-787 | No | 0.0% | 4.83 | 2026-03-21 | Encrypt PDF 2.3 contains a buffer overflow vulnerability that allows local attackers to crash the application by inputti... |
| [CVE-2019-25549](https://nvd.nist.gov/vuln/detail/CVE-2019-25549) | 6.9 | MEDIUM | CWE-787 | No | 0.0% | 4.83 | 2026-03-21 | VeryPDF PCL Converter 2.7 contains a denial of service vulnerability that allows local attackers to crash the applicatio... |
| [CVE-2019-25548](https://nvd.nist.gov/vuln/detail/CVE-2019-25548) | 6.9 | MEDIUM | CWE-466 | No | 0.0% | 4.83 | 2026-03-21 | BlueStacks 4.80.0.1060 contains a denial of service vulnerability that allows local attackers to crash the application b... |
| [CVE-2019-25547](https://nvd.nist.gov/vuln/detail/CVE-2019-25547) | 6.9 | MEDIUM | CWE-787 | No | 0.0% | 4.83 | 2026-03-21 | NetAware 1.20 contains a buffer overflow vulnerability in the User Blocking feature that allows local attackers to crash... |
| [CVE-2019-25546](https://nvd.nist.gov/vuln/detail/CVE-2019-25546) | 6.9 | MEDIUM | CWE-787 | No | 0.0% | 4.83 | 2026-03-21 | NetAware 1.20 contains a buffer overflow vulnerability in the Share Name field that allows local attackers to crash the... |
| [CVE-2019-25545](https://nvd.nist.gov/vuln/detail/CVE-2019-25545) | 6.9 | MEDIUM | CWE-787 | No | 0.0% | 4.83 | 2026-03-21 | Terminal Services Manager 3.2.1 contains a local buffer overflow vulnerability that allows attackers to crash the applic... |
| [CVE-2019-25544](https://nvd.nist.gov/vuln/detail/CVE-2019-25544) | 6.9 | MEDIUM | CWE-807 | No | 0.0% | 4.83 | 2026-03-21 | Pidgin 2.13.0 contains a denial of service vulnerability that allows local attackers to crash the application by providi... |
| [CVE-2026-4515](https://nvd.nist.gov/vuln/detail/CVE-2026-4515) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-03-21 | A vulnerability has been found in Foundation Agents MetaGPT up to 0.8.1. This affects the function code_generate of the... |
| [CVE-2026-4514](https://nvd.nist.gov/vuln/detail/CVE-2026-4514) | 5.3 | MEDIUM | CWE-266 | No | 0.0% | 3.71 | 2026-03-21 | A flaw has been found in PbootCMS up to 3.2.12. Affected by this issue is some unknown functionality of the file apps/ad... |
| [CVE-2026-4513](https://nvd.nist.gov/vuln/detail/CVE-2026-4513) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-03-21 | A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is the function ask of the fi... |
| [CVE-2026-4511](https://nvd.nist.gov/vuln/detail/CVE-2026-4511) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-03-21 | A security vulnerability has been detected in vanna-ai vanna up to 2.0.2. Affected is the function exec of the file /src... |
| [CVE-2026-4510](https://nvd.nist.gov/vuln/detail/CVE-2026-4510) | 5.3 | MEDIUM | CWE-79 | No | 0.0% | 3.71 | 2026-03-21 | A weakness has been identified in PbootCMS up to 3.2.12. This impacts the function alert_location of the file apps/home/... |
| [CVE-2026-4373](https://nvd.nist.gov/vuln/detail/CVE-2026-4373) | 7.5 | HIGH | CWE-36 | No | 0.1% | 5.25 | 2026-03-21 | The JetFormBuilder plugin for WordPress is vulnerable to arbitrary file read via path traversal in all versions up to, a... |
| [CVE-2026-4509](https://nvd.nist.gov/vuln/detail/CVE-2026-4509) | 5.3 | MEDIUM | CWE-183 | No | 0.1% | 3.71 | 2026-03-21 | A security flaw has been discovered in PbootCMS up to 3.2.12. This affects an unknown function of the file core/function... |
| [CVE-2026-4261](https://nvd.nist.gov/vuln/detail/CVE-2026-4261) | 8.8 | HIGH | CWE-862 | No | 0.0% | 6.16 | 2026-03-21 | The Expire Users plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.2.... |
| [CVE-2026-4161](https://nvd.nist.gov/vuln/detail/CVE-2026-4161) | 4.4 | MEDIUM | CWE-79 | No | 0.1% | 3.08 | 2026-03-21 | The Review Map by RevuKangaroo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings... |
| [CVE-2026-4143](https://nvd.nist.gov/vuln/detail/CVE-2026-4143) | 4.3 | MEDIUM | CWE-352 | No | 0.0% | 3.01 | 2026-03-21 | The Neos Connector for Fakturama plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to... |
| [CVE-2026-4127](https://nvd.nist.gov/vuln/detail/CVE-2026-4127) | 4.3 | MEDIUM | CWE-862 | No | 0.0% | 3.01 | 2026-03-21 | The Speedup Optimization plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including... |
| [CVE-2026-4087](https://nvd.nist.gov/vuln/detail/CVE-2026-4087) | 6.5 | MEDIUM | CWE-89 | No | 0.0% | 4.55 | 2026-03-21 | The Pre* Party Resource Hints plugin for WordPress is vulnerable to SQL Injection via the 'hint_ids' parameter of the pp... |
| [CVE-2026-4086](https://nvd.nist.gov/vuln/detail/CVE-2026-4086) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-03-21 | The WP Random Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cat', 'nocat', and 'text... |
| [CVE-2026-4084](https://nvd.nist.gov/vuln/detail/CVE-2026-4084) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-03-21 | The fyyd podcast shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fyyd-podcast', 'f... |
| [CVE-2026-4077](https://nvd.nist.gov/vuln/detail/CVE-2026-4077) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-03-21 | The Ecover Builder For Dummies plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter... |
| [CVE-2026-4072](https://nvd.nist.gov/vuln/detail/CVE-2026-4072) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-03-21 | The WordPress PayPal Donation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'donate' shortco... |
| [CVE-2026-4069](https://nvd.nist.gov/vuln/detail/CVE-2026-4069) | 6.1 | MEDIUM | CWE-79 | No | 0.1% | 4.27 | 2026-03-21 | The Alfie – Feed Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'naam' parameter in al... |
| [CVE-2026-4067](https://nvd.nist.gov/vuln/detail/CVE-2026-4067) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-03-21 | The Ad Short plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ad' shortcode's 'client' attribu... |
| [CVE-2026-4022](https://nvd.nist.gov/vuln/detail/CVE-2026-4022) | 6.4 | MEDIUM | CWE-79 | No | 0.1% | 4.48 | 2026-03-21 | The Show Posts list – Easy designs, filters and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting v... |
| [CVE-2026-4004](https://nvd.nist.gov/vuln/detail/CVE-2026-4004) | 6.5 | MEDIUM | CWE-94 | No | 0.1% | 4.55 | 2026-03-21 | The Task Manager plugin for WordPress is vulnerable to arbitrary shortcode execution via the 'search' AJAX action in all... |
| [CVE-2026-3997](https://nvd.nist.gov/vuln/detail/CVE-2026-3997) | 6.4 | MEDIUM | CWE-79 | No | 0.1% | 4.48 | 2026-03-21 | The Text Toggle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' shortcode attribute of... |
| [CVE-2026-3996](https://nvd.nist.gov/vuln/detail/CVE-2026-3996) | 6.4 | MEDIUM | CWE-79 | No | 0.1% | 4.48 | 2026-03-21 | The WP Games Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the [game] shortcode in all ver... |
| [CVE-2026-3651](https://nvd.nist.gov/vuln/detail/CVE-2026-3651) | 5.3 | MEDIUM | CWE-862 | No | 0.1% | 3.71 | 2026-03-21 | The Build App Online plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0... |
| [CVE-2026-3645](https://nvd.nist.gov/vuln/detail/CVE-2026-3645) | 5.3 | MEDIUM | CWE-862 | No | 0.1% | 3.71 | 2026-03-21 | The Punnel – Landing Page Builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and... |
| [CVE-2026-3641](https://nvd.nist.gov/vuln/detail/CVE-2026-3641) | 5.3 | MEDIUM | CWE-20 | No | 0.1% | 3.71 | 2026-03-21 | The Appmax plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 1.0.3.... |
| [CVE-2026-3619](https://nvd.nist.gov/vuln/detail/CVE-2026-3619) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-03-21 | The Sheets2Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'titles' shortcode attribute... |
| [CVE-2026-3617](https://nvd.nist.gov/vuln/detail/CVE-2026-3617) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-03-21 | The Paypal Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'amount' and 'name' short... |
| [CVE-2026-3570](https://nvd.nist.gov/vuln/detail/CVE-2026-3570) | 5.3 | MEDIUM | CWE-862 | No | 0.1% | 3.71 | 2026-03-21 | The Smarter Analytics plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.... |
| [CVE-2026-3554](https://nvd.nist.gov/vuln/detail/CVE-2026-3554) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-03-21 | The Sherk Custom Post Type Displays plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' sh... |
| [CVE-2026-3546](https://nvd.nist.gov/vuln/detail/CVE-2026-3546) | 5.3 | MEDIUM | CWE-202 | No | 0.0% | 3.71 | 2026-03-21 | The e-shot form builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and... |
| [CVE-2026-3506](https://nvd.nist.gov/vuln/detail/CVE-2026-3506) | 5.3 | MEDIUM | CWE-862 | No | 0.1% | 3.71 | 2026-03-21 | The WP-Chatbot for Messenger plugin for WordPress is vulnerable to authorization bypass in all versions up to, and inclu... |
| [CVE-2026-3478](https://nvd.nist.gov/vuln/detail/CVE-2026-3478) | 7.2 | HIGH | CWE-918 | No | 0.1% | 5.04 | 2026-03-21 | The Content Syndication Toolkit plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to,... |
| [CVE-2026-3460](https://nvd.nist.gov/vuln/detail/CVE-2026-3460) | 5.3 | MEDIUM | CWE-20 | No | 0.0% | 3.71 | 2026-03-21 | The REST API TO MiniProgram plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to... |
| [CVE-2026-3354](https://nvd.nist.gov/vuln/detail/CVE-2026-3354) | 4.4 | MEDIUM | CWE-79 | No | 0.0% | 3.08 | 2026-03-21 | The Wikilookup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Popup Width' setting in all ve... |
| [CVE-2026-3353](https://nvd.nist.gov/vuln/detail/CVE-2026-3353) | 4.4 | MEDIUM | CWE-79 | No | 0.0% | 3.08 | 2026-03-21 | The Comment SPAM Wiper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'API Key' setting in al... |
| [CVE-2026-3347](https://nvd.nist.gov/vuln/detail/CVE-2026-3347) | 5.5 | MEDIUM | CWE-79 | No | 0.0% | 3.85 | 2026-03-21 | The Multi Functional Flexi Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `arv_lb[me... |
| [CVE-2026-3335](https://nvd.nist.gov/vuln/detail/CVE-2026-3335) | 5.3 | MEDIUM | CWE-862 | No | 0.2% | 3.71 | 2026-03-21 | The Canto plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.1.1 via th... |
| [CVE-2026-3334](https://nvd.nist.gov/vuln/detail/CVE-2026-3334) | 8.8 | HIGH | CWE-89 | No | 0.0% | 6.16 | 2026-03-21 | The CMS Commander plugin for WordPress is vulnerable to SQL Injection via the 'or_blogname', 'or_blogdescription', and '... |
| [CVE-2026-3333](https://nvd.nist.gov/vuln/detail/CVE-2026-3333) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-03-21 | The MinhNhut Link Gateway plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'linkgate'... |
| [CVE-2026-3332](https://nvd.nist.gov/vuln/detail/CVE-2026-3332) | 4.3 | MEDIUM | CWE-352 | No | 0.0% | 3.01 | 2026-03-21 | The Xhanch - My Advanced Settings plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to... |
| [CVE-2026-3331](https://nvd.nist.gov/vuln/detail/CVE-2026-3331) | 4.3 | MEDIUM | CWE-352 | No | 0.0% | 3.01 | 2026-03-21 | The Lobot Slider Administrator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and i... |
| [CVE-2026-3003](https://nvd.nist.gov/vuln/detail/CVE-2026-3003) | 7.2 | HIGH | CWE-79 | No | 0.1% | 5.04 | 2026-03-21 | The Vagaro Booking Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘vagaro_code’ parame... |
| [CVE-2026-2941](https://nvd.nist.gov/vuln/detail/CVE-2026-2941) | 8.8 | HIGH | CWE-862 | No | 0.0% | 6.16 | 2026-03-21 | The Linksy Search and Replace plugin for WordPress is vulnerable to unauthorized modification of data due to a missing c... |
| [CVE-2026-2837](https://nvd.nist.gov/vuln/detail/CVE-2026-2837) | 4.4 | MEDIUM | CWE-79 | No | 0.0% | 3.08 | 2026-03-21 | The Ricerca – advanced search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin's settings in... |
| [CVE-2026-2723](https://nvd.nist.gov/vuln/detail/CVE-2026-2723) | 6.1 | MEDIUM | CWE-352 | No | 0.0% | 4.27 | 2026-03-21 | The Post Snippits plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including,... |
| [CVE-2026-2720](https://nvd.nist.gov/vuln/detail/CVE-2026-2720) | 6.5 | MEDIUM | CWE-862 | No | 0.0% | 4.55 | 2026-03-21 | The Hr Press Lite plugin for WordPress is vulnerable to unauthorized access of sensitive employee data due to a missing... |
| [CVE-2026-2503](https://nvd.nist.gov/vuln/detail/CVE-2026-2503) | 6.5 | MEDIUM | CWE-89 | No | 0.0% | 4.55 | 2026-03-21 | The ElementCamp plugin for WordPress is vulnerable to time-based SQL Injection via the 'meta_query[compare]' parameter i... |
| [CVE-2026-2501](https://nvd.nist.gov/vuln/detail/CVE-2026-2501) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-03-21 | The Ed's Social Share plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `social_share`... |
| [CVE-2026-2496](https://nvd.nist.gov/vuln/detail/CVE-2026-2496) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-03-21 | The Ed's Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `eds_font_aweso... |
| [CVE-2026-2468](https://nvd.nist.gov/vuln/detail/CVE-2026-2468) | 7.5 | HIGH | CWE-89 | No | 0.1% | 5.25 | 2026-03-21 | The Quentn WP plugin for WordPress is vulnerable to SQL Injection via the 'qntn_wp_access' cookie in all versions up to,... |
| [CVE-2026-2440](https://nvd.nist.gov/vuln/detail/CVE-2026-2440) | 7.2 | HIGH | CWE-79 | No | 0.1% | 5.04 | 2026-03-21 | The SurveyJS plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.5... |
| [CVE-2026-2427](https://nvd.nist.gov/vuln/detail/CVE-2026-2427) | 6.1 | MEDIUM | CWE-79 | No | 0.1% | 4.27 | 2026-03-21 | The itsukaita plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'day_from' and 'day_to' param... |
| [CVE-2026-2424](https://nvd.nist.gov/vuln/detail/CVE-2026-2424) | 4.4 | MEDIUM | CWE-79 | No | 0.0% | 3.08 | 2026-03-21 | The Reward Video Ad for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings i... |
| [CVE-2026-2375](https://nvd.nist.gov/vuln/detail/CVE-2026-2375) | 6.5 | MEDIUM | CWE-269 | No | 0.1% | 4.55 | 2026-03-21 | The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to Privilege Escalat... |
| [CVE-2026-2351](https://nvd.nist.gov/vuln/detail/CVE-2026-2351) | 6.5 | MEDIUM | CWE-73 | No | 0.0% | 4.55 | 2026-03-21 | The Task Manager plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.0.2 v... |
| [CVE-2026-2294](https://nvd.nist.gov/vuln/detail/CVE-2026-2294) | 4.3 | MEDIUM | CWE-285 | No | 0.0% | 3.01 | 2026-03-21 | The UiPress lite \| Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to unauthori... |
| [CVE-2026-2290](https://nvd.nist.gov/vuln/detail/CVE-2026-2290) | 3.8 | LOW | CWE-918 | No | 0.0% | 2.66 | 2026-03-21 | The Post Affiliate Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and incl... |
| [CVE-2026-2279](https://nvd.nist.gov/vuln/detail/CVE-2026-2279) | 7.2 | HIGH | CWE-89 | No | 0.0% | 5.04 | 2026-03-21 | The myLinksDump plugin for WordPress is vulnerable to SQL Injection via the 'sort_by' and 'sort_order' parameters in all... |
| [CVE-2026-2277](https://nvd.nist.gov/vuln/detail/CVE-2026-2277) | 6.1 | MEDIUM | CWE-79 | No | 0.1% | 4.27 | 2026-03-21 | The rexCrawler plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'url' and 'regex' parameters... |
| [CVE-2026-2121](https://nvd.nist.gov/vuln/detail/CVE-2026-2121) | 4.4 | MEDIUM | CWE-79 | No | 0.0% | 3.08 | 2026-03-21 | The Weaver Show Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'add_class' parameter in... |
| [CVE-2026-1935](https://nvd.nist.gov/vuln/detail/CVE-2026-1935) | 4.3 | MEDIUM | CWE-862 | No | 0.0% | 3.01 | 2026-03-21 | The Company Posts for LinkedIn plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and in... |
| [CVE-2026-1914](https://nvd.nist.gov/vuln/detail/CVE-2026-1914) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-03-21 | The FuseDesk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fusedesk_newcase shortco... |
| [CVE-2026-1911](https://nvd.nist.gov/vuln/detail/CVE-2026-1911) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-03-21 | The Twitter Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tweet_title' parameter in t... |
| [CVE-2026-1908](https://nvd.nist.gov/vuln/detail/CVE-2026-1908) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-03-21 | The Integration with Hubspot Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'hubspotfor... |
| [CVE-2026-1899](https://nvd.nist.gov/vuln/detail/CVE-2026-1899) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-03-21 | The Any Post Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aps_slider shortc... |
| [CVE-2026-1891](https://nvd.nist.gov/vuln/detail/CVE-2026-1891) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-03-21 | The Simple Football Scoreboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ytmr_fb_scoreb... |
| [CVE-2026-1889](https://nvd.nist.gov/vuln/detail/CVE-2026-1889) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-03-21 | The Outgrow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' attribute of the 'outgrow' sh... |
| [CVE-2026-1886](https://nvd.nist.gov/vuln/detail/CVE-2026-1886) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-03-21 | The Go Night Pro \| WordPress Dark Mode Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin... |
| [CVE-2026-1854](https://nvd.nist.gov/vuln/detail/CVE-2026-1854) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-03-21 | The Post Flagger plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'flag' shortcode in... |
| [CVE-2026-1851](https://nvd.nist.gov/vuln/detail/CVE-2026-1851) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-03-21 | The iVysilani Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'width' shortcode attr... |
| [CVE-2026-1822](https://nvd.nist.gov/vuln/detail/CVE-2026-1822) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-03-21 | The WP NG Weather plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ng-weather' shortc... |
| [CVE-2026-1806](https://nvd.nist.gov/vuln/detail/CVE-2026-1806) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-03-21 | The Tour & Activity Operator Plugin for TourCMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via th... |
| [CVE-2026-1800](https://nvd.nist.gov/vuln/detail/CVE-2026-1800) | 7.5 | HIGH | CWE-89 | No | 0.1% | 5.25 | 2026-03-21 | The Fonts Manager \| Custom Fonts plugin for WordPress is vulnerable to time-based SQL Injection via the ‘fmcfIdSelected... |
| [CVE-2026-1648](https://nvd.nist.gov/vuln/detail/CVE-2026-1648) | 7.2 | HIGH | CWE-918 | No | 0.1% | 5.04 | 2026-03-21 | The Performance Monitor plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and inc... |
| [CVE-2026-1647](https://nvd.nist.gov/vuln/detail/CVE-2026-1647) | 6.1 | MEDIUM | CWE-79 | No | 0.1% | 4.27 | 2026-03-21 | The Comment Genius plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` p... |
| [CVE-2026-1575](https://nvd.nist.gov/vuln/detail/CVE-2026-1575) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-03-21 | The Schema Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `itemscope` shor... |
| [CVE-2026-1503](https://nvd.nist.gov/vuln/detail/CVE-2026-1503) | 4.3 | MEDIUM | CWE-352 | No | 0.0% | 3.01 | 2026-03-21 | The login_register plugin for WordPress is vulnerable to Cross-Site Request Forgery to Stored Cross-Site Scripting in al... |
| [CVE-2026-1397](https://nvd.nist.gov/vuln/detail/CVE-2026-1397) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-03-21 | The PQ Addons – Creative Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget... |
| [CVE-2026-1393](https://nvd.nist.gov/vuln/detail/CVE-2026-1393) | 4.3 | MEDIUM | CWE-352 | No | 0.0% | 3.01 | 2026-03-21 | The Add Google Social Profiles to Knowledge Graph Box plugin for WordPress is vulnerable to Cross-Site Request Forgery i... |
| [CVE-2026-1392](https://nvd.nist.gov/vuln/detail/CVE-2026-1392) | 4.3 | MEDIUM | CWE-352 | No | 0.0% | 3.01 | 2026-03-21 | The SR WP Minify HTML plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and includ... |
| [CVE-2026-1390](https://nvd.nist.gov/vuln/detail/CVE-2026-1390) | 4.3 | MEDIUM | CWE-352 | No | 0.0% | 3.01 | 2026-03-21 | The Redirect countdown plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and inclu... |
| [CVE-2026-1378](https://nvd.nist.gov/vuln/detail/CVE-2026-1378) | 4.3 | MEDIUM | CWE-352 | No | 0.0% | 3.01 | 2026-03-21 | The WP Posts Re-order plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and includ... |
| [CVE-2026-1313](https://nvd.nist.gov/vuln/detail/CVE-2026-1313) | 8.3 | HIGH | CWE-918 | No | 0.0% | 5.81 | 2026-03-21 | The MimeTypes Link Icons plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and in... |
| [CVE-2026-1278](https://nvd.nist.gov/vuln/detail/CVE-2026-1278) | 4.4 | MEDIUM | CWE-79 | No | 0.0% | 3.08 | 2026-03-21 | The Mandatory Field plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions... |
| [CVE-2026-1275](https://nvd.nist.gov/vuln/detail/CVE-2026-1275) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-03-21 | The Multi Post Carousel by Category plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slides' s... |
| [CVE-2026-1253](https://nvd.nist.gov/vuln/detail/CVE-2026-1253) | 4.3 | MEDIUM | CWE-862 | No | 0.1% | 3.01 | 2026-03-21 | The Group Chat & Video Chat by AtomChat plugin for WordPress is vulnerable to unauthorized modification of data due to a... |
| [CVE-2026-1247](https://nvd.nist.gov/vuln/detail/CVE-2026-1247) | 4.4 | MEDIUM | CWE-79 | No | 0.0% | 3.08 | 2026-03-21 | The Survey plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, a... |
| [CVE-2026-1093](https://nvd.nist.gov/vuln/detail/CVE-2026-1093) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-03-21 | The WPFAQBlock– FAQ & Accordion Plugin For Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting v... |
| [CVE-2026-0609](https://nvd.nist.gov/vuln/detail/CVE-2026-0609) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-03-21 | The Logo Slider – Logo Carousel, Logo Showcase & Client Logo Slider Plugin plugin for WordPress is vulnerable to Stored... |
| [CVE-2025-14037](https://nvd.nist.gov/vuln/detail/CVE-2025-14037) | 8.1 | HIGH | CWE-352 | No | 0.0% | 5.67 | 2026-03-21 | The Invelity Product Feeds plugin for WordPress is vulnerable to arbitrary file deletion via path traversal in all versi... |
| [CVE-2025-13910](https://nvd.nist.gov/vuln/detail/CVE-2025-13910) | 6.1 | MEDIUM | CWE-79 | No | 0.1% | 4.27 | 2026-03-21 | The WP-WebAuthn plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting via the `wwa_auth` AJA... |
| [CVE-2024-13785](https://nvd.nist.gov/vuln/detail/CVE-2024-13785) | 5.6 | MEDIUM | CWE-94 | No | 0.1% | 3.92 | 2026-03-21 | The The Contact Form, Survey, Quiz & Popup Form Builder – ARForms plugin for WordPress is vulnerable to arbitrary shortc... |
| [CVE-2026-4302](https://nvd.nist.gov/vuln/detail/CVE-2026-4302) | 7.2 | HIGH | CWE-918 | No | 0.1% | 5.04 | 2026-03-21 | The WowOptin: Next-Gen Popup Maker plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up... |
| [CVE-2026-32899](https://nvd.nist.gov/vuln/detail/CVE-2026-32899) | 5.3 | MEDIUM | CWE-863 | No | 0.0% | 3.71 | 2026-03-21 | OpenClaw versions prior to 2026.2.25 fail to consistently apply sender-policy checks to reaction_* and pin_* non-message... |
| [CVE-2026-32898](https://nvd.nist.gov/vuln/detail/CVE-2026-32898) | 5.3 | MEDIUM | CWE-807 | No | 0.1% | 3.71 | 2026-03-21 | OpenClaw versions prior to 2026.2.23 contain an authorization bypass vulnerability in the ACP client that auto-approves... |
| [CVE-2026-32897](https://nvd.nist.gov/vuln/detail/CVE-2026-32897) | 6.3 | MEDIUM | CWE-320 | No | 0.1% | 4.41 | 2026-03-21 | OpenClaw versions prior to 2026.2.22 reuse gateway.auth.token as a fallback hash secret for owner-ID prompt obfuscation... |
| [CVE-2026-32896](https://nvd.nist.gov/vuln/detail/CVE-2026-32896) | 6.3 | MEDIUM | CWE-306 | No | 0.1% | 4.41 | 2026-03-21 | OpenClaw versions prior to 2026.2.21 BlueBubbles webhook handler contains a passwordless fallback authentication path th... |
| [CVE-2026-32895](https://nvd.nist.gov/vuln/detail/CVE-2026-32895) | 5.3 | MEDIUM | CWE-863 | No | 0.0% | 3.71 | 2026-03-21 | OpenClaw versions prior to 2026.2.26 fail to enforce sender authorization in member and message subtype system event han... |
| [CVE-2026-32067](https://nvd.nist.gov/vuln/detail/CVE-2026-32067) | 2.0 | LOW | CWE-863 | No | 0.0% | 1.40 | 2026-03-21 | OpenClaw versions prior to 2026.2.26 contains an authorization bypass vulnerability in the pairing-store access control... |
| [CVE-2026-32065](https://nvd.nist.gov/vuln/detail/CVE-2026-32065) | 5.7 | MEDIUM | CWE-436 | No | 0.0% | 3.99 | 2026-03-21 | OpenClaw versions prior to 2026.2.25 contain an approval-integrity bypass vulnerability in system.run where rendered com... |
| [CVE-2026-32064](https://nvd.nist.gov/vuln/detail/CVE-2026-32064) | 8.5 | HIGH | CWE-306 | No | 0.1% | 5.95 | 2026-03-21 | OpenClaw versions prior to 2026.2.21 sandbox browser entrypoint launches x11vnc without authentication for noVNC observe... |
| [CVE-2026-32058](https://nvd.nist.gov/vuln/detail/CVE-2026-32058) | 2.0 | LOW | CWE-863 | No | 0.0% | 1.40 | 2026-03-21 | OpenClaw versions prior to 2026.2.26 contain an approval context-binding weakness in system.run execution flows with hos... |
| [CVE-2026-32057](https://nvd.nist.gov/vuln/detail/CVE-2026-32057) | 6.0 | MEDIUM | CWE-807 | No | 0.1% | 4.20 | 2026-03-21 | OpenClaw versions prior to 2026.2.25 contain an authentication bypass vulnerability in the trusted-proxy Control UI pair... |
| [CVE-2026-32056](https://nvd.nist.gov/vuln/detail/CVE-2026-32056) | 7.7 | HIGH | CWE-78 | No | 0.1% | 5.39 | 2026-03-21 | OpenClaw versions prior to 2026.2.22 fail to sanitize shell startup environment variables HOME and ZDOTDIR in the system... |
| [CVE-2026-32055](https://nvd.nist.gov/vuln/detail/CVE-2026-32055) | 7.2 | HIGH | CWE-22 | No | 0.1% | 5.04 | 2026-03-21 | OpenClaw versions prior to 2026.2.26 contain a path traversal vulnerability in workspace boundary validation that allows... |
| [CVE-2026-32054](https://nvd.nist.gov/vuln/detail/CVE-2026-32054) | 5.9 | MEDIUM | CWE-59 | No | 0.0% | 4.13 | 2026-03-21 | OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in browser trace and download output path... |
| [CVE-2026-32053](https://nvd.nist.gov/vuln/detail/CVE-2026-32053) | 6.9 | MEDIUM | CWE-294 | No | 0.1% | 4.83 | 2026-03-21 | OpenClaw versions prior to 2026.2.23 contain a vulnerability in Twilio webhook event deduplication where normalized even... |
| [CVE-2026-32052](https://nvd.nist.gov/vuln/detail/CVE-2026-32052) | 5.8 | MEDIUM | CWE-436 | No | 0.1% | 4.06 | 2026-03-21 | OpenClaw versions prior to 2026.2.24 contain a command injection vulnerability in the system.run shell-wrapper that allo... |
| [CVE-2026-32051](https://nvd.nist.gov/vuln/detail/CVE-2026-32051) | 8.7 | HIGH | CWE-863 | No | 0.1% | 6.09 | 2026-03-21 | OpenClaw versions prior to 2026.3.1 contain an authorization mismatch vulnerability that allows authenticated callers wi... |
| [CVE-2026-32050](https://nvd.nist.gov/vuln/detail/CVE-2026-32050) | 6.3 | MEDIUM | CWE-863 | No | 0.0% | 4.41 | 2026-03-21 | OpenClaw versions prior to 2026.2.25 contain an access control vulnerability in signal reaction notification handling th... |
| [CVE-2026-32049](https://nvd.nist.gov/vuln/detail/CVE-2026-32049) | 8.7 | HIGH | CWE-770 | No | 0.2% | 6.09 | 2026-03-21 | OpenClaw versions prior to 2026.2.22 fail to consistently enforce configured inbound media byte limits before buffering... |
| [CVE-2026-32048](https://nvd.nist.gov/vuln/detail/CVE-2026-32048) | 7.7 | HIGH | CWE-732 | No | 0.0% | 5.39 | 2026-03-21 | OpenClaw versions prior to 2026.3.1 fail to enforce sandbox inheritance during cross-agent sessions_spawn operations, al... |
| [CVE-2026-32046](https://nvd.nist.gov/vuln/detail/CVE-2026-32046) | 4.8 | MEDIUM | CWE-1188 | No | 0.1% | 3.36 | 2026-03-21 | OpenClaw versions prior to 2026.2.21 contain an improper sandbox configuration vulnerability that allows attackers to ex... |
| [CVE-2026-32045](https://nvd.nist.gov/vuln/detail/CVE-2026-32045) | 8.2 | HIGH | CWE-290 | No | 0.1% | 5.74 | 2026-03-21 | OpenClaw versions prior to 2026.2.21 incorrectly apply tokenless Tailscale header authentication to HTTP gateway routes,... |
| [CVE-2026-32044](https://nvd.nist.gov/vuln/detail/CVE-2026-32044) | 6.7 | MEDIUM | CWE-409 | No | 0.0% | 4.69 | 2026-03-21 | OpenClaw versions prior to 2026.3.2 contain an archive extraction vulnerability in the tar.bz2 installer path that bypas... |
| [CVE-2026-32043](https://nvd.nist.gov/vuln/detail/CVE-2026-32043) | 5.9 | MEDIUM | CWE-367 | No | 0.0% | 4.13 | 2026-03-21 | OpenClaw versions prior to 2026.2.25 contain a time-of-check-time-of-use vulnerability in approval-bound system.run exec... |
| [CVE-2026-32042](https://nvd.nist.gov/vuln/detail/CVE-2026-32042) | 8.7 | HIGH | CWE-863 | No | 0.1% | 6.09 | 2026-03-21 | OpenClaw versions 2026.2.22 prior to 2026.2.25 contain a privilege escalation vulnerability allowing unpaired device ide... |
| [CVE-2026-4083](https://nvd.nist.gov/vuln/detail/CVE-2026-4083) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-03-21 | The Scoreboard for HTML5 Games Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'scoreboar... |
| [CVE-2026-3577](https://nvd.nist.gov/vuln/detail/CVE-2026-3577) | 4.4 | MEDIUM | CWE-79 | No | 0.0% | 3.08 | 2026-03-21 | The Keep Backup Daily plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the backup title alias (`val... |
| [CVE-2026-3572](https://nvd.nist.gov/vuln/detail/CVE-2026-3572) | 6.1 | MEDIUM | CWE-79 | No | 0.1% | 4.27 | 2026-03-21 | The iTracker360 plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Stored Cross-Site Scripting... |
| [CVE-2026-3567](https://nvd.nist.gov/vuln/detail/CVE-2026-3567) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-21 | The RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress is vulnerable to unauthorized access in all versions up... |
| [CVE-2026-3516](https://nvd.nist.gov/vuln/detail/CVE-2026-3516) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-03-21 | The Contact List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '_cl_map_iframe' parameter in... |
| [CVE-2026-3474](https://nvd.nist.gov/vuln/detail/CVE-2026-3474) | 4.9 | MEDIUM | CWE-22 | No | 0.1% | 3.43 | 2026-03-21 | The EmailKit – Email Customizer for WooCommerce & WP plugin for WordPress is vulnerable to arbitrary file read via path... |
| [CVE-2026-3368](https://nvd.nist.gov/vuln/detail/CVE-2026-3368) | 7.2 | HIGH | CWE-79 | No | 0.2% | 5.05 | 2026-03-21 | The Injection Guard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via malicious query parameter name... |
| [CVE-2026-3350](https://nvd.nist.gov/vuln/detail/CVE-2026-3350) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-03-21 | The Image Alt Text Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post title in all v... |
| [CVE-2026-3339](https://nvd.nist.gov/vuln/detail/CVE-2026-3339) | 2.7 | LOW | CWE-22 | No | 0.1% | 1.89 | 2026-03-21 | The Keep Backup Daily plugin for WordPress is vulnerable to Limited Path Traversal in all versions up to, and including,... |
| [CVE-2026-33428](https://nvd.nist.gov/vuln/detail/CVE-2026-33428) | 4.9 | MEDIUM | CWE-863 | No | 0.0% | 3.43 | 2026-03-21 | Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a non-staf... |
| [CVE-2026-33427](https://nvd.nist.gov/vuln/detail/CVE-2026-33427) | 2.7 | LOW | CWE-862 | No | 0.1% | 1.89 | 2026-03-21 | Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, an unauthe... |
| [CVE-2026-33426](https://nvd.nist.gov/vuln/detail/CVE-2026-33426) | 3.5 | LOW | CWE-862 | No | 0.0% | 2.45 | 2026-03-21 | Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, users with... |
| [CVE-2026-33425](https://nvd.nist.gov/vuln/detail/CVE-2026-33425) | 6.9 | MEDIUM | CWE-203 | No | 0.1% | 4.83 | 2026-03-21 | Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, unauthenti... |
| [CVE-2026-33424](https://nvd.nist.gov/vuln/detail/CVE-2026-33424) | 5.9 | MEDIUM | CWE-863 | No | 0.0% | 4.13 | 2026-03-21 | Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, an attacke... |
| [CVE-2026-33238](https://nvd.nist.gov/vuln/detail/CVE-2026-33238) | 4.3 | MEDIUM | CWE-22 | No | 0.0% | 3.01 | 2026-03-21 | WWBN AVideo is an open source video platform. Prior to version 26.0, the `listFiles.json.php` endpoint accepts a `path`... |
| [CVE-2026-33237](https://nvd.nist.gov/vuln/detail/CVE-2026-33237) | 5.5 | MEDIUM | CWE-918 | No | 0.0% | 3.85 | 2026-03-21 | WWBN AVideo is an open source video platform. Prior to version 26.0, the Scheduler plugin's `run()` function in `plugin/... |
| [CVE-2026-2430](https://nvd.nist.gov/vuln/detail/CVE-2026-2430) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-03-21 | The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the lazy-loading image processing... |
| [CVE-2026-2352](https://nvd.nist.gov/vuln/detail/CVE-2026-2352) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-03-21 | The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ao_post_preload' meta value i... |
| [CVE-2026-4508](https://nvd.nist.gov/vuln/detail/CVE-2026-4508) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-20 | A vulnerability was identified in PbootCMS up to 3.2.12. The impacted element is the function checkUsername of the file... |
| [CVE-2026-3864](https://nvd.nist.gov/vuln/detail/CVE-2026-3864) | 6.5 | MEDIUM | CWE-22 | No | 0.1% | 4.55 | 2026-03-20 | A vulnerability was discovered in the Kubernetes CSI Driver for NFS where the subDir parameter in volume identifiers was... |
| [CVE-2026-33476](https://nvd.nist.gov/vuln/detail/CVE-2026-33476) | 7.5 | HIGH | CWE-22 | No | 0.7% | 5.27 | 2026-03-20 | SiYuan is a personal knowledge management system. Prior to version 3.6.2, the Siyuan kernel exposes an unauthenticated f... |
| [CVE-2026-33423](https://nvd.nist.gov/vuln/detail/CVE-2026-33423) | 1.3 | LOW | CWE-862 | No | 0.0% | 0.91 | 2026-03-20 | Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, staff can... |
| [CVE-2026-33422](https://nvd.nist.gov/vuln/detail/CVE-2026-33422) | 3.5 | LOW | CWE-200 | No | 0.0% | 2.45 | 2026-03-20 | Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the  `ip_a... |
| [CVE-2026-33411](https://nvd.nist.gov/vuln/detail/CVE-2026-33411) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-20 | Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a pote... |
| [CVE-2026-33291](https://nvd.nist.gov/vuln/detail/CVE-2026-33291) | 5.1 | MEDIUM | CWE-863 | No | 0.0% | 3.57 | 2026-03-20 | Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, moderators... |
| [CVE-2026-33251](https://nvd.nist.gov/vuln/detail/CVE-2026-33251) | 5.4 | MEDIUM | CWE-863 | No | 0.0% | 3.78 | 2026-03-20 | Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, an authori... |
| [CVE-2026-33243](https://nvd.nist.gov/vuln/detail/CVE-2026-33243) | 8.2 | HIGH | CWE-345 | No | 0.0% | 5.74 | 2026-03-20 | barebox is a bootloader. In barebox from version 2016.03.0 to before version 2026.03.1 (and the corresponding backport t... |
| [CVE-2026-33236](https://nvd.nist.gov/vuln/detail/CVE-2026-33236) | 8.1 | HIGH | CWE-22 | No | 0.0% | 5.67 | 2026-03-20 | NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research a... |
| [CVE-2026-33231](https://nvd.nist.gov/vuln/detail/CVE-2026-33231) | 7.5 | HIGH | CWE-306 | No | 0.1% | 5.25 | 2026-03-20 | NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research a... |
| [CVE-2026-33230](https://nvd.nist.gov/vuln/detail/CVE-2026-33230) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-03-20 | NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research a... |
| [CVE-2026-33228](https://nvd.nist.gov/vuln/detail/CVE-2026-33228) | 8.9 | HIGH | CWE-1321 | No | 0.0% | 6.23 | 2026-03-20 | flatted is a circular JSON parser. Prior to version 3.4.2, the parse() function in flatted can use attacker-controlled s... |
| [CVE-2026-33226](https://nvd.nist.gov/vuln/detail/CVE-2026-33226) | 8.7 | HIGH | CWE-918 | No | 0.0% | 6.09 | 2026-03-20 | Budibase is a low code platform for creating internal tools, workflows, and admin panels. In versions from 3.30.6 and pr... |
| [CVE-2026-33221](https://nvd.nist.gov/vuln/detail/CVE-2026-33221) | 2.1 | LOW | CWE-343 | No | 0.0% | 1.47 | 2026-03-20 | Nhost is an open source Firebase alternative with GraphQL. Prior to version 0.12.0, the storage service's file upload ha... |
| [CVE-2026-33210](https://nvd.nist.gov/vuln/detail/CVE-2026-33210) | 8.3 | HIGH | CWE-134 | No | 0.0% | 5.81 | 2026-03-20 | Ruby JSON is a JSON implementation for Ruby. From version 2.14.0 to before versions 2.15.2.1, 2.17.1.2, and 2.19.2, a fo... |
| [CVE-2026-33209](https://nvd.nist.gov/vuln/detail/CVE-2026-33209) | 5.3 | MEDIUM | CWE-79 | No | 0.0% | 3.71 | 2026-03-20 | Avo is a framework to create admin panels for Ruby on Rails apps. Prior to version 3.30.3, a reflected cross-site script... |
| [CVE-2026-33204](https://nvd.nist.gov/vuln/detail/CVE-2026-33204) | 7.5 | HIGH | CWE-400 | No | 0.1% | 5.25 | 2026-03-20 | SimpleJWT is a simple JSON web token library written in PHP. Prior to version 1.1.1, an unauthenticated attacker can per... |
| [CVE-2026-33203](https://nvd.nist.gov/vuln/detail/CVE-2026-33203) | 7.5 | HIGH | CWE-248 | No | 0.1% | 5.25 | 2026-03-20 | SiYuan is a personal knowledge management system. Prior to version 3.6.2, the SiYuan kernel WebSocket server accepts una... |
| [CVE-2026-33194](https://nvd.nist.gov/vuln/detail/CVE-2026-33194) | 6.8 | MEDIUM | CWE-22 | No | 0.1% | 4.76 | 2026-03-20 | SiYuan is a personal knowledge management system. Prior to version 3.6.2, the `IsSensitivePath()` function in `kernel/ut... |
| [CVE-2026-33186](https://nvd.nist.gov/vuln/detail/CVE-2026-33186) | 9.1 | CRITICAL | CWE-285 | No | 0.0% | 6.37 | 2026-03-20 | gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from... |
| [CVE-2026-33180](https://nvd.nist.gov/vuln/detail/CVE-2026-33180) | 7.5 | HIGH | CWE-200 | No | 0.0% | 5.25 | 2026-03-20 | HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to versio... |
| [CVE-2026-32810](https://nvd.nist.gov/vuln/detail/CVE-2026-32810) | 4.8 | MEDIUM | CWE-732 | No | 0.0% | 3.36 | 2026-03-20 | Halloy is an IRC application written in Rust. In versions on \*nix and macOS prior to commit f180e41061db393acf65bc99f5c... |
| [CVE-2026-32733](https://nvd.nist.gov/vuln/detail/CVE-2026-32733) | 8.7 | HIGH | CWE-22 | No | 0.0% | 6.09 | 2026-03-20 | Halloy is an IRC application written in Rust. Prior to commit 0f77b2cfc5f822517a256ea5a4b94bad8bfe38b6, the DCC receive... |
| [CVE-2026-32663](https://nvd.nist.gov/vuln/detail/CVE-2026-32663) | 6.9 | MEDIUM | CWE-613 | No | 0.0% | 4.83 | 2026-03-20 | The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to... |
| [CVE-2026-31926](https://nvd.nist.gov/vuln/detail/CVE-2026-31926) | 6.9 | MEDIUM | CWE-522 | No | 0.1% | 4.83 | 2026-03-20 | Charging station authentication identifiers are publicly accessible via web-based mapping platforms. |
| [CVE-2026-31904](https://nvd.nist.gov/vuln/detail/CVE-2026-31904) | 8.7 | HIGH | CWE-307 | No | 0.1% | 6.09 | 2026-03-20 | The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absenc... |
| [CVE-2026-31903](https://nvd.nist.gov/vuln/detail/CVE-2026-31903) | 8.7 | HIGH | CWE-307 | No | 0.1% | 6.09 | 2026-03-20 | The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absenc... |
| [CVE-2026-2598](https://nvd.nist.gov/vuln/detail/CVE-2026-2598) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-03-20 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. |
| [CVE-2026-29796](https://nvd.nist.gov/vuln/detail/CVE-2026-29796) | 9.3 | CRITICAL | CWE-306 | No | 0.1% | 6.51 | 2026-03-20 | WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonat... |
| [CVE-2026-28204](https://nvd.nist.gov/vuln/detail/CVE-2026-28204) | 6.9 | MEDIUM | CWE-522 | No | 0.1% | 4.83 | 2026-03-20 | Charging station authentication identifiers are publicly accessible via web-based mapping platforms. |
| [CVE-2026-27649](https://nvd.nist.gov/vuln/detail/CVE-2026-27649) | 6.9 | MEDIUM | CWE-613 | No | 0.0% | 4.83 | 2026-03-20 | The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to... |
| [CVE-2026-4507](https://nvd.nist.gov/vuln/detail/CVE-2026-4507) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-03-20 | A vulnerability was determined in Mindinventory MindSQL up to 0.2.1. The affected element is the function ask_db of the... |
| [CVE-2026-4506](https://nvd.nist.gov/vuln/detail/CVE-2026-4506) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-03-20 | A vulnerability was found in Mindinventory MindSQL up to 0.2.1. Impacted is the function ask_db of the file mindsql/core... |
| [CVE-2026-3584](https://nvd.nist.gov/vuln/detail/CVE-2026-3584) | 9.8 | CRITICAL | CWE-94 | No | 17.1% | 7.37 | 2026-03-20 | The Kali Forms plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.4.9 v... |
| [CVE-2026-33177](https://nvd.nist.gov/vuln/detail/CVE-2026-33177) | 4.3 | MEDIUM | CWE-862 | No | 0.0% | 3.01 | 2026-03-20 | Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.14 and 6.7.0, low-privileg... |
| [CVE-2026-33172](https://nvd.nist.gov/vuln/detail/CVE-2026-33172) | 8.7 | HIGH | CWE-79 | No | 0.0% | 6.09 | 2026-03-20 | Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.14 and 6.7.0, a stored XSS... |
| [CVE-2026-33171](https://nvd.nist.gov/vuln/detail/CVE-2026-33171) | 4.3 | MEDIUM | CWE-22 | No | 0.0% | 3.01 | 2026-03-20 | Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.14 and 6.7.0, authenticate... |
| [CVE-2026-33166](https://nvd.nist.gov/vuln/detail/CVE-2026-33166) | 8.6 | HIGH | CWE-22 | No | 0.0% | 6.02 | 2026-03-20 | Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. The Allure report generator p... |
| [CVE-2026-32887](https://nvd.nist.gov/vuln/detail/CVE-2026-32887) | 7.4 | HIGH | CWE-362 | No | 0.0% | 5.18 | 2026-03-20 | Effect is a TypeScript framework that consists of several packages that work together to help build TypeScript applicati... |
| [CVE-2026-2378](https://nvd.nist.gov/vuln/detail/CVE-2026-2378) | 7.4 | HIGH | CWE-1021 | No | 0.0% | 5.18 | 2026-03-20 | ArcSearch for Android versions prior to 1.12.7 could display a different domain in the address bar than the content bein... |
| [CVE-2026-23536](https://nvd.nist.gov/vuln/detail/CVE-2026-23536) | 7.5 | HIGH | CWE-22 | No | 0.1% | 5.25 | 2026-03-20 | A security issue was discovered in the Feast Feature Server's `/read-document` endpoint that allows an unauthenticated r... |
| [CVE-2026-33179](https://nvd.nist.gov/vuln/detail/CVE-2026-33179) | 5.5 | MEDIUM | CWE-476 | No | 0.0% | 3.85 | 2026-03-20 | libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a NULL pointer... |
| [CVE-2026-33165](https://nvd.nist.gov/vuln/detail/CVE-2026-33165) | 5.5 | MEDIUM | CWE-787 | No | 0.0% | 3.85 | 2026-03-20 | libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a crafted HEVC bitstream ca... |
| [CVE-2026-33164](https://nvd.nist.gov/vuln/detail/CVE-2026-33164) | 8.7 | HIGH | CWE-122 | No | 0.1% | 6.09 | 2026-03-20 | libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a malformed H.265 PPS NAL u... |
| [CVE-2026-33156](https://nvd.nist.gov/vuln/detail/CVE-2026-33156) | 7.8 | HIGH | CWE-426 | No | 0.0% | 5.46 | 2026-03-20 | ScreenToGif is a screen recording tool. In versions from 2.42.1 and prior, ScreenToGif is vulnerable to DLL sideloading... |
| [CVE-2026-33155](https://nvd.nist.gov/vuln/detail/CVE-2026-33155) | 8.7 | HIGH | CWE-400 | No | 0.1% | 6.09 | 2026-03-20 | DeepDiff is a project focused on Deep Difference and search of any Python data. From version 5.0.0 to before version 8.6... |
| [CVE-2026-33154](https://nvd.nist.gov/vuln/detail/CVE-2026-33154) | 7.5 | HIGH | CWE-94 | No | 0.1% | 5.25 | 2026-03-20 | dynaconf is a configuration management tool for Python. Prior to version 3.2.13, Dynaconf is vulnerable to Server-Side T... |
| [CVE-2026-33151](https://nvd.nist.gov/vuln/detail/CVE-2026-33151) | 8.7 | HIGH | CWE-20 | No | 0.2% | 6.10 | 2026-03-20 | Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.... |
| [CVE-2026-33150](https://nvd.nist.gov/vuln/detail/CVE-2026-33150) | 7.8 | HIGH | CWE-416 | No | 0.0% | 5.46 | 2026-03-20 | libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a use-after-fre... |
| [CVE-2026-33147](https://nvd.nist.gov/vuln/detail/CVE-2026-33147) | 7.3 | HIGH | CWE-121 | No | 0.0% | 5.11 | 2026-03-20 | GMT is an open source collection of command-line tools for manipulating geographic and Cartesian data sets. In versions... |
| [CVE-2026-33144](https://nvd.nist.gov/vuln/detail/CVE-2026-33144) | 5.8 | MEDIUM | CWE-787 | No | 0.0% | 4.06 | 2026-03-20 | GPAC is an open-source multimedia framework. Prior to commit 86b0e36, a heap-based buffer overflow (write) vulnerability... |
| [CVE-2026-33143](https://nvd.nist.gov/vuln/detail/CVE-2026-33143) | 8.7 | HIGH | CWE-345 | No | 0.0% | 6.09 | 2026-03-20 | OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.34, the WhatsApp POST webhook... |
| [CVE-2026-33142](https://nvd.nist.gov/vuln/detail/CVE-2026-33142) | 8.1 | HIGH | CWE-89 | No | 0.0% | 5.67 | 2026-03-20 | OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.34, the fix for CVE-2026-3230... |
| [CVE-2025-63261](https://nvd.nist.gov/vuln/detail/CVE-2025-63261) | 7.8 | HIGH | CWE-78 | No | 0.1% | 5.46 | 2026-03-20 | AWStats 8.0 is vulnerable to Command Injection via the open function |
| [CVE-2025-55988](https://nvd.nist.gov/vuln/detail/CVE-2025-55988) | 7.2 | HIGH | CWE-22 | No | 0.1% | 5.04 | 2026-03-20 | An issue in the component /Controllers/RestController.php of DreamFactory Core v1.0.3 allows attackers to execute a dire... |
| [CVE-2026-4505](https://nvd.nist.gov/vuln/detail/CVE-2026-4505) | 5.3 | MEDIUM | CWE-284 | No | 0.0% | 3.71 | 2026-03-20 | A vulnerability has been found in eosphoros-ai DB-GPT up to 0.7.5. This issue affects the function module_plugin.refresh... |
| [CVE-2026-4504](https://nvd.nist.gov/vuln/detail/CVE-2026-4504) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-20 | A flaw has been found in eosphoros-ai db-gpt up to 0.7.5. This vulnerability affects unknown code of the file /api/v1/ed... |
| [CVE-2026-4500](https://nvd.nist.gov/vuln/detail/CVE-2026-4500) | 5.3 | MEDIUM | CWE-74 | No | 0.1% | 3.71 | 2026-03-20 | A vulnerability was identified in bagofwords1 bagofwords up to 0.0.297. This impacts the function generate_df of the fil... |
| [CVE-2026-4499](https://nvd.nist.gov/vuln/detail/CVE-2026-4499) | 6.9 | MEDIUM | CWE-77 | No | 0.3% | 4.84 | 2026-03-20 | A vulnerability was determined in D-Link DIR-820LW 2.03. Affected is the function ssdpcgi_main of the component SSDP. Ex... |
| [CVE-2026-4438](https://nvd.nist.gov/vuln/detail/CVE-2026-4438) | 5.4 | MEDIUM | CWE-20 | No | 0.0% | 3.78 | 2026-03-20 | Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the... |
| [CVE-2026-4437](https://nvd.nist.gov/vuln/detail/CVE-2026-4437) | 7.5 | HIGH | CWE-125 | No | 0.0% | 5.25 | 2026-03-20 | Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the... |
| [CVE-2026-33140](https://nvd.nist.gov/vuln/detail/CVE-2026-33140) | 5.3 | MEDIUM | CWE-79 | No | 0.0% | 3.71 | 2026-03-20 | PySpector is a static analysis security testing (SAST) Framework engineered for modern Python development workflows. PyS... |
| [CVE-2026-33139](https://nvd.nist.gov/vuln/detail/CVE-2026-33139) | 8.3 | HIGH | CWE-184 | No | 0.0% | 5.81 | 2026-03-20 | PySpector is a static analysis security testing (SAST) Framework engineered for modern Python development workflows. PyS... |
| [CVE-2026-33126](https://nvd.nist.gov/vuln/detail/CVE-2026-33126) | 5.0 | MEDIUM | CWE-918 | No | 0.0% | 3.50 | 2026-03-20 | Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Prior to version 0.16.3,... |
| [CVE-2025-63260](https://nvd.nist.gov/vuln/detail/CVE-2025-63260) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-20 | SyncFusion 30.1.37 is vulnerable to Cross Site Scripting (XSS) via the Document-Editor reply to comment field and Chat-U... |
| [CVE-2026-4497](https://nvd.nist.gov/vuln/detail/CVE-2026-4497) | 6.9 | MEDIUM | CWE-77 | No | 2.6% | 4.91 | 2026-03-20 | A vulnerability was determined in Totolink WA300 5.2cu.7112_B20190227. Affected by this issue is the function recvUpgrad... |
| [CVE-2026-4496](https://nvd.nist.gov/vuln/detail/CVE-2026-4496) | 4.8 | MEDIUM | CWE-77 | No | 0.3% | 3.37 | 2026-03-20 | A vulnerability was found in sigmade Git-MCP-Server up to 785aa159f262a02d5791a5d8a8e13c507ac42880. Affected by this vul... |
| [CVE-2026-33010](https://nvd.nist.gov/vuln/detail/CVE-2026-33010) | 8.1 | HIGH | CWE-942 | No | 0.0% | 5.67 | 2026-03-20 | mcp-memory-service is an open-source memory backend for multi-agent systems. Prior to version 10.25.1, when the HTTP ser... |
| [CVE-2026-32710](https://nvd.nist.gov/vuln/detail/CVE-2026-32710) | 8.5 | HIGH | CWE-122 | No | 0.2% | 5.96 | 2026-03-20 | MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 befo... |
| [CVE-2026-32318](https://nvd.nist.gov/vuln/detail/CVE-2026-32318) | 7.6 | HIGH | CWE-346 | No | 0.0% | 5.32 | 2026-03-20 | Cryptomator for IOS offers multi-platform transparent client-side encryption for files in the cloud. Prior to version 2.... |
| [CVE-2026-32317](https://nvd.nist.gov/vuln/detail/CVE-2026-32317) | 7.6 | HIGH | CWE-346 | No | 0.0% | 5.32 | 2026-03-20 | Cryptomator for Android offers multi-platform transparent client-side encryption for files in the cloud. Prior to versio... |
| [CVE-2026-32310](https://nvd.nist.gov/vuln/detail/CVE-2026-32310) | 4.1 | MEDIUM | CWE-22 | No | 0.0% | 2.87 | 2026-03-20 | Cryptomator encrypts data being stored on cloud infrastructure. From version 1.6.0 to before version 1.19.1, vault confi... |
| [CVE-2026-32309](https://nvd.nist.gov/vuln/detail/CVE-2026-32309) | 8.7 | HIGH | CWE-319 | No | 0.0% | 6.09 | 2026-03-20 | Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.1, the Hub-based unlock flow expli... |
| [CVE-2026-4495](https://nvd.nist.gov/vuln/detail/CVE-2026-4495) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-03-20 | A security flaw has been discovered in atjiu pybbs 6.0.0. This impacts the function create of the file src/main/java/co/... |
| [CVE-2026-4494](https://nvd.nist.gov/vuln/detail/CVE-2026-4494) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-03-20 | A vulnerability was identified in atjiu pybbs 6.0.0. This affects the function create of the file src/main/java/co/yiiu/... |
| [CVE-2026-4493](https://nvd.nist.gov/vuln/detail/CVE-2026-4493) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-03-20 | A vulnerability was determined in Tenda A18 Pro 02.03.02.28. The impacted element is the function sub_423B50 of the file... |
| [CVE-2026-4492](https://nvd.nist.gov/vuln/detail/CVE-2026-4492) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-03-20 | A vulnerability was found in Tenda A18 Pro 02.03.02.28. The affected element is the function set_qosMib_list of the file... |
| [CVE-2026-32844](https://nvd.nist.gov/vuln/detail/CVE-2026-32844) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-03-20 | XinLiangCoder php_api_doc through commit 1ce5bbf contains a reflected cross-site scripting vulnerability in list_method.... |
| [CVE-2026-32303](https://nvd.nist.gov/vuln/detail/CVE-2026-32303) | 7.6 | HIGH | CWE-346 | No | 0.0% | 5.32 | 2026-03-20 | Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.1, an integrity check vulnerabilit... |
| [CVE-2026-31836](https://nvd.nist.gov/vuln/detail/CVE-2026-31836) | 8.1 | HIGH | CWE-269 | No | 0.0% | 5.67 | 2026-03-20 | Checkmate is an open-source, self-hosted tool designed to track and monitor server hardware, uptime, response times, and... |
| [CVE-2026-30580](https://nvd.nist.gov/vuln/detail/CVE-2026-30580) | 4.3 | MEDIUM | CWE-22 | No | 0.1% | 3.01 | 2026-03-20 | File Thingie 2.5.7 is vulnerable to Directory Traversal. A malicious user can leverage the "create folder from url" func... |
| [CVE-2026-30579](https://nvd.nist.gov/vuln/detail/CVE-2026-30579) | 6.5 | MEDIUM | CWE-79 | No | 0.0% | 4.55 | 2026-03-20 | File Thingie 2.5.7 is vulnerable to Cross Site Scripting (XSS). A malicious user can leverage the "upload file" function... |
| [CVE-2026-30578](https://nvd.nist.gov/vuln/detail/CVE-2026-30578) | 6.5 | MEDIUM | CWE-79 | No | 0.0% | 4.55 | 2026-03-20 | File Thinghie 2.5.7 is vulnerable to Cross Site Scripting (XSS). A malicious user can leverage the "dir" parameter of th... |
| [CVE-2026-4491](https://nvd.nist.gov/vuln/detail/CVE-2026-4491) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-03-20 | A vulnerability has been found in Tenda A18 Pro 02.03.02.28. Impacted is the function fromSetIpMacBind of the file /gofo... |
| [CVE-2026-4490](https://nvd.nist.gov/vuln/detail/CVE-2026-4490) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-03-20 | A flaw has been found in Tenda A18 Pro 02.03.02.28. This issue affects the function setSchedWifi of the file /goform/ope... |
| [CVE-2026-29828](https://nvd.nist.gov/vuln/detail/CVE-2026-29828) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-03-20 | DooTask v1.6.27 has a Cross-Site Scripting (XSS) vulnerability in the /manage/project/<id> page via the input field proj... |
| [CVE-2025-15607](https://nvd.nist.gov/vuln/detail/CVE-2025-15607) | 7.3 | HIGH | CWE-77 | No | 0.5% | 5.13 | 2026-03-20 | A command injection vulnerability on AX53 v1 occurs in mscd debug functionality due to insufficient input handling, allo... |
| [CVE-2026-4489](https://nvd.nist.gov/vuln/detail/CVE-2026-4489) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-03-20 | A vulnerability was detected in Tenda A18 Pro 02.03.02.28. This vulnerability affects the function form_fast_setting_wif... |
| [CVE-2026-4488](https://nvd.nist.gov/vuln/detail/CVE-2026-4488) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-03-20 | A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected is the function strcpy of the fil... |
| [CVE-2026-32989](https://nvd.nist.gov/vuln/detail/CVE-2026-32989) | 8.6 | HIGH | CWE-352 | No | 0.0% | 6.02 | 2026-03-20 | Precurio Intranet Portal 4.4 contains a cross-site request forgery vulnerability that allows attackers to induce authent... |
| [CVE-2026-32986](https://nvd.nist.gov/vuln/detail/CVE-2026-32986) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-03-20 | Textpattern CMS version 4.9.0 contains a second-order cross-site scripting vulnerability that allows attackers to inject... |
| [CVE-2025-67260](https://nvd.nist.gov/vuln/detail/CVE-2025-67260) | 8.8 | HIGH | CWE-434 | No | 0.1% | 6.16 | 2026-03-20 | The Terrapack software, from ASTER TEC / ASTER S.p.A., with the indicated components and versions has a file upload vuln... |
| [CVE-2025-46597](https://nvd.nist.gov/vuln/detail/CVE-2025-46597) | 7.5 | HIGH | CWE-190 | No | 0.0% | 5.25 | 2026-03-20 | Bitcoin Core 0.13.0 through 29.x has an integer overflow. |
| [CVE-2026-4487](https://nvd.nist.gov/vuln/detail/CVE-2026-4487) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-03-20 | A vulnerability was determined in UTT HiPER 1200GW up to 2.5.3-170306. This impacts the function strcpy of the file /gof... |
| [CVE-2026-33312](https://nvd.nist.gov/vuln/detail/CVE-2026-33312) | 5.3 | MEDIUM | CWE-863 | No | 0.0% | 3.71 | 2026-03-20 | Vikunja is an open-source self-hosted task management platform. Starting in version 0.20.2 and prior to version 2.2.0, t... |
| [CVE-2026-29794](https://nvd.nist.gov/vuln/detail/CVE-2026-29794) | 5.3 | MEDIUM | CWE-807 | No | 0.1% | 3.71 | 2026-03-20 | Vikunja is an open-source self-hosted task management platform. Starting in version 0.8 and prior to version 2.2.0, unau... |
| [CVE-2026-22172](https://nvd.nist.gov/vuln/detail/CVE-2026-22172) | 9.4 | CRITICAL | CWE-862 | No | 0.0% | 6.58 | 2026-03-20 | OpenClaw versions prior to 2026.3.12 contain an authorization bypass vulnerability in the WebSocket connect path that al... |
| [CVE-2025-46598](https://nvd.nist.gov/vuln/detail/CVE-2025-46598) | 5.3 | MEDIUM | CWE-405 | No | 0.0% | 3.71 | 2026-03-20 | Bitcoin Core through 29.0 allows a denial of service via a crafted transaction. |
| [CVE-2026-4486](https://nvd.nist.gov/vuln/detail/CVE-2026-4486) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-20 | A vulnerability was found in D-Link DIR-513 1.10. This affects the function formEasySetPassword of the file /goform/form... |
| [CVE-2026-4485](https://nvd.nist.gov/vuln/detail/CVE-2026-4485) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-03-20 | A vulnerability has been found in itsourcecode College Management System 1.0. The impacted element is an unknown functio... |
| [CVE-2026-33372](https://nvd.nist.gov/vuln/detail/CVE-2026-33372) | 5.4 | MEDIUM | CWE-352 | No | 0.0% | 3.78 | 2026-03-20 | An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A cross-site request forgery (CSRF) vulnerability e... |
| [CVE-2026-33371](https://nvd.nist.gov/vuln/detail/CVE-2026-33371) | 4.3 | MEDIUM | CWE-611 | No | 0.0% | 3.01 | 2026-03-20 | An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. An XML External Entity (XXE) vulnerability exists i... |
| [CVE-2026-33370](https://nvd.nist.gov/vuln/detail/CVE-2026-33370) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-03-20 | An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A stored cross-site scripting (XSS) vulnerability e... |
| [CVE-2026-33369](https://nvd.nist.gov/vuln/detail/CVE-2026-33369) | 4.3 | MEDIUM | CWE-20 | No | 0.1% | 3.01 | 2026-03-20 | Zimbra Collaboration (ZCS) 10.0 and 10.1 contains an LDAP injection vulnerability in the Mailbox SOAP service within a F... |
| [CVE-2026-33368](https://nvd.nist.gov/vuln/detail/CVE-2026-33368) | 6.1 | MEDIUM | CWE-79 | No | 0.1% | 4.27 | 2026-03-20 | Zimbra Collaboration Suite (ZCS) 10.0 and 10.1 contains a reflected cross-site scripting (XSS) vulnerability in the Clas... |
| [CVE-2026-31382](https://nvd.nist.gov/vuln/detail/CVE-2026-31382) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-03-20 | The error_description parameter is vulnerable to Reflected XSS. An attacker can bypass the domain's WAF using a Safari-s... |
| [CVE-2026-31381](https://nvd.nist.gov/vuln/detail/CVE-2026-31381) | 5.3 | MEDIUM | CWE-598 | No | 0.0% | 3.71 | 2026-03-20 | An attacker can extract user email addresses (PII) exposed in base64 encoding via the state parameter in the OAuth callb... |
| [CVE-2024-44722](https://nvd.nist.gov/vuln/detail/CVE-2024-44722) | 9.8 | CRITICAL | CWE-94 | No | 0.1% | 6.86 | 2026-03-20 | SysAK v2.0 and before is vulnerable to command execution via aaa;cat /etc/passwd. |
| [CVE-2026-33136](https://nvd.nist.gov/vuln/detail/CVE-2026-33136) | 9.3 | CRITICAL | CWE-79 | No | 0.0% | 6.51 | 2026-03-20 | WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting (XSS)... |
| [CVE-2026-33135](https://nvd.nist.gov/vuln/detail/CVE-2026-33135) | 9.3 | CRITICAL | CWE-79 | No | 0.0% | 6.51 | 2026-03-20 | WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting (XSS)... |
| [CVE-2026-33134](https://nvd.nist.gov/vuln/detail/CVE-2026-33134) | 9.3 | CRITICAL | CWE-89 | No | 0.0% | 6.51 | 2026-03-20 | WeGIA is a web manager for charitable institutions. Versions 3.6.5 and below contain an authenticated SQL Injection vuln... |
| [CVE-2026-33133](https://nvd.nist.gov/vuln/detail/CVE-2026-33133) | 8.6 | HIGH | CWE-89 | No | 0.1% | 6.02 | 2026-03-20 | WeGIA is a web manager for charitable institutions. In versions 3.6.5 and 3.6.6, the loadBackupDB() function imports SQL... |
| [CVE-2026-33131](https://nvd.nist.gov/vuln/detail/CVE-2026-33131) | 7.4 | HIGH | CWE-290 | No | 0.0% | 5.18 | 2026-03-20 | H3 is a minimal H(TTP) framework. Versions 2.0.0-0 through 2.0.1-rc.14 contain a Host header spoofing vulnerability in t... |
| [CVE-2026-32595](https://nvd.nist.gov/vuln/detail/CVE-2026-32595) | 6.3 | MEDIUM | CWE-208 | No | 0.0% | 4.41 | 2026-03-20 | Traefik is an HTTP reverse proxy and load balancer. Versions 2.11.40 and below, 3.0.0-beta1 through 3.6.11, and 3.7.0-ea... |
| [CVE-2026-32305](https://nvd.nist.gov/vuln/detail/CVE-2026-32305) | 7.8 | HIGH | CWE-287 | No | 0.0% | 5.46 | 2026-03-20 | Traefik is an HTTP reverse proxy and load balancer. Versions 2.11.40 and below, 3.0.0-beta1 through 3.6.11, and 3.7.0-ea... |
| [CVE-2026-25792](https://nvd.nist.gov/vuln/detail/CVE-2026-25792) | 6.5 | MEDIUM | CWE-426 | No | 0.0% | 4.55 | 2026-03-20 | Greenshot is an open source Windows screenshot utility. Versions 1.3.312 and below have untrusted executable search path... |
| [CVE-2026-33130](https://nvd.nist.gov/vuln/detail/CVE-2026-33130) | 6.5 | MEDIUM | CWE-98 | No | 0.0% | 4.55 | 2026-03-20 | Uptime Kuma is an open source, self-hosted monitoring tool. In versions 1.23.0 through 2.2.0, the fix from GHSA-vffh-c9p... |
| [CVE-2026-33129](https://nvd.nist.gov/vuln/detail/CVE-2026-33129) | 5.9 | MEDIUM | CWE-208 | No | 0.0% | 4.13 | 2026-03-20 | H3 is a minimal H(TTP) framework. Versions 2.0.1-beta.0 through 2.0.0-rc.8 contain a Timing Side-Channel vulnerability i... |
| [CVE-2026-33128](https://nvd.nist.gov/vuln/detail/CVE-2026-33128) | 7.5 | HIGH | CWE-93 | No | 0.0% | 5.25 | 2026-03-20 | H3 is a minimal H(TTP) framework. In versions prior to 1.15.6 and between 2.0.0 through 2.0.1-rc.14, createEventStream i... |
| [CVE-2026-33125](https://nvd.nist.gov/vuln/detail/CVE-2026-33125) | 7.1 | HIGH | CWE-285 | No | 0.0% | 4.97 | 2026-03-20 | Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. In versions 0.16.2 and be... |
| [CVE-2026-33124](https://nvd.nist.gov/vuln/detail/CVE-2026-33124) | 8.6 | HIGH | CWE-287 | No | 0.0% | 6.02 | 2026-03-20 | Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Versions prior to 0.17.0-... |
| [CVE-2026-33123](https://nvd.nist.gov/vuln/detail/CVE-2026-33123) | 5.1 | MEDIUM | CWE-400 | No | 0.0% | 3.57 | 2026-03-20 | pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.1 allow an attacker to craft a malicious... |
| [CVE-2026-33081](https://nvd.nist.gov/vuln/detail/CVE-2026-33081) | 5.8 | MEDIUM | CWE-918 | No | 0.0% | 4.06 | 2026-03-20 | PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. Versions 0.8.2 and below... |
| [CVE-2026-22324](https://nvd.nist.gov/vuln/detail/CVE-2026-22324) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-20 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-0677](https://nvd.nist.gov/vuln/detail/CVE-2026-0677) | 0.0 | NONE | CWE-502 | No | 0.0% | 0.00 | 2026-03-20 | Deserialization of Untrusted Data vulnerability in TotalSuite TotalContest Lite totalcontest-lite allows Object Injectio... |
| [CVE-2024-32537](https://nvd.nist.gov/vuln/detail/CVE-2024-32537) | 7.1 | HIGH | CWE-352 | No | 0.0% | 4.97 | 2026-03-20 | Cross-Site request forgery (CSRF) vulnerability in joshuae1974 Flash Video Player allows Cross Site Request Forgery.This... |
| [CVE-2024-31119](https://nvd.nist.gov/vuln/detail/CVE-2024-31119) | 5.9 | MEDIUM | CWE-79 | No | 0.1% | 4.13 | 2026-03-20 | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Vasilis Triantafyl... |
| [CVE-2026-3550](https://nvd.nist.gov/vuln/detail/CVE-2026-3550) | 5.3 | MEDIUM | CWE-862 | No | 0.1% | 3.71 | 2026-03-20 | The RockPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.17.... |
| [CVE-2026-33192](https://nvd.nist.gov/vuln/detail/CVE-2026-33192) | 8.7 | HIGH | CWE-209 | No | 0.0% | 6.09 | 2026-03-20 | Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. In versions prior to 1.... |
| [CVE-2026-33080](https://nvd.nist.gov/vuln/detail/CVE-2026-33080) | 7.3 | HIGH | CWE-79 | No | 0.0% | 5.11 | 2026-03-20 | Filament is a collection of full-stack components for accelerated Laravel development. Versions 4.0.0 through 4.8.4 and... |
| [CVE-2026-33075](https://nvd.nist.gov/vuln/detail/CVE-2026-33075) | 9.4 | CRITICAL | CWE-494 | No | 0.0% | 6.58 | 2026-03-20 | FastGPT is an AI Agent building platform. In versions 4.14.8.3 and below, the fastgpt-preview-image.yml workflow is vuln... |
| [CVE-2026-33072](https://nvd.nist.gov/vuln/detail/CVE-2026-33072) | 8.2 | HIGH | CWE-798 | No | 0.0% | 5.74 | 2026-03-20 | FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.9.0, a hardcoded default encryption k... |
| [CVE-2026-33071](https://nvd.nist.gov/vuln/detail/CVE-2026-33071) | 4.3 | MEDIUM | CWE-434 | No | 0.2% | 3.02 | 2026-03-20 | FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.8.0, the WebDAV upload endpoint accep... |
| [CVE-2026-33070](https://nvd.nist.gov/vuln/detail/CVE-2026-33070) | 3.7 | LOW | CWE-306 | No | 0.1% | 2.59 | 2026-03-20 | FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.8.0, a missing-authentication vulnera... |
| [CVE-2026-33069](https://nvd.nist.gov/vuln/detail/CVE-2026-33069) | 6.9 | MEDIUM | CWE-125 | No | 0.0% | 4.83 | 2026-03-20 | PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below have a cascading... |
| [CVE-2026-33068](https://nvd.nist.gov/vuln/detail/CVE-2026-33068) | 7.7 | HIGH | CWE-807 | No | 0.1% | 5.39 | 2026-03-20 | Claude Code is an agentic coding tool. Versions prior to 2.1.53 resolved the permission mode from settings files, includ... |
| [CVE-2026-33067](https://nvd.nist.gov/vuln/detail/CVE-2026-33067) | 5.3 | MEDIUM | CWE-79 | No | 0.1% | 3.71 | 2026-03-20 | SiYuan is a personal knowledge management system. Versions 3.6.0 and below render package metadata fields (displayName,... |
| [CVE-2026-33066](https://nvd.nist.gov/vuln/detail/CVE-2026-33066) | 5.3 | MEDIUM | CWE-79 | No | 0.2% | 3.72 | 2026-03-20 | SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the backend renderREADME function uses lu... |
| [CVE-2026-32701](https://nvd.nist.gov/vuln/detail/CVE-2026-32701) | 7.5 | HIGH | CWE-843 | No | 0.0% | 5.25 | 2026-03-20 | Qwik is a performance-focused JavaScript framework. Versions prior to 1.19.2 improperly inferred arrays from dotted form... |
| [CVE-2026-2432](https://nvd.nist.gov/vuln/detail/CVE-2026-2432) | 4.4 | MEDIUM | CWE-79 | No | 0.0% | 3.08 | 2026-03-20 | The CM Custom Reports – Flexible reporting to track what matters most plugin for WordPress is vulnerable to Stored Cross... |
| [CVE-2026-2421](https://nvd.nist.gov/vuln/detail/CVE-2026-2421) | 6.5 | MEDIUM | CWE-22 | No | 0.5% | 4.57 | 2026-03-20 | The ilGhera Carta Docente for WooCommerce plugin for WordPress is vulnerable to Path Traversal in all versions up to, an... |
| [CVE-2026-27625](https://nvd.nist.gov/vuln/detail/CVE-2026-27625) | 8.1 | HIGH | CWE-22 | No | 0.1% | 5.67 | 2026-03-20 | Stirling-PDF is a locally hosted web application that performs various operations on PDF files. In versions prior to 2.5... |
| [CVE-2026-33065](https://nvd.nist.gov/vuln/detail/CVE-2026-33065) | 6.9 | MEDIUM | CWE-209 | No | 0.0% | 4.83 | 2026-03-20 | Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. In versions prior to 1.... |
| [CVE-2026-33064](https://nvd.nist.gov/vuln/detail/CVE-2026-33064) | 8.7 | HIGH | CWE-478 | No | 0.2% | 6.10 | 2026-03-20 | Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. Versions prior to 1.4.2... |
| [CVE-2026-33061](https://nvd.nist.gov/vuln/detail/CVE-2026-33061) | 5.8 | MEDIUM | CWE-79 | No | 0.0% | 4.06 | 2026-03-20 | Jexactyl is a customisable game management panel and billing system. Commits after 025e8dbb0daaa04054276bda814d922cf4af5... |
| [CVE-2026-33060](https://nvd.nist.gov/vuln/detail/CVE-2026-33060) | 5.3 | MEDIUM | CWE-918 | No | 0.0% | 3.71 | 2026-03-20 | CKAN MCP Server is a tool for querying CKAN open data portals. Versions prior to 0.4.85 provide tools including ckan_pac... |
| [CVE-2026-33057](https://nvd.nist.gov/vuln/detail/CVE-2026-33057) | 9.8 | CRITICAL | CWE-94 | No | 0.1% | 6.86 | 2026-03-20 | Mesop is a Python-based UI framework that allows users to build web applications. In versions 1.2.2 and below, an explic... |
| [CVE-2026-33056](https://nvd.nist.gov/vuln/detail/CVE-2026-33056) | 5.1 | MEDIUM | CWE-61 | No | 0.0% | 3.57 | 2026-03-20 | tar-rs is a tar archive reading/writing library for Rust. In versions 0.4.44 and below, when unpacking a tar archive, th... |
| [CVE-2026-33022](https://nvd.nist.gov/vuln/detail/CVE-2026-33022) | 6.5 | MEDIUM | CWE-129 | No | 0.0% | 4.55 | 2026-03-20 | Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Versions 0.60.0 through 1.0.0... |
| [CVE-2026-4478](https://nvd.nist.gov/vuln/detail/CVE-2026-4478) | 8.2 | HIGH | CWE-345 | No | 0.0% | 5.74 | 2026-03-20 | A vulnerability was identified in Yi Technology YI Home Camera 2 2.1.1_20171024151200. This impacts an unknown function... |
| [CVE-2026-4476](https://nvd.nist.gov/vuln/detail/CVE-2026-4476) | 5.3 | MEDIUM | CWE-287 | No | 0.0% | 3.71 | 2026-03-20 | A vulnerability was found in Yi Technology YI Home Camera 2 2.1.1_20171024151200. The impacted element is an unknown fun... |
| [CVE-2026-4475](https://nvd.nist.gov/vuln/detail/CVE-2026-4475) | 8.7 | HIGH | CWE-259 | No | 0.0% | 6.09 | 2026-03-20 | A vulnerability has been found in Yi Technology YI Home Camera 2 2.1.1_20171024151200. The affected element is an unknow... |
| [CVE-2026-4474](https://nvd.nist.gov/vuln/detail/CVE-2026-4474) | 4.8 | MEDIUM | CWE-79 | No | 0.0% | 3.36 | 2026-03-20 | A flaw has been found in itsourcecode University Management System 1.0. Impacted is an unknown function of the file /adm... |
| [CVE-2026-33055](https://nvd.nist.gov/vuln/detail/CVE-2026-33055) | 5.1 | MEDIUM | CWE-843 | No | 0.0% | 3.57 | 2026-03-20 | tar-rs is a tar archive reading/writing library for Rust. Versions 0.4.44 and below have conditional logic that skips th... |
| [CVE-2026-33054](https://nvd.nist.gov/vuln/detail/CVE-2026-33054) | 10.0 | CRITICAL | CWE-22 | No | 0.0% | 7.00 | 2026-03-20 | Mesop is a Python-based UI framework that allows users to build web applications. Versions 1.2.2 and below contain a Pat... |
| [CVE-2026-33053](https://nvd.nist.gov/vuln/detail/CVE-2026-33053) | 6.1 | MEDIUM | CWE-639 | No | 0.0% | 4.27 | 2026-03-20 | Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the delete_ap... |
| [CVE-2026-4473](https://nvd.nist.gov/vuln/detail/CVE-2026-4473) | 5.1 | MEDIUM | CWE-74 | No | 0.0% | 3.57 | 2026-03-20 | A vulnerability was detected in itsourcecode Online Doctor Appointment System 1.0. This issue affects some unknown proce... |
| [CVE-2026-33051](https://nvd.nist.gov/vuln/detail/CVE-2026-33051) | 5.3 | MEDIUM | CWE-79 | No | 0.0% | 3.71 | 2026-03-20 | Craft CMS is a content management system (CMS). In versions 5.9.0-beta.1 through 5.9.10, the revision/draft context menu... |
| [CVE-2026-33043](https://nvd.nist.gov/vuln/detail/CVE-2026-33043) | 8.1 | HIGH | CWE-942 | No | 0.0% | 5.67 | 2026-03-20 | WWBN AVideo is an open source video platform. In versions 25.0 and below, /objects/phpsessionid.json.php exposes the cur... |
| [CVE-2026-33041](https://nvd.nist.gov/vuln/detail/CVE-2026-33041) | 5.3 | MEDIUM | CWE-200 | No | 0.1% | 3.71 | 2026-03-20 | WWBN AVideo is an open source video platform. In versions 25.0 and below, /objects/encryptPass.json.php exposes the appl... |
| [CVE-2026-33040](https://nvd.nist.gov/vuln/detail/CVE-2026-33040) | 8.7 | HIGH | CWE-190 | No | 0.1% | 6.09 | 2026-03-20 | libp2p-rust is the official rust language Implementation of the libp2p networking stack. In versions prior to 0.49.3, th... |
| [CVE-2026-33039](https://nvd.nist.gov/vuln/detail/CVE-2026-33039) | 8.6 | HIGH | CWE-918 | No | 0.0% | 6.02 | 2026-03-20 | WWBN AVideo is an open source video platform. In versions 25.0 and below, the plugin/LiveLinks/proxy.php endpoint valida... |
| [CVE-2026-33038](https://nvd.nist.gov/vuln/detail/CVE-2026-33038) | 8.1 | HIGH | CWE-306 | No | 0.1% | 5.67 | 2026-03-20 | WWBN AVideo is an open source video platform. Versions 25.0 and below are vulnerable to unauthenticated application take... |
| [CVE-2026-33037](https://nvd.nist.gov/vuln/detail/CVE-2026-33037) | 8.1 | HIGH | CWE-1188 | No | 0.3% | 5.68 | 2026-03-20 | WWBN AVideo is an open source video platform. In versions 25.0 and below, the official Docker deployment files (docker-c... |
| [CVE-2026-33036](https://nvd.nist.gov/vuln/detail/CVE-2026-33036) | 7.5 | HIGH | CWE-776 | No | 0.1% | 5.25 | 2026-03-20 | fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Versions 4.0.0-be... |
| [CVE-2026-32768](https://nvd.nist.gov/vuln/detail/CVE-2026-32768) | 7.9 | HIGH | CWE-284 | No | 0.0% | 5.53 | 2026-03-20 | Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. In versions prior to 0.6.5,... |
| [CVE-2026-4472](https://nvd.nist.gov/vuln/detail/CVE-2026-4472) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-03-20 | A security vulnerability has been detected in itsourcecode Online Frozen Foods Ordering System 1.0. This vulnerability a... |
| [CVE-2026-4471](https://nvd.nist.gov/vuln/detail/CVE-2026-4471) | 5.1 | MEDIUM | CWE-74 | No | 0.0% | 3.57 | 2026-03-20 | A weakness has been identified in itsourcecode Online Frozen Foods Ordering System 1.0. This affects an unknown part of... |
| [CVE-2026-4470](https://nvd.nist.gov/vuln/detail/CVE-2026-4470) | 5.1 | MEDIUM | CWE-74 | No | 0.0% | 3.57 | 2026-03-20 | A security flaw has been discovered in itsourcecode Online Frozen Foods Ordering System 1.0. Affected by this issue is s... |
| [CVE-2026-4469](https://nvd.nist.gov/vuln/detail/CVE-2026-4469) | 5.1 | MEDIUM | CWE-74 | No | 0.0% | 3.57 | 2026-03-20 | A vulnerability was identified in itsourcecode Online Frozen Foods Ordering System 1.0. Affected by this vulnerability i... |
| [CVE-2026-33035](https://nvd.nist.gov/vuln/detail/CVE-2026-33035) | 5.3 | MEDIUM | CWE-79 | No | 0.1% | 3.71 | 2026-03-20 | WWBN AVideo is an open source video platform. In versions 25.0 and below, there is a reflected XSS vulnerability that al... |
| [CVE-2026-33025](https://nvd.nist.gov/vuln/detail/CVE-2026-33025) | 8.6 | HIGH | CWE-89 | No | 0.0% | 6.02 | 2026-03-20 | AVideo is a video-sharing Platform. Versions prior to 8.0 contain a SQL Injection vulnerability in the getSqlFromPost()... |
| [CVE-2026-33024](https://nvd.nist.gov/vuln/detail/CVE-2026-33024) | 9.3 | CRITICAL | CWE-918 | No | 0.1% | 6.51 | 2026-03-20 | AVideo is a video-sharing Platform. Versions prior to 8.0 contain a Server-Side Request Forgery vulnerability (CWE-918)... |
| [CVE-2026-33017](https://nvd.nist.gov/vuln/detail/CVE-2026-33017) | 9.3 | CRITICAL | CWE-94 | Yes | 5.7% | 6.68 | 2026-03-20 | Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api... |
| [CVE-2026-33013](https://nvd.nist.gov/vuln/detail/CVE-2026-33013) | 8.2 | HIGH | CWE-835 | No | 0.2% | 5.75 | 2026-03-20 | Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applicat... |
| [CVE-2026-33012](https://nvd.nist.gov/vuln/detail/CVE-2026-33012) | 7.5 | HIGH | CWE-770 | No | 0.2% | 5.25 | 2026-03-20 | Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applicat... |
| [CVE-2026-33011](https://nvd.nist.gov/vuln/detail/CVE-2026-33011) | 8.7 | HIGH | CWE-670 | No | 0.0% | 6.09 | 2026-03-20 | Nest is a framework for building scalable Node.js server-side applications. In versions 11.1.15 and below, a NestJS appl... |
| [CVE-2026-32954](https://nvd.nist.gov/vuln/detail/CVE-2026-32954) | 7.1 | HIGH | CWE-89 | No | 0.0% | 4.97 | 2026-03-20 | ERP is a free and open source Enterprise Resource Planning tool. In versions prior to 16.8.0 and 15.100.0, certain endpo... |
| [CVE-2026-32953](https://nvd.nist.gov/vuln/detail/CVE-2026-32953) | 4.7 | MEDIUM | CWE-303 | No | 0.0% | 3.29 | 2026-03-20 | Tillitis TKey Client package is a Go package for a TKey client. Versions 1.2.0 and below contain a critical bug in the t... |
| [CVE-2026-32950](https://nvd.nist.gov/vuln/detail/CVE-2026-32950) | 8.6 | HIGH | CWE-78 | No | 0.2% | 6.03 | 2026-03-20 | SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a cr... |
| [CVE-2026-32949](https://nvd.nist.gov/vuln/detail/CVE-2026-32949) | 8.7 | HIGH | CWE-73 | No | 0.0% | 6.09 | 2026-03-20 | SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a Se... |
| [CVE-2026-32947](https://nvd.nist.gov/vuln/detail/CVE-2026-32947) | 4.6 | MEDIUM | CWE-693 | No | 0.1% | 3.22 | 2026-03-20 | Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. In versions 2.15.1 and below,... |
| [CVE-2026-4468](https://nvd.nist.gov/vuln/detail/CVE-2026-4468) | 5.1 | MEDIUM | CWE-74 | No | 0.3% | 3.58 | 2026-03-20 | A vulnerability was determined in Comfast CF-AC100 2.6.0.8. Affected is an unknown function of the file /cgi-bin/mbox-co... |
| [CVE-2026-4136](https://nvd.nist.gov/vuln/detail/CVE-2026-4136) | 4.3 | MEDIUM | CWE-640 | No | 0.0% | 3.01 | 2026-03-20 | The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Unvalidated Redirect in all versions up t... |
| [CVE-2026-4038](https://nvd.nist.gov/vuln/detail/CVE-2026-4038) | 9.8 | CRITICAL | CWE-862 | No | 0.1% | 6.86 | 2026-03-20 | The Aimogen Pro plugin for WordPress is vulnerable to Arbitrary Function Call that can lead to privilege escalation due... |
| [CVE-2026-32946](https://nvd.nist.gov/vuln/detail/CVE-2026-32946) | 4.6 | MEDIUM | CWE-693 | No | 0.1% | 3.22 | 2026-03-20 | Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. In versions 2.15.1 and below,... |
| [CVE-2026-32945](https://nvd.nist.gov/vuln/detail/CVE-2026-32945) | 8.4 | HIGH | CWE-122 | No | 0.1% | 5.88 | 2026-03-20 | PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below have a Heap-based... |
| [CVE-2026-32942](https://nvd.nist.gov/vuln/detail/CVE-2026-32942) | 8.0 | HIGH | CWE-416 | No | 0.1% | 5.60 | 2026-03-20 | PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below contain a  heap u... |
| [CVE-2026-32941](https://nvd.nist.gov/vuln/detail/CVE-2026-32941) | 7.1 | HIGH | CWE-770 | No | 0.0% | 4.97 | 2026-03-20 | Sliver is a command and control framework that uses a custom Wireguard netstack. Versions 1.7.3 and below contain a Remo... |
| [CVE-2026-32940](https://nvd.nist.gov/vuln/detail/CVE-2026-32940) | 9.3 | CRITICAL | CWE-79 | No | 0.1% | 6.51 | 2026-03-20 | SiYuan is a personal knowledge management system. In versions 3.6.0 and below, SanitizeSVG has an incomplete blocklist —... |
| [CVE-2026-32939](https://nvd.nist.gov/vuln/detail/CVE-2026-32939) | 7.7 | HIGH | CWE-178 | No | 0.1% | 5.39 | 2026-03-20 | DataEase is an open source data visualization analysis tool. Versions 2.10.19 and below have inconsistent Locale handlin... |
| [CVE-2026-32938](https://nvd.nist.gov/vuln/detail/CVE-2026-32938) | 9.9 | CRITICAL | CWE-22 | No | 0.2% | 6.94 | 2026-03-20 | SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the /api/lute/html2BlockDOM on the deskto... |
| [CVE-2026-32114](https://nvd.nist.gov/vuln/detail/CVE-2026-32114) | 5.3 | MEDIUM | CWE-639 | No | 0.0% | 3.71 | 2026-03-20 | Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, there is a... |
| [CVE-2026-4467](https://nvd.nist.gov/vuln/detail/CVE-2026-4467) | 5.1 | MEDIUM | CWE-74 | No | 0.3% | 3.58 | 2026-03-20 | A vulnerability was found in Comfast CF-AC100 2.6.0.8. This impacts an unknown function of the file /cgi-bin/mbox-config... |
| [CVE-2026-33063](https://nvd.nist.gov/vuln/detail/CVE-2026-33063) | 8.7 | HIGH | CWE-476 | No | 0.1% | 6.09 | 2026-03-20 | free5GC is an open source 5G core network. free5GC AUSF prior to version 1.4.2 has is an Improper Null Check vulnerabili... |
| [CVE-2026-33062](https://nvd.nist.gov/vuln/detail/CVE-2026-33062) | 8.7 | HIGH | CWE-284 | No | 0.1% | 6.09 | 2026-03-20 | free5GC is an open source 5G core network. free5GC NRF prior to version 1.4.2 has an Improper Input Validation vulnerabi... |
| [CVE-2026-32937](https://nvd.nist.gov/vuln/detail/CVE-2026-32937) | 7.1 | HIGH | CWE-129 | No | 0.0% | 4.97 | 2026-03-20 | free5GC is an open source 5G core network. free5GC CHF prior to version 1.2.2 has an out-of-bounds slice access vulnerab... |
| [CVE-2026-32935](https://nvd.nist.gov/vuln/detail/CVE-2026-32935) | 8.2 | HIGH | CWE-208 | No | 0.0% | 5.74 | 2026-03-20 | phpseclib is a PHP secure communications library. Projects using versions 1.0.26 and below, 2.0.0 through 2.0.51, and 3.... |
| [CVE-2026-32933](https://nvd.nist.gov/vuln/detail/CVE-2026-32933) | 7.5 | HIGH | CWE-674 | No | 0.1% | 5.25 | 2026-03-20 | AutoMapper is a convention-based object-object mapper in .NET. Versions prior to 15.1.1 and 16.1.1 are vulnerable to a D... |
| [CVE-2026-32891](https://nvd.nist.gov/vuln/detail/CVE-2026-32891) | 9.0 | CRITICAL | CWE-80 | No | 0.0% | 6.30 | 2026-03-20 | Anchorr is a Discord bot for requesting movies and TV shows and receiving notifications when items are added to a media... |
| [CVE-2026-32890](https://nvd.nist.gov/vuln/detail/CVE-2026-32890) | 9.6 | CRITICAL | CWE-79 | No | 0.1% | 6.72 | 2026-03-20 | Anchorr is a Discord bot for requesting movies and TV shows and receiving notifications when items are added to a media... |
| [CVE-2026-32889](https://nvd.nist.gov/vuln/detail/CVE-2026-32889) | 6.5 | MEDIUM | CWE-835 | No | 0.0% | 4.55 | 2026-03-20 | tinytag is a Python library for reading audio file metadata. Version 2.2.0 allows an attacker who can supply MP3 files f... |
| [CVE-2026-32888](https://nvd.nist.gov/vuln/detail/CVE-2026-32888) | 8.8 | HIGH | CWE-89 | No | 0.0% | 6.16 | 2026-03-20 | Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Versions... |
| [CVE-2026-31869](https://nvd.nist.gov/vuln/detail/CVE-2026-31869) | 5.3 | MEDIUM | CWE-200 | No | 0.0% | 3.71 | 2026-03-20 | Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the Compos... |
| [CVE-2026-31805](https://nvd.nist.gov/vuln/detail/CVE-2026-31805) | 5.3 | MEDIUM | CWE-20 | No | 0.1% | 3.71 | 2026-03-20 | Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, an authori... |
| [CVE-2026-30891](https://nvd.nist.gov/vuln/detail/CVE-2026-30891) | 5.3 | MEDIUM | CWE-200 | No | 0.0% | 3.71 | 2026-03-20 | Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a user cou... |
| [CVE-2026-30889](https://nvd.nist.gov/vuln/detail/CVE-2026-30889) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-20 | Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a moderato... |
| [CVE-2026-30888](https://nvd.nist.gov/vuln/detail/CVE-2026-30888) | 2.2 | LOW | CWE-269 | No | 0.0% | 1.54 | 2026-03-20 | Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 allow a mod... |
| [CVE-2026-21992](https://nvd.nist.gov/vuln/detail/CVE-2026-21992) | 9.8 | CRITICAL | CWE-306 | No | 0.1% | 6.86 | 2026-03-20 | Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: REST WebServices) and Oracl... |
| [CVE-2026-4466](https://nvd.nist.gov/vuln/detail/CVE-2026-4466) | 5.1 | MEDIUM | CWE-74 | No | 0.3% | 3.58 | 2026-03-20 | A vulnerability has been found in Comfast CF-AC100 2.6.0.8. This affects an unknown function of the file /cgi-bin/mbox-c... |
| [CVE-2026-4465](https://nvd.nist.gov/vuln/detail/CVE-2026-4465) | 5.3 | MEDIUM | CWE-77 | No | 0.1% | 3.71 | 2026-03-20 | A flaw has been found in D-Link DIR-513 1.10. The impacted element is an unknown function of the file /goform/formSysCmd... |
| [CVE-2026-4464](https://nvd.nist.gov/vuln/detail/CVE-2026-4464) | 8.8 | HIGH | CWE-472 | No | 0.1% | 6.16 | 2026-03-20 | Integer overflow in ANGLE in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap... |
| [CVE-2026-4463](https://nvd.nist.gov/vuln/detail/CVE-2026-4463) | 8.8 | HIGH | CWE-122 | No | 0.1% | 6.16 | 2026-03-20 | Heap buffer overflow in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit... |
| [CVE-2026-4462](https://nvd.nist.gov/vuln/detail/CVE-2026-4462) | 8.8 | HIGH | CWE-125 | No | 0.1% | 6.16 | 2026-03-20 | Out of bounds read in Blink in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to perform an out of boun... |
| [CVE-2026-4461](https://nvd.nist.gov/vuln/detail/CVE-2026-4461) | 8.8 | HIGH | NVD-CWE-noinfo | No | 0.1% | 6.16 | 2026-03-20 | Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exp... |
| [CVE-2026-4460](https://nvd.nist.gov/vuln/detail/CVE-2026-4460) | 8.8 | HIGH | CWE-125 | No | 0.1% | 6.16 | 2026-03-20 | Out of bounds read in Skia in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to perform an out of bound... |
| [CVE-2026-4459](https://nvd.nist.gov/vuln/detail/CVE-2026-4459) | 8.8 | HIGH | CWE-125 | No | 0.1% | 6.16 | 2026-03-20 | Out of bounds read and write in WebAudio in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potential... |
| [CVE-2026-4458](https://nvd.nist.gov/vuln/detail/CVE-2026-4458) | 8.8 | HIGH | CWE-416 | No | 0.0% | 6.16 | 2026-03-20 | Use after free in Extensions in Google Chrome prior to 146.0.7680.153 allowed an attacker who convinced a user to instal... |
| [CVE-2026-4457](https://nvd.nist.gov/vuln/detail/CVE-2026-4457) | 8.8 | HIGH | CWE-843 | No | 0.1% | 6.16 | 2026-03-20 | Type Confusion in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corr... |
| [CVE-2026-4456](https://nvd.nist.gov/vuln/detail/CVE-2026-4456) | 8.8 | HIGH | CWE-416 | No | 0.1% | 6.16 | 2026-03-20 | Use after free in Digital Credentials API in Google Chrome prior to 146.0.7680.153 allowed a remote attacker who had com... |
| [CVE-2026-4455](https://nvd.nist.gov/vuln/detail/CVE-2026-4455) | 8.8 | HIGH | CWE-122 | No | 0.1% | 6.16 | 2026-03-20 | Heap buffer overflow in PDFium in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit... |
| [CVE-2026-4454](https://nvd.nist.gov/vuln/detail/CVE-2026-4454) | 8.8 | HIGH | CWE-416 | No | 0.1% | 6.16 | 2026-03-20 | Use after free in Network in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap... |
| [CVE-2026-4453](https://nvd.nist.gov/vuln/detail/CVE-2026-4453) | 4.3 | MEDIUM | CWE-472 | No | 0.0% | 3.01 | 2026-03-20 | Integer overflow in Dawn in Google Chrome on Mac prior to 146.0.7680.153 allowed a remote attacker to leak cross-origin... |
| [CVE-2026-4452](https://nvd.nist.gov/vuln/detail/CVE-2026-4452) | 8.8 | HIGH | CWE-472 | No | 0.1% | 6.16 | 2026-03-20 | Integer overflow in ANGLE in Google Chrome on Windows prior to 146.0.7680.153 allowed a remote attacker to potentially e... |
| [CVE-2026-4451](https://nvd.nist.gov/vuln/detail/CVE-2026-4451) | 8.8 | HIGH | CWE-20 | No | 0.1% | 6.16 | 2026-03-20 | Insufficient validation of untrusted input in Navigation in Google Chrome prior to 146.0.7680.153 allowed a remote attac... |
| [CVE-2026-4450](https://nvd.nist.gov/vuln/detail/CVE-2026-4450) | 8.8 | HIGH | CWE-787 | No | 0.1% | 6.16 | 2026-03-20 | Out of bounds write in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap... |
| [CVE-2026-4449](https://nvd.nist.gov/vuln/detail/CVE-2026-4449) | 8.8 | HIGH | CWE-416 | No | 0.1% | 6.16 | 2026-03-20 | Use after free in Blink in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap c... |
| [CVE-2026-4448](https://nvd.nist.gov/vuln/detail/CVE-2026-4448) | 8.8 | HIGH | CWE-122 | No | 0.1% | 6.16 | 2026-03-20 | Heap buffer overflow in ANGLE in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit... |
| [CVE-2026-4447](https://nvd.nist.gov/vuln/detail/CVE-2026-4447) | 8.8 | HIGH | NVD-CWE-noinfo | No | 0.1% | 6.16 | 2026-03-20 | Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to execute arbitra... |
| [CVE-2026-4446](https://nvd.nist.gov/vuln/detail/CVE-2026-4446) | 8.8 | HIGH | CWE-416 | No | 0.1% | 6.16 | 2026-03-20 | Use after free in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap... |
| [CVE-2026-4445](https://nvd.nist.gov/vuln/detail/CVE-2026-4445) | 8.8 | HIGH | CWE-416 | No | 0.1% | 6.16 | 2026-03-20 | Use after free in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap... |
| [CVE-2026-4444](https://nvd.nist.gov/vuln/detail/CVE-2026-4444) | 8.8 | HIGH | CWE-121 | No | 0.1% | 6.16 | 2026-03-20 | Stack buffer overflow in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploi... |
| [CVE-2026-4443](https://nvd.nist.gov/vuln/detail/CVE-2026-4443) | 8.8 | HIGH | CWE-122 | No | 0.1% | 6.16 | 2026-03-20 | Heap buffer overflow in WebAudio in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to execute arbitrary... |
| [CVE-2026-4442](https://nvd.nist.gov/vuln/detail/CVE-2026-4442) | 8.8 | HIGH | CWE-122 | No | 0.1% | 6.16 | 2026-03-20 | Heap buffer overflow in CSS in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit he... |
| [CVE-2026-4441](https://nvd.nist.gov/vuln/detail/CVE-2026-4441) | 8.8 | HIGH | CWE-416 | No | 0.1% | 6.16 | 2026-03-20 | Use after free in Base in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap co... |
| [CVE-2026-4440](https://nvd.nist.gov/vuln/detail/CVE-2026-4440) | 8.8 | HIGH | CWE-125 | No | 0.1% | 6.16 | 2026-03-20 | Out of bounds read and write in WebGL in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to perform arbi... |
| [CVE-2026-4439](https://nvd.nist.gov/vuln/detail/CVE-2026-4439) | 8.8 | HIGH | CWE-125 | No | 0.1% | 6.16 | 2026-03-20 | Out of bounds memory access in WebGL in Google Chrome on Android prior to 146.0.7680.153 allowed a remote attacker to po... |
| [CVE-2026-32881](https://nvd.nist.gov/vuln/detail/CVE-2026-32881) | 5.3 | MEDIUM | CWE-183 | No | 0.2% | 3.72 | 2026-03-20 | ewe is a Gleam web server. ewe is a Gleam web server. Versions 0.6.0 through 3.0.4 are vulnerable to authentication bypa... |
| [CVE-2026-32880](https://nvd.nist.gov/vuln/detail/CVE-2026-32880) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-03-20 | ChurchCRM is an open-source church management system. Versions prior to 7.0.2 allow an admin user to edit JSON type syst... |
| [CVE-2026-32875](https://nvd.nist.gov/vuln/detail/CVE-2026-32875) | 7.5 | HIGH | CWE-190 | No | 0.0% | 5.25 | 2026-03-20 | UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Versions 5.10 through 5.11... |
| [CVE-2026-32874](https://nvd.nist.gov/vuln/detail/CVE-2026-32874) | 7.5 | HIGH | CWE-401 | No | 0.1% | 5.25 | 2026-03-20 | UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Versions 5.4.0 through 5.1... |
| [CVE-2026-32873](https://nvd.nist.gov/vuln/detail/CVE-2026-32873) | 7.5 | HIGH | CWE-825 | No | 0.0% | 5.25 | 2026-03-20 | ewe is a Gleam web server. Versions 0.8.0 through 3.0.4 contain a bug in the handle_trailers function where rejected tra... |
| [CVE-2026-32817](https://nvd.nist.gov/vuln/detail/CVE-2026-32817) | 9.1 | CRITICAL | CWE-862 | No | 0.1% | 6.37 | 2026-03-20 | Admidio is an open-source user management solution. In versions 5.0.0 through 5.0.6, the documents and files module does... |
| [CVE-2026-32813](https://nvd.nist.gov/vuln/detail/CVE-2026-32813) | 8.0 | HIGH | CWE-89 | No | 0.0% | 5.60 | 2026-03-20 | Admidio is an open-source user management solution. Versions 5.0.6 and below are vulnerable to arbitrary SQL Injection t... |
| [CVE-2026-32812](https://nvd.nist.gov/vuln/detail/CVE-2026-32812) | 6.8 | MEDIUM | CWE-918 | No | 0.0% | 4.76 | 2026-03-20 | Admidio is an open-source user management solution. In versions 5.0.0 through 5.0.6, unrestricted URL fetch in the SSO M... |
| [CVE-2026-32811](https://nvd.nist.gov/vuln/detail/CVE-2026-32811) | 8.2 | HIGH | CWE-116 | No | 0.0% | 5.74 | 2026-03-20 | Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. When using Heimdall in envoy gRPC d... |
| [CVE-2026-32808](https://nvd.nist.gov/vuln/detail/CVE-2026-32808) | 8.1 | HIGH | CWE-22 | No | 0.1% | 5.67 | 2026-03-20 | pyLoad is a free and open-source download manager written in Python. Versions before 0.5.0b3.dev97 are vulnerable to pat... |
| [CVE-2026-32711](https://nvd.nist.gov/vuln/detail/CVE-2026-32711) | 7.8 | HIGH | CWE-22 | No | 0.0% | 5.46 | 2026-03-20 | pydicom is a pure Python package for working with DICOM files. Versions 2.0.0-rc.1 through 3.0.1 are vulnerable to Path... |
| [CVE-2026-32829](https://nvd.nist.gov/vuln/detail/CVE-2026-32829) | 8.2 | HIGH | CWE-201 | No | 0.0% | 5.74 | 2026-03-20 | lz4_flex is a pure Rust implementation of LZ4 compression/decompression. In versions 0.11.5 and below, and 0.12.0,  deco... |
| [CVE-2026-32828](https://nvd.nist.gov/vuln/detail/CVE-2026-32828) | 2.0 | LOW | CWE-918 | No | 0.0% | 1.40 | 2026-03-20 | Kargo manages and automates the promotion of software artifacts. In versions 1.4.0 through 1.6.3, 1.7.0-rc.1 through 1.7... |
| [CVE-2026-32771](https://nvd.nist.gov/vuln/detail/CVE-2026-32771) | 8.8 | HIGH | CWE-22 | No | 0.0% | 6.16 | 2026-03-20 | The CTFer.io Monitoring component is in charge of the collection, process and storage of various signals (i.e. logs, met... |
| [CVE-2026-32769](https://nvd.nist.gov/vuln/detail/CVE-2026-32769) | 7.1 | HIGH | CWE-284 | No | 0.1% | 4.97 | 2026-03-20 | Fullchain is an umbrella project for deploying a ready-to-use CTF platform. In versions prior to  0.1.1, due to a mis-wr... |
| [CVE-2026-32767](https://nvd.nist.gov/vuln/detail/CVE-2026-32767) | 9.8 | CRITICAL | CWE-89 | No | 0.0% | 6.86 | 2026-03-20 | SiYuan is a personal knowledge management system. Versions 3.6.0 and below contain an authorization bypass vulnerability... |
| [CVE-2026-33289](https://nvd.nist.gov/vuln/detail/CVE-2026-33289) | 8.8 | HIGH | CWE-90 | No | 0.2% | 6.17 | 2026-03-20 | SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versi... |
| [CVE-2026-33288](https://nvd.nist.gov/vuln/detail/CVE-2026-33288) | 8.8 | HIGH | CWE-89 | No | 0.1% | 6.16 | 2026-03-20 | SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versi... |
| [CVE-2026-32985](https://nvd.nist.gov/vuln/detail/CVE-2026-32985) | 9.3 | CRITICAL | CWE-306 | No | 0.8% | 6.53 | 2026-03-20 | Xerte Online Toolkits versions 3.14 and earlier contain an unauthenticated arbitrary file upload vulnerability in the te... |
| [CVE-2026-32766](https://nvd.nist.gov/vuln/detail/CVE-2026-32766) | 1.7 | LOW | CWE-436 | No | 0.0% | 1.19 | 2026-03-20 | astral-tokio-tar is a tar archive reading/writing library for async Rust. In versions 0.5.6 and earlier, malformed PAX e... |
| [CVE-2026-32765](https://nvd.nist.gov/vuln/detail/CVE-2026-32765) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-03-20 | Rejected reason: This repository is no longer public. |
| [CVE-2026-32764](https://nvd.nist.gov/vuln/detail/CVE-2026-32764) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-03-20 | Rejected reason: This repository is no longer public. |
| [CVE-2026-32763](https://nvd.nist.gov/vuln/detail/CVE-2026-32763) | 8.2 | HIGH | CWE-89 | No | 0.0% | 5.74 | 2026-03-20 | Kysely is a type-safe TypeScript SQL query builder. Versions up to and including 0.28.11 has a SQL injection vulnerabili... |
| [CVE-2026-32761](https://nvd.nist.gov/vuln/detail/CVE-2026-32761) | 6.5 | MEDIUM | CWE-284 | No | 0.0% | 4.55 | 2026-03-20 | File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a spec... |
| [CVE-2026-32760](https://nvd.nist.gov/vuln/detail/CVE-2026-32760) | 10.0 | CRITICAL | CWE-269 | No | 0.0% | 7.00 | 2026-03-20 | File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a spec... |
| [CVE-2026-32759](https://nvd.nist.gov/vuln/detail/CVE-2026-32759) | 5.3 | MEDIUM | CWE-190 | No | 0.2% | 3.72 | 2026-03-20 | File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a spec... |
| [CVE-2026-32758](https://nvd.nist.gov/vuln/detail/CVE-2026-32758) | 6.5 | MEDIUM | CWE-22 | No | 0.0% | 4.55 | 2026-03-20 | File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a spec... |
| [CVE-2026-32757](https://nvd.nist.gov/vuln/detail/CVE-2026-32757) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-20 | Admidio is an open-source user management solution. In versions 5.0.6 and below, the eCard send handler uses a raw $_POS... |
| [CVE-2026-32756](https://nvd.nist.gov/vuln/detail/CVE-2026-32756) | 8.8 | HIGH | CWE-434 | No | 0.0% | 6.16 | 2026-03-20 | Admidio is an open-source user management solution. Versions 5.0.6 and below contain a critical unrestricted file upload... |
| [CVE-2026-32697](https://nvd.nist.gov/vuln/detail/CVE-2026-32697) | 6.5 | MEDIUM | CWE-639 | No | 0.0% | 4.55 | 2026-03-20 | SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versi... |
| [CVE-2026-29189](https://nvd.nist.gov/vuln/detail/CVE-2026-29189) | 8.1 | HIGH | CWE-639 | No | 0.0% | 5.67 | 2026-03-20 | SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versi... |
| [CVE-2026-29109](https://nvd.nist.gov/vuln/detail/CVE-2026-29109) | 8.6 | HIGH | CWE-502 | No | 0.1% | 6.02 | 2026-03-20 | SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions up to... |
| [CVE-2026-29108](https://nvd.nist.gov/vuln/detail/CVE-2026-29108) | 6.5 | MEDIUM | CWE-200 | No | 0.0% | 4.55 | 2026-03-20 | SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versi... |
| [CVE-2026-22737](https://nvd.nist.gov/vuln/detail/CVE-2026-22737) | 5.9 | MEDIUM | CWE-22 | No | 0.1% | 4.13 | 2026-03-20 | Use of Java scripting engine enabled (e.g. JRuby, Jython) template views in Spring MVC and Spring WebFlux applications c... |
| [CVE-2026-22735](https://nvd.nist.gov/vuln/detail/CVE-2026-22735) | 2.6 | LOW | CWE-667 | No | 0.0% | 1.82 | 2026-03-20 | Spring MVC and WebFlux applications are vulnerable to stream corruption when using Server-Sent Events (SSE). This issue... |
| [CVE-2026-22733](https://nvd.nist.gov/vuln/detail/CVE-2026-22733) | 8.2 | HIGH | CWE-288 | No | 0.1% | 5.74 | 2026-03-20 | Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application... |
| [CVE-2026-3948](https://nvd.nist.gov/vuln/detail/CVE-2026-3948) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-03-19 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. |
| [CVE-2026-33408](https://nvd.nist.gov/vuln/detail/CVE-2026-33408) | 2.2 | LOW | CWE-862 | No | 0.0% | 1.54 | 2026-03-19 | Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, moderators... |
| [CVE-2026-33395](https://nvd.nist.gov/vuln/detail/CVE-2026-33395) | 4.4 | MEDIUM | CWE-79 | No | 0.0% | 3.08 | 2026-03-19 | Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the discou... |
| [CVE-2026-32818](https://nvd.nist.gov/vuln/detail/CVE-2026-32818) | 6.5 | MEDIUM | CWE-862 | No | 0.0% | 4.55 | 2026-03-19 | Admidio is an open-source user management solution. In versions 5.0.0 through 5.0.6, the forum module in Admidio does no... |
| [CVE-2026-32816](https://nvd.nist.gov/vuln/detail/CVE-2026-32816) | 5.7 | MEDIUM | CWE-352 | No | 0.0% | 3.99 | 2026-03-19 | Admidio is an open-source user management solution. In versions 5.0.0 through 5.0.6, the delete, activate, and deactivat... |
| [CVE-2026-32755](https://nvd.nist.gov/vuln/detail/CVE-2026-32755) | 5.7 | MEDIUM | CWE-352 | No | 0.0% | 3.99 | 2026-03-19 | Admidio is an open-source user management solution. In versions 5.0.6 and below, the save_membership action in modules/p... |
| [CVE-2026-32721](https://nvd.nist.gov/vuln/detail/CVE-2026-32721) | 8.6 | HIGH | CWE-79 | No | 0.0% | 6.02 | 2026-03-19 | LuCI is the OpenWrt Configuration Interface. Versions prior to both 24.10.5 and 25.12.0, contain a stored XSS vulnerabil... |
| [CVE-2026-30874](https://nvd.nist.gov/vuln/detail/CVE-2026-30874) | 1.8 | LOW | CWE-74 | No | 0.0% | 1.26 | 2026-03-19 | OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6, a vulnerability in... |
| [CVE-2026-29107](https://nvd.nist.gov/vuln/detail/CVE-2026-29107) | 5.0 | MEDIUM | CWE-918 | No | 0.0% | 3.50 | 2026-03-19 | SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versi... |
| [CVE-2026-29106](https://nvd.nist.gov/vuln/detail/CVE-2026-29106) | 5.9 | MEDIUM | CWE-79 | No | 0.0% | 4.13 | 2026-03-19 | SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versi... |
| [CVE-2026-29105](https://nvd.nist.gov/vuln/detail/CVE-2026-29105) | 5.4 | MEDIUM | CWE-601 | No | 0.0% | 3.78 | 2026-03-19 | SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versi... |
| [CVE-2026-29104](https://nvd.nist.gov/vuln/detail/CVE-2026-29104) | 2.7 | LOW | CWE-434 | No | 0.0% | 1.89 | 2026-03-19 | SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versi... |
| [CVE-2026-29103](https://nvd.nist.gov/vuln/detail/CVE-2026-29103) | 9.1 | CRITICAL | CWE-94 | No | 0.3% | 6.38 | 2026-03-19 | SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. A Critical Rem... |
| [CVE-2026-29102](https://nvd.nist.gov/vuln/detail/CVE-2026-29102) | 7.2 | HIGH | CWE-94 | No | 0.3% | 5.05 | 2026-03-19 | SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versi... |
| [CVE-2026-29101](https://nvd.nist.gov/vuln/detail/CVE-2026-29101) | 4.9 | MEDIUM | CWE-23 | No | 0.1% | 3.43 | 2026-03-19 | SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versi... |
| [CVE-2026-29100](https://nvd.nist.gov/vuln/detail/CVE-2026-29100) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-19 | SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. SuiteCRM 7.15.... |
| [CVE-2026-29099](https://nvd.nist.gov/vuln/detail/CVE-2026-29099) | 8.8 | HIGH | CWE-89 | No | 0.0% | 6.16 | 2026-03-19 | SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versi... |
| [CVE-2026-29098](https://nvd.nist.gov/vuln/detail/CVE-2026-29098) | 4.9 | MEDIUM | CWE-23 | No | 0.1% | 3.43 | 2026-03-19 | SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versi... |
| [CVE-2026-29097](https://nvd.nist.gov/vuln/detail/CVE-2026-29097) | 7.1 | HIGH | CWE-918 | No | 0.0% | 4.97 | 2026-03-19 | SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions prior... |
| [CVE-2026-29096](https://nvd.nist.gov/vuln/detail/CVE-2026-29096) | 8.1 | HIGH | CWE-89 | No | 0.0% | 5.67 | 2026-03-19 | SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versi... |
| [CVE-2026-4342](https://nvd.nist.gov/vuln/detail/CVE-2026-4342) | 8.8 | HIGH | CWE-20 | No | 0.0% | 6.16 | 2026-03-19 | A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject config... |
| [CVE-2026-4159](https://nvd.nist.gov/vuln/detail/CVE-2026-4159) | 1.2 | LOW | CWE-125 | No | 0.0% | 0.84 | 2026-03-19 | 1-byte OOB heap read in wc_PKCS7_DecodeEnvelopedData via zero-length encrypted content. A vulnerability existed in wolfS... |
| [CVE-2026-33410](https://nvd.nist.gov/vuln/detail/CVE-2026-33410) | 5.4 | MEDIUM | CWE-863 | No | 0.0% | 3.78 | 2026-03-19 | Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have two au... |
| [CVE-2026-33394](https://nvd.nist.gov/vuln/detail/CVE-2026-33394) | 2.7 | LOW | CWE-200 | No | 0.0% | 1.89 | 2026-03-19 | Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the Post E... |
| [CVE-2026-33393](https://nvd.nist.gov/vuln/detail/CVE-2026-33393) | 4.3 | MEDIUM | CWE-284 | No | 0.0% | 3.01 | 2026-03-19 | Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the `allow... |
| [CVE-2026-33355](https://nvd.nist.gov/vuln/detail/CVE-2026-33355) | 6.5 | MEDIUM | CWE-200 | No | 0.0% | 4.55 | 2026-03-19 | Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the `/priv... |
| [CVE-2026-32815](https://nvd.nist.gov/vuln/detail/CVE-2026-32815) | 5.3 | MEDIUM | CWE-287 | No | 0.0% | 3.71 | 2026-03-19 | SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the WebSocket endpoint (/ws) allows unaut... |
| [CVE-2026-32754](https://nvd.nist.gov/vuln/detail/CVE-2026-32754) | 9.3 | CRITICAL | CWE-79 | No | 0.1% | 6.51 | 2026-03-19 | FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Versions 1.8.208 and below are vulner... |
| [CVE-2026-32753](https://nvd.nist.gov/vuln/detail/CVE-2026-32753) | 8.5 | HIGH | CWE-80 | No | 0.0% | 5.95 | 2026-03-19 | FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. In versions 1.8.208 and below, bypass... |
| [CVE-2026-32752](https://nvd.nist.gov/vuln/detail/CVE-2026-32752) | 0.0 | NONE | CWE-284 | No | 0.0% | 0.00 | 2026-03-19 | FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. In versions 1.8.208 and below, the Th... |
| [CVE-2026-32751](https://nvd.nist.gov/vuln/detail/CVE-2026-32751) | 5.1 | MEDIUM | CWE-79 | No | 0.2% | 3.58 | 2026-03-19 | SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the mobile file tree (MobileFiles.ts) ren... |
| [CVE-2026-32750](https://nvd.nist.gov/vuln/detail/CVE-2026-32750) | 6.8 | MEDIUM | CWE-22 | No | 0.0% | 4.76 | 2026-03-19 | SiYuan is a personal knowledge management system. In versions 3.6.0 and below, POST /api/import/importStdMd passes the l... |
| [CVE-2026-32194](https://nvd.nist.gov/vuln/detail/CVE-2026-32194) | 9.8 | CRITICAL | CWE-77 | No | 0.1% | 6.86 | 2026-03-19 | Improper neutralization of special elements used in a command ('command injection') in Microsoft Bing Images allows an u... |
| [CVE-2026-32099](https://nvd.nist.gov/vuln/detail/CVE-2026-32099) | 4.3 | MEDIUM | CWE-200 | No | 0.0% | 3.01 | 2026-03-19 | Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, when a use... |
| [CVE-2026-32041](https://nvd.nist.gov/vuln/detail/CVE-2026-32041) | 7.5 | HIGH | CWE-306 | No | 0.0% | 5.25 | 2026-03-19 | OpenClaw versions prior to 2026.3.1 fail to properly handle authentication bootstrap errors during startup, allowing bro... |
| [CVE-2026-32040](https://nvd.nist.gov/vuln/detail/CVE-2026-32040) | 2.4 | LOW | CWE-79 | No | 0.0% | 1.68 | 2026-03-19 | OpenClaw versions prior to 2026.2.23 contain an html injection vulnerability in the HTML session exporter that allows at... |
| [CVE-2026-32039](https://nvd.nist.gov/vuln/detail/CVE-2026-32039) | 6.0 | MEDIUM | CWE-639 | No | 0.0% | 4.20 | 2026-03-19 | OpenClaw versions prior to 2026.2.22 contain an authorization bypass vulnerability in the toolsBySender group policy mat... |
| [CVE-2026-32038](https://nvd.nist.gov/vuln/detail/CVE-2026-32038) | 9.3 | CRITICAL | CWE-284 | No | 0.1% | 6.51 | 2026-03-19 | OpenClaw before 2026.2.24 contains a sandbox network isolation bypass vulnerability that allows trusted operators to joi... |
| [CVE-2026-32037](https://nvd.nist.gov/vuln/detail/CVE-2026-32037) | 2.3 | LOW | CWE-918 | No | 0.0% | 1.61 | 2026-03-19 | OpenClaw versions prior to 2026.2.22 fail to consistently validate redirect chains against configured mediaAllowHosts al... |
| [CVE-2026-32036](https://nvd.nist.gov/vuln/detail/CVE-2026-32036) | 8.3 | HIGH | CWE-289 | No | 0.1% | 5.81 | 2026-03-19 | OpenClaw gateway plugin versions prior to 2026.2.26 contain a path traversal vulnerability that allows remote attackers... |
| [CVE-2026-32035](https://nvd.nist.gov/vuln/detail/CVE-2026-32035) | 5.8 | MEDIUM | CWE-863 | No | 0.0% | 4.06 | 2026-03-19 | OpenClaw versions prior to 2026.3.2 fail to pass the senderIsOwner flag when processing Discord voice transcripts in age... |
| [CVE-2026-32034](https://nvd.nist.gov/vuln/detail/CVE-2026-32034) | 6.1 | MEDIUM | CWE-78 | No | 0.1% | 4.27 | 2026-03-19 | OpenClaw versions prior to 2026.2.21 contain an authentication bypass vulnerability in the Control UI when allowInsecure... |
| [CVE-2026-32033](https://nvd.nist.gov/vuln/detail/CVE-2026-32033) | 6.0 | MEDIUM | CWE-22 | No | 0.1% | 4.20 | 2026-03-19 | OpenClaw versions prior to 2026.2.24 contain a path traversal vulnerability where @-prefixed absolute paths bypass works... |
| [CVE-2026-32032](https://nvd.nist.gov/vuln/detail/CVE-2026-32032) | 7.3 | HIGH | CWE-426 | No | 0.0% | 5.11 | 2026-03-19 | OpenClaw versions prior to 2026.2.22 contain an arbitrary shell execution vulnerability in shell environment fallback th... |
| [CVE-2026-32031](https://nvd.nist.gov/vuln/detail/CVE-2026-32031) | 6.3 | MEDIUM | CWE-288 | No | 0.1% | 4.41 | 2026-03-19 | OpenClaw versions prior to 2026.2.26 server-http contains an authentication bypass vulnerability in gateway authenticati... |
| [CVE-2026-32030](https://nvd.nist.gov/vuln/detail/CVE-2026-32030) | 8.2 | HIGH | CWE-22 | No | 0.1% | 5.74 | 2026-03-19 | OpenClaw versions prior to 2026.2.19 contain a path traversal vulnerability in the stageSandboxMedia function that accep... |
| [CVE-2026-32029](https://nvd.nist.gov/vuln/detail/CVE-2026-32029) | 6.3 | MEDIUM | CWE-345 | No | 0.0% | 4.41 | 2026-03-19 | OpenClaw versions prior to 2026.2.21 improperly parse the left-most X-Forwarded-For header value when requests originate... |
| [CVE-2026-32028](https://nvd.nist.gov/vuln/detail/CVE-2026-32028) | 6.3 | MEDIUM | CWE-863 | No | 0.0% | 4.41 | 2026-03-19 | OpenClaw versions prior to 2026.2.25 fail to enforce dmPolicy and allowFrom authorization checks on Discord direct-messa... |
| [CVE-2026-32027](https://nvd.nist.gov/vuln/detail/CVE-2026-32027) | 7.1 | HIGH | CWE-863 | No | 0.0% | 4.97 | 2026-03-19 | OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability where DM pairing-store identities are... |
| [CVE-2026-32026](https://nvd.nist.gov/vuln/detail/CVE-2026-32026) | 7.1 | HIGH | CWE-22 | No | 0.1% | 4.97 | 2026-03-19 | OpenClaw versions prior to 2026.2.24 contain an improper path validation vulnerability in sandbox media handling that al... |
| [CVE-2026-32025](https://nvd.nist.gov/vuln/detail/CVE-2026-32025) | 7.5 | HIGH | CWE-307 | No | 0.1% | 5.25 | 2026-03-19 | OpenClaw versions prior to 2026.2.25 contain an authentication hardening gap in browser-origin WebSocket clients that al... |
| [CVE-2026-32024](https://nvd.nist.gov/vuln/detail/CVE-2026-32024) | 6.8 | MEDIUM | CWE-59 | No | 0.0% | 4.76 | 2026-03-19 | OpenClaw versions prior to 2026.2.22 contain a symlink traversal vulnerability in avatar handling that allows attackers... |
| [CVE-2026-32023](https://nvd.nist.gov/vuln/detail/CVE-2026-32023) | 6.0 | MEDIUM | CWE-863 | No | 0.0% | 4.20 | 2026-03-19 | OpenClaw versions prior to 2026.2.24 contain an approval gating bypass vulnerability in system.run allowlist mode where... |
| [CVE-2026-32022](https://nvd.nist.gov/vuln/detail/CVE-2026-32022) | 6.0 | MEDIUM | CWE-184 | No | 0.1% | 4.20 | 2026-03-19 | OpenClaw versions prior to 2026.2.21 contain a stdin-only policy bypass vulnerability in the grep tool within tools.exec... |
| [CVE-2026-32021](https://nvd.nist.gov/vuln/detail/CVE-2026-32021) | 6.3 | MEDIUM | CWE-863 | No | 0.0% | 4.41 | 2026-03-19 | OpenClaw versions prior to 2026.2.22 contain an authorization bypass vulnerability in the Feishu allowFrom allowlist imp... |
| [CVE-2026-32020](https://nvd.nist.gov/vuln/detail/CVE-2026-32020) | 4.8 | MEDIUM | CWE-59 | No | 0.0% | 3.36 | 2026-03-19 | OpenClaw versions prior to 2026.2.22 contain a path traversal vulnerability in the static file handler that follows symb... |
| [CVE-2026-32019](https://nvd.nist.gov/vuln/detail/CVE-2026-32019) | 2.3 | LOW | CWE-918 | No | 0.0% | 1.61 | 2026-03-19 | OpenClaw versions prior to 2026.2.22 contain incomplete IPv4 special-use range validation in the isPrivateIpv4() functio... |
| [CVE-2026-32018](https://nvd.nist.gov/vuln/detail/CVE-2026-32018) | 2.0 | LOW | CWE-362 | No | 0.0% | 1.40 | 2026-03-19 | OpenClaw versions prior to 2026.2.19 contain a race condition vulnerability in concurrent updateRegistry and removeRegis... |
| [CVE-2026-32017](https://nvd.nist.gov/vuln/detail/CVE-2026-32017) | 6.0 | MEDIUM | CWE-184 | No | 0.0% | 4.20 | 2026-03-19 | OpenClaw versions prior to 2026.2.19 contain an allowlist bypass vulnerability in the exec safeBins policy that allows a... |
| [CVE-2026-32016](https://nvd.nist.gov/vuln/detail/CVE-2026-32016) | 7.3 | HIGH | CWE-426 | No | 0.0% | 5.11 | 2026-03-19 | OpenClaw versions prior to 2026.2.22 on macOS contain a path validation bypass vulnerability in the exec-approval allowl... |
| [CVE-2026-32015](https://nvd.nist.gov/vuln/detail/CVE-2026-32015) | 7.3 | HIGH | CWE-426 | No | 0.0% | 5.11 | 2026-03-19 | OpenClaw versions 2026.1.21 prior to 2026.2.19 contain a path hijacking vulnerability in tools.exec.safeBins that allows... |
| [CVE-2026-32014](https://nvd.nist.gov/vuln/detail/CVE-2026-32014) | 8.6 | HIGH | CWE-290 | No | 0.0% | 6.02 | 2026-03-19 | OpenClaw versions prior to 2026.2.26 contain a metadata spoofing vulnerability where reconnect platform and deviceFamily... |
| [CVE-2026-32013](https://nvd.nist.gov/vuln/detail/CVE-2026-32013) | 8.7 | HIGH | CWE-59 | No | 0.1% | 6.09 | 2026-03-19 | OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in the agents.files.get and agents.files.... |
| [CVE-2026-32011](https://nvd.nist.gov/vuln/detail/CVE-2026-32011) | 8.7 | HIGH | CWE-770 | No | 0.1% | 6.09 | 2026-03-19 | OpenClaw versions prior to 2026.3.2 contain a denial of service vulnerability in webhook handlers for BlueBubbles and Go... |
| [CVE-2026-32010](https://nvd.nist.gov/vuln/detail/CVE-2026-32010) | 5.8 | MEDIUM | CWE-78 | No | 0.0% | 4.06 | 2026-03-19 | OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in the safe-bin configuration when sort i... |
| [CVE-2026-32009](https://nvd.nist.gov/vuln/detail/CVE-2026-32009) | 7.0 | HIGH | CWE-426 | No | 0.0% | 4.90 | 2026-03-19 | OpenClaw versions prior to 2026.2.24 contain a policy bypass vulnerability in the safeBins allowlist evaluation that tru... |
| [CVE-2026-32008](https://nvd.nist.gov/vuln/detail/CVE-2026-32008) | 7.1 | HIGH | CWE-610 | No | 0.0% | 4.97 | 2026-03-19 | OpenClaw versions prior to 2026.2.21 contain an improper URL scheme validation vulnerability in the assertBrowserNavigat... |
| [CVE-2026-32007](https://nvd.nist.gov/vuln/detail/CVE-2026-32007) | 7.6 | HIGH | CWE-22 | No | 0.0% | 5.32 | 2026-03-19 | OpenClaw versions prior to 2026.2.23 contain a path traversal vulnerability in the experimental apply_patch tool that al... |
| [CVE-2026-32006](https://nvd.nist.gov/vuln/detail/CVE-2026-32006) | 2.3 | LOW | CWE-863 | No | 0.0% | 1.61 | 2026-03-19 | OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability where DM pairing-store identities are... |
| [CVE-2026-32005](https://nvd.nist.gov/vuln/detail/CVE-2026-32005) | 7.6 | HIGH | CWE-863 | No | 0.0% | 5.32 | 2026-03-19 | OpenClaw versions prior to 2026.2.25 fail to enforce sender authorization checks for interactive callbacks including blo... |
| [CVE-2026-32004](https://nvd.nist.gov/vuln/detail/CVE-2026-32004) | 8.3 | HIGH | CWE-288 | No | 0.1% | 5.81 | 2026-03-19 | OpenClaw versions prior to 2026.3.2 contain an authentication bypass vulnerability in the /api/channels route classifica... |
| [CVE-2026-32003](https://nvd.nist.gov/vuln/detail/CVE-2026-32003) | 7.5 | HIGH | CWE-78 | No | 0.1% | 5.25 | 2026-03-19 | OpenClaw versions prior to 2026.2.22 contain an environment variable injection vulnerability in the system.run function... |
| [CVE-2026-32002](https://nvd.nist.gov/vuln/detail/CVE-2026-32002) | 6.0 | MEDIUM | CWE-200 | No | 0.0% | 4.20 | 2026-03-19 | OpenClaw versions prior to 2026.2.23 contain a sandbox bypass vulnerability in the sandboxed image tool that fails to en... |
| [CVE-2026-32001](https://nvd.nist.gov/vuln/detail/CVE-2026-32001) | 5.3 | MEDIUM | CWE-863 | No | 0.1% | 3.71 | 2026-03-19 | OpenClaw versions prior to 2026.2.22 contain an authentication bypass vulnerability that allows clients authenticated wi... |
| [CVE-2026-30873](https://nvd.nist.gov/vuln/detail/CVE-2026-30873) | 2.4 | LOW | CWE-401 | No | 0.0% | 1.68 | 2026-03-19 | OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to both 24.10.6 and 25.12.1, t... |
| [CVE-2026-30872](https://nvd.nist.gov/vuln/detail/CVE-2026-30872) | 9.5 | CRITICAL | CWE-121 | No | 0.1% | 6.65 | 2026-03-19 | OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6 and 25.12.1, the md... |
| [CVE-2026-30871](https://nvd.nist.gov/vuln/detail/CVE-2026-30871) | 9.5 | CRITICAL | CWE-121 | No | 0.0% | 6.65 | 2026-03-19 | OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6 and 25.12.1, the md... |
| [CVE-2026-29072](https://nvd.nist.gov/vuln/detail/CVE-2026-29072) | 8.2 | HIGH | CWE-862 | No | 0.0% | 5.74 | 2026-03-19 | Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, users who... |
| [CVE-2026-28282](https://nvd.nist.gov/vuln/detail/CVE-2026-28282) | 2.3 | LOW | CWE-863 | No | 0.0% | 1.61 | 2026-03-19 | Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a secu... |
| [CVE-2026-27936](https://nvd.nist.gov/vuln/detail/CVE-2026-27936) | 6.9 | MEDIUM | CWE-863 | No | 0.0% | 4.83 | 2026-03-19 | Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a restrict... |
| [CVE-2026-27935](https://nvd.nist.gov/vuln/detail/CVE-2026-27935) | 6.9 | MEDIUM | CWE-201 | No | 0.0% | 4.83 | 2026-03-19 | Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a vuln... |
| [CVE-2026-27934](https://nvd.nist.gov/vuln/detail/CVE-2026-27934) | 8.7 | HIGH | CWE-201 | No | 0.0% | 6.09 | 2026-03-19 | Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a lack... |
| [CVE-2026-4395](https://nvd.nist.gov/vuln/detail/CVE-2026-4395) | 1.3 | LOW | CWE-122 | No | 0.1% | 0.91 | 2026-03-19 | Heap-based buffer overflow in the KCAPI ECC code path of wc_ecc_import_x963_ex() in wolfSSL wolfcrypt allows a remote at... |
| [CVE-2026-3849](https://nvd.nist.gov/vuln/detail/CVE-2026-3849) | 6.9 | MEDIUM | CWE-787 | No | 0.2% | 4.84 | 2026-03-19 | Stack Buffer Overflow in wc_HpkeLabeledExtract via Oversized ECH Config. A vulnerability existed in wolfSSL 5.8.4 ECH (E... |
| [CVE-2026-3549](https://nvd.nist.gov/vuln/detail/CVE-2026-3549) | 8.3 | HIGH | CWE-122 | No | 0.1% | 5.81 | 2026-03-19 | Heap Overflow in TLS 1.3 ECH parsing. An integer underflow existed in ECH extension parsing logic when calculating a buf... |
| [CVE-2026-3547](https://nvd.nist.gov/vuln/detail/CVE-2026-3547) | 7.5 | HIGH | CWE-125 | No | 0.0% | 5.25 | 2026-03-19 | Out-of-bounds read in ALPN parsing due to incomplete validation. wolfSSL 5.8.4 and earlier contained an out-of-bounds re... |
| [CVE-2026-3230](https://nvd.nist.gov/vuln/detail/CVE-2026-3230) | 1.2 | LOW | CWE-20 | No | 0.1% | 0.84 | 2026-03-19 | Missing required cryptographic step in the TLS 1.3 client HelloRetryRequest handshake logic in wolfSSL could lead to a c... |
| [CVE-2026-3229](https://nvd.nist.gov/vuln/detail/CVE-2026-3229) | 1.2 | LOW | CWE-122 | No | 0.0% | 0.84 | 2026-03-19 | An integer overflow vulnerability existed in the static function wolfssl_add_to_chain, that caused heap corruption when... |
| [CVE-2026-33346](https://nvd.nist.gov/vuln/detail/CVE-2026-33346) | 8.7 | HIGH | CWE-79 | No | 0.0% | 6.09 | 2026-03-19 | OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.... |
| [CVE-2026-33321](https://nvd.nist.gov/vuln/detail/CVE-2026-33321) | 7.2 | HIGH | CWE-918 | No | 0.1% | 5.04 | 2026-03-19 | OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.... |
| [CVE-2026-33305](https://nvd.nist.gov/vuln/detail/CVE-2026-33305) | 5.4 | MEDIUM | CWE-696 | No | 0.1% | 3.78 | 2026-03-19 | OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.... |
| [CVE-2026-33304](https://nvd.nist.gov/vuln/detail/CVE-2026-33304) | 6.5 | MEDIUM | CWE-639 | No | 0.1% | 4.55 | 2026-03-19 | OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.... |
| [CVE-2026-33303](https://nvd.nist.gov/vuln/detail/CVE-2026-33303) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-19 | OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior... |
| [CVE-2026-33302](https://nvd.nist.gov/vuln/detail/CVE-2026-33302) | 7.3 | HIGH | CWE-863 | No | 0.1% | 5.11 | 2026-03-19 | OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.... |
| [CVE-2026-33301](https://nvd.nist.gov/vuln/detail/CVE-2026-33301) | 7.1 | HIGH | CWE-116 | No | 0.1% | 4.97 | 2026-03-19 | OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.... |
| [CVE-2026-33299](https://nvd.nist.gov/vuln/detail/CVE-2026-33299) | 8.5 | HIGH | CWE-79 | No | 0.2% | 5.96 | 2026-03-19 | OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.... |
| [CVE-2026-32749](https://nvd.nist.gov/vuln/detail/CVE-2026-32749) | 7.6 | HIGH | CWE-22 | No | 0.1% | 5.32 | 2026-03-19 | SiYuan is a personal knowledge management system. In versions 3.6.0 and below, POST /api/import/importSY and POST /api/i... |
| [CVE-2026-32747](https://nvd.nist.gov/vuln/detail/CVE-2026-32747) | 6.8 | MEDIUM | CWE-22 | No | 0.1% | 4.76 | 2026-03-19 | SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the globalCopyFiles API  eads source file... |
| [CVE-2026-32622](https://nvd.nist.gov/vuln/detail/CVE-2026-32622) | 8.6 | HIGH | CWE-20 | No | 0.3% | 6.03 | 2026-03-19 | SQLBot is an intelligent data query system based on a large language model and RAG. Versions 1.5.0 and below contain a S... |
| [CVE-2026-32191](https://nvd.nist.gov/vuln/detail/CVE-2026-32191) | 9.8 | CRITICAL | CWE-78 | No | 0.1% | 6.86 | 2026-03-19 | Improper neutralization of special elements used in an os command ('os command injection') in Microsoft Bing Images allo... |
| [CVE-2026-32169](https://nvd.nist.gov/vuln/detail/CVE-2026-32169) | 10.0 | CRITICAL | CWE-918 | No | 0.1% | 7.00 | 2026-03-19 | Server-side request forgery (ssrf) in Azure Cloud Shell allows an unauthorized attacker to elevate privileges over a net... |
| [CVE-2026-30924](https://nvd.nist.gov/vuln/detail/CVE-2026-30924) | 9.0 | CRITICAL | CWE-942 | No | 0.0% | 6.30 | 2026-03-19 | qui is a web interface for managing qBittorrent instances. Versions 1.14.1 and below use a permissive CORS policy that r... |
| [CVE-2026-30836](https://nvd.nist.gov/vuln/detail/CVE-2026-30836) | 10.0 | CRITICAL | CWE-287 | No | 0.0% | 7.00 | 2026-03-19 | Step CA is an online certificate authority for secure, automated certificate management for DevOps. Versions 0.30.0-rc6... |
| [CVE-2026-27953](https://nvd.nist.gov/vuln/detail/CVE-2026-27953) | 7.1 | HIGH | CWE-20 | No | 0.2% | 4.98 | 2026-03-19 | ormar is a async mini ORM for Python. Versions 0.23.0 and below are vulnerable to Pydantic validation bypass through the... |
| [CVE-2026-27740](https://nvd.nist.gov/vuln/detail/CVE-2026-27740) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-03-19 | Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a cros... |
| [CVE-2026-27570](https://nvd.nist.gov/vuln/detail/CVE-2026-27570) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-03-19 | Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the onebox... |
| [CVE-2026-27491](https://nvd.nist.gov/vuln/detail/CVE-2026-27491) | 6.9 | MEDIUM | CWE-862 | No | 0.0% | 4.83 | 2026-03-19 | Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a type coe... |
| [CVE-2026-27454](https://nvd.nist.gov/vuln/detail/CVE-2026-27454) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-19 | Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, requesting... |
| [CVE-2026-27166](https://nvd.nist.gov/vuln/detail/CVE-2026-27166) | 4.1 | MEDIUM | CWE-80 | No | 0.0% | 2.87 | 2026-03-19 | Discourse is an open source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1 and  2026.1.2, insufficie... |
| [CVE-2026-26139](https://nvd.nist.gov/vuln/detail/CVE-2026-26139) | 8.6 | HIGH | CWE-918 | No | 0.1% | 6.02 | 2026-03-19 | Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a net... |
| [CVE-2026-26138](https://nvd.nist.gov/vuln/detail/CVE-2026-26138) | 8.6 | HIGH | CWE-918 | No | 0.1% | 6.02 | 2026-03-19 | Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a net... |
| [CVE-2026-26137](https://nvd.nist.gov/vuln/detail/CVE-2026-26137) | 9.9 | CRITICAL | CWE-918 | No | 0.0% | 6.93 | 2026-03-19 | Server-side request forgery (ssrf) in Microsoft Exchange allows an authorized attacker to elevate privileges over a netw... |
| [CVE-2026-26136](https://nvd.nist.gov/vuln/detail/CVE-2026-26136) | 6.5 | MEDIUM | CWE-77 | No | 0.1% | 4.55 | 2026-03-19 | Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unaut... |
| [CVE-2026-26120](https://nvd.nist.gov/vuln/detail/CVE-2026-26120) | 6.5 | MEDIUM | CWE-918 | No | 0.1% | 4.55 | 2026-03-19 | Server-side request forgery (ssrf) in Microsoft Bing allows an unauthorized attacker to perform tampering over a network... |
| [CVE-2026-24299](https://nvd.nist.gov/vuln/detail/CVE-2026-24299) | 5.3 | MEDIUM | CWE-77 | No | 0.0% | 3.71 | 2026-03-19 | Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthoriz... |
| [CVE-2026-23659](https://nvd.nist.gov/vuln/detail/CVE-2026-23659) | 8.6 | HIGH | CWE-200 | No | 0.1% | 6.02 | 2026-03-19 | Exposure of sensitive information to an unauthorized actor in Azure Data Factory allows an unauthorized attacker to disc... |
| [CVE-2026-23658](https://nvd.nist.gov/vuln/detail/CVE-2026-23658) | 8.6 | HIGH | CWE-522 | No | 0.1% | 6.02 | 2026-03-19 | Insufficiently protected credentials in Azure DevOps allows an unauthorized attacker to elevate privileges over a networ... |
| [CVE-2026-3580](https://nvd.nist.gov/vuln/detail/CVE-2026-3580) | 2.1 | LOW | CWE-203 | No | 0.0% | 1.47 | 2026-03-19 | In wolfSSL 5.8.4, constant-time masking logic in sp_256_get_entry_256_9 is optimized into conditional branches (bnez) by... |
| [CVE-2026-3579](https://nvd.nist.gov/vuln/detail/CVE-2026-3579) | 2.1 | LOW | CWE-203 | No | 0.0% | 1.47 | 2026-03-19 | wolfSSL 5.8.4 on RISC-V RV32I architectures lacks a constant-time software implementation for 64-bit multiplication. The... |
| [CVE-2026-32238](https://nvd.nist.gov/vuln/detail/CVE-2026-32238) | 9.1 | CRITICAL | CWE-78 | No | 0.4% | 6.38 | 2026-03-19 | OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior... |
| [CVE-2026-32119](https://nvd.nist.gov/vuln/detail/CVE-2026-32119) | 4.4 | MEDIUM | CWE-79 | No | 0.0% | 3.08 | 2026-03-19 | OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.... |
| [CVE-2026-25928](https://nvd.nist.gov/vuln/detail/CVE-2026-25928) | 6.5 | MEDIUM | CWE-22 | No | 0.0% | 4.55 | 2026-03-19 | OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.... |
| [CVE-2026-25744](https://nvd.nist.gov/vuln/detail/CVE-2026-25744) | 6.5 | MEDIUM | CWE-639 | No | 0.1% | 4.55 | 2026-03-19 | OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.... |
| [CVE-2026-25667](https://nvd.nist.gov/vuln/detail/CVE-2026-25667) | 7.5 | HIGH | CWE-400 | No | 2.4% | 5.32 | 2026-03-19 | ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and .NET 9.0 before 9.0.11 allows a remote attacker to cause ex... |
| [CVE-2026-3548](https://nvd.nist.gov/vuln/detail/CVE-2026-3548) | 7.2 | HIGH | CWE-122 | No | 0.0% | 5.04 | 2026-03-19 | Two buffer overflow vulnerabilities existed in the wolfSSL CRL parser when parsing CRL numbers: a heap-based buffer over... |
| [CVE-2026-30694](https://nvd.nist.gov/vuln/detail/CVE-2026-30694) | 9.8 | CRITICAL | CWE-94 | No | 0.3% | 6.87 | 2026-03-19 | An issue in DedeCMS v.5.7.118 and before allows a remote attacker to execute arbitrary code via the array_filter compone... |
| [CVE-2026-2646](https://nvd.nist.gov/vuln/detail/CVE-2026-2646) | 5.0 | MEDIUM | CWE-122 | No | 0.0% | 3.50 | 2026-03-19 | A heap-buffer-overflow vulnerability exists in wolfSSL's wolfSSL_d2i_SSL_SESSION() function. When deserializing session... |
| [CVE-2026-2645](https://nvd.nist.gov/vuln/detail/CVE-2026-2645) | 5.5 | MEDIUM | CWE-358 | No | 0.0% | 3.85 | 2026-03-19 | In wolfSSL 5.8.2 and earlier, a logic flaw existed in the TLS 1.2 server state machine implementation. The server could... |
| [CVE-2026-26940](https://nvd.nist.gov/vuln/detail/CVE-2026-26940) | 6.5 | MEDIUM | CWE-1284 | No | 0.1% | 4.55 | 2026-03-19 | Improper Validation of Specified Quantity in Input (CWE-1284) in the Timelion visualization plugin in Kibana can lead De... |
| [CVE-2026-26939](https://nvd.nist.gov/vuln/detail/CVE-2026-26939) | 6.5 | MEDIUM | CWE-862 | No | 0.0% | 4.55 | 2026-03-19 | Missing Authorization (CWE-862) in Kibana’s server-side Detection Rule Management can lead to Unauthorized Endpoint Resp... |
| [CVE-2026-26933](https://nvd.nist.gov/vuln/detail/CVE-2026-26933) | 5.7 | MEDIUM | CWE-129 | No | 0.0% | 3.99 | 2026-03-19 | Improper Validation of Array Index (CWE-129) in multiple protocol parser components in Packetbeat can lead Denial of Ser... |
| [CVE-2025-67115](https://nvd.nist.gov/vuln/detail/CVE-2025-67115) | 6.5 | MEDIUM | CWE-22 | No | 0.0% | 4.55 | 2026-03-19 | A path traversal vulnerability in /ftl/web/setup.cgi in Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware befor... |
| [CVE-2025-67114](https://nvd.nist.gov/vuln/detail/CVE-2025-67114) | 9.8 | CRITICAL | CWE-1391 | No | 0.4% | 6.87 | 2026-03-19 | Use of a deterministic credential generation algorithm in /ftl/bin/calc_f2 in Small Cell Sercomm SCE4255W (FreedomFi Eng... |
| [CVE-2025-67113](https://nvd.nist.gov/vuln/detail/CVE-2025-67113) | 9.8 | CRITICAL | CWE-94 | No | 0.5% | 6.87 | 2026-03-19 | OS command injection in the CWMP client (/ftl/bin/cwmp) of Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware be... |
| [CVE-2025-67112](https://nvd.nist.gov/vuln/detail/CVE-2025-67112) | 9.8 | CRITICAL | CWE-321 | No | 0.1% | 6.86 | 2026-03-19 | Use of a hard-coded AES-256-CBC key in the configuration backup/restore implementation of Small Cell Sercomm SCE4255W (F... |
| [CVE-2026-30403](https://nvd.nist.gov/vuln/detail/CVE-2026-30403) | 7.5 | HIGH | CWE-22 | No | 0.1% | 5.25 | 2026-03-19 | There is an arbitrary file read vulnerability in the test connection function of backend database management in wgcloud... |
| [CVE-2026-26931](https://nvd.nist.gov/vuln/detail/CVE-2026-26931) | 5.7 | MEDIUM | CWE-789 | No | 0.0% | 3.99 | 2026-03-19 | Memory Allocation with Excessive Size Value (CWE-789) in the Prometheus remote_write HTTP handler in Metricbeat can lead... |
| [CVE-2026-1005](https://nvd.nist.gov/vuln/detail/CVE-2026-1005) | 2.1 | LOW | CWE-191 | No | 0.1% | 1.47 | 2026-03-19 | Integer underflow in wolfSSL packet sniffer <= 5.8.4 allows an attacker to cause a buffer overflow in the AEAD decryptio... |
| [CVE-2026-0819](https://nvd.nist.gov/vuln/detail/CVE-2026-0819) | 2.2 | LOW | CWE-121 | No | 0.0% | 1.54 | 2026-03-19 | A stack buffer overflow vulnerability exists in wolfSSL's PKCS7 SignedData encoding functionality. In wc_PKCS7_BuildSign... |
| [CVE-2026-3029](https://nvd.nist.gov/vuln/detail/CVE-2026-3029) | 7.5 | HIGH | N/A | No | 0.1% | 5.25 | 2026-03-19 | A path traversal and arbitrary file write vulnerability exist in the embedded get function in '_main_.py' in PyMuPDF ver... |
| [CVE-2026-32869](https://nvd.nist.gov/vuln/detail/CVE-2026-32869) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-03-19 | OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of the "Name of Organization" field w... |
| [CVE-2026-32868](https://nvd.nist.gov/vuln/detail/CVE-2026-32868) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-03-19 | OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of first and last name fields in the... |
| [CVE-2026-32867](https://nvd.nist.gov/vuln/detail/CVE-2026-32867) | 5.3 | MEDIUM | CWE-425 | No | 0.1% | 3.71 | 2026-03-19 | OPEXUS eComplaint before version 10.1.0.0 allows an unauthenticated attacker to obtain or guess an existing case number... |
| [CVE-2026-32866](https://nvd.nist.gov/vuln/detail/CVE-2026-32866) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-03-19 | OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of first and last name fields in a us... |
| [CVE-2026-32865](https://nvd.nist.gov/vuln/detail/CVE-2026-32865) | 9.2 | CRITICAL | CWE-200 | No | 0.1% | 6.44 | 2026-03-19 | OPEXUS eComplaint and eCASE before version 10.1.0.0 include the secret verification code in the HTTP response when reque... |
| [CVE-2026-30404](https://nvd.nist.gov/vuln/detail/CVE-2026-30404) | 7.5 | HIGH | CWE-918 | No | 0.0% | 5.25 | 2026-03-19 | The backend database management connection test feature in wgcloud v3.6.3 has a server-side request forgery (SSRF) vulne... |
| [CVE-2026-4427](https://nvd.nist.gov/vuln/detail/CVE-2026-4427) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-03-19 | Rejected reason: Duplicate of CVE-2026-32286 |
| [CVE-2026-4426](https://nvd.nist.gov/vuln/detail/CVE-2026-4426) | 6.5 | MEDIUM | CWE-1335 | No | 0.1% | 4.55 | 2026-03-19 | A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by... |
| [CVE-2026-4424](https://nvd.nist.gov/vuln/detail/CVE-2026-4424) | 7.5 | HIGH | CWE-125 | No | 0.2% | 5.26 | 2026-03-19 | A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic du... |
| [CVE-2026-32843](https://nvd.nist.gov/vuln/detail/CVE-2026-32843) | 5.1 | MEDIUM | CWE-79 | No | 0.3% | 3.58 | 2026-03-19 | Location Aware Sensor System by Linkit ONE, up to commit f06bd20 (2023-04-26), contains a reflected cross-site scripting... |
| [CVE-2026-30711](https://nvd.nist.gov/vuln/detail/CVE-2026-30711) | 8.8 | HIGH | CWE-89 | No | 0.0% | 6.16 | 2026-03-19 | Devome GRR v4.5.0 was discovered to contain multiple authenticated SQL injection vulnerabilities in the include/session.... |
| [CVE-2026-30402](https://nvd.nist.gov/vuln/detail/CVE-2026-30402) | 9.8 | CRITICAL | CWE-94 | No | 0.4% | 6.87 | 2026-03-19 | An issue in wgcloud v.2.3.7 and before allows a remote attacker to execute arbitrary code via the test connection functi... |
| [CVE-2026-2369](https://nvd.nist.gov/vuln/detail/CVE-2026-2369) | 6.5 | MEDIUM | CWE-191 | No | 0.0% | 4.55 | 2026-03-19 | A flaw was found in libsoup. An integer underflow vulnerability occurs when processing content with a zero-length resour... |
| [CVE-2026-27043](https://nvd.nist.gov/vuln/detail/CVE-2026-27043) | 7.2 | HIGH | CWE-434 | No | 0.1% | 5.04 | 2026-03-19 | Unrestricted Upload of File with Dangerous Type vulnerability in ThemeGoods Photography allows Path Traversal.This issue... |
| [CVE-2026-22558](https://nvd.nist.gov/vuln/detail/CVE-2026-22558) | 7.7 | HIGH | CWE-943 | No | 0.0% | 5.39 | 2026-03-19 | An Authenticated NoSQL Injection vulnerability found in UniFi Network Application could allow a malicious actor with aut... |
| [CVE-2026-22557](https://nvd.nist.gov/vuln/detail/CVE-2026-22557) | 10.0 | CRITICAL | CWE-22 | No | 0.0% | 7.00 | 2026-03-19 | A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network App... |
| [CVE-2025-69720](https://nvd.nist.gov/vuln/detail/CVE-2025-69720) | 7.3 | HIGH | CWE-121 | No | 0.0% | 5.11 | 2026-03-19 | The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in prog... |
| [CVE-2025-71260](https://nvd.nist.gov/vuln/detail/CVE-2025-71260) | 8.7 | HIGH | CWE-502 | No | 11.3% | 6.43 | 2026-03-19 | BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a deserialization of untrusted data vulnerability in... |
| [CVE-2025-71259](https://nvd.nist.gov/vuln/detail/CVE-2025-71259) | 5.3 | MEDIUM | CWE-918 | No | 2.7% | 3.79 | 2026-03-19 | BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind server-side request forgery vulnerability in... |
| [CVE-2025-71258](https://nvd.nist.gov/vuln/detail/CVE-2025-71258) | 5.3 | MEDIUM | CWE-918 | No | 2.6% | 3.79 | 2026-03-19 | BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind server-side request forgery vulnerability in... |
| [CVE-2025-71257](https://nvd.nist.gov/vuln/detail/CVE-2025-71257) | 6.9 | MEDIUM | CWE-306 | No | 5.3% | 4.99 | 2026-03-19 | BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain an authentication bypass vulnerability due to imprope... |
| [CVE-2026-3658](https://nvd.nist.gov/vuln/detail/CVE-2026-3658) | 7.5 | HIGH | CWE-89 | No | 0.1% | 5.25 | 2026-03-19 | The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL... |
| [CVE-2026-3511](https://nvd.nist.gov/vuln/detail/CVE-2026-3511) | 8.6 | HIGH | CWE-611 | No | 0.1% | 6.02 | 2026-03-19 | Improper Restriction of XML External Entity Reference vulnerability in XMLUtils.java in Slovensko.Digital Autogram allow... |
| [CVE-2025-14716](https://nvd.nist.gov/vuln/detail/CVE-2025-14716) | 6.5 | MEDIUM | CWE-287 | No | 0.0% | 4.55 | 2026-03-19 | Improper Authentication vulnerability in Secomea GateManager (webserver modules) allows Authentication Bypass.This issue... |
| [CVE-2026-27070](https://nvd.nist.gov/vuln/detail/CVE-2026-27070) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-19 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPEverest Everest... |
| [CVE-2026-27068](https://nvd.nist.gov/vuln/detail/CVE-2026-27068) | 0.0 | NONE | CWE-79 | No | 0.0% | 0.00 | 2026-03-19 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ryan Howard Websit... |
| [CVE-2026-27067](https://nvd.nist.gov/vuln/detail/CVE-2026-27067) | 0.0 | NONE | CWE-434 | No | 0.0% | 0.00 | 2026-03-19 | Unrestricted Upload of File with Dangerous Type vulnerability in Syarif Mobile App Editor mobile-app-editor allows Uploa... |
| [CVE-2026-27065](https://nvd.nist.gov/vuln/detail/CVE-2026-27065) | 0.0 | NONE | CWE-98 | No | 0.1% | 0.00 | 2026-03-19 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-25445](https://nvd.nist.gov/vuln/detail/CVE-2026-25445) | 8.8 | HIGH | CWE-502 | No | 0.1% | 6.16 | 2026-03-19 | Deserialization of Untrusted Data vulnerability in Membership Software WishList Member X allows Object Injection.This is... |
| [CVE-2026-25443](https://nvd.nist.gov/vuln/detail/CVE-2026-25443) | 0.0 | NONE | CWE-862 | No | 0.0% | 0.00 | 2026-03-19 | Missing Authorization vulnerability in Dotstore Fraud Prevention For Woocommerce woo-blocker-lite-prevent-fake-orders-an... |
| [CVE-2026-25442](https://nvd.nist.gov/vuln/detail/CVE-2026-25442) | 0.0 | NONE | CWE-79 | No | 0.0% | 0.00 | 2026-03-19 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QantumThemes Kenth... |
| [CVE-2026-25438](https://nvd.nist.gov/vuln/detail/CVE-2026-25438) | 0.0 | NONE | CWE-79 | No | 0.0% | 0.00 | 2026-03-19 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeHunk Gutenber... |
| [CVE-2026-21788](https://nvd.nist.gov/vuln/detail/CVE-2026-21788) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-19 | HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbi... |
| [CVE-2025-68836](https://nvd.nist.gov/vuln/detail/CVE-2025-68836) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-19 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Markbeljaars Table... |
| [CVE-2025-67618](https://nvd.nist.gov/vuln/detail/CVE-2025-67618) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-19 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ArtstudioWorks Bro... |
| [CVE-2025-62043](https://nvd.nist.gov/vuln/detail/CVE-2025-62043) | 6.5 | MEDIUM | CWE-79 | No | 0.0% | 4.55 | 2026-03-19 | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in WPSight WPCasa all... |
| [CVE-2025-60237](https://nvd.nist.gov/vuln/detail/CVE-2025-60237) | 9.8 | CRITICAL | CWE-502 | No | 0.1% | 6.86 | 2026-03-19 | Deserialization of Untrusted Data vulnerability in Themeton Finag allows Object Injection.This issue affects Finag: from... |
| [CVE-2025-60233](https://nvd.nist.gov/vuln/detail/CVE-2025-60233) | 9.8 | CRITICAL | CWE-502 | No | 0.1% | 6.86 | 2026-03-19 | Deserialization of Untrusted Data vulnerability in Themeton Zuut allows Object Injection.This issue affects Zuut: from n... |
| [CVE-2025-53222](https://nvd.nist.gov/vuln/detail/CVE-2025-53222) | 0.0 | NONE | CWE-79 | No | 0.0% | 0.00 | 2026-03-19 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Opt-... |
| [CVE-2025-50001](https://nvd.nist.gov/vuln/detail/CVE-2025-50001) | 0.0 | NONE | CWE-79 | No | 0.0% | 0.00 | 2026-03-19 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Comp... |
| [CVE-2025-32223](https://nvd.nist.gov/vuln/detail/CVE-2025-32223) | 0.0 | NONE | CWE-639 | No | 0.0% | 0.00 | 2026-03-19 | Authorization Bypass Through User-Controlled Key vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly... |
| [CVE-2026-3475](https://nvd.nist.gov/vuln/detail/CVE-2026-3475) | 5.3 | MEDIUM | CWE-862 | No | 0.1% | 3.71 | 2026-03-19 | The Instant Popup Builder plugin for WordPress is vulnerable to Unauthenticated Arbitrary Shortcode Execution in all ver... |
| [CVE-2026-25471](https://nvd.nist.gov/vuln/detail/CVE-2026-25471) | 0.0 | NONE | CWE-288 | No | 0.0% | 0.00 | 2026-03-19 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Themepaste Admin Safety Guard admin-safety-gua... |
| [CVE-2026-25312](https://nvd.nist.gov/vuln/detail/CVE-2026-25312) | 0.0 | NONE | CWE-862 | No | 0.0% | 0.00 | 2026-03-19 | Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incor... |
| [CVE-2024-42210](https://nvd.nist.gov/vuln/detail/CVE-2024-42210) | 7.6 | HIGH | CWE-79 | No | 0.0% | 5.32 | 2026-03-19 | A Stored cross-site scripting (XSS) vulnerability affects HCL Unica Marketing Operations v12.1.8 and lower.  Stored cros... |
| [CVE-2026-4120](https://nvd.nist.gov/vuln/detail/CVE-2026-4120) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-03-19 | The Info Cards – Add Text and Media in Card Layouts plugin for WordPress is vulnerable to Stored Cross-Site Scripting vi... |
| [CVE-2026-4068](https://nvd.nist.gov/vuln/detail/CVE-2026-4068) | 4.3 | MEDIUM | CWE-352 | No | 0.0% | 3.01 | 2026-03-19 | The Add Custom Fields to Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, a... |
| [CVE-2026-4006](https://nvd.nist.gov/vuln/detail/CVE-2026-4006) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-03-19 | The Simple Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'display_name' post meta... |
| [CVE-2026-2571](https://nvd.nist.gov/vuln/detail/CVE-2026-2571) | 4.3 | MEDIUM | CWE-200 | No | 0.0% | 3.01 | 2026-03-19 | The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check... |
| [CVE-2026-27093](https://nvd.nist.gov/vuln/detail/CVE-2026-27093) | 0.0 | NONE | CWE-98 | No | 0.1% | 0.00 | 2026-03-19 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-27091](https://nvd.nist.gov/vuln/detail/CVE-2026-27091) | 0.0 | NONE | CWE-862 | No | 0.0% | 0.00 | 2026-03-19 | Missing Authorization vulnerability in UiPress UiPress lite uipress-lite allows Exploiting Incorrectly Configured Access... |
| [CVE-2026-28073](https://nvd.nist.gov/vuln/detail/CVE-2026-28073) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-19 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tips and Tricks HQ... |
| [CVE-2026-28070](https://nvd.nist.gov/vuln/detail/CVE-2026-28070) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-19 | Missing Authorization vulnerability in Tips and Tricks HQ WP eMember allows Exploiting Incorrectly Configured Access Con... |
| [CVE-2026-28044](https://nvd.nist.gov/vuln/detail/CVE-2026-28044) | 5.9 | MEDIUM | CWE-79 | No | 0.0% | 4.13 | 2026-03-19 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Media WP Rocket... |
| [CVE-2026-27542](https://nvd.nist.gov/vuln/detail/CVE-2026-27542) | 9.8 | CRITICAL | CWE-266 | No | 0.0% | 6.86 | 2026-03-19 | Incorrect Privilege Assignment vulnerability in Rymera Web Co Pty Ltd. Woocommerce Wholesale Lead Capture allows Privile... |
| [CVE-2026-27540](https://nvd.nist.gov/vuln/detail/CVE-2026-27540) | 9.0 | CRITICAL | CWE-434 | No | 0.0% | 6.30 | 2026-03-19 | Unrestricted Upload of File with Dangerous Type vulnerability in Rymera Web Co Pty Ltd. Woocommerce Wholesale Lead Captu... |
| [CVE-2026-27413](https://nvd.nist.gov/vuln/detail/CVE-2026-27413) | 9.3 | CRITICAL | CWE-89 | No | 0.0% | 6.51 | 2026-03-19 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozmoslabs Profile... |
| [CVE-2026-27397](https://nvd.nist.gov/vuln/detail/CVE-2026-27397) | 6.5 | MEDIUM | CWE-639 | No | 0.1% | 4.55 | 2026-03-19 | Authorization Bypass Through User-Controlled Key vulnerability in Really Simple Plugins B.V. Really Simple Security Pro... |
| [CVE-2026-27096](https://nvd.nist.gov/vuln/detail/CVE-2026-27096) | 8.1 | HIGH | CWE-502 | No | 0.1% | 5.67 | 2026-03-19 | Deserialization of Untrusted Data vulnerability in BuddhaThemes ColorFolio - Freelance Designer WordPress Theme allows O... |
| [CVE-2026-1238](https://nvd.nist.gov/vuln/detail/CVE-2026-1238) | 7.2 | HIGH | CWE-79 | No | 0.1% | 5.04 | 2026-03-19 | The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fh' (fingerprint) para... |
| [CVE-2026-1276](https://nvd.nist.gov/vuln/detail/CVE-2026-1276) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-19 | IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 is vulnerable to cross-site scripting. This vulnerability allows a... |
| [CVE-2025-36051](https://nvd.nist.gov/vuln/detail/CVE-2025-36051) | 6.2 | MEDIUM | CWE-538 | No | 0.0% | 4.34 | 2026-03-19 | IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 stores potentially sensitive information in configuration files th... |
| [CVE-2025-15051](https://nvd.nist.gov/vuln/detail/CVE-2025-15051) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-19 | IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 is vulnerable to cross-site scripting. This vulnerability allows u... |
| [CVE-2025-13995](https://nvd.nist.gov/vuln/detail/CVE-2025-13995) | 5.0 | MEDIUM | CWE-1286 | No | 0.0% | 3.50 | 2026-03-19 | IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 could allow an attacker with access to one tenant to access hostna... |
| [CVE-2026-32000](https://nvd.nist.gov/vuln/detail/CVE-2026-32000) | 5.8 | MEDIUM | CWE-78 | No | 0.0% | 4.06 | 2026-03-19 | OpenClaw versions prior to 2026.2.19 contain a command injection vulnerability in the Lobster extension tool execution t... |
| [CVE-2026-31999](https://nvd.nist.gov/vuln/detail/CVE-2026-31999) | 5.8 | MEDIUM | CWE-78 | No | 0.1% | 4.06 | 2026-03-19 | OpenClaw versions 2026.2.26 prior to 2026.3.1 on Windows contain a current working directory injection vulnerability in... |
| [CVE-2026-31998](https://nvd.nist.gov/vuln/detail/CVE-2026-31998) | 8.3 | HIGH | CWE-863 | No | 0.1% | 5.81 | 2026-03-19 | OpenClaw versions 2026.2.22 and 2026.2.23 contain an authorization bypass vulnerability in the synology-chat channel plu... |
| [CVE-2026-31997](https://nvd.nist.gov/vuln/detail/CVE-2026-31997) | 4.4 | MEDIUM | CWE-367 | No | 0.0% | 3.08 | 2026-03-19 | OpenClaw versions prior to 2026.3.1 fail to pin executable identity for non-path-like argv[0] tokens in system.run appro... |
| [CVE-2026-31996](https://nvd.nist.gov/vuln/detail/CVE-2026-31996) | 2.0 | LOW | CWE-78 | No | 0.0% | 1.40 | 2026-03-19 | OpenClaw versions prior to 2026.2.19 tools.exec.safeBins contains an input validation bypass vulnerability that allows a... |
| [CVE-2026-31995](https://nvd.nist.gov/vuln/detail/CVE-2026-31995) | 5.8 | MEDIUM | CWE-78 | No | 0.0% | 4.06 | 2026-03-19 | OpenClaw versions 2026.1.21 prior to 2026.2.19 contain a command injection vulnerability in the Lobster extension's Wind... |
| [CVE-2026-31994](https://nvd.nist.gov/vuln/detail/CVE-2026-31994) | 6.9 | MEDIUM | CWE-78 | No | 0.1% | 4.83 | 2026-03-19 | OpenClaw versions prior to 2026.2.19 contain a local command injection vulnerability in Windows scheduled task script ge... |
| [CVE-2026-31993](https://nvd.nist.gov/vuln/detail/CVE-2026-31993) | 5.6 | MEDIUM | CWE-184 | No | 0.1% | 3.92 | 2026-03-19 | OpenClaw versions prior to 2026.2.22 contain an allowlist parsing mismatch vulnerability in the macOS companion app that... |
| [CVE-2026-31992](https://nvd.nist.gov/vuln/detail/CVE-2026-31992) | 7.1 | HIGH | CWE-184 | No | 0.1% | 4.97 | 2026-03-19 | OpenClaw versions prior to 2026.2.23 contain an allowlist bypass vulnerability in system.run guardrails that allows auth... |
| [CVE-2026-31991](https://nvd.nist.gov/vuln/detail/CVE-2026-31991) | 2.0 | LOW | CWE-863 | No | 0.0% | 1.40 | 2026-03-19 | OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability where Signal group allowlist policy i... |
| [CVE-2026-31990](https://nvd.nist.gov/vuln/detail/CVE-2026-31990) | 6.9 | MEDIUM | CWE-59 | No | 0.0% | 4.83 | 2026-03-19 | OpenClaw versions prior to 2026.3.2 contain a vulnerability in the stageSandboxMedia function in which it fails to valid... |
| [CVE-2026-31989](https://nvd.nist.gov/vuln/detail/CVE-2026-31989) | 5.3 | MEDIUM | CWE-918 | No | 0.0% | 3.71 | 2026-03-19 | OpenClaw versions prior to 2026.3.1 contain a server-side request forgery vulnerability in web_search citation redirect... |
| [CVE-2026-29608](https://nvd.nist.gov/vuln/detail/CVE-2026-29608) | 5.4 | MEDIUM | CWE-88 | No | 0.0% | 3.78 | 2026-03-19 | OpenClaw 2026.3.1 contains an approval integrity vulnerability in system.run node-host execution where argv rewriting ch... |
| [CVE-2026-29607](https://nvd.nist.gov/vuln/detail/CVE-2026-29607) | 7.1 | HIGH | CWE-78 | No | 0.1% | 4.97 | 2026-03-19 | OpenClaw versions prior to 2026.2.22 contain an authorization bypass vulnerability in allow-always wrapper persistence t... |
| [CVE-2026-28461](https://nvd.nist.gov/vuln/detail/CVE-2026-28461) | 8.7 | HIGH | CWE-770 | No | 0.1% | 6.09 | 2026-03-19 | OpenClaw versions prior to 2026.3.1 contain an unbounded memory growth vulnerability in the Zalo webhook endpoint that a... |
| [CVE-2026-28460](https://nvd.nist.gov/vuln/detail/CVE-2026-28460) | 6.0 | MEDIUM | CWE-78 | No | 0.0% | 4.20 | 2026-03-19 | OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in system.run that allows attackers to ex... |
| [CVE-2026-28449](https://nvd.nist.gov/vuln/detail/CVE-2026-28449) | 6.3 | MEDIUM | CWE-294 | No | 0.1% | 4.41 | 2026-03-19 | OpenClaw versions prior to 2026.2.25 lack durable replay state for Nextcloud Talk webhook events, allowing valid signed... |
| [CVE-2026-27670](https://nvd.nist.gov/vuln/detail/CVE-2026-27670) | 5.8 | MEDIUM | CWE-367 | No | 0.0% | 4.06 | 2026-03-19 | OpenClaw versions prior to 2026.3.2 contain a race condition vulnerability in ZIP extraction that allows local attackers... |
| [CVE-2026-27566](https://nvd.nist.gov/vuln/detail/CVE-2026-27566) | 7.1 | HIGH | CWE-78 | No | 0.1% | 4.97 | 2026-03-19 | OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in system.run exec analysis that fails to... |
| [CVE-2026-22176](https://nvd.nist.gov/vuln/detail/CVE-2026-22176) | 6.9 | MEDIUM | CWE-78 | No | 0.0% | 4.83 | 2026-03-19 | OpenClaw versions prior to 2026.2.19 contain a command injection vulnerability in Windows Scheduled Task script generati... |
| [CVE-2026-32743](https://nvd.nist.gov/vuln/detail/CVE-2026-32743) | 6.5 | MEDIUM | CWE-121 | No | 0.0% | 4.55 | 2026-03-19 | PX4 is an open-source autopilot stack for drones and unmanned vehicles. Versions 1.17.0-rc2 and below are vulnerable to... |
| [CVE-2026-32255](https://nvd.nist.gov/vuln/detail/CVE-2026-32255) | 8.6 | HIGH | CWE-918 | No | 0.1% | 6.02 | 2026-03-19 | Kan is an open-source project management tool. In versions 0.5.4 and below, the /api/download/attatchment endpoint has n... |
| [CVE-2026-3181](https://nvd.nist.gov/vuln/detail/CVE-2026-3181) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-03-18 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. |
| [CVE-2026-32805](https://nvd.nist.gov/vuln/detail/CVE-2026-32805) | 8.3 | HIGH | CWE-22 | No | 0.1% | 5.81 | 2026-03-18 | Romeo gives the capability to reach high code coverage of Go ≥1.20 apps by helping to measure code coverage for function... |
| [CVE-2026-32737](https://nvd.nist.gov/vuln/detail/CVE-2026-32737) | 7.9 | HIGH | CWE-284 | No | 0.0% | 5.53 | 2026-03-18 | Romeo gives the capability to reach high code coverage of Go ≥1.20 apps by helping to measure code coverage for function... |
| [CVE-2026-32736](https://nvd.nist.gov/vuln/detail/CVE-2026-32736) | 4.3 | MEDIUM | CWE-862 | No | 0.0% | 3.01 | 2026-03-18 | The Hytale Modding Wiki is a free service for Hytale mods to host their documentation & wikis. An Insecure Direct Object... |
| [CVE-2026-32735](https://nvd.nist.gov/vuln/detail/CVE-2026-32735) | 2.3 | LOW | CWE-20 | No | 0.1% | 1.61 | 2026-03-18 | openapi-to-java-records-mustache-templates allows users to generate Java Records from OpenAPI specifications. Starting i... |
| [CVE-2026-32730](https://nvd.nist.gov/vuln/detail/CVE-2026-32730) | 8.1 | HIGH | CWE-287 | No | 0.1% | 5.67 | 2026-03-18 | ApostropheCMS is an open-source content management framework. Prior to version 4.28.0, the bearer token authentication m... |
| [CVE-2025-15031](https://nvd.nist.gov/vuln/detail/CVE-2025-15031) | 9.1 | CRITICAL | CWE-22 | No | 0.1% | 6.37 | 2026-03-18 | A vulnerability in MLflow's pyfunc extraction process allows for arbitrary file writes due to improper handling of tar a... |
| [CVE-2026-4407](https://nvd.nist.gov/vuln/detail/CVE-2026-4407) | 2.1 | LOW | CWE-20 | No | 0.0% | 1.47 | 2026-03-18 | Out-of-bounds array write in Xpdf 4.06 and earlier, due to incorrect validation of the "N" field in ICCBased color space... |
| [CVE-2026-33163](https://nvd.nist.gov/vuln/detail/CVE-2026-33163) | 8.2 | HIGH | CWE-200 | No | 0.0% | 5.74 | 2026-03-18 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-a... |
| [CVE-2026-33042](https://nvd.nist.gov/vuln/detail/CVE-2026-33042) | 6.9 | MEDIUM | CWE-287 | No | 0.0% | 4.83 | 2026-03-18 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-a... |
| [CVE-2026-32944](https://nvd.nist.gov/vuln/detail/CVE-2026-32944) | 8.7 | HIGH | CWE-674 | No | 0.0% | 6.09 | 2026-03-18 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-a... |
| [CVE-2026-32943](https://nvd.nist.gov/vuln/detail/CVE-2026-32943) | 2.3 | LOW | CWE-367 | No | 0.0% | 1.61 | 2026-03-18 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-a... |
| [CVE-2026-32886](https://nvd.nist.gov/vuln/detail/CVE-2026-32886) | 8.2 | HIGH | CWE-1321 | No | 0.0% | 5.74 | 2026-03-18 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-a... |
| [CVE-2026-32878](https://nvd.nist.gov/vuln/detail/CVE-2026-32878) | 5.3 | MEDIUM | CWE-1321 | No | 0.0% | 3.71 | 2026-03-18 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-a... |
| [CVE-2026-32770](https://nvd.nist.gov/vuln/detail/CVE-2026-32770) | 5.9 | MEDIUM | CWE-248 | No | 0.0% | 4.13 | 2026-03-18 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-a... |
| [CVE-2026-32742](https://nvd.nist.gov/vuln/detail/CVE-2026-32742) | 4.3 | MEDIUM | CWE-915 | No | 0.0% | 3.01 | 2026-03-18 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-a... |
| [CVE-2026-32728](https://nvd.nist.gov/vuln/detail/CVE-2026-32728) | 8.3 | HIGH | CWE-79 | No | 0.0% | 5.81 | 2026-03-18 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-a... |
| [CVE-2026-32723](https://nvd.nist.gov/vuln/detail/CVE-2026-32723) | 4.8 | MEDIUM | CWE-362 | No | 0.0% | 3.36 | 2026-03-18 | SandboxJS is a JavaScript sandboxing library. Prior to 0.8.35, SandboxJS timers have an execution-quota bypass. A global... |
| [CVE-2026-32722](https://nvd.nist.gov/vuln/detail/CVE-2026-32722) | 3.6 | LOW | CWE-79 | No | 0.0% | 2.52 | 2026-03-18 | Memray is a memory profiler for Python. Prior to Memray 1.19.2, Memray rendered the command line of the tracked process... |
| [CVE-2026-32703](https://nvd.nist.gov/vuln/detail/CVE-2026-32703) | 9.0 | CRITICAL | CWE-79 | No | 0.0% | 6.30 | 2026-03-18 | OpenProject is an open-source, web-based project management software. In versions prior to 16.6.9, 17.0.6, 17.1.3, and 1... |
| [CVE-2026-32698](https://nvd.nist.gov/vuln/detail/CVE-2026-32698) | 9.1 | CRITICAL | CWE-89 | No | 0.0% | 6.37 | 2026-03-18 | OpenProject is an open-source, web-based project management software. Versions prior to 16.6.9, 17.0.6, 17.1.3, and 17.2... |
| [CVE-2026-32700](https://nvd.nist.gov/vuln/detail/CVE-2026-32700) | 6.0 | MEDIUM | CWE-362 | No | 0.0% | 4.20 | 2026-03-18 | Devise is an authentication solution for Rails based on Warden. Prior to version 5.0.3, a race condition in Devise's Con... |
| [CVE-2026-32638](https://nvd.nist.gov/vuln/detail/CVE-2026-32638) | 2.7 | LOW | CWE-639 | No | 0.0% | 1.89 | 2026-03-18 | StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.4, the REST API `get... |
| [CVE-2026-32636](https://nvd.nist.gov/vuln/detail/CVE-2026-32636) | 5.3 | MEDIUM | CWE-787 | No | 0.0% | 3.71 | 2026-03-18 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-17 and 6.9... |
| [CVE-2026-32321](https://nvd.nist.gov/vuln/detail/CVE-2026-32321) | 8.8 | HIGH | CWE-89 | No | 0.0% | 6.16 | 2026-03-18 | ClipBucket v5 is an open source video sharing platform. An authenticated time-based blind SQL injection vulnerability ex... |
| [CVE-2026-31973](https://nvd.nist.gov/vuln/detail/CVE-2026-31973) | 6.9 | MEDIUM | CWE-476 | No | 0.0% | 4.83 | 2026-03-18 | SAMtools is a program for reading, manipulating and writing bioinformatics file formats. Starting in version 1.17, in th... |
| [CVE-2026-31972](https://nvd.nist.gov/vuln/detail/CVE-2026-31972) | 6.9 | MEDIUM | CWE-416 | No | 0.0% | 4.83 | 2026-03-18 | SAMtools is a program for reading, manipulating and writing bioinformatics file formats. The `mpileup` command outputs D... |
| [CVE-2026-25873](https://nvd.nist.gov/vuln/detail/CVE-2026-25873) | 9.3 | CRITICAL | CWE-502 | No | 0.2% | 6.52 | 2026-03-18 | OmniGen2-RL contains an unauthenticated remote code execution vulnerability in the reward server component that allows r... |
| [CVE-2026-25745](https://nvd.nist.gov/vuln/detail/CVE-2026-25745) | 6.5 | MEDIUM | CWE-639 | No | 0.0% | 4.55 | 2026-03-18 | OpenEMR is a free and open source electronic health records and medical practice management application. In versions up... |
| [CVE-2026-31971](https://nvd.nist.gov/vuln/detail/CVE-2026-31971) | 7.1 | HIGH | CWE-121 | No | 0.1% | 4.97 | 2026-03-18 | HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA se... |
| [CVE-2026-31970](https://nvd.nist.gov/vuln/detail/CVE-2026-31970) | 7.1 | HIGH | CWE-122 | No | 0.1% | 4.97 | 2026-03-18 | HTSlib is a library for reading and writing bioinformatics file formats. GZI files are used to index block-compressed GZ... |
| [CVE-2026-31969](https://nvd.nist.gov/vuln/detail/CVE-2026-31969) | 7.1 | HIGH | CWE-122 | No | 0.0% | 4.97 | 2026-03-18 | HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA se... |
| [CVE-2026-31968](https://nvd.nist.gov/vuln/detail/CVE-2026-31968) | 8.8 | HIGH | CWE-121 | No | 0.0% | 6.16 | 2026-03-18 | HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA se... |
| [CVE-2026-31967](https://nvd.nist.gov/vuln/detail/CVE-2026-31967) | 6.9 | MEDIUM | CWE-125 | No | 0.0% | 4.83 | 2026-03-18 | HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA se... |
| [CVE-2026-31966](https://nvd.nist.gov/vuln/detail/CVE-2026-31966) | 6.9 | MEDIUM | CWE-125 | No | 0.0% | 4.83 | 2026-03-18 | HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA se... |
| [CVE-2026-0866](https://nvd.nist.gov/vuln/detail/CVE-2026-0866) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-03-18 | Rejected reason: After the publication of the PoC by the researcher and further analysis, we have determined that this i... |
| [CVE-2026-31965](https://nvd.nist.gov/vuln/detail/CVE-2026-31965) | 6.9 | MEDIUM | CWE-125 | No | 0.1% | 4.83 | 2026-03-18 | HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA se... |
| [CVE-2026-31964](https://nvd.nist.gov/vuln/detail/CVE-2026-31964) | 6.9 | MEDIUM | CWE-476 | No | 0.1% | 4.83 | 2026-03-18 | HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA se... |
| [CVE-2026-31963](https://nvd.nist.gov/vuln/detail/CVE-2026-31963) | 8.8 | HIGH | CWE-122 | No | 0.0% | 6.16 | 2026-03-18 | HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA se... |
| [CVE-2025-58112](https://nvd.nist.gov/vuln/detail/CVE-2025-58112) | 8.8 | HIGH | CWE-89 | No | 0.1% | 6.16 | 2026-03-18 | Microsoft Dynamics 365 Customer Engagement (on-premises) 1612 (9.0.2.3034) allows the generation of customized reports v... |
| [CVE-2026-32634](https://nvd.nist.gov/vuln/detail/CVE-2026-32634) | 8.1 | HIGH | CWE-346 | No | 0.0% | 5.67 | 2026-03-18 | Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, Glance... |
| [CVE-2026-32633](https://nvd.nist.gov/vuln/detail/CVE-2026-32633) | 9.1 | CRITICAL | CWE-200 | No | 0.1% | 6.37 | 2026-03-18 | Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, the `/... |
| [CVE-2026-32632](https://nvd.nist.gov/vuln/detail/CVE-2026-32632) | 5.9 | MEDIUM | CWE-346 | No | 0.0% | 4.13 | 2026-03-18 | Glances is an open-source system cross-platform monitoring tool. Glances recently added DNS rebinding protection for the... |
| [CVE-2026-32611](https://nvd.nist.gov/vuln/detail/CVE-2026-32611) | 7.0 | HIGH | CWE-89 | No | 0.0% | 4.90 | 2026-03-18 | Glances is an open-source system cross-platform monitoring tool. The GHSA-x46r fix (commit 39161f0) addressed SQL inject... |
| [CVE-2026-31962](https://nvd.nist.gov/vuln/detail/CVE-2026-31962) | 8.8 | HIGH | CWE-122 | No | 0.1% | 6.16 | 2026-03-18 | HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA se... |
| [CVE-2026-30704](https://nvd.nist.gov/vuln/detail/CVE-2026-30704) | 9.1 | CRITICAL | CWE-912 | No | 0.1% | 6.37 | 2026-03-18 | The WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02) exposes an unprotected UART interface through accessible hard... |
| [CVE-2026-30703](https://nvd.nist.gov/vuln/detail/CVE-2026-30703) | 9.8 | CRITICAL | CWE-78 | No | 0.4% | 6.87 | 2026-03-18 | A command injection vulnerability exists in the web management interface of the WiFi Extender WDR201A (HW V2.1, FW LFMZX... |
| [CVE-2026-30702](https://nvd.nist.gov/vuln/detail/CVE-2026-30702) | 9.8 | CRITICAL | CWE-285 | No | 0.1% | 6.86 | 2026-03-18 | The WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02) implements a broken authentication mechanism in its web manag... |
| [CVE-2026-30701](https://nvd.nist.gov/vuln/detail/CVE-2026-30701) | 9.1 | CRITICAL | CWE-798 | No | 0.1% | 6.37 | 2026-03-18 | The web interface of the WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02) contains hardcoded credential disclosure... |
| [CVE-2026-30048](https://nvd.nist.gov/vuln/detail/CVE-2026-30048) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-18 | A stored cross-site scripting (XSS) vulnerability exists in the NotChatbot WebChat widget thru 1.4.4. User-supplied inpu... |
| [CVE-2026-29859](https://nvd.nist.gov/vuln/detail/CVE-2026-29859) | 9.8 | CRITICAL | CWE-79 | No | 0.1% | 6.86 | 2026-03-18 | An arbitrary file upload vulnerability in aaPanel v7.57.0 allows attackers to execute arbitrary code via uploading a cra... |
| [CVE-2026-29858](https://nvd.nist.gov/vuln/detail/CVE-2026-29858) | 7.5 | HIGH | CWE-98 | No | 0.0% | 5.25 | 2026-03-18 | A lack of path validation in aaPanel v7.57.0 allows attackers to execute a local file inclusion (LFI), leadingot sensiti... |
| [CVE-2026-29856](https://nvd.nist.gov/vuln/detail/CVE-2026-29856) | 7.5 | HIGH | CWE-400 | No | 0.0% | 5.25 | 2026-03-18 | An issue in the VirtualHost configuration handling/parser component of aaPanel v7.57.0 allows attackers to cause a Regul... |
| [CVE-2026-27135](https://nvd.nist.gov/vuln/detail/CVE-2026-27135) | 7.5 | HIGH | CWE-617 | No | 0.0% | 5.25 | 2026-03-18 | nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 lib... |
| [CVE-2026-26948](https://nvd.nist.gov/vuln/detail/CVE-2026-26948) | 4.9 | MEDIUM | CWE-1258 | No | 0.1% | 3.43 | 2026-03-18 | Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.174, 15G and 16G versions prior to 7.10.9... |
| [CVE-2026-26945](https://nvd.nist.gov/vuln/detail/CVE-2026-26945) | 5.3 | MEDIUM | CWE-114 | No | 0.1% | 3.71 | 2026-03-18 | Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.181, 15G and 16G versions prior to 7.20.1... |
| [CVE-2026-26740](https://nvd.nist.gov/vuln/detail/CVE-2026-26740) | 8.2 | HIGH | CWE-787 | No | 0.1% | 5.74 | 2026-03-18 | Buffer Overflow vulnerability in giflib v.5.2.2 allows a remote attacker to cause a denial of service via the EGifGCBToE... |
| [CVE-2026-32610](https://nvd.nist.gov/vuln/detail/CVE-2026-32610) | 8.1 | HIGH | CWE-942 | No | 0.0% | 5.67 | 2026-03-18 | Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, the Glances REST API web server... |
| [CVE-2026-30695](https://nvd.nist.gov/vuln/detail/CVE-2026-30695) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-03-18 | A Cross-Site Scripting (XSS) vulnerability exists in the web-based configuration interface of Zucchetti Axess access con... |
| [CVE-2026-30345](https://nvd.nist.gov/vuln/detail/CVE-2026-30345) | 7.5 | HIGH | CWE-23 | No | 0.0% | 5.25 | 2026-03-18 | A zip slip vulnerability in the Admin import functionality of CTFd v3.8.1-18-gdb5a18c4 allows attackers to write arbitra... |
| [CVE-2026-1463](https://nvd.nist.gov/vuln/detail/CVE-2026-1463) | 8.8 | HIGH | CWE-98 | No | 0.1% | 6.16 | 2026-03-18 | The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Local File Inclu... |
| [CVE-2025-67830](https://nvd.nist.gov/vuln/detail/CVE-2025-67830) | 9.8 | CRITICAL | CWE-89 | No | 0.0% | 6.86 | 2026-03-18 | Mura before 10.1.14 allows beanFeed.cfc getQuery sortby SQL injection. |
| [CVE-2026-3090](https://nvd.nist.gov/vuln/detail/CVE-2026-3090) | 7.2 | HIGH | CWE-79 | No | 0.1% | 5.04 | 2026-03-18 | The Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App plugin... |
| [CVE-2026-33004](https://nvd.nist.gov/vuln/detail/CVE-2026-33004) | 4.3 | MEDIUM | CWE-200 | No | 0.0% | 3.01 | 2026-03-18 | Jenkins LoadNinja Plugin 2.1 and earlier does not mask LoadNinja API keys displayed on the job configuration form, incre... |
| [CVE-2026-33003](https://nvd.nist.gov/vuln/detail/CVE-2026-33003) | 4.3 | MEDIUM | CWE-312 | No | 0.0% | 3.01 | 2026-03-18 | Jenkins LoadNinja Plugin 2.1 and earlier stores LoadNinja API keys unencrypted in job config.xml files on the Jenkins co... |
| [CVE-2026-33002](https://nvd.nist.gov/vuln/detail/CVE-2026-33002) | 7.5 | HIGH | CWE-350 | No | 0.0% | 5.25 | 2026-03-18 | Jenkins 2.442 through 2.554 (both inclusive), LTS 2.426.3 through LTS 2.541.2 (both inclusive) performs origin validatio... |
| [CVE-2026-2992](https://nvd.nist.gov/vuln/detail/CVE-2026-2992) | 8.2 | HIGH | CWE-862 | No | 0.0% | 5.74 | 2026-03-18 | The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to Privilege Escalation due t... |
| [CVE-2026-2991](https://nvd.nist.gov/vuln/detail/CVE-2026-2991) | 7.3 | HIGH | CWE-287 | No | 0.2% | 5.12 | 2026-03-18 | The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to Authentication Bypass in a... |
| [CVE-2026-2559](https://nvd.nist.gov/vuln/detail/CVE-2026-2559) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-18 | The Post SMTP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check... |
| [CVE-2026-2512](https://nvd.nist.gov/vuln/detail/CVE-2026-2512) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-03-18 | The Code Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field meta values in all ver... |
| [CVE-2026-24063](https://nvd.nist.gov/vuln/detail/CVE-2026-24063) | 8.2 | HIGH | CWE-276 | No | 0.0% | 5.74 | 2026-03-18 | When a plugin is installed using the Arturia Software Center (MacOS), it also installs an uninstall.sh bash script in a... |
| [CVE-2026-24062](https://nvd.nist.gov/vuln/detail/CVE-2026-24062) | 7.8 | HIGH | CWE-306 | No | 0.0% | 5.46 | 2026-03-18 | The "Privileged Helper" component of the Arturia Software Center (MacOS) does not perform sufficient client code signatu... |
| [CVE-2025-67829](https://nvd.nist.gov/vuln/detail/CVE-2025-67829) | 9.8 | CRITICAL | CWE-89 | No | 0.0% | 6.86 | 2026-03-18 | Mura before 10.1.14 allows beanFeed.cfc getQuery sortDirection SQL injection. |
| [CVE-2025-55046](https://nvd.nist.gov/vuln/detail/CVE-2025-55046) | 8.1 | HIGH | CWE-352 | No | 0.0% | 5.67 | 2026-03-18 | MuraCMS through 10.1.10 contains a CSRF vulnerability that allows attackers to permanently destroy all deleted content s... |
| [CVE-2025-55045](https://nvd.nist.gov/vuln/detail/CVE-2025-55045) | 7.1 | HIGH | CWE-352 | No | 0.0% | 4.97 | 2026-03-18 | The update address CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to manipulate user address information... |
| [CVE-2025-55044](https://nvd.nist.gov/vuln/detail/CVE-2025-55044) | 8.8 | HIGH | CWE-352 | No | 0.0% | 6.16 | 2026-03-18 | The Trash Restore CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to restore deleted content from the tra... |
| [CVE-2025-55043](https://nvd.nist.gov/vuln/detail/CVE-2025-55043) | 6.5 | MEDIUM | CWE-352 | No | 0.0% | 4.55 | 2026-03-18 | MuraCMS through 10.1.10 contains a CSRF vulnerability in the bundle creation functionality (csettings.cfc createBundle m... |
| [CVE-2025-55041](https://nvd.nist.gov/vuln/detail/CVE-2025-55041) | 8.0 | HIGH | CWE-352 | No | 0.0% | 5.60 | 2026-03-18 | MuraCMS through 10.1.10 contains a CSRF vulnerability in the Add To Group functionality for user management (cUsers.cfc... |
| [CVE-2025-55040](https://nvd.nist.gov/vuln/detail/CVE-2025-55040) | 8.8 | HIGH | CWE-352 | No | 0.0% | 6.16 | 2026-03-18 | The import form CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to upload and install malicious form defi... |
| [CVE-2026-32609](https://nvd.nist.gov/vuln/detail/CVE-2026-32609) | 7.5 | HIGH | CWE-200 | No | 0.1% | 5.25 | 2026-03-18 | Glances is an open-source system cross-platform monitoring tool. The GHSA-gh4x fix (commit 5d3de60) addressed unauthenti... |
| [CVE-2026-3278](https://nvd.nist.gov/vuln/detail/CVE-2026-3278) | 7.4 | HIGH | CWE-79 | No | 0.0% | 5.18 | 2026-03-18 | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText™ ZENworks... |
| [CVE-2026-32694](https://nvd.nist.gov/vuln/detail/CVE-2026-32694) | 6.6 | MEDIUM | CWE-343 | No | 0.0% | 4.62 | 2026-03-18 | In Juju from version 3.0.0 through 3.6.18, when a secret owner grants permissions to a secret to a grantee, the secret o... |
| [CVE-2026-25449](https://nvd.nist.gov/vuln/detail/CVE-2026-25449) | 0.0 | NONE | CWE-502 | No | 0.0% | 0.00 | 2026-03-18 | Deserialization of Untrusted Data vulnerability in shinetheme Traveler traveler allows Object Injection.This issue affec... |
| [CVE-2026-32693](https://nvd.nist.gov/vuln/detail/CVE-2026-32693) | 8.8 | HIGH | CWE-284 | No | 0.1% | 6.16 | 2026-03-18 | In Juju from version 3.0.0 through 3.6.18, the authorization of the "secret-set" tool is not performed correctly, which... |
| [CVE-2026-32692](https://nvd.nist.gov/vuln/detail/CVE-2026-32692) | 7.6 | HIGH | CWE-285 | No | 0.0% | 5.32 | 2026-03-18 | An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18... |
| [CVE-2026-32691](https://nvd.nist.gov/vuln/detail/CVE-2026-32691) | 5.3 | MEDIUM | CWE-708 | No | 0.0% | 3.71 | 2026-03-18 | A race condition in the secrets management subsystem of Juju versions 3.0.0 through 3.6.18 allows an authenticated unit... |
| [CVE-2026-33265](https://nvd.nist.gov/vuln/detail/CVE-2026-33265) | 6.3 | MEDIUM | CWE-669 | No | 0.1% | 4.41 | 2026-03-18 | In LibreChat 0.8.1-rc2, a logged-in user obtains a JWT for both the LibreChat API and the RAG API. |
| [CVE-2025-41258](https://nvd.nist.gov/vuln/detail/CVE-2025-41258) | 8.0 | HIGH | CWE-284 | No | 0.1% | 5.60 | 2026-03-18 | LibreChat version 0.8.1-rc2 uses the same JWT secret for the user session mechanism and RAG API which compromises the se... |
| [CVE-2026-32565](https://nvd.nist.gov/vuln/detail/CVE-2026-32565) | 0.0 | NONE | CWE-862 | No | 0.0% | 0.00 | 2026-03-18 | Missing Authorization vulnerability in Ajay Contextual Related Posts contextual-related-posts allows Exploiting Incorrec... |
| [CVE-2026-1217](https://nvd.nist.gov/vuln/detail/CVE-2026-1217) | 5.4 | MEDIUM | CWE-862 | No | 0.0% | 3.78 | 2026-03-18 | The Yoast Duplicate Post plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capabi... |
| [CVE-2026-22323](https://nvd.nist.gov/vuln/detail/CVE-2026-22323) | 7.1 | HIGH | CWE-352 | No | 0.0% | 4.97 | 2026-03-18 | A CSRF vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to trick... |
| [CVE-2026-22322](https://nvd.nist.gov/vuln/detail/CVE-2026-22322) | 7.1 | HIGH | CWE-79 | No | 0.1% | 4.97 | 2026-03-18 | A stored cross‑site scripting (XSS) vulnerability in the Link Aggregation configuration interface allows an unauthentica... |
| [CVE-2026-22321](https://nvd.nist.gov/vuln/detail/CVE-2026-22321) | 5.3 | MEDIUM | CWE-121 | No | 0.0% | 3.71 | 2026-03-18 | A stack-based buffer overflow in the device's Telnet/SSH CLI login routine occurs when a unauthenticated attacker send a... |
| [CVE-2026-22320](https://nvd.nist.gov/vuln/detail/CVE-2026-22320) | 6.5 | MEDIUM | CWE-121 | No | 0.0% | 4.55 | 2026-03-18 | A stack-based buffer overflow in the CLI's TFTP file‑transfer command handling allows a low-privileged attacker with Tel... |
| [CVE-2026-22319](https://nvd.nist.gov/vuln/detail/CVE-2026-22319) | 4.9 | MEDIUM | CWE-121 | No | 0.0% | 3.43 | 2026-03-18 | A stack-based buffer overflow in the device's file installation workflow allows a high-privileged attacker to send overs... |
| [CVE-2026-22318](https://nvd.nist.gov/vuln/detail/CVE-2026-22318) | 4.9 | MEDIUM | CWE-121 | No | 0.0% | 3.43 | 2026-03-18 | A stack-based buffer overflow vulnerability in the device's file transfer parameter workflow allows a high-privileged at... |
| [CVE-2026-22317](https://nvd.nist.gov/vuln/detail/CVE-2026-22317) | 7.2 | HIGH | CWE-77 | No | 0.1% | 5.04 | 2026-03-18 | A command injection vulnerability in the device’s Root CA certificate transfer workflow allows a high-privileged attacke... |
| [CVE-2026-22316](https://nvd.nist.gov/vuln/detail/CVE-2026-22316) | 6.5 | MEDIUM | CWE-121 | No | 0.1% | 4.55 | 2026-03-18 | A remote attacker with user privileges for the webUI can use the setting of the TFTP Filename with a POST Request to tri... |
| [CVE-2025-31703](https://nvd.nist.gov/vuln/detail/CVE-2025-31703) | 2.4 | LOW | CWE-305 | No | 0.0% | 1.68 | 2026-03-18 | A vulnerability found in Dahua NVR/XVR device. A third-party malicious attacker with physical access to the device may g... |
| [CVE-2026-3512](https://nvd.nist.gov/vuln/detail/CVE-2026-3512) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-03-18 | The Writeprint Stylometry plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'p' GET parameter... |
| [CVE-2026-32608](https://nvd.nist.gov/vuln/detail/CVE-2026-32608) | 7.0 | HIGH | CWE-78 | No | 0.0% | 4.90 | 2026-03-18 | Glances is an open-source system cross-platform monitoring tool. The Glances action system allows administrators to conf... |
| [CVE-2025-15363](https://nvd.nist.gov/vuln/detail/CVE-2025-15363) | 5.9 | MEDIUM | CWE-79 | No | 0.0% | 4.13 | 2026-03-18 | The Get Use APIs  WordPress plugin before 2.0.10 executes imported JSON, which could allow users with a role as low as c... |
| [CVE-2026-32606](https://nvd.nist.gov/vuln/detail/CVE-2026-32606) | 7.6 | HIGH | CWE-522 | No | 0.0% | 5.32 | 2026-03-18 | IncusOS is an immutable OS image dedicated to running Incus. Prior to 202603142010, the default configuration of systemd... |
| [CVE-2026-32596](https://nvd.nist.gov/vuln/detail/CVE-2026-32596) | 8.7 | HIGH | CWE-200 | No | 3.6% | 6.20 | 2026-03-18 | Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.2, Glances web server runs without authent... |
| [CVE-2026-32268](https://nvd.nist.gov/vuln/detail/CVE-2026-32268) | 8.7 | HIGH | CWE-862 | No | 0.0% | 6.09 | 2026-03-18 | The Azure Blob Storage for Craft CMS plugin provides an Azure Blob Storage integration for Craft CMS. In versions on the... |
| [CVE-2026-4366](https://nvd.nist.gov/vuln/detail/CVE-2026-4366) | 5.8 | MEDIUM | CWE-918 | No | 0.0% | 4.06 | 2026-03-18 | A flaw was identified in Keycloak, an identity and access management solution, where it improperly follows HTTP redirect... |
| [CVE-2026-33189](https://nvd.nist.gov/vuln/detail/CVE-2026-33189) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-03-18 | Rejected reason: Further research determined the issue originates from a different product. |
| [CVE-2026-33188](https://nvd.nist.gov/vuln/detail/CVE-2026-33188) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-03-18 | Rejected reason: Further research determined the issue originates from a different product. |
| [CVE-2026-33187](https://nvd.nist.gov/vuln/detail/CVE-2026-33187) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-03-18 | Rejected reason: Further research determined the issue originates from a different product. |
| [CVE-2026-33058](https://nvd.nist.gov/vuln/detail/CVE-2026-33058) | 8.4 | HIGH | CWE-89 | No | 0.0% | 5.88 | 2026-03-18 | Kanboard is project management software focused on Kanban methodology. Versions prior to 1.2.51 have an authenticated SQ... |
| [CVE-2026-32266](https://nvd.nist.gov/vuln/detail/CVE-2026-32266) | 2.4 | LOW | CWE-200 | No | 0.0% | 1.68 | 2026-03-18 | The Google Cloud Storage for Craft CMS plugin provides a Google Cloud Storage integration for Craft CMS. In versions on... |
| [CVE-2026-32265](https://nvd.nist.gov/vuln/detail/CVE-2026-32265) | 6.9 | MEDIUM | CWE-200 | No | 0.0% | 4.83 | 2026-03-18 | The Amazon S3 for Craft CMS plugin provides an Amazon S3 integration for Craft CMS. In versions 2.0.2 through 2.2.4, una... |
| [CVE-2026-32256](https://nvd.nist.gov/vuln/detail/CVE-2026-32256) | 7.5 | HIGH | CWE-835 | No | 0.0% | 5.25 | 2026-03-18 | music-metadata is a metadata parser for audio and video media files. Prior to version 11.12.3, music-metadata's ASF pars... |
| [CVE-2026-32254](https://nvd.nist.gov/vuln/detail/CVE-2026-32254) | 7.1 | HIGH | CWE-284 | No | 0.0% | 4.97 | 2026-03-18 | Kube-router is a turnkey solution for Kubernetes networking. Prior to version 2.8.0, Kube-router's proxy module does not... |
| [CVE-2026-31938](https://nvd.nist.gov/vuln/detail/CVE-2026-31938) | 9.6 | CRITICAL | CWE-79 | No | 0.0% | 6.72 | 2026-03-18 | jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.2.1, user control of the `options` argument of the... |
| [CVE-2026-31898](https://nvd.nist.gov/vuln/detail/CVE-2026-31898) | 8.1 | HIGH | CWE-116 | No | 0.0% | 5.67 | 2026-03-18 | jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.2.1, user control of arguments of the `createAnnot... |
| [CVE-2026-31891](https://nvd.nist.gov/vuln/detail/CVE-2026-31891) | 7.7 | HIGH | CWE-89 | No | 0.0% | 5.39 | 2026-03-18 | Cockpit is a headless content management system. Any Cockpit CMS instance running version 2.13.4 or earlier with API acc... |
| [CVE-2026-31865](https://nvd.nist.gov/vuln/detail/CVE-2026-31865) | 6.5 | MEDIUM | CWE-1321 | No | 0.0% | 4.55 | 2026-03-18 | Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation, and client-server commun... |
| [CVE-2026-30922](https://nvd.nist.gov/vuln/detail/CVE-2026-30922) | 7.5 | HIGH | CWE-674 | No | 0.0% | 5.25 | 2026-03-18 | pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pyasn1` library is vulnerable to a Denial of Service... |
| [CVE-2026-30884](https://nvd.nist.gov/vuln/detail/CVE-2026-30884) | 9.6 | CRITICAL | CWE-639 | No | 0.0% | 6.72 | 2026-03-18 | mdjnelson/moodle-mod_customcert is a Moodle plugin for creating dynamically generated certificates with complete customi... |
| [CVE-2026-2575](https://nvd.nist.gov/vuln/detail/CVE-2026-2575) | 5.3 | MEDIUM | CWE-409 | No | 0.0% | 3.71 | 2026-03-18 | A flaw was found in Keycloak. An unauthenticated remote attacker can trigger an application level Denial of Service (DoS... |
| [CVE-2026-29112](https://nvd.nist.gov/vuln/detail/CVE-2026-29112) | 7.5 | HIGH | CWE-770 | No | 0.1% | 5.25 | 2026-03-18 | DiceBear is an avatar library for designers and developers. Prior to version 9.4.0, the `ensureSize()` function in `@dic... |
| [CVE-2026-1926](https://nvd.nist.gov/vuln/detail/CVE-2026-1926) | 5.3 | MEDIUM | CWE-862 | No | 0.2% | 3.71 | 2026-03-18 | The Subscriptions for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missi... |
| [CVE-2026-1780](https://nvd.nist.gov/vuln/detail/CVE-2026-1780) | 6.1 | MEDIUM | CWE-79 | No | 0.1% | 4.27 | 2026-03-18 | The [CR]Paid Link Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL path in all v... |
| [CVE-2026-4356](https://nvd.nist.gov/vuln/detail/CVE-2026-4356) | 4.8 | MEDIUM | CWE-79 | No | 0.0% | 3.36 | 2026-03-18 | A flaw has been found in itsourcecode University Management System 1.0. Affected is an unknown function of the file /add... |
| [CVE-2026-4268](https://nvd.nist.gov/vuln/detail/CVE-2026-4268) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-03-18 | The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpgm... |
| [CVE-2026-2603](https://nvd.nist.gov/vuln/detail/CVE-2026-2603) | 8.1 | HIGH | CWE-306 | No | 0.2% | 5.68 | 2026-03-18 | A flaw was found in Keycloak. A remote attacker could bypass security controls by sending a valid SAML response from an... |
| [CVE-2026-2092](https://nvd.nist.gov/vuln/detail/CVE-2026-2092) | 7.7 | HIGH | CWE-1287 | No | 0.1% | 5.39 | 2026-03-18 | A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language (SAML) broker endpoint does not properly val... |
| [CVE-2026-29056](https://nvd.nist.gov/vuln/detail/CVE-2026-29056) | 7.0 | HIGH | CWE-915 | No | 0.2% | 4.91 | 2026-03-18 | Kanboard is project management software focused on Kanban methodology. Prior to 1.2.51, Kanboard's user invite registrat... |
| [CVE-2026-28500](https://nvd.nist.gov/vuln/detail/CVE-2026-28500) | 8.6 | HIGH | CWE-345 | No | 0.0% | 6.02 | 2026-03-18 | Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. In versions up to and inc... |
| [CVE-2026-28499](https://nvd.nist.gov/vuln/detail/CVE-2026-28499) | 6.9 | MEDIUM | CWE-79 | No | 0.0% | 4.83 | 2026-03-18 | LeafKit is a templating language with Swift-inspired syntax. Prior to version 1.14.2, HTML escaping doesn't work correct... |
| [CVE-2026-27545](https://nvd.nist.gov/vuln/detail/CVE-2026-27545) | 6.9 | MEDIUM | CWE-367 | No | 0.0% | 4.83 | 2026-03-18 | OpenClaw versions prior to 2026.2.26 contain an approval bypass vulnerability in system.run execution that allows attack... |
| [CVE-2026-27524](https://nvd.nist.gov/vuln/detail/CVE-2026-27524) | 2.3 | LOW | CWE-1321 | No | 0.0% | 1.61 | 2026-03-18 | OpenClaw versions prior to 2026.2.21 accept prototype-reserved keys in runtime /debug set override object values, allowi... |
| [CVE-2026-27523](https://nvd.nist.gov/vuln/detail/CVE-2026-27523) | 6.9 | MEDIUM | CWE-22 | No | 0.1% | 4.83 | 2026-03-18 | OpenClaw versions prior to 2026.2.24 contain a sandbox bind validation vulnerability allowing attackers to bypass allowe... |
| [CVE-2026-27522](https://nvd.nist.gov/vuln/detail/CVE-2026-27522) | 7.1 | HIGH | CWE-22 | No | 0.0% | 4.97 | 2026-03-18 | OpenClaw versions prior to 2026.2.24 contain a local media root bypass vulnerability in sendAttachment and setGroupIcon... |
| [CVE-2026-22217](https://nvd.nist.gov/vuln/detail/CVE-2026-22217) | 5.8 | MEDIUM | CWE-829 | No | 0.0% | 4.06 | 2026-03-18 | OpenClaw version 2026.2.22 prior to 2026.2.23 contain an arbitrary code execution vulnerability in shell-env that allows... |
| [CVE-2026-22181](https://nvd.nist.gov/vuln/detail/CVE-2026-22181) | 6.1 | MEDIUM | CWE-918 | No | 0.0% | 4.27 | 2026-03-18 | OpenClaw versions prior to 2026.3.2 contain a DNS pinning bypass vulnerability in strict URL fetch paths that allows att... |
| [CVE-2026-22180](https://nvd.nist.gov/vuln/detail/CVE-2026-22180) | 4.8 | MEDIUM | CWE-59 | No | 0.0% | 3.36 | 2026-03-18 | OpenClaw versions prior to 2026.3.2 contain a path-confinement bypass vulnerability in browser output handling that allo... |
| [CVE-2026-22179](https://nvd.nist.gov/vuln/detail/CVE-2026-22179) | 7.5 | HIGH | CWE-78 | No | 0.3% | 5.26 | 2026-03-18 | OpenClaw versions prior to 2026.2.22 in macOS node-host system.run contain an allowlist bypass vulnerability that allows... |
| [CVE-2026-22178](https://nvd.nist.gov/vuln/detail/CVE-2026-22178) | 6.9 | MEDIUM | CWE-1333 | No | 0.1% | 4.83 | 2026-03-18 | OpenClaw versions prior to 2026.2.19 construct RegExp objects directly from unescaped Feishu mention metadata in the str... |
| [CVE-2026-22177](https://nvd.nist.gov/vuln/detail/CVE-2026-22177) | 6.9 | MEDIUM | CWE-15 | No | 0.1% | 4.83 | 2026-03-18 | OpenClaw versions prior to 2026.2.21 fail to filter dangerous process-control environment variables from config env.vars... |
| [CVE-2026-22175](https://nvd.nist.gov/vuln/detail/CVE-2026-22175) | 7.1 | HIGH | CWE-184 | No | 0.1% | 4.97 | 2026-03-18 | OpenClaw versions prior to 2026.2.23 contain an exec approval bypass vulnerability in allowlist mode where allow-always... |
| [CVE-2026-22174](https://nvd.nist.gov/vuln/detail/CVE-2026-22174) | 5.9 | MEDIUM | CWE-306 | No | 0.0% | 4.13 | 2026-03-18 | OpenClaw versions prior to 2026.2.22 inject the x-OpenClaw-relay-token header into Chrome CDP probe traffic on loopback... |
| [CVE-2026-22171](https://nvd.nist.gov/vuln/detail/CVE-2026-22171) | 8.8 | HIGH | CWE-22 | No | 0.1% | 6.16 | 2026-03-18 | OpenClaw versions prior to 2026.2.19 contain a path traversal vulnerability in the Feishu media download flow where untr... |
| [CVE-2026-22170](https://nvd.nist.gov/vuln/detail/CVE-2026-22170) | 6.3 | MEDIUM | CWE-863 | No | 0.1% | 4.41 | 2026-03-18 | OpenClaw versions prior to 2026.2.22 with the optional BlueBubbles plugin contain an access control bypass vulnerability... |
| [CVE-2026-22169](https://nvd.nist.gov/vuln/detail/CVE-2026-22169) | 7.1 | HIGH | CWE-78 | No | 0.0% | 4.97 | 2026-03-18 | OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in the safeBins configuration that allows... |
| [CVE-2026-22168](https://nvd.nist.gov/vuln/detail/CVE-2026-22168) | 7.1 | HIGH | CWE-88 | No | 0.1% | 4.97 | 2026-03-18 | OpenClaw versions prior to 2026.2.21 contain an approval-integrity mismatch vulnerability in system.run that allows auth... |
| [CVE-2026-29057](https://nvd.nist.gov/vuln/detail/CVE-2026-29057) | 6.3 | MEDIUM | CWE-444 | No | 0.1% | 4.41 | 2026-03-18 | Next.js is a React framework for building full-stack web applications. Starting in version 9.5.0 and prior to versions 1... |
| [CVE-2026-28674](https://nvd.nist.gov/vuln/detail/CVE-2026-28674) | 7.2 | HIGH | CWE-434 | No | 0.0% | 5.04 | 2026-03-18 | xiaoheiFS is a self-hosted financial and operational system for cloud service businesses. In versions up to and includin... |
| [CVE-2026-28673](https://nvd.nist.gov/vuln/detail/CVE-2026-28673) | 7.2 | HIGH | CWE-78 | No | 0.3% | 5.05 | 2026-03-18 | xiaoheiFS is a self-hosted financial and operational system for cloud service businesses. In versions up to and includin... |
| [CVE-2026-27980](https://nvd.nist.gov/vuln/detail/CVE-2026-27980) | 6.9 | MEDIUM | CWE-400 | No | 0.0% | 4.83 | 2026-03-18 | Next.js is a React framework for building full-stack web applications. Starting in version 10.0.0 and prior to version 1... |
| [CVE-2026-27979](https://nvd.nist.gov/vuln/detail/CVE-2026-27979) | 6.9 | MEDIUM | CWE-770 | No | 0.0% | 4.83 | 2026-03-18 | Next.js is a React framework for building full-stack web applications. Starting in version 16.0.1 and prior to version 1... |
| [CVE-2026-4355](https://nvd.nist.gov/vuln/detail/CVE-2026-4355) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-03-18 | A vulnerability was detected in Portabilis i-Educar 2.11. This impacts an unknown function of the file /intranet/educar_... |
| [CVE-2026-4354](https://nvd.nist.gov/vuln/detail/CVE-2026-4354) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-03-18 | A vulnerability was identified in TRENDnet TEW-824DRU 1.010B01/1.04B01. The impacted element is the function sub_420A78... |
| [CVE-2026-27978](https://nvd.nist.gov/vuln/detail/CVE-2026-27978) | 5.3 | MEDIUM | CWE-352 | No | 0.0% | 3.71 | 2026-03-18 | Next.js is a React framework for building full-stack web applications. Starting in version 16.0.1 and prior to version 1... |
| [CVE-2026-27977](https://nvd.nist.gov/vuln/detail/CVE-2026-27977) | 2.3 | LOW | CWE-1385 | No | 0.0% | 1.61 | 2026-03-18 | Next.js is a React framework for building full-stack web applications. Starting in version 16.0.1 and prior to version 1... |
| [CVE-2026-27895](https://nvd.nist.gov/vuln/detail/CVE-2026-27895) | 4.3 | MEDIUM | CWE-185 | No | 0.1% | 3.01 | 2026-03-18 | LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP d... |
| [CVE-2026-27894](https://nvd.nist.gov/vuln/detail/CVE-2026-27894) | 8.8 | HIGH | CWE-98 | No | 0.1% | 6.16 | 2026-03-18 | LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP d... |
| [CVE-2026-27811](https://nvd.nist.gov/vuln/detail/CVE-2026-27811) | 8.8 | HIGH | CWE-77 | No | 1.0% | 6.19 | 2026-03-18 | Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.3, a comma... |
| [CVE-2026-27459](https://nvd.nist.gov/vuln/detail/CVE-2026-27459) | 7.2 | HIGH | CWE-120 | No | 0.0% | 5.04 | 2026-03-18 | pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a u... |
| [CVE-2026-27448](https://nvd.nist.gov/vuln/detail/CVE-2026-27448) | 1.7 | LOW | CWE-636 | No | 0.0% | 1.19 | 2026-03-18 | pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a u... |
| [CVE-2026-26004](https://nvd.nist.gov/vuln/detail/CVE-2026-26004) | 5.7 | MEDIUM | CWE-639 | No | 0.0% | 3.99 | 2026-03-18 | Sentry is a developer-first error tracking and performance monitoring tool. Versions prior to 26.1.0 have a cross-organi... |
| [CVE-2026-26001](https://nvd.nist.gov/vuln/detail/CVE-2026-26001) | 7.1 | HIGH | CWE-89 | No | 0.0% | 4.97 | 2026-03-18 | The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents... |
| [CVE-2026-25937](https://nvd.nist.gov/vuln/detail/CVE-2026-25937) | 6.5 | MEDIUM | CWE-287 | No | 0.0% | 4.55 | 2026-03-18 | GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, a malic... |
| [CVE-2026-3856](https://nvd.nist.gov/vuln/detail/CVE-2026-3856) | 5.3 | MEDIUM | CWE-353 | No | 0.0% | 3.71 | 2026-03-17 | IBM Db2 Recovery Expert for Linux, UNIX and Windows 5.5 IF 2 could allow an attacker to modify or corrupt data due to an... |
| [CVE-2026-22727](https://nvd.nist.gov/vuln/detail/CVE-2026-22727) | 7.5 | HIGH | CWE-306 | No | 0.0% | 5.25 | 2026-03-17 | Unprotected internal endpoints in Cloud Foundry Capi Release 1.226.0 and below, and CF Deployment v54.9.0 and below on a... |
| [CVE-2026-21994](https://nvd.nist.gov/vuln/detail/CVE-2026-21994) | 9.8 | CRITICAL | CWE-284 | No | 0.1% | 6.86 | 2026-03-17 | Vulnerability in the Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit product of Oracle Open Source P... |
| [CVE-2026-20643](https://nvd.nist.gov/vuln/detail/CVE-2026-20643) | 5.4 | MEDIUM | CWE-20 | No | 0.0% | 3.78 | 2026-03-17 | A cross-origin issue in the Navigation API was addressed with improved input validation. This issue is fixed in Backgrou... |
| [CVE-2026-1264](https://nvd.nist.gov/vuln/detail/CVE-2026-1264) | 7.1 | HIGH | CWE-306 | No | 0.0% | 4.97 | 2026-03-17 | IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0... |
| [CVE-2025-14031](https://nvd.nist.gov/vuln/detail/CVE-2025-14031) | 7.5 | HIGH | CWE-77 | No | 0.1% | 5.25 | 2026-03-17 | IBM Sterling B2B Integrator and and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.... |
| [CVE-2026-4349](https://nvd.nist.gov/vuln/detail/CVE-2026-4349) | 6.3 | MEDIUM | CWE-287 | No | 0.1% | 4.41 | 2026-03-17 | A vulnerability was determined in Duende IdentityServer4 up to 4.1.2. The affected element is an unknown function of the... |
| [CVE-2026-32842](https://nvd.nist.gov/vuln/detail/CVE-2026-32842) | 7.1 | HIGH | CWE-312 | No | 0.0% | 4.97 | 2026-03-17 | Edimax GS-5008PL firmware version 1.00.54 and prior contain an insecure credential storage vulnerability that allows att... |
| [CVE-2026-32841](https://nvd.nist.gov/vuln/detail/CVE-2026-32841) | 9.2 | CRITICAL | CWE-1108 | No | 0.0% | 6.44 | 2026-03-17 | Edimax GS-5008PL firmware version 1.00.54 and prior contain an authentication bypass vulnerability that allows unauthent... |
| [CVE-2026-32840](https://nvd.nist.gov/vuln/detail/CVE-2026-32840) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-03-17 | Edimax GS-5008PL firmware version 1.00.54 and prior contain a stored cross-site scripting vulnerability in the system_na... |
| [CVE-2026-32839](https://nvd.nist.gov/vuln/detail/CVE-2026-32839) | 5.1 | MEDIUM | CWE-352 | No | 0.0% | 3.57 | 2026-03-17 | Edimax GS-5008PL firmware version 1.00.54 and prior contain a cross-site request forgery vulnerability that allows remot... |
| [CVE-2026-32838](https://nvd.nist.gov/vuln/detail/CVE-2026-32838) | 8.7 | HIGH | CWE-319 | No | 0.0% | 6.09 | 2026-03-17 | Edimax GS-5008PL firmware version 1.00.54 and prior use cleartext HTTP for the web management interface without implemen... |
| [CVE-2026-1376](https://nvd.nist.gov/vuln/detail/CVE-2026-1376) | 7.5 | HIGH | CWE-770 | No | 0.1% | 5.25 | 2026-03-17 | IBM i 7.6 could allow a remote attacker to cause a denial of service using failed authentication connections due to impr... |
| [CVE-2026-1267](https://nvd.nist.gov/vuln/detail/CVE-2026-1267) | 6.5 | MEDIUM | CWE-200 | No | 0.0% | 4.55 | 2026-03-17 | IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an unauthorized access to sensitive application data and a... |
| [CVE-2025-14806](https://nvd.nist.gov/vuln/detail/CVE-2025-14806) | 5.7 | MEDIUM | CWE-524 | No | 0.0% | 3.99 | 2026-03-17 | IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an attacker to trick the caching mechanism into storing an... |
| [CVE-2026-2809](https://nvd.nist.gov/vuln/detail/CVE-2026-2809) | 6.7 | MEDIUM | CWE-190 | No | 0.0% | 4.69 | 2026-03-17 | Netskope was notified about a potential gap in its Endpoint DLP Module for Netskope Client on Windows systems. The succe... |
| [CVE-2026-4359](https://nvd.nist.gov/vuln/detail/CVE-2026-4359) | 2.0 | LOW | CWE-158 | No | 0.0% | 1.40 | 2026-03-17 | A compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP response and cause a cr... |
| [CVE-2026-4358](https://nvd.nist.gov/vuln/detail/CVE-2026-4358) | 6.1 | MEDIUM | CWE-415 | No | 0.1% | 4.27 | 2026-03-17 | A specially crafted aggregation query with $lookup by an authenticated user with write privileges can cause a double-fre... |
| [CVE-2026-4064](https://nvd.nist.gov/vuln/detail/CVE-2026-4064) | 8.3 | HIGH | CWE-862 | No | 0.0% | 5.81 | 2026-03-17 | Missing authorization checks on multiple gRPC service endpoints in PowerShell Universal before 2026.1.4 allows an authen... |
| [CVE-2026-3563](https://nvd.nist.gov/vuln/detail/CVE-2026-3563) | 5.5 | MEDIUM | CWE-1289 | No | 0.1% | 3.85 | 2026-03-17 | Improper input validation in the apps and endpoints configuration in PowerShell Universal before 2026.1.4 allows an auth... |
| [CVE-2026-32981](https://nvd.nist.gov/vuln/detail/CVE-2026-32981) | 8.7 | HIGH | CWE-22 | No | 0.1% | 6.09 | 2026-03-17 | A path traversal vulnerability was identified in Ray Dashboard (default port 8265) in Ray versions prior to 2.8.1. Due t... |
| [CVE-2026-32837](https://nvd.nist.gov/vuln/detail/CVE-2026-32837) | 5.1 | MEDIUM | CWE-170 | No | 0.0% | 3.57 | 2026-03-17 | miniaudio version 0.11.25 and earlier contain a heap out-of-bounds read vulnerability in the WAV BEXT metadata parser th... |
| [CVE-2026-32836](https://nvd.nist.gov/vuln/detail/CVE-2026-32836) | 6.9 | MEDIUM | CWE-789 | No | 0.0% | 4.83 | 2026-03-17 | dr_libs dr_flac.h version 0.13.3 and earlier contain an uncontrolled memory allocation vulnerability in drflac__read_and... |
| [CVE-2026-30707](https://nvd.nist.gov/vuln/detail/CVE-2026-30707) | 8.1 | HIGH | CWE-284 | No | 0.0% | 5.67 | 2026-03-17 | An issue was discovered in SpeedExam Online Examination System (SaaS) after v.FEV2026. It allows Broken Access Control v... |
| [CVE-2026-25936](https://nvd.nist.gov/vuln/detail/CVE-2026-25936) | 6.5 | MEDIUM | CWE-89 | No | 0.0% | 4.55 | 2026-03-17 | GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, an auth... |
| [CVE-2025-15584](https://nvd.nist.gov/vuln/detail/CVE-2025-15584) | 6.8 | MEDIUM | CWE-190 | No | 0.0% | 4.76 | 2026-03-17 | Netskope was notified about a potential gap in its Endpoint DLP Module for Netskope Client on Windows systems. The succe... |
| [CVE-2026-3207](https://nvd.nist.gov/vuln/detail/CVE-2026-3207) | 8.7 | HIGH | CWE-306 | No | 0.1% | 6.09 | 2026-03-17 | Configuration issue in Java Management Extensions (JMX) in TIBCO BPM Enterprise version 4.x allows unauthorised access. |
| [CVE-2026-25790](https://nvd.nist.gov/vuln/detail/CVE-2026-25790) | 4.9 | MEDIUM | CWE-121 | No | 0.1% | 3.43 | 2026-03-17 | Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 3.9.0... |
| [CVE-2026-25772](https://nvd.nist.gov/vuln/detail/CVE-2026-25772) | 4.9 | MEDIUM | CWE-121 | No | 0.1% | 3.43 | 2026-03-17 | Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0... |
| [CVE-2026-25771](https://nvd.nist.gov/vuln/detail/CVE-2026-25771) | 5.3 | MEDIUM | CWE-400 | No | 0.2% | 3.72 | 2026-03-17 | Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.3.0... |
| [CVE-2026-22882](https://nvd.nist.gov/vuln/detail/CVE-2026-22882) | 6.1 | MEDIUM | CWE-125 | No | 0.0% | 4.27 | 2026-03-17 | An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF... |
| [CVE-2026-20726](https://nvd.nist.gov/vuln/detail/CVE-2026-20726) | 6.1 | MEDIUM | CWE-125 | No | 0.0% | 4.27 | 2026-03-17 | An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF... |
| [CVE-2025-66633](https://nvd.nist.gov/vuln/detail/CVE-2025-66633) | 6.1 | MEDIUM | CWE-125 | No | 0.0% | 4.27 | 2026-03-17 | An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF... |
| [CVE-2025-66617](https://nvd.nist.gov/vuln/detail/CVE-2025-66617) | 6.1 | MEDIUM | CWE-125 | No | 0.0% | 4.27 | 2026-03-17 | An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF... |
| [CVE-2025-66503](https://nvd.nist.gov/vuln/detail/CVE-2025-66503) | 6.1 | MEDIUM | CWE-125 | No | 0.0% | 4.27 | 2026-03-17 | An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF... |
| [CVE-2025-66342](https://nvd.nist.gov/vuln/detail/CVE-2025-66342) | 7.8 | HIGH | CWE-843 | No | 0.0% | 5.46 | 2026-03-17 | A type confusion vulnerability exists in the EMF functionality of Canva Affinity. A specially crafted EMF file can trigg... |
| [CVE-2025-66042](https://nvd.nist.gov/vuln/detail/CVE-2025-66042) | 6.1 | MEDIUM | CWE-125 | No | 0.0% | 4.27 | 2026-03-17 | An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF... |
| [CVE-2025-66000](https://nvd.nist.gov/vuln/detail/CVE-2025-66000) | 6.1 | MEDIUM | CWE-125 | No | 0.0% | 4.27 | 2026-03-17 | An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF... |
| [CVE-2025-65119](https://nvd.nist.gov/vuln/detail/CVE-2025-65119) | 6.1 | MEDIUM | CWE-125 | No | 0.0% | 4.27 | 2026-03-17 | An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF... |
| [CVE-2025-64776](https://nvd.nist.gov/vuln/detail/CVE-2025-64776) | 6.1 | MEDIUM | CWE-125 | No | 0.0% | 4.27 | 2026-03-17 | An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF... |
| [CVE-2025-64735](https://nvd.nist.gov/vuln/detail/CVE-2025-64735) | 6.1 | MEDIUM | CWE-125 | No | 0.0% | 4.27 | 2026-03-17 | An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF... |
| [CVE-2025-64733](https://nvd.nist.gov/vuln/detail/CVE-2025-64733) | 6.1 | MEDIUM | CWE-125 | No | 0.0% | 4.27 | 2026-03-17 | An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF... |
| [CVE-2025-64301](https://nvd.nist.gov/vuln/detail/CVE-2025-64301) | 7.8 | HIGH | CWE-787 | No | 0.0% | 5.46 | 2026-03-17 | An out‑of‑bounds write vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF... |
| [CVE-2025-62500](https://nvd.nist.gov/vuln/detail/CVE-2025-62500) | 6.1 | MEDIUM | CWE-125 | No | 0.0% | 4.27 | 2026-03-17 | An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF... |
| [CVE-2025-62403](https://nvd.nist.gov/vuln/detail/CVE-2025-62403) | 6.1 | MEDIUM | CWE-125 | No | 0.0% | 4.27 | 2026-03-17 | An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF... |
| [CVE-2025-61979](https://nvd.nist.gov/vuln/detail/CVE-2025-61979) | 6.1 | MEDIUM | CWE-125 | No | 0.0% | 4.27 | 2026-03-17 | An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF... |
| [CVE-2025-61952](https://nvd.nist.gov/vuln/detail/CVE-2025-61952) | 6.1 | MEDIUM | CWE-125 | No | 0.0% | 4.27 | 2026-03-17 | An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF... |
| [CVE-2025-58427](https://nvd.nist.gov/vuln/detail/CVE-2025-58427) | 6.1 | MEDIUM | CWE-125 | No | 0.0% | 4.27 | 2026-03-17 | An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF... |
| [CVE-2025-47873](https://nvd.nist.gov/vuln/detail/CVE-2025-47873) | 6.1 | MEDIUM | CWE-125 | No | 0.0% | 4.27 | 2026-03-17 | An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF... |
| [CVE-2026-4319](https://nvd.nist.gov/vuln/detail/CVE-2026-4319) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-17 | A vulnerability was identified in code-projects Simple Food Order System 1.0. Affected by this vulnerability is an unkno... |
| [CVE-2026-32298](https://nvd.nist.gov/vuln/detail/CVE-2026-32298) | 8.5 | HIGH | CWE-78 | No | 0.1% | 5.95 | 2026-03-17 | The Angeet ES3 KVM does not properly sanitize user-supplied variables parsed by the 'cfg.lua' script, allowing an authen... |
| [CVE-2026-32297](https://nvd.nist.gov/vuln/detail/CVE-2026-32297) | 9.3 | CRITICAL | CWE-306 | No | 0.0% | 6.51 | 2026-03-17 | The Angeet ES3 KVM allows a remote, unauthenticated attacker to write arbitrary files, including configuration files or... |
| [CVE-2026-32296](https://nvd.nist.gov/vuln/detail/CVE-2026-32296) | 8.8 | HIGH | CWE-306 | No | 0.1% | 6.16 | 2026-03-17 | Sipeed NanoKVM before 2.3.1 exposes a Wi-Fi configuration endpoint without proper security checks, allowing an unauthent... |
| [CVE-2026-32295](https://nvd.nist.gov/vuln/detail/CVE-2026-32295) | 9.3 | CRITICAL | CWE-307 | No | 0.0% | 6.51 | 2026-03-17 | JetKVM before 0.5.4 does not rate limit login requests, enabling brute-force attempts to guess credentials. |
| [CVE-2026-32294](https://nvd.nist.gov/vuln/detail/CVE-2026-32294) | 7.0 | HIGH | CWE-345 | No | 0.0% | 4.90 | 2026-03-17 | JetKVM prior to 0.5.4 does not verify the authenticity of downloaded firmware files. An attacker-in-the-middle or a comp... |
| [CVE-2026-32293](https://nvd.nist.gov/vuln/detail/CVE-2026-32293) | 6.3 | MEDIUM | CWE-295 | No | 0.0% | 4.41 | 2026-03-17 | The GL-iNet Comet (GL-RM1) KVM connects to a GL-iNet site during boot-up to provision client and CA certificates. The GL... |
| [CVE-2026-32292](https://nvd.nist.gov/vuln/detail/CVE-2026-32292) | 9.3 | CRITICAL | CWE-307 | No | 0.0% | 6.51 | 2026-03-17 | The GL-iNet Comet (GL-RM1) KVM web interface does not limit login requests, enabling brute-force attempts to guess crede... |
| [CVE-2026-32291](https://nvd.nist.gov/vuln/detail/CVE-2026-32291) | 7.0 | HIGH | CWE-306 | No | 0.0% | 4.90 | 2026-03-17 | The GL-iNet Comet (GL-RM1) KVM before 1.8.2 does not require authentication on the UART serial console. This attack requ... |
| [CVE-2026-32290](https://nvd.nist.gov/vuln/detail/CVE-2026-32290) | 7.0 | HIGH | CWE-345 | No | 0.0% | 4.90 | 2026-03-17 | The GL-iNet Comet (GL-RM1) KVM before version 1.8.2 does not sufficiently verify the authenticity of uploaded firmware f... |
| [CVE-2026-25770](https://nvd.nist.gov/vuln/detail/CVE-2026-25770) | 9.1 | CRITICAL | CWE-22 | No | 0.0% | 6.37 | 2026-03-17 | Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 3.9.0... |
| [CVE-2026-25769](https://nvd.nist.gov/vuln/detail/CVE-2026-25769) | 9.1 | CRITICAL | CWE-502 | No | 0.2% | 6.38 | 2026-03-17 | Wazuh is a free and open source platform used for threat prevention, detection, and response. Versions 4.0.0 through 4.1... |
| [CVE-2026-4148](https://nvd.nist.gov/vuln/detail/CVE-2026-4148) | 8.7 | HIGH | CWE-416 | No | 0.1% | 6.09 | 2026-03-17 | A use-after-free vulnerability can be triggered in sharded clusters by an authenticated user with the read role who issu... |
| [CVE-2026-4147](https://nvd.nist.gov/vuln/detail/CVE-2026-4147) | 7.1 | HIGH | CWE-457 | No | 0.0% | 4.97 | 2026-03-17 | An authenticated user with the read role may read limited amounts of uninitialized stack memory via specially-crafted is... |
| [CVE-2026-28506](https://nvd.nist.gov/vuln/detail/CVE-2026-28506) | 4.3 | MEDIUM | CWE-200 | No | 0.0% | 3.01 | 2026-03-17 | Outline is a service that allows for collaborative documentation. Prior to 1.5.0, the events.list API endpoint, used for... |
| [CVE-2026-24901](https://nvd.nist.gov/vuln/detail/CVE-2026-24901) | 8.1 | HIGH | CWE-639 | No | 0.0% | 5.67 | 2026-03-17 | Outline is a service that allows for collaborative documentation. Prior to 1.4.0, an Insecure Direct Object Reference (I... |
| [CVE-2026-23759](https://nvd.nist.gov/vuln/detail/CVE-2026-23759) | 8.6 | HIGH | CWE-78 | No | 0.2% | 6.03 | 2026-03-17 | Perle IOLAN STS/SCS terminal server models with firmware versions prior to 6.0 allow authenticated OS command injection... |
| [CVE-2026-21886](https://nvd.nist.gov/vuln/detail/CVE-2026-21886) | 6.5 | MEDIUM | CWE-285 | No | 0.1% | 4.55 | 2026-03-17 | OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.... |
| [CVE-2026-4318](https://nvd.nist.gov/vuln/detail/CVE-2026-4318) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-03-17 | A vulnerability was determined in UTT HiPER 810G up to 1.7.7-171114. Affected is the function strcpy of the file /goform... |
| [CVE-2026-3564](https://nvd.nist.gov/vuln/detail/CVE-2026-3564) | 9.0 | CRITICAL | CWE-347 | No | 0.0% | 6.30 | 2026-03-17 | A condition in ScreenConnect may allow an actor with access to server-level cryptographic material used for authenticati... |
| [CVE-2025-13406](https://nvd.nist.gov/vuln/detail/CVE-2025-13406) | 6.8 | MEDIUM | CWE-476 | No | 0.1% | 4.76 | 2026-03-17 | NULL Pointer Dereference vulnerability in Softing Industrial Automation GmbH smartLink SW-HT (Webserver modules) allows... |
| [CVE-2026-4324](https://nvd.nist.gov/vuln/detail/CVE-2026-4324) | 5.4 | MEDIUM | CWE-89 | No | 0.1% | 3.78 | 2026-03-17 | A flaw was found in the Katello plugin for Red Hat Satellite. This vulnerability, caused by improper sanitization of use... |
| [CVE-2026-3888](https://nvd.nist.gov/vuln/detail/CVE-2026-3888) | 7.8 | HIGH | CWE-268 | No | 0.0% | 5.46 | 2026-03-17 | Local privilege escalation in snapd on Linux allows local attackers to get root privilege by re-creating snap's private... |
| [CVE-2025-62320](https://nvd.nist.gov/vuln/detail/CVE-2025-62320) | 4.7 | MEDIUM | CWE-79 | No | 0.0% | 3.29 | 2026-03-17 | HTML Injection can be carried out in Product when a web application does not properly check or clean user input before s... |
| [CVE-2026-4271](https://nvd.nist.gov/vuln/detail/CVE-2026-4271) | 5.3 | MEDIUM | CWE-416 | No | 1.5% | 3.76 | 2026-03-17 | A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs... |
| [CVE-2025-31966](https://nvd.nist.gov/vuln/detail/CVE-2025-31966) | 2.7 | LOW | CWE-20 | No | 0.1% | 1.89 | 2026-03-17 | HCL Sametime is vulnerable to broken server-side validation. While the application performs client-side input checks, th... |
| [CVE-2026-3634](https://nvd.nist.gov/vuln/detail/CVE-2026-3634) | 3.9 | LOW | CWE-93 | No | 0.0% | 2.73 | 2026-03-17 | A flaw was found in libsoup. An attacker controlling the value used to set the Content-Type header can inject a Carriage... |
| [CVE-2026-3633](https://nvd.nist.gov/vuln/detail/CVE-2026-3633) | 3.9 | LOW | CWE-93 | No | 0.0% | 2.73 | 2026-03-17 | A flaw was found in libsoup. A remote attacker, by controlling the method parameter of the `soup_message_new()` function... |
| [CVE-2026-3632](https://nvd.nist.gov/vuln/detail/CVE-2026-3632) | 3.9 | LOW | CWE-1286 | No | 0.1% | 2.73 | 2026-03-17 | A flaw was found in libsoup, a library used by applications to send network requests. This vulnerability occurs because... |
| [CVE-2026-4208](https://nvd.nist.gov/vuln/detail/CVE-2026-4208) | 7.7 | HIGH | CWE-639 | No | 0.1% | 5.39 | 2026-03-17 | The extension fails to properly reset the generated MFA code after successful authentication. This leads to a possible M... |
| [CVE-2026-4202](https://nvd.nist.gov/vuln/detail/CVE-2026-4202) | 2.3 | LOW | CWE-200 | No | 0.0% | 1.61 | 2026-03-17 | The extension fails to verify, if an authenticated user has permissions to access to redirects resulting in exposure of... |
| [CVE-2026-32586](https://nvd.nist.gov/vuln/detail/CVE-2026-32586) | 0.0 | NONE | CWE-862 | No | 0.0% | 0.00 | 2026-03-17 | Missing Authorization vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Exploiting Incorrectl... |
| [CVE-2026-1323](https://nvd.nist.gov/vuln/detail/CVE-2026-1323) | 5.2 | MEDIUM | CWE-502 | No | 0.0% | 3.64 | 2026-03-17 | The extension fails to properly define allowed classes used when deserializing transport failure metadata. An attacker m... |
| [CVE-2026-4312](https://nvd.nist.gov/vuln/detail/CVE-2026-4312) | 9.3 | CRITICAL | CWE-306 | No | 0.2% | 6.52 | 2026-03-17 | GCB/FCB Audit Software developed by DrangSoft has a Missing Authentication vulnerability, allowing unauthenticated remot... |
| [CVE-2026-3237](https://nvd.nist.gov/vuln/detail/CVE-2026-3237) | 2.3 | LOW | CWE-285 | No | 0.0% | 1.61 | 2026-03-17 | In affected versions of Octopus Server it was possible for a low privileged user to manipulate an API request to change... |
| [CVE-2026-4258](https://nvd.nist.gov/vuln/detail/CVE-2026-4258) | 7.7 | HIGH | CWE-347 | No | 0.0% | 5.39 | 2026-03-17 | All versions of the package sjcl are vulnerable to Improper Verification of Cryptographic Signature due to missing point... |
| [CVE-2026-4308](https://nvd.nist.gov/vuln/detail/CVE-2026-4308) | 5.3 | MEDIUM | CWE-918 | No | 0.0% | 3.71 | 2026-03-17 | A weakness has been identified in frdel/agent0ai agent-zero 0.9.7. This affects the function handle_pdf_document of the... |
| [CVE-2026-4307](https://nvd.nist.gov/vuln/detail/CVE-2026-4307) | 5.3 | MEDIUM | CWE-22 | No | 0.0% | 3.71 | 2026-03-17 | A security flaw has been discovered in frdel/agent0ai agent-zero 0.9.7-10. The impacted element is the function get_abs_... |
| [CVE-2026-2373](https://nvd.nist.gov/vuln/detail/CVE-2026-2373) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-17 | The Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin for WordPress is vulnerable to Informatio... |
| [CVE-2026-0708](https://nvd.nist.gov/vuln/detail/CVE-2026-0708) | 8.3 | HIGH | CWE-125 | No | 0.1% | 5.81 | 2026-03-17 | A flaw was found in libucl. A remote attacker could exploit this by providing a specially crafted Universal Configuratio... |
| [CVE-2026-2579](https://nvd.nist.gov/vuln/detail/CVE-2026-2579) | 7.5 | HIGH | CWE-89 | No | 0.1% | 5.25 | 2026-03-17 | The WowStore – Store Builder & Product Blocks for WooCommerce plugin for WordPress is vulnerable to SQL Injection via th... |
| [CVE-2026-4289](https://nvd.nist.gov/vuln/detail/CVE-2026-4289) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-17 | A security vulnerability has been detected in Tiandy Easy7 Integrated Management Platform up to 7.17.0. This affects an... |
| [CVE-2026-4288](https://nvd.nist.gov/vuln/detail/CVE-2026-4288) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-17 | A weakness has been identified in Tiandy Easy7 Integrated Management Platform 7.17.0. The impacted element is an unknown... |
| [CVE-2026-4287](https://nvd.nist.gov/vuln/detail/CVE-2026-4287) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-17 | A security flaw has been discovered in Tiandy Easy7 Integrated Management Platform 7.17.0. The affected element is an un... |
| [CVE-2026-4285](https://nvd.nist.gov/vuln/detail/CVE-2026-4285) | 5.1 | MEDIUM | CWE-22 | No | 0.1% | 3.57 | 2026-03-17 | A vulnerability was identified in taoofagi easegen-admin up to 8f87936ac774065b92fb20aab55b274a6ea76433. Impacted is the... |
| [CVE-2026-4284](https://nvd.nist.gov/vuln/detail/CVE-2026-4284) | 5.1 | MEDIUM | CWE-918 | No | 0.0% | 3.57 | 2026-03-16 | A vulnerability was determined in taoofagi easegen-admin up to 8f87936ac774065b92fb20aab55b274a6ea76433. This issue affe... |
| [CVE-2026-21991](https://nvd.nist.gov/vuln/detail/CVE-2026-21991) | 5.5 | MEDIUM | CWE-22 | No | 0.0% | 3.85 | 2026-03-16 | A DTrace component, dtprobed, allows arbitrary file creation through crafted USDT provider names. |
| [CVE-2026-2454](https://nvd.nist.gov/vuln/detail/CVE-2026-2454) | 5.8 | MEDIUM | CWE-1287 | No | 0.1% | 4.06 | 2026-03-16 | Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to handle incorrectly reported array le... |
| [CVE-2026-29522](https://nvd.nist.gov/vuln/detail/CVE-2026-29522) | 8.7 | HIGH | CWE-22 | No | 0.1% | 6.09 | 2026-03-16 | ZwickRoell Test Data Management versions prior to 3.0.8 contain a local file inclusion (LFI) vulnerability in the /serve... |
| [CVE-2026-26230](https://nvd.nist.gov/vuln/detail/CVE-2026-26230) | 3.8 | LOW | CWE-863 | No | 0.0% | 2.66 | 2026-03-16 | Mattermost versions 10.11.x <= 10.11.10 fail to properly validate permission requirements in the team member roles API e... |
| [CVE-2026-1629](https://nvd.nist.gov/vuln/detail/CVE-2026-1629) | 4.3 | MEDIUM | CWE-672 | No | 0.1% | 3.01 | 2026-03-16 | Mattermost versions 10.11.x <= 10.11.10 Fail to invalidate cached permalink preview data when a user loses channel acces... |
| [CVE-2025-69902](https://nvd.nist.gov/vuln/detail/CVE-2025-69902) | 9.8 | CRITICAL | CWE-94 | No | 0.4% | 6.87 | 2026-03-16 | A command injection vulnerability in the minimal_wrapper.py component of kubectl-mcp-server v1.2.0 allows attackers to e... |
| [CVE-2025-50881](https://nvd.nist.gov/vuln/detail/CVE-2025-50881) | 8.8 | HIGH | CWE-94 | No | 0.2% | 6.17 | 2026-03-16 | The `flow/admin/moniteur.php` script in Use It Flow administration website before 10.0.0 is vulnerable to Remote Code Ex... |
| [CVE-2026-32267](https://nvd.nist.gov/vuln/detail/CVE-2026-32267) | 7.7 | HIGH | CWE-863 | No | 0.0% | 5.39 | 2026-03-16 | Craft CMS is a content management system (CMS). From version 4.0.0-RC1 to before version 4.17.6 and from version 5.0.0-R... |
| [CVE-2026-32264](https://nvd.nist.gov/vuln/detail/CVE-2026-32264) | 8.6 | HIGH | CWE-470 | No | 0.0% | 6.02 | 2026-03-16 | Craft CMS is a content management system (CMS). From version 4.0.0-RC1 to before version 4.17.5 and from version 5.0.0-R... |
| [CVE-2026-32263](https://nvd.nist.gov/vuln/detail/CVE-2026-32263) | 8.6 | HIGH | CWE-470 | No | 0.0% | 6.02 | 2026-03-16 | Craft CMS is a content management system (CMS). From version 5.6.0 to before version 5.9.11, in src/controllers/EntryTyp... |
| [CVE-2026-32262](https://nvd.nist.gov/vuln/detail/CVE-2026-32262) | 5.3 | MEDIUM | CWE-22 | No | 0.0% | 3.71 | 2026-03-16 | Craft CMS is a content management system (CMS). From version 4.0.0-RC1 to before version 4.17.5 and from version 5.0.0-R... |
| [CVE-2026-30882](https://nvd.nist.gov/vuln/detail/CVE-2026-30882) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-03-16 | Chamilo LMS is a learning management system. Chamilo LMS version 1.11.34 and prior contains a Reflected Cross-Site Scrip... |
| [CVE-2026-30881](https://nvd.nist.gov/vuln/detail/CVE-2026-30881) | 8.8 | HIGH | CWE-89 | No | 0.0% | 6.16 | 2026-03-16 | Chamilo LMS is a learning management system. Version 1.11.34 and prior contains a SQL Injection vulnerability in the sta... |
| [CVE-2026-30876](https://nvd.nist.gov/vuln/detail/CVE-2026-30876) | 6.3 | MEDIUM | CWE-204 | No | 0.0% | 4.41 | 2026-03-16 | Chamilo LMS is a learning management system. Prior to version 1.11.36, Chamilo is vulnerable to user enumeration with va... |
| [CVE-2026-30875](https://nvd.nist.gov/vuln/detail/CVE-2026-30875) | 8.8 | HIGH | CWE-94 | No | 0.2% | 6.17 | 2026-03-16 | Chamilo LMS is a learning management system. Prior to version 1.11.36, an arbitrary file upload vulnerability in the H5P... |
| [CVE-2026-29516](https://nvd.nist.gov/vuln/detail/CVE-2026-29516) | 6.9 | MEDIUM | CWE-732 | No | 0.0% | 4.83 | 2026-03-16 | Buffalo TeraStation NAS TS5400R firmware version 4.02-0.06 and prior contain an excessive file permissions vulnerability... |
| [CVE-2026-28430](https://nvd.nist.gov/vuln/detail/CVE-2026-28430) | 9.3 | CRITICAL | CWE-89 | No | 0.1% | 6.51 | 2026-03-16 | Chamilo LMS is a learning management system. Prior to version 1.11.34, there is an unauthenticated SQL injection vulnera... |
| [CVE-2026-26304](https://nvd.nist.gov/vuln/detail/CVE-2026-26304) | 4.3 | MEDIUM | CWE-863 | No | 0.0% | 3.01 | 2026-03-16 | Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2 fail to verify run_create permission for empty playbookId, which... |
| [CVE-2025-69693](https://nvd.nist.gov/vuln/detail/CVE-2025-69693) | 5.4 | MEDIUM | CWE-125 | No | 0.0% | 3.78 | 2026-03-16 | Out-of-bounds read in FFmpeg 8.0 and 8.0.1 RV60 video decoder (libavcodec/rv60dec.c). The quantization parameter (qp) va... |
| [CVE-2025-68971](https://nvd.nist.gov/vuln/detail/CVE-2025-68971) | 6.5 | MEDIUM | CWE-400 | No | 0.0% | 4.55 | 2026-03-16 | In Forgejo through 13.0.3, the attachment component allows a denial of service by uploading a multi-gigabyte file attach... |
| [CVE-2026-32261](https://nvd.nist.gov/vuln/detail/CVE-2026-32261) | 8.5 | HIGH | CWE-1336 | No | 0.0% | 5.95 | 2026-03-16 | Webhooks for Craft CMS plugin adds the ability to manage “webhooks” in Craft CMS, which will send GET or POST requests w... |
| [CVE-2025-69809](https://nvd.nist.gov/vuln/detail/CVE-2025-69809) | 9.8 | CRITICAL | CWE-123 | No | 0.0% | 6.86 | 2026-03-16 | A write-what-where condition in p2r3 Bareiron commit 8e4d40 allows unauthenticated attackers to write arbitrary values t... |
| [CVE-2025-69808](https://nvd.nist.gov/vuln/detail/CVE-2025-69808) | 9.1 | CRITICAL | CWE-125 | No | 0.1% | 6.37 | 2026-03-16 | An out-of-bounds memory access (OOB) in p2r3 Bareiron commit 8e4d40 allows unauthenticated attackers to access sensitive... |
| [CVE-2025-69727](https://nvd.nist.gov/vuln/detail/CVE-2025-69727) | 5.3 | MEDIUM | CWE-284 | No | 0.0% | 3.71 | 2026-03-16 | An Incorrect Access Control vulnerability exists in INDEX-EDUCATION PRONOTE prior to 2025.2.8. The affected components (... |
| [CVE-2025-69196](https://nvd.nist.gov/vuln/detail/CVE-2025-69196) | 7.4 | HIGH | CWE-863 | No | 0.0% | 5.18 | 2026-03-16 | FastMCP is the standard framework for building MCP applications. Prior to version 2.14.2, the server does not properly r... |
| [CVE-2026-4254](https://nvd.nist.gov/vuln/detail/CVE-2026-4254) | 8.9 | HIGH | CWE-119 | No | 0.2% | 6.23 | 2026-03-16 | A weakness has been identified in Tenda AC8 up to 16.03.50.11. This vulnerability affects the function doSystemCmd of th... |
| [CVE-2026-4253](https://nvd.nist.gov/vuln/detail/CVE-2026-4253) | 5.1 | MEDIUM | CWE-77 | No | 0.4% | 3.58 | 2026-03-16 | A security flaw has been discovered in Tenda AC8 16.03.50.11. This affects the function route_set_user_policy_rule of th... |
| [CVE-2026-3644](https://nvd.nist.gov/vuln/detail/CVE-2026-3644) | 6.0 | MEDIUM | CWE-20 | No | 0.1% | 4.20 | 2026-03-16 | The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update()... |
| [CVE-2026-29521](https://nvd.nist.gov/vuln/detail/CVE-2026-29521) | 5.1 | MEDIUM | CWE-352 | No | 0.0% | 3.57 | 2026-03-16 | Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a cross-site request forgery vulnerability that allows atta... |
| [CVE-2026-29520](https://nvd.nist.gov/vuln/detail/CVE-2026-29520) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-03-16 | Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a reflected cross-site scripting vulnerability in the Netwo... |
| [CVE-2026-29513](https://nvd.nist.gov/vuln/detail/CVE-2026-29513) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-03-16 | Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a stored cross-site scripting vulnerability that allows aut... |
| [CVE-2026-29510](https://nvd.nist.gov/vuln/detail/CVE-2026-29510) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-03-16 | Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a stored cross-site scripting vulnerability that allows aut... |
| [CVE-2026-28498](https://nvd.nist.gov/vuln/detail/CVE-2026-28498) | 8.2 | HIGH | CWE-354 | No | 0.0% | 5.74 | 2026-03-16 | Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a library-level vulne... |
| [CVE-2026-28490](https://nvd.nist.gov/vuln/detail/CVE-2026-28490) | 8.3 | HIGH | CWE-203 | No | 0.0% | 5.81 | 2026-03-16 | Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a cryptographic paddi... |
| [CVE-2026-27962](https://nvd.nist.gov/vuln/detail/CVE-2026-27962) | 9.1 | CRITICAL | CWE-347 | No | 0.1% | 6.37 | 2026-03-16 | Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a JWK Header Injectio... |
| [CVE-2026-23862](https://nvd.nist.gov/vuln/detail/CVE-2026-23862) | 7.8 | HIGH | CWE-77 | No | 0.1% | 5.46 | 2026-03-16 | Dell ThinOS 10 versions prior to ThinOS 2602_10.0573, contain an Improper Neutralization of Special Elements used in a C... |
| [CVE-2026-23489](https://nvd.nist.gov/vuln/detail/CVE-2026-23489) | 9.1 | CRITICAL | CWE-20 | No | 0.1% | 6.37 | 2026-03-16 | Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to version 1.23.3, it is possi... |
| [CVE-2025-69768](https://nvd.nist.gov/vuln/detail/CVE-2025-69768) | 7.5 | HIGH | CWE-89 | No | 0.0% | 5.25 | 2026-03-16 | SQL Injection vulnerability in Chyrp v.2.5.2 and before allows a remote attacker to obtain sensitive information via the... |
| [CVE-2025-66687](https://nvd.nist.gov/vuln/detail/CVE-2025-66687) | 7.5 | HIGH | CWE-22 | No | 0.5% | 5.26 | 2026-03-16 | Doom Launcher 3.8.1.0 is vulnerable to Directory Traversal due to missing file path validation during the extraction of... |
| [CVE-2026-4252](https://nvd.nist.gov/vuln/detail/CVE-2026-4252) | 8.9 | HIGH | CWE-287 | No | 0.2% | 6.24 | 2026-03-16 | A vulnerability was identified in Tenda AC8 16.03.50.11. Affected by this issue is the function check_is_ipv6 of the com... |
| [CVE-2026-4251](https://nvd.nist.gov/vuln/detail/CVE-2026-4251) | 2.0 | LOW | CWE-255 | No | 0.0% | 1.40 | 2026-03-16 | A vulnerability was determined in CityData CityChat up to 0.12.6 on Android. Affected by this vulnerability is an unknow... |
| [CVE-2026-30405](https://nvd.nist.gov/vuln/detail/CVE-2026-30405) | 7.5 | HIGH | CWE-400 | No | 0.1% | 5.25 | 2026-03-16 | An issue in GoBGP gobgpd v.4.2.0 allows a remote attacker to cause a denial of service via the NEXT_HOP path attribute |
| [CVE-2025-65734](https://nvd.nist.gov/vuln/detail/CVE-2025-65734) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-16 | An authenticated arbitrary file upload vulnerability in the Courses/Work Assignments module of gunet Open eClass v3.11,... |
| [CVE-2025-54758](https://nvd.nist.gov/vuln/detail/CVE-2025-54758) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-03-16 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requ... |
| [CVE-2025-53815](https://nvd.nist.gov/vuln/detail/CVE-2025-53815) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-03-16 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requ... |
| [CVE-2025-53517](https://nvd.nist.gov/vuln/detail/CVE-2025-53517) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-03-16 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requ... |
| [CVE-2026-4276](https://nvd.nist.gov/vuln/detail/CVE-2026-4276) | 7.5 | HIGH | N/A | No | 0.1% | 5.25 | 2026-03-16 | LibreChat RAG API, version 0.7.0, contains a log-injection vulnerability that allows attackers to forge log entries. |
| [CVE-2026-4250](https://nvd.nist.gov/vuln/detail/CVE-2026-4250) | 2.0 | LOW | CWE-255 | No | 0.0% | 1.40 | 2026-03-16 | A vulnerability was found in Albert Sağlık Hizmetleri ve Ticaret Albert Health up to 1.7.3 on Android. Affected is an un... |
| [CVE-2026-32587](https://nvd.nist.gov/vuln/detail/CVE-2026-32587) | 0.0 | NONE | CWE-862 | No | 0.0% | 0.00 | 2026-03-16 | Missing Authorization vulnerability in Saad Iqbal WP EasyPay wp-easy-pay allows Exploiting Incorrectly Configured Access... |
| [CVE-2026-32583](https://nvd.nist.gov/vuln/detail/CVE-2026-32583) | 5.3 | MEDIUM | CWE-862 | No | 2.7% | 3.79 | 2026-03-16 | Missing Authorization vulnerability in Webnus Inc. Modern Events Calendar allows Exploiting Incorrectly Configured Acces... |
| [CVE-2025-69784](https://nvd.nist.gov/vuln/detail/CVE-2025-69784) | 8.8 | HIGH | CWE-427 | No | 0.0% | 6.16 | 2026-03-16 | A local, non-privileged attacker can abuse a vulnerable IOCTL interface exposed by the OpenEDR 2.5.1.0 kernel driver to... |
| [CVE-2025-69783](https://nvd.nist.gov/vuln/detail/CVE-2025-69783) | 7.8 | HIGH | CWE-250 | No | 0.0% | 5.46 | 2026-03-16 | A local attacker can bypass OpenEDR's 2.5.1.0 self-defense mechanism by renaming a malicious executable to match a trust... |
| [CVE-2025-62319](https://nvd.nist.gov/vuln/detail/CVE-2025-62319) | 9.8 | CRITICAL | CWE-89 | No | 0.0% | 6.86 | 2026-03-16 | Boolean-Based SQL Injection is a type of blind SQL injection where an attacker manipulates SQL queries by injecting Bool... |
| [CVE-2025-57543](https://nvd.nist.gov/vuln/detail/CVE-2025-57543) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-03-16 | Cross Site scripting vulnerability (XSS) in NetBox 4.3.5 "comment" field on object forms. An attacker can inject arbitra... |
| [CVE-2026-4243](https://nvd.nist.gov/vuln/detail/CVE-2026-4243) | 2.0 | LOW | CWE-255 | No | 0.0% | 1.40 | 2026-03-16 | A weakness has been identified in La Nacion App 10.2.25 on Android. This impacts an unknown function of the file source/... |
| [CVE-2026-4242](https://nvd.nist.gov/vuln/detail/CVE-2026-4242) | 2.0 | LOW | CWE-255 | No | 0.0% | 1.40 | 2026-03-16 | A security flaw has been discovered in BabyChakra Pregnancy & Parenting App up to 5.4.3.0 on Android. This affects an un... |
| [CVE-2026-2455](https://nvd.nist.gov/vuln/detail/CVE-2026-2455) | 4.3 | MEDIUM | CWE-918 | No | 0.0% | 3.01 | 2026-03-16 | Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to canonicalize IPv4-mapped IPv6 addres... |
| [CVE-2026-25369](https://nvd.nist.gov/vuln/detail/CVE-2026-25369) | 0.0 | NONE | CWE-79 | No | 0.0% | 0.00 | 2026-03-16 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in flexmls Flexmls® I... |
| [CVE-2026-24692](https://nvd.nist.gov/vuln/detail/CVE-2026-24692) | 4.3 | MEDIUM | CWE-863 | No | 0.0% | 3.01 | 2026-03-16 | Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to properly enforce read permissions in... |
| [CVE-2026-22545](https://nvd.nist.gov/vuln/detail/CVE-2026-22545) | 3.1 | LOW | CWE-863 | No | 0.0% | 2.17 | 2026-03-16 | Mattermost versions 10.11.x <= 10.11.10 fail to validate user's authentication method when processing account auth type... |
| [CVE-2026-21386](https://nvd.nist.gov/vuln/detail/CVE-2026-21386) | 4.3 | MEDIUM | CWE-203 | No | 0.0% | 3.01 | 2026-03-16 | Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to use consistent error responses when... |
| [CVE-2025-52649](https://nvd.nist.gov/vuln/detail/CVE-2025-52649) | 1.8 | LOW | CWE-200 | No | 0.0% | 1.26 | 2026-03-16 | HCL AION is affected by a vulnerability where certain identifiers may be predictable in nature. Predictable identifiers... |
| [CVE-2025-52646](https://nvd.nist.gov/vuln/detail/CVE-2025-52646) | 2.2 | LOW | CWE-89 | No | 0.0% | 1.54 | 2026-03-16 | HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmfu... |
| [CVE-2025-52645](https://nvd.nist.gov/vuln/detail/CVE-2025-52645) | 1.9 | LOW | CWE-345 | No | 0.0% | 1.33 | 2026-03-16 | HCL AION is affected by a vulnerability where model packaging and distribution mechanisms may not include sufficient aut... |
| [CVE-2025-52644](https://nvd.nist.gov/vuln/detail/CVE-2025-52644) | 5.8 | MEDIUM | CWE-778 | No | 0.0% | 4.06 | 2026-03-16 | HCL AION is affected by a vulnerability where certain user actions are not adequately audited or logged. The absence of... |
| [CVE-2025-52643](https://nvd.nist.gov/vuln/detail/CVE-2025-52643) | 4.7 | MEDIUM | CWE-693 | No | 0.0% | 3.29 | 2026-03-16 | HCL AION is affected by a vulnerability where untrusted file parsing operations are not executed within a properly isola... |
| [CVE-2025-52642](https://nvd.nist.gov/vuln/detail/CVE-2025-52642) | 3.3 | LOW | CWE-538 | No | 0.0% | 2.31 | 2026-03-16 | HCL AION is affected by a vulnerability where internal filesystem paths may be exposed through application responses or... |
| [CVE-2025-52636](https://nvd.nist.gov/vuln/detail/CVE-2025-52636) | 1.8 | LOW | CWE-400 | No | 0.0% | 1.26 | 2026-03-16 | HCL AION is affected by a vulnerability related to the handling of upload size limits. Improper control or validation of... |
| [CVE-2025-2274](https://nvd.nist.gov/vuln/detail/CVE-2025-2274) | 4.8 | MEDIUM | CWE-79 | No | 0.0% | 3.36 | 2026-03-16 | Improper Neutralization of Input During Web Page Generation in Forcepoint Web Security (On-Prem) on Windows allows Store... |
| [CVE-2026-4265](https://nvd.nist.gov/vuln/detail/CVE-2026-4265) | 4.3 | MEDIUM | CWE-863 | No | 0.0% | 3.01 | 2026-03-16 | Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to validate team-specific upload_file p... |
| [CVE-2026-4255](https://nvd.nist.gov/vuln/detail/CVE-2026-4255) | 8.4 | HIGH | CWE-829 | No | 0.0% | 5.88 | 2026-03-16 | A DLL search order hijacking vulnerability in Thermalright TR-VISION HOME on Windows (64-bit) allows a local attacker to... |
| [CVE-2026-4241](https://nvd.nist.gov/vuln/detail/CVE-2026-4241) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-03-16 | A vulnerability was identified in itsourcecode College Management System 1.0. The impacted element is an unknown functio... |
| [CVE-2026-4240](https://nvd.nist.gov/vuln/detail/CVE-2026-4240) | 5.5 | MEDIUM | CWE-404 | No | 0.1% | 3.85 | 2026-03-16 | A vulnerability was determined in Open5GS up to 2.7.6. The affected element is the function smf_gx_cca_cb/smf_gy_cca_cb/... |
| [CVE-2026-4239](https://nvd.nist.gov/vuln/detail/CVE-2026-4239) | 5.1 | MEDIUM | CWE-94 | No | 0.0% | 3.57 | 2026-03-16 | A vulnerability was found in Lagom WHMCS Template up to 2.3.7. Impacted is an unknown function of the component Datatabl... |
| [CVE-2026-4238](https://nvd.nist.gov/vuln/detail/CVE-2026-4238) | 5.1 | MEDIUM | CWE-74 | No | 0.0% | 3.57 | 2026-03-16 | A vulnerability has been found in itsourcecode College Management System 1.0. This issue affects some unknown processing... |
| [CVE-2026-4237](https://nvd.nist.gov/vuln/detail/CVE-2026-4237) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-16 | A flaw has been found in itsourcecode Free Hotel Reservation System 1.0. This vulnerability affects unknown code of the... |
| [CVE-2026-4236](https://nvd.nist.gov/vuln/detail/CVE-2026-4236) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-16 | A security vulnerability has been detected in itsourcecode Online Enrollment System 1.0. Impacted is an unknown function... |
| [CVE-2026-4235](https://nvd.nist.gov/vuln/detail/CVE-2026-4235) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-16 | A weakness has been identified in itsourcecode Online Enrollment System 1.0. This issue affects some unknown processing... |
| [CVE-2026-4234](https://nvd.nist.gov/vuln/detail/CVE-2026-4234) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-03-16 | A security flaw has been discovered in SSCMS 7.4.0. This vulnerability affects unknown code of the file SitesAddControll... |
| [CVE-2026-4233](https://nvd.nist.gov/vuln/detail/CVE-2026-4233) | 5.3 | MEDIUM | CWE-22 | No | 0.0% | 3.71 | 2026-03-16 | A vulnerability was identified in ThingsGateway 12. This affects an unknown part of the file /api/file/download. The man... |
| [CVE-2026-4232](https://nvd.nist.gov/vuln/detail/CVE-2026-4232) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-16 | A vulnerability was determined in Tiandy Integrated Management Platform 7.17.0. Affected by this issue is some unknown f... |
| [CVE-2026-4231](https://nvd.nist.gov/vuln/detail/CVE-2026-4231) | 6.9 | MEDIUM | CWE-918 | No | 0.1% | 4.83 | 2026-03-16 | A vulnerability was found in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is the function update_sql/run_s... |
| [CVE-2026-4230](https://nvd.nist.gov/vuln/detail/CVE-2026-4230) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-03-16 | A vulnerability has been found in vanna-ai vanna up to 2.0.2. Affected is the function update_sql of the file src/vanna/... |
| [CVE-2026-4229](https://nvd.nist.gov/vuln/detail/CVE-2026-4229) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-16 | A flaw has been found in vanna-ai vanna up to 2.0.2. This impacts the function remove_training_data of the file src/vann... |
| [CVE-2026-4228](https://nvd.nist.gov/vuln/detail/CVE-2026-4228) | 5.3 | MEDIUM | CWE-74 | No | 0.4% | 3.72 | 2026-03-16 | A vulnerability was detected in LB-LINK BL-WR9000 2.4.9. This affects the function sub_458754 of the file /goform/set_wi... |
| [CVE-2026-4227](https://nvd.nist.gov/vuln/detail/CVE-2026-4227) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-16 | A security vulnerability has been detected in LB-LINK BL-WR9000 2.4.9. The impacted element is the function sub_44D844 o... |
| [CVE-2026-4226](https://nvd.nist.gov/vuln/detail/CVE-2026-4226) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-16 | A weakness has been identified in LB-LINK BL-WR9000 2.4.9. The affected element is the function sub_44E8D0 of the file /... |
| [CVE-2026-4225](https://nvd.nist.gov/vuln/detail/CVE-2026-4225) | 4.8 | MEDIUM | CWE-79 | No | 0.0% | 3.36 | 2026-03-16 | A security flaw has been discovered in CMS Made Simple up to 2.2.21. Impacted is an unknown function of the file admin/l... |
| [CVE-2026-4223](https://nvd.nist.gov/vuln/detail/CVE-2026-4223) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-16 | A vulnerability was identified in itsourcecode Payroll Management System 1.0. This issue affects some unknown processing... |
| [CVE-2026-4222](https://nvd.nist.gov/vuln/detail/CVE-2026-4222) | 5.1 | MEDIUM | CWE-22 | No | 0.1% | 3.57 | 2026-03-16 | A vulnerability was determined in SSCMS up to 7.4.0. This vulnerability affects the function PathUtils.RemoveParentPath... |
| [CVE-2026-4221](https://nvd.nist.gov/vuln/detail/CVE-2026-4221) | 6.9 | MEDIUM | CWE-284 | No | 0.1% | 4.83 | 2026-03-16 | A vulnerability was found in Tiandy Easy7 Integrated Management Platform 7.17.0. This affects an unknown part of the fil... |
| [CVE-2026-4220](https://nvd.nist.gov/vuln/detail/CVE-2026-4220) | 6.9 | MEDIUM | CWE-284 | No | 0.1% | 4.83 | 2026-03-16 | A vulnerability has been found in Technologies Integrated Management Platform 7.17.0. Affected by this issue is some unk... |
| [CVE-2026-4219](https://nvd.nist.gov/vuln/detail/CVE-2026-4219) | 1.9 | LOW | CWE-259 | No | 0.0% | 1.33 | 2026-03-16 | A flaw has been found in INDEX Conferences & Exhibitions Organization YWF BPOF APGCS App up to 1.0.2 on Android. Affecte... |
| [CVE-2026-4218](https://nvd.nist.gov/vuln/detail/CVE-2026-4218) | 2.0 | LOW | CWE-200 | No | 0.0% | 1.40 | 2026-03-16 | A vulnerability was detected in myAEDES App up to 1.18.4 on Android. Affected is an unknown function of the file aedes/m... |
| [CVE-2026-4217](https://nvd.nist.gov/vuln/detail/CVE-2026-4217) | 2.0 | LOW | CWE-255 | No | 0.0% | 1.40 | 2026-03-16 | A security vulnerability has been detected in XREAL Nebula App up to 3.2.1 on Android. This impacts an unknown function... |
| [CVE-2026-4216](https://nvd.nist.gov/vuln/detail/CVE-2026-4216) | 4.8 | MEDIUM | CWE-259 | No | 0.0% | 3.36 | 2026-03-16 | A weakness has been identified in i-SENS SmartLog App up to 2.6.8 on Android. This affects an unknown function of the co... |
| [CVE-2026-4215](https://nvd.nist.gov/vuln/detail/CVE-2026-4215) | 5.3 | MEDIUM | CWE-918 | No | 0.0% | 3.71 | 2026-03-16 | A security flaw has been discovered in FlowCI flow-core-x up to 1.23.01. The impacted element is the function Save of th... |
| [CVE-2026-4214](https://nvd.nist.gov/vuln/detail/CVE-2026-4214) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-03-16 | A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, D... |
| [CVE-2026-4213](https://nvd.nist.gov/vuln/detail/CVE-2026-4213) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-16 | A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS... |
| [CVE-2026-4212](https://nvd.nist.gov/vuln/detail/CVE-2026-4212) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-03-16 | A security vulnerability has been detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321,... |
| [CVE-2026-4211](https://nvd.nist.gov/vuln/detail/CVE-2026-4211) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-03-16 | A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, D... |
| [CVE-2026-4210](https://nvd.nist.gov/vuln/detail/CVE-2026-4210) | 5.3 | MEDIUM | CWE-74 | No | 0.1% | 3.71 | 2026-03-16 | A security flaw has been discovered in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-32... |
| [CVE-2026-4209](https://nvd.nist.gov/vuln/detail/CVE-2026-4209) | 5.3 | MEDIUM | CWE-74 | No | 0.1% | 3.71 | 2026-03-16 | A vulnerability was identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, D... |
| [CVE-2026-4207](https://nvd.nist.gov/vuln/detail/CVE-2026-4207) | 5.3 | MEDIUM | CWE-74 | No | 0.1% | 3.71 | 2026-03-16 | A vulnerability was determined in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, D... |
| [CVE-2026-4206](https://nvd.nist.gov/vuln/detail/CVE-2026-4206) | 5.3 | MEDIUM | CWE-74 | No | 0.2% | 3.72 | 2026-03-16 | A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-32... |
| [CVE-2026-4205](https://nvd.nist.gov/vuln/detail/CVE-2026-4205) | 5.3 | MEDIUM | CWE-74 | No | 0.2% | 3.72 | 2026-03-16 | A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, D... |
| [CVE-2026-4204](https://nvd.nist.gov/vuln/detail/CVE-2026-4204) | 5.3 | MEDIUM | CWE-74 | No | 0.1% | 3.71 | 2026-03-16 | A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, D... |
| [CVE-2026-4203](https://nvd.nist.gov/vuln/detail/CVE-2026-4203) | 5.3 | MEDIUM | CWE-74 | No | 0.1% | 3.71 | 2026-03-16 | A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS... |
| [CVE-2026-4201](https://nvd.nist.gov/vuln/detail/CVE-2026-4201) | 6.9 | MEDIUM | CWE-284 | No | 0.1% | 4.83 | 2026-03-16 | A weakness has been identified in glowxq glowxq-oj up to 6f7c723090472057252040fd2bbbdaa1b5ed2393. This vulnerability af... |
| [CVE-2026-4200](https://nvd.nist.gov/vuln/detail/CVE-2026-4200) | 6.9 | MEDIUM | CWE-918 | No | 0.1% | 4.83 | 2026-03-16 | A security flaw has been discovered in glowxq glowxq-oj up to 6f7c723090472057252040fd2bbbdaa1b5ed2393. This affects the... |
| [CVE-2026-4199](https://nvd.nist.gov/vuln/detail/CVE-2026-4199) | 4.8 | MEDIUM | CWE-74 | No | 0.3% | 3.37 | 2026-03-16 | A vulnerability was identified in bazinga012 mcp_code_executor up to 0.3.0. Affected by this issue is the function insta... |
| [CVE-2026-4198](https://nvd.nist.gov/vuln/detail/CVE-2026-4198) | 4.8 | MEDIUM | CWE-74 | No | 0.3% | 3.37 | 2026-03-16 | A vulnerability was determined in hypermodel-labs mcp-server-auto-commit 1.0.0. Affected by this vulnerability is the fu... |
| [CVE-2026-4197](https://nvd.nist.gov/vuln/detail/CVE-2026-4197) | 5.3 | MEDIUM | CWE-74 | No | 0.1% | 3.71 | 2026-03-16 | A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-32... |
| [CVE-2026-4196](https://nvd.nist.gov/vuln/detail/CVE-2026-4196) | 5.3 | MEDIUM | CWE-74 | No | 0.1% | 3.71 | 2026-03-16 | A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, D... |
| [CVE-2026-4195](https://nvd.nist.gov/vuln/detail/CVE-2026-4195) | 5.3 | MEDIUM | CWE-74 | No | 0.1% | 3.71 | 2026-03-16 | A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, D... |
| [CVE-2026-4194](https://nvd.nist.gov/vuln/detail/CVE-2026-4194) | 6.9 | MEDIUM | CWE-266 | No | 0.1% | 4.83 | 2026-03-16 | A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS... |
| [CVE-2026-4193](https://nvd.nist.gov/vuln/detail/CVE-2026-4193) | 6.9 | MEDIUM | CWE-266 | No | 0.1% | 4.83 | 2026-03-16 | A security vulnerability has been detected in D-Link DIR-823G 1.0.2B05. The affected element is the function GetDDNSSett... |
| [CVE-2026-4192](https://nvd.nist.gov/vuln/detail/CVE-2026-4192) | 5.3 | MEDIUM | CWE-74 | No | 0.3% | 3.72 | 2026-03-16 | A vulnerability has been found in AvinashBole quip-mcp-server 1.0.0. Affected by this vulnerability is the function setu... |
| [CVE-2026-4191](https://nvd.nist.gov/vuln/detail/CVE-2026-4191) | 6.9 | MEDIUM | CWE-284 | No | 0.0% | 4.83 | 2026-03-16 | A flaw has been found in JawherKl node-api-postgres up to 2.5. Affected is the function path.extname of the file index.j... |
| [CVE-2026-4190](https://nvd.nist.gov/vuln/detail/CVE-2026-4190) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-16 | A vulnerability was detected in JawherKl node-api-postgres up to 2.5. This impacts the function User.getAll of the file... |
| [CVE-2026-4189](https://nvd.nist.gov/vuln/detail/CVE-2026-4189) | 5.1 | MEDIUM | CWE-74 | No | 0.0% | 3.57 | 2026-03-16 | A weakness has been identified in phpipam up to 1.7.4. The impacted element is an unknown function of the file app/admin... |
| [CVE-2026-4188](https://nvd.nist.gov/vuln/detail/CVE-2026-4188) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-16 | A security flaw has been discovered in D-Link DIR-619L 2.06B01. The affected element is the function formSchedule of the... |
| [CVE-2026-4187](https://nvd.nist.gov/vuln/detail/CVE-2026-4187) | 5.5 | MEDIUM | CWE-287 | No | 0.0% | 3.85 | 2026-03-16 | A vulnerability was identified in Tiandy Easy7 Integrated Management Platform 7.17.0. Impacted is an unknown function of... |
| [CVE-2026-4186](https://nvd.nist.gov/vuln/detail/CVE-2026-4186) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-03-16 | A vulnerability was determined in UEditor up to 1.4.3.2. This issue affects some unknown processing of the file php/cont... |
| [CVE-2026-4185](https://nvd.nist.gov/vuln/detail/CVE-2026-4185) | 5.3 | MEDIUM | CWE-119 | No | 0.1% | 3.71 | 2026-03-16 | A vulnerability was found in GPAC up to 2.5-DEV-rev2167-gcc9d617c0-master. This vulnerability affects the function swf_d... |
| [CVE-2026-4184](https://nvd.nist.gov/vuln/detail/CVE-2026-4184) | 8.9 | HIGH | CWE-119 | No | 0.1% | 6.23 | 2026-03-16 | A vulnerability was detected in D-Link DIR-816 1.10CNB05. Affected by this vulnerability is an unknown functionality of... |
| [CVE-2026-4183](https://nvd.nist.gov/vuln/detail/CVE-2026-4183) | 8.9 | HIGH | CWE-119 | No | 0.1% | 6.23 | 2026-03-16 | A security vulnerability has been detected in D-Link DIR-816 1.10CNB05. Affected is an unknown function of the file /gof... |
| [CVE-2026-4182](https://nvd.nist.gov/vuln/detail/CVE-2026-4182) | 8.9 | HIGH | CWE-119 | No | 0.1% | 6.23 | 2026-03-16 | A weakness has been identified in D-Link DIR-816 1.10CNB05. This impacts an unknown function of the file /goform/form2Wl... |
| [CVE-2026-4181](https://nvd.nist.gov/vuln/detail/CVE-2026-4181) | 8.9 | HIGH | CWE-119 | No | 0.1% | 6.23 | 2026-03-16 | A security flaw has been discovered in D-Link DIR-816 1.10CNB05. This affects an unknown function of the file /goform/fo... |
| [CVE-2026-4180](https://nvd.nist.gov/vuln/detail/CVE-2026-4180) | 6.9 | MEDIUM | CWE-266 | No | 0.1% | 4.83 | 2026-03-16 | A vulnerability was identified in D-Link DIR-816 1.10CNB05. The impacted element is an unknown function of the file redi... |
| [CVE-2026-4179](https://nvd.nist.gov/vuln/detail/CVE-2026-4179) | 6.1 | MEDIUM | CWE-835 | No | 0.0% | 4.27 | 2026-03-16 | Issues in stm32 USB device driver (drivers/usb/device/usb_dc_stm32.c) can lead to an infinite while loop. |
| [CVE-2026-4175](https://nvd.nist.gov/vuln/detail/CVE-2026-4175) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-03-16 | A vulnerability was determined in Aureus ERP up to 1.3.0-BETA2. The affected element is an unknown function of the file... |
| [CVE-2026-4174](https://nvd.nist.gov/vuln/detail/CVE-2026-4174) | 4.8 | MEDIUM | CWE-400 | No | 0.0% | 3.36 | 2026-03-16 | A vulnerability has been found in Radare2 5.9.9. This issue affects the function walk_exports_trie of the file libr/bin/... |
| [CVE-2026-4173](https://nvd.nist.gov/vuln/detail/CVE-2026-4173) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-03-16 | A flaw has been found in CodePhiliaX Chat2DB up to 0.3.7. This vulnerability affects the function exportTable/exportTabl... |
| [CVE-2026-4172](https://nvd.nist.gov/vuln/detail/CVE-2026-4172) | 7.3 | HIGH | CWE-119 | No | 0.1% | 5.11 | 2026-03-16 | A vulnerability was detected in TRENDnet TEW-632BRP 1.010B32. This affects an unknown part of the file /ping_response.cg... |
| [CVE-2026-4171](https://nvd.nist.gov/vuln/detail/CVE-2026-4171) | 5.3 | MEDIUM | CWE-285 | No | 0.0% | 3.71 | 2026-03-16 | A security vulnerability has been detected in CodeGenieApp serverless-express up to 4.17.1. Affected by this issue is so... |
| [CVE-2026-4170](https://nvd.nist.gov/vuln/detail/CVE-2026-4170) | 8.9 | HIGH | CWE-77 | No | 0.2% | 6.24 | 2026-03-16 | A weakness has been identified in Topsec TopACM 3.0. Affected by this vulnerability is an unknown functionality of the f... |
| [CVE-2026-4169](https://nvd.nist.gov/vuln/detail/CVE-2026-4169) | 4.8 | MEDIUM | CWE-79 | No | 0.0% | 3.36 | 2026-03-16 | A security flaw has been discovered in Tecnick TCExam up to 16.6.0. Affected is the function F_xml_export_users of the f... |
| [CVE-2026-4168](https://nvd.nist.gov/vuln/detail/CVE-2026-4168) | 4.8 | MEDIUM | CWE-79 | No | 0.0% | 3.36 | 2026-03-16 | A vulnerability was identified in Tecnick TCExam 16.5.0. This impacts an unknown function of the file /admin/code/tce_ed... |
| [CVE-2026-4167](https://nvd.nist.gov/vuln/detail/CVE-2026-4167) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-03-16 | A vulnerability was determined in Belkin F9K1122 1.00.33. This affects the function formReboot of the file /goform/formR... |
| [CVE-2026-4166](https://nvd.nist.gov/vuln/detail/CVE-2026-4166) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-03-16 | A vulnerability was found in Wavlink WL-NU516U1 240425. The impacted element is the function sub_404F68 of the file /cgi... |
| [CVE-2026-4165](https://nvd.nist.gov/vuln/detail/CVE-2026-4165) | 4.8 | MEDIUM | CWE-79 | No | 0.0% | 3.36 | 2026-03-16 | A vulnerability has been found in Worksuite HR, CRM and Project Management up to 5.5.25. The affected element is an unkn... |
| [CVE-2026-4164](https://nvd.nist.gov/vuln/detail/CVE-2026-4164) | 8.9 | HIGH | CWE-74 | No | 0.2% | 6.24 | 2026-03-16 | A flaw has been found in Wavlink WL-WN578W2 221110. Impacted is the function Delete_Mac_list/SetName/GuestWifi of the fi... |
| [CVE-2026-4163](https://nvd.nist.gov/vuln/detail/CVE-2026-4163) | 8.9 | HIGH | CWE-74 | No | 0.2% | 6.24 | 2026-03-16 | A vulnerability was detected in Wavlink WL-WN579A3 220323. This issue affects the function SetName/GuestWifi of the file... |
| [CVE-2026-3476](https://nvd.nist.gov/vuln/detail/CVE-2026-3476) | 7.8 | HIGH | CWE-94 | No | 0.0% | 5.46 | 2026-03-16 | A Code Injection vulnerability affecting SOLIDWORKS Desktop from Release 2025 through Release 2026 could allow an attack... |
| [CVE-2026-3442](https://nvd.nist.gov/vuln/detail/CVE-2026-3442) | 6.1 | MEDIUM | CWE-125 | No | 0.0% | 4.27 | 2026-03-16 | A flaw was found in GNU Binutils. This vulnerability, a heap-based buffer overflow, specifically an out-of-bounds read,... |
| [CVE-2026-3441](https://nvd.nist.gov/vuln/detail/CVE-2026-3441) | 6.1 | MEDIUM | CWE-125 | No | 0.0% | 4.27 | 2026-03-16 | A flaw was found in GNU Binutils. This heap-based buffer overflow vulnerability, specifically an out-of-bounds read in t... |
| [CVE-2026-3111](https://nvd.nist.gov/vuln/detail/CVE-2026-3111) | 6.9 | MEDIUM | CWE-284 | No | 0.1% | 4.83 | 2026-03-16 | Insecure Direct Object Reference (IDOR) vulnerability in Campus Educativa specifically at the endpoint '/archivos/usuari... |
| [CVE-2026-3110](https://nvd.nist.gov/vuln/detail/CVE-2026-3110) | 8.7 | HIGH | CWE-284 | No | 0.1% | 6.09 | 2026-03-16 | Insecure Direct Object Reference (IDOR) vulnerability in Campus Educativa specifically at the endpoint '/administracion/... |
| [CVE-2026-3024](https://nvd.nist.gov/vuln/detail/CVE-2026-3024) | 4.8 | MEDIUM | CWE-79 | No | 0.0% | 3.36 | 2026-03-16 | Stored Cross-Site Scripting (XSS) vulnerability in the Wakyma web application, specifically in the endpoint 'vets.wakyma... |
| [CVE-2026-3023](https://nvd.nist.gov/vuln/detail/CVE-2026-3023) | 5.3 | MEDIUM | CWE-943 | No | 0.0% | 3.71 | 2026-03-16 | Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma web application, specifically in the endpoint 'vets.wa... |
| [CVE-2026-3022](https://nvd.nist.gov/vuln/detail/CVE-2026-3022) | 7.1 | HIGH | CWE-943 | No | 0.0% | 4.97 | 2026-03-16 | Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma web application, specifically in the endpoint 'vets.wa... |
| [CVE-2026-3021](https://nvd.nist.gov/vuln/detail/CVE-2026-3021) | 7.1 | HIGH | CWE-943 | No | 0.0% | 4.97 | 2026-03-16 | Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma web application, specifically in the endpoint 'vets.wa... |
| [CVE-2026-3020](https://nvd.nist.gov/vuln/detail/CVE-2026-3020) | 8.6 | HIGH | CWE-639 | No | 0.0% | 6.02 | 2026-03-16 | Identity based authorization bypass vulnerability (IDOR) that allows an attacker to modify the data of a legitimate user... |
| [CVE-2026-32778](https://nvd.nist.gov/vuln/detail/CVE-2026-32778) | 2.9 | LOW | CWE-476 | No | 0.0% | 2.03 | 2026-03-16 | libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memo... |
| [CVE-2026-32777](https://nvd.nist.gov/vuln/detail/CVE-2026-32777) | 4.0 | MEDIUM | CWE-835 | No | 0.0% | 2.80 | 2026-03-16 | libexpat before 2.7.5 allows an infinite loop while parsing DTD content. |
| [CVE-2026-32776](https://nvd.nist.gov/vuln/detail/CVE-2026-32776) | 4.0 | MEDIUM | CWE-476 | No | 0.0% | 2.80 | 2026-03-16 | libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content. |
| [CVE-2026-32775](https://nvd.nist.gov/vuln/detail/CVE-2026-32775) | 7.4 | HIGH | CWE-191 | No | 0.0% | 5.18 | 2026-03-16 | libexif through 0.6.25 has a flaw in decoding MakerNotes. If the exif_mnote_data_get_value function gets passed in a 0 s... |
| [CVE-2026-32774](https://nvd.nist.gov/vuln/detail/CVE-2026-32774) | 5.3 | MEDIUM | CWE-79 | No | 0.0% | 3.71 | 2026-03-16 | Vulnogram 1.0.0 contains a stored cross-site scripting vulnerability in comment hypertext handling that allows attackers... |
| [CVE-2026-32772](https://nvd.nist.gov/vuln/detail/CVE-2026-32772) | 3.4 | LOW | CWE-669 | No | 0.0% | 2.38 | 2026-03-16 | telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEW_ENVIRON... |
| [CVE-2026-32732](https://nvd.nist.gov/vuln/detail/CVE-2026-32732) | 0.0 | NONE | CWE-80 | No | 0.1% | 0.00 | 2026-03-16 | Lean 4 VS Code Extension is a Visual Studio Code extension for the Lean 4 proof assistant. Projects that use @leanprover... |
| [CVE-2026-32729](https://nvd.nist.gov/vuln/detail/CVE-2026-32729) | 8.1 | HIGH | CWE-307 | No | 0.1% | 5.67 | 2026-03-16 | Runtipi is a personal homeserver orchestrator. Prior to 4.8.1, The Runtipi /api/auth/verify-totp endpoint does not enfor... |
| [CVE-2026-32724](https://nvd.nist.gov/vuln/detail/CVE-2026-32724) | 5.3 | MEDIUM | CWE-416 | No | 0.0% | 3.71 | 2026-03-16 | PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc1, a heap-use-after-free is detected in the Mav... |
| [CVE-2026-32720](https://nvd.nist.gov/vuln/detail/CVE-2026-32720) | 7.1 | HIGH | CWE-284 | No | 0.1% | 4.97 | 2026-03-16 | The CTFer.io Monitoring component is in charge of the collection, process and storage of various signals (i.e. logs, met... |
| [CVE-2026-32719](https://nvd.nist.gov/vuln/detail/CVE-2026-32719) | 4.2 | MEDIUM | CWE-22 | No | 0.0% | 2.94 | 2026-03-16 | AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatti... |
| [CVE-2026-32717](https://nvd.nist.gov/vuln/detail/CVE-2026-32717) | 2.7 | LOW | CWE-863 | No | 0.0% | 1.89 | 2026-03-16 | AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatti... |
| [CVE-2026-32715](https://nvd.nist.gov/vuln/detail/CVE-2026-32715) | 3.8 | LOW | CWE-863 | No | 0.0% | 2.66 | 2026-03-16 | AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatti... |
| [CVE-2026-32713](https://nvd.nist.gov/vuln/detail/CVE-2026-32713) | 4.3 | MEDIUM | CWE-670 | No | 0.1% | 3.01 | 2026-03-16 | PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, A logic error in the PX4 Autopilot MAVLink F... |
| [CVE-2026-32709](https://nvd.nist.gov/vuln/detail/CVE-2026-32709) | 5.4 | MEDIUM | CWE-22 | No | 0.0% | 3.78 | 2026-03-16 | PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, An unauthenticated path traversal vulnerabil... |
| [CVE-2026-32708](https://nvd.nist.gov/vuln/detail/CVE-2026-32708) | 7.8 | HIGH | CWE-121 | No | 0.0% | 5.46 | 2026-03-16 | PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the Zenoh uORB subscriber allocates a stack... |
| [CVE-2026-32707](https://nvd.nist.gov/vuln/detail/CVE-2026-32707) | 5.2 | MEDIUM | CWE-121 | No | 0.0% | 3.64 | 2026-03-16 | PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, tattu_can contains an unbounded memcpy in it... |
| [CVE-2026-32706](https://nvd.nist.gov/vuln/detail/CVE-2026-32706) | 7.1 | HIGH | CWE-120 | No | 0.0% | 4.97 | 2026-03-16 | PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, The crsf_rc parser accepts an oversized vari... |
| [CVE-2026-32705](https://nvd.nist.gov/vuln/detail/CVE-2026-32705) | 6.8 | MEDIUM | CWE-121 | No | 0.0% | 4.76 | 2026-03-16 | PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the BST telemetry probe writes a string term... |
| [CVE-2026-32704](https://nvd.nist.gov/vuln/detail/CVE-2026-32704) | 6.5 | MEDIUM | CWE-285 | No | 0.0% | 4.55 | 2026-03-16 | SiYuan is a personal knowledge management system. Prior to 3.6.1, POST /api/template/renderSprig lacks model.CheckAdminR... |
| [CVE-2026-32702](https://nvd.nist.gov/vuln/detail/CVE-2026-32702) | 6.9 | MEDIUM | CWE-208 | No | 0.1% | 4.83 | 2026-03-16 | Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download c... |
| [CVE-2026-32640](https://nvd.nist.gov/vuln/detail/CVE-2026-32640) | 8.7 | HIGH | CWE-94 | No | 0.2% | 6.10 | 2026-03-16 | SimpleEval is a library for adding evaluatable expressions into python projects. Prior to 1.0.5, objects (including modu... |
| [CVE-2026-32635](https://nvd.nist.gov/vuln/detail/CVE-2026-32635) | 8.6 | HIGH | CWE-79 | No | 0.1% | 6.02 | 2026-03-16 | Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other... |
| [CVE-2026-32630](https://nvd.nist.gov/vuln/detail/CVE-2026-32630) | 5.3 | MEDIUM | CWE-409 | No | 0.1% | 3.71 | 2026-03-16 | file-type detects the file type of a file, stream, or data. From 20.0.0 to 21.3.1, a crafted ZIP file can trigger excess... |
| [CVE-2026-32628](https://nvd.nist.gov/vuln/detail/CVE-2026-32628) | 7.7 | HIGH | CWE-89 | No | 0.0% | 5.39 | 2026-03-16 | AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatti... |
| [CVE-2026-32627](https://nvd.nist.gov/vuln/detail/CVE-2026-32627) | 8.7 | HIGH | CWE-295 | No | 0.0% | 6.09 | 2026-03-16 | cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.2, when a cpp-httplib cl... |
| [CVE-2026-32626](https://nvd.nist.gov/vuln/detail/CVE-2026-32626) | 9.6 | CRITICAL | CWE-79 | No | 0.1% | 6.72 | 2026-03-16 | AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatti... |
| [CVE-2026-32621](https://nvd.nist.gov/vuln/detail/CVE-2026-32621) | 9.9 | CRITICAL | CWE-1321 | No | 0.0% | 6.93 | 2026-03-16 | Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Prior to 2.9.6, 2.10.5, 2.11... |
| [CVE-2026-32617](https://nvd.nist.gov/vuln/detail/CVE-2026-32617) | 7.1 | HIGH | CWE-942 | No | 0.0% | 4.97 | 2026-03-16 | AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatti... |
| [CVE-2026-32616](https://nvd.nist.gov/vuln/detail/CVE-2026-32616) | 8.2 | HIGH | CWE-74 | No | 0.0% | 5.74 | 2026-03-16 | Pigeon is a message board/notepad/social system/blog. Prior to 1.0.201, the application uses $_SERVER['HTTP_HOST'] witho... |
| [CVE-2026-32614](https://nvd.nist.gov/vuln/detail/CVE-2026-32614) | 7.5 | HIGH | CWE-347 | No | 0.0% | 5.25 | 2026-03-16 | Go ShangMi (Commercial Cryptography) Library (GMSM) is a cryptographic library that covers the Chinese commercial crypto... |
| [CVE-2026-32600](https://nvd.nist.gov/vuln/detail/CVE-2026-32600) | 8.2 | HIGH | CWE-354 | No | 0.0% | 5.74 | 2026-03-16 | xml-security is a library that implements XML signatures and encryption. Prior to versions 2.3.1 and 1.13.9, XML nodes e... |
| [CVE-2026-32594](https://nvd.nist.gov/vuln/detail/CVE-2026-32594) | 6.9 | MEDIUM | CWE-306 | No | 0.1% | 4.83 | 2026-03-16 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.40... |
| [CVE-2026-32314](https://nvd.nist.gov/vuln/detail/CVE-2026-32314) | 8.7 | HIGH | CWE-248 | No | 0.1% | 6.09 | 2026-03-16 | Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. Prior to 0.13.10, the Rust implementati... |
| [CVE-2026-32313](https://nvd.nist.gov/vuln/detail/CVE-2026-32313) | 8.2 | HIGH | CWE-354 | No | 0.0% | 5.74 | 2026-03-16 | xmlseclibs is a library written in PHP for working with XML Encryption and Signatures. Prior to 3.1.5, XML nodes encrypt... |
| [CVE-2026-31386](https://nvd.nist.gov/vuln/detail/CVE-2026-31386) | 8.6 | HIGH | CWE-78 | No | 0.2% | 6.03 | 2026-03-16 | OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies contain an OS command injection vulnerability. An a... |
| [CVE-2026-2578](https://nvd.nist.gov/vuln/detail/CVE-2026-2578) | 4.3 | MEDIUM | CWE-201 | No | 0.0% | 3.01 | 2026-03-16 | Mattermost versions 11.3.x <= 11.3.0 fail to preserve the redacted state of burn-on-read posts during deletion which all... |
| [CVE-2026-2476](https://nvd.nist.gov/vuln/detail/CVE-2026-2476) | 7.6 | HIGH | CWE-200 | No | 0.0% | 5.32 | 2026-03-16 | Mattermost Plugins versions <=2.0.3.0 fail to properly mask sensitive configuration values which allows an attacker with... |
| [CVE-2026-2463](https://nvd.nist.gov/vuln/detail/CVE-2026-2463) | 4.3 | MEDIUM | CWE-862 | No | 0.0% | 3.01 | 2026-03-16 | Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to filter invite IDs based on user perm... |
| [CVE-2026-2462](https://nvd.nist.gov/vuln/detail/CVE-2026-2462) | 6.6 | MEDIUM | CWE-863 | No | 0.2% | 4.63 | 2026-03-16 | Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to restrict plugin installation on CI t... |
| [CVE-2026-2461](https://nvd.nist.gov/vuln/detail/CVE-2026-2461) | 4.3 | MEDIUM | CWE-639 | No | 0.0% | 3.01 | 2026-03-16 | Mattermost Plugins versions <=11.3 11.0.3 11.2.2 10.10.11.0 fail to implement authorisation checks on comment block modi... |
| [CVE-2026-2458](https://nvd.nist.gov/vuln/detail/CVE-2026-2458) | 4.3 | MEDIUM | CWE-862 | No | 0.0% | 3.01 | 2026-03-16 | Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to properly validate team membership wh... |
| [CVE-2026-2457](https://nvd.nist.gov/vuln/detail/CVE-2026-2457) | 4.3 | MEDIUM | CWE-346 | No | 0.0% | 3.01 | 2026-03-16 | Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to sanitize client-supplied post metada... |
| [CVE-2026-2456](https://nvd.nist.gov/vuln/detail/CVE-2026-2456) | 5.3 | MEDIUM | CWE-789 | No | 0.0% | 3.71 | 2026-03-16 | Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 Mattermost fails to limit the size of respon... |
| [CVE-2026-2326](https://nvd.nist.gov/vuln/detail/CVE-2026-2326) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-03-16 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All r... |
| [CVE-2026-2233](https://nvd.nist.gov/vuln/detail/CVE-2026-2233) | 5.3 | MEDIUM | CWE-862 | No | 0.1% | 3.71 | 2026-03-16 | The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordP... |
| [CVE-2026-28522](https://nvd.nist.gov/vuln/detail/CVE-2026-28522) | 7.1 | HIGH | CWE-476 | No | 0.0% | 4.97 | 2026-03-16 | arduino-TuyaOpen before version 1.2.1 contains a null pointer dereference vulnerability in the WiFiUDP component. An att... |
| [CVE-2026-28521](https://nvd.nist.gov/vuln/detail/CVE-2026-28521) | 7.0 | HIGH | CWE-125 | No | 0.0% | 4.90 | 2026-03-16 | arduino-TuyaOpen before version 1.2.1 contains an out-of-bounds memory read vulnerability in the TuyaIoT component. An a... |
| [CVE-2026-28520](https://nvd.nist.gov/vuln/detail/CVE-2026-28520) | 8.6 | HIGH | CWE-193 | No | 0.0% | 6.02 | 2026-03-16 | arduino-TuyaOpen before version 1.2.1 contains a single-byte buffer overflow vulnerability in the WiFiMulti component. W... |
| [CVE-2026-28519](https://nvd.nist.gov/vuln/detail/CVE-2026-28519) | 8.7 | HIGH | CWE-122 | No | 0.0% | 6.09 | 2026-03-16 | arduino-TuyaOpen before version 1.2.1 contains a heap-based buffer overflow vulnerability in the DnsServer component. An... |
| [CVE-2026-26246](https://nvd.nist.gov/vuln/detail/CVE-2026-26246) | 4.3 | MEDIUM | CWE-789 | No | 0.0% | 3.01 | 2026-03-16 | Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to bound memory allocation when process... |
| [CVE-2026-26133](https://nvd.nist.gov/vuln/detail/CVE-2026-26133) | 7.1 | HIGH | CWE-77 | No | 0.1% | 4.97 | 2026-03-16 | AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network. |
| [CVE-2026-25783](https://nvd.nist.gov/vuln/detail/CVE-2026-25783) | 4.3 | MEDIUM | CWE-1287 | No | 0.1% | 3.01 | 2026-03-16 | Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to properly validate User-Agent header... |
| [CVE-2026-25780](https://nvd.nist.gov/vuln/detail/CVE-2026-25780) | 4.3 | MEDIUM | CWE-789 | No | 0.0% | 3.01 | 2026-03-16 | Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to bound memory allocation when process... |
| [CVE-2026-25083](https://nvd.nist.gov/vuln/detail/CVE-2026-25083) | 8.7 | HIGH | CWE-862 | No | 0.0% | 6.09 | 2026-03-16 | GROWI OpenAI thread/message API endpoints do not perform authorization. Affected are v7.4.5 and earlier versions. A logg... |
| [CVE-2026-24458](https://nvd.nist.gov/vuln/detail/CVE-2026-24458) | 7.5 | HIGH | CWE-770 | No | 0.1% | 5.25 | 2026-03-16 | Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to properly handle very long passwords,... |
| [CVE-2026-21005](https://nvd.nist.gov/vuln/detail/CVE-2026-21005) | 7.1 | HIGH | CWE-22 | No | 0.0% | 4.97 | 2026-03-16 | Path traversal in Smart Switch prior to version 3.7.69.15 allows adjacent attackers to overwrite arbitrary files with Sm... |
| [CVE-2026-21004](https://nvd.nist.gov/vuln/detail/CVE-2026-21004) | 6.9 | MEDIUM | CWE-287 | No | 0.1% | 4.83 | 2026-03-16 | Improper authentication in Smart Switch prior to version 3.7.69.15 allows adjacent attackers to trigger a denial of serv... |
| [CVE-2026-21002](https://nvd.nist.gov/vuln/detail/CVE-2026-21002) | 5.9 | MEDIUM | CWE-347 | No | 0.0% | 4.13 | 2026-03-16 | Improper verification of cryptographic signature in Galaxy Store prior to version 4.6.03.8 allows local attacker to inst... |
| [CVE-2026-21001](https://nvd.nist.gov/vuln/detail/CVE-2026-21001) | 5.9 | MEDIUM | CWE-22 | No | 0.0% | 4.13 | 2026-03-16 | Path traversal in Galaxy Store prior to version 4.6.03.8 allows local attacker to create file with Galaxy Store privileg... |
| [CVE-2026-21000](https://nvd.nist.gov/vuln/detail/CVE-2026-21000) | 7.0 | HIGH | CWE-22 | No | 0.0% | 4.90 | 2026-03-16 | Improper access control in Galaxy Store prior to version 4.6.03.8 allows local attacker to create file with Galaxy Store... |
| [CVE-2026-20999](https://nvd.nist.gov/vuln/detail/CVE-2026-20999) | 7.1 | HIGH | CWE-294 | No | 0.1% | 4.97 | 2026-03-16 | Authentication bypass by replay in Smart Switch prior to version 3.7.69.15 allows remote attackers to trigger privileged... |
| [CVE-2026-20998](https://nvd.nist.gov/vuln/detail/CVE-2026-20998) | 7.1 | HIGH | NVD-CWE-noinfo | No | 0.3% | 4.98 | 2026-03-16 | Improper authentication in Smart Switch prior to version 3.7.69.15 allows remote attackers to bypass authentication. |
| [CVE-2026-20997](https://nvd.nist.gov/vuln/detail/CVE-2026-20997) | 5.3 | MEDIUM | CWE-347 | No | 0.1% | 3.71 | 2026-03-16 | Improper verification of cryptographic signature in Smart Switch prior to version 3.7.69.15 allows remote attackers to p... |
| [CVE-2026-20996](https://nvd.nist.gov/vuln/detail/CVE-2026-20996) | 7.1 | HIGH | CWE-327 | No | 0.0% | 4.97 | 2026-03-16 | Use of a broken or risky cryptographic algorithm in Smart Switch prior to version 3.7.69.15 allows remote attackers to c... |
| [CVE-2026-20995](https://nvd.nist.gov/vuln/detail/CVE-2026-20995) | 5.3 | MEDIUM | CWE-306 | No | 0.1% | 3.71 | 2026-03-16 | Exposure of sensitive functionality to an unauthorized actor in Smart Switch prior to version 3.7.69.15 allows remote at... |
| [CVE-2026-20994](https://nvd.nist.gov/vuln/detail/CVE-2026-20994) | 7.0 | HIGH | N/A | No | 0.3% | 4.91 | 2026-03-16 | URL redirection in Samsung Account prior to version 15.5.01.1 allows remote attackers to potentially get access token. |
| [CVE-2026-20993](https://nvd.nist.gov/vuln/detail/CVE-2026-20993) | 4.8 | MEDIUM | NVD-CWE-Other | No | 0.0% | 3.36 | 2026-03-16 | Improper export of android application components in Samsung Assistant prior to version 9.3.10.7 allows local attacker t... |
| [CVE-2026-20992](https://nvd.nist.gov/vuln/detail/CVE-2026-20992) | 4.8 | MEDIUM | CWE-863 | No | 0.0% | 3.36 | 2026-03-16 | Improper authorization in Settings prior to SMR Mar-2026 Release 1 allows local attacker to disable configuring the back... |
| [CVE-2026-20991](https://nvd.nist.gov/vuln/detail/CVE-2026-20991) | 6.7 | MEDIUM | NVD-CWE-noinfo | No | 0.0% | 4.69 | 2026-03-16 | Improper privilege management in ThemeManager prior to SMR Mar-2026 Release 1 allows local privileged attackers to reuse... |
| [CVE-2026-20990](https://nvd.nist.gov/vuln/detail/CVE-2026-20990) | 8.4 | HIGH | NVD-CWE-Other | No | 0.0% | 5.88 | 2026-03-16 | Improper export of android application components in Secure Folder prior to SMR Mar-2026 Release 1 allows local attacker... |
| [CVE-2026-20989](https://nvd.nist.gov/vuln/detail/CVE-2026-20989) | 5.1 | MEDIUM | CWE-347 | No | 0.0% | 3.57 | 2026-03-16 | Improper verification of cryptographic signature in Font Settings prior to SMR Mar-2026 Release 1 allows physical attack... |
| [CVE-2026-20988](https://nvd.nist.gov/vuln/detail/CVE-2026-20988) | 6.8 | MEDIUM | NVD-CWE-Other | No | 0.0% | 4.76 | 2026-03-16 | Improper verification of intent by broadcast receiver in Settings prior to SMR Mar-2026 Release 1 allows local attacker... |
| [CVE-2026-1948](https://nvd.nist.gov/vuln/detail/CVE-2026-1948) | 4.3 | MEDIUM | CWE-862 | No | 0.0% | 3.01 | 2026-03-16 | The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of d... |
| [CVE-2026-1947](https://nvd.nist.gov/vuln/detail/CVE-2026-1947) | 7.5 | HIGH | CWE-639 | No | 0.0% | 5.25 | 2026-03-16 | The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Referen... |
| [CVE-2026-1883](https://nvd.nist.gov/vuln/detail/CVE-2026-1883) | 4.3 | MEDIUM | CWE-639 | No | 0.0% | 3.01 | 2026-03-16 | The Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post Types plugin for WordPress is vulnerable to Inse... |
| [CVE-2026-1870](https://nvd.nist.gov/vuln/detail/CVE-2026-1870) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-16 | The Thim Kit for Elementor – Pre-built Templates & Widgets for Elementor plugin for WordPress is vulnerable to unauthori... |
| [CVE-2026-0977](https://nvd.nist.gov/vuln/detail/CVE-2026-0977) | 5.1 | MEDIUM | CWE-284 | No | 0.0% | 3.57 | 2026-03-16 | IBM CICS Transaction Gateway for Multiplatforms 9.3 and 10.1 could allow a user to transfer or view files due to imprope... |
| [CVE-2026-0849](https://nvd.nist.gov/vuln/detail/CVE-2026-0849) | 3.8 | LOW | CWE-120 | No | 0.0% | 2.66 | 2026-03-16 | Malformed ATAES132A responses with an oversized length field overflow a 52-byte stack buffer in the Zephyr crypto driver... |
| [CVE-2026-0639](https://nvd.nist.gov/vuln/detail/CVE-2026-0639) | 3.3 | LOW | CWE-401 | No | 0.0% | 2.31 | 2026-03-16 | in OpenHarmony v6.0 and prior versions allow a local attacker case DOS through missing release of memory. |
| [CVE-2026-0385](https://nvd.nist.gov/vuln/detail/CVE-2026-0385) | 5.0 | MEDIUM | CWE-451 | No | 0.1% | 3.50 | 2026-03-16 | Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability |
| [CVE-2025-71264](https://nvd.nist.gov/vuln/detail/CVE-2025-71264) | 3.7 | LOW | CWE-125 | No | 0.0% | 2.59 | 2026-03-16 | Mumble before 1.6.870 is prone to an out-of-bounds array access, which may result in denial of service (client crash). |
| [CVE-2025-6969](https://nvd.nist.gov/vuln/detail/CVE-2025-6969) | 5.0 | MEDIUM | CWE-20 | No | 0.0% | 3.50 | 2026-03-16 | in OpenHarmony v5.1.0 and prior versions allow a local attacker cause DOS through improper input. |
| [CVE-2025-52648](https://nvd.nist.gov/vuln/detail/CVE-2025-52648) | 4.8 | MEDIUM | CWE-347 | No | 0.0% | 3.36 | 2026-03-16 | HCL AION is affected by a vulnerability where offering images are not digitally signed. Lack of image signing may allow... |
| [CVE-2025-52638](https://nvd.nist.gov/vuln/detail/CVE-2025-52638) | 5.6 | MEDIUM | CWE-345 | No | 0.0% | 3.92 | 2026-03-16 | HCL AION is affected by a vulnerability where generated containers may execute binaries with root-level privileges. Runn... |
| [CVE-2025-52637](https://nvd.nist.gov/vuln/detail/CVE-2025-52637) | 4.5 | MEDIUM | CWE-89 | No | 0.1% | 3.15 | 2026-03-16 | HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmfu... |
| [CVE-2025-52458](https://nvd.nist.gov/vuln/detail/CVE-2025-52458) | 5.5 | MEDIUM | CWE-787 | No | 0.0% | 3.85 | 2026-03-16 | in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through o... |
| [CVE-2025-41432](https://nvd.nist.gov/vuln/detail/CVE-2025-41432) | 5.5 | MEDIUM | CWE-787 | No | 0.0% | 3.85 | 2026-03-16 | in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through o... |
| [CVE-2025-26474](https://nvd.nist.gov/vuln/detail/CVE-2025-26474) | 3.3 | LOW | CWE-20 | No | 0.0% | 2.31 | 2026-03-16 | in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information improper input. This vulnerability can... |
| [CVE-2025-25277](https://nvd.nist.gov/vuln/detail/CVE-2025-25277) | 6.3 | MEDIUM | CWE-843 | No | 0.0% | 4.41 | 2026-03-16 | in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through u... |
| [CVE-2025-15554](https://nvd.nist.gov/vuln/detail/CVE-2025-15554) | 6.0 | MEDIUM | CWE-525 | No | 0.0% | 4.20 | 2026-03-16 | Browser caching of LAPS passwords in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstat... |
| [CVE-2025-15553](https://nvd.nist.gov/vuln/detail/CVE-2025-15553) | 6.0 | MEDIUM | CWE-613 | No | 0.0% | 4.20 | 2026-03-16 | Non-working logout functionality in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstati... |
| [CVE-2025-15552](https://nvd.nist.gov/vuln/detail/CVE-2025-15552) | 6.0 | MEDIUM | CWE-613 | No | 0.0% | 4.20 | 2026-03-16 | Insufficient Session Expiration in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstatio... |
| [CVE-2025-14287](https://nvd.nist.gov/vuln/detail/CVE-2025-14287) | 8.8 | HIGH | CWE-94 | No | 0.3% | 6.17 | 2026-03-16 | A command injection vulnerability exists in mlflow/mlflow versions before v3.7.0, specifically in the `mlflow/sagemaker/... |
| [CVE-2025-13460](https://nvd.nist.gov/vuln/detail/CVE-2025-13460) | 5.3 | MEDIUM | CWE-204 | No | 0.0% | 3.71 | 2026-03-16 | IBM Aspera Console 3.3.0 through 3.4.8 could allow an attacker to enumerate usernames due to an observable response disc... |
| [CVE-2025-13459](https://nvd.nist.gov/vuln/detail/CVE-2025-13459) | 2.7 | LOW | CWE-841 | No | 0.1% | 1.89 | 2026-03-16 | IBM Aspera Console 3.3.0 through 3.4.8 could allow a privileged user to cause a denial of service due to improper enforc... |
| [CVE-2025-13212](https://nvd.nist.gov/vuln/detail/CVE-2025-13212) | 5.3 | MEDIUM | CWE-799 | No | 0.1% | 3.71 | 2026-03-16 | IBM Aspera Console 3.3.0 through 3.4.8 could allow an authenticated user to cause a denial of service in the email servi... |
| [CVE-2025-12736](https://nvd.nist.gov/vuln/detail/CVE-2025-12736) | 6.5 | MEDIUM | CWE-908 | No | 0.0% | 4.55 | 2026-03-16 | in OpenHarmony v5.0.3 and prior versions allow a local attacker case sensitive information leak through use of uninitial... |
| [CVE-2017-20224](https://nvd.nist.gov/vuln/detail/CVE-2017-20224) | 9.3 | CRITICAL | CWE-434 | No | 0.4% | 6.52 | 2026-03-16 | Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains an arbitrary file upload vulnerability that allows unauthenti... |
| [CVE-2017-20223](https://nvd.nist.gov/vuln/detail/CVE-2017-20223) | 9.3 | CRITICAL | CWE-639 | No | 0.1% | 6.51 | 2026-03-16 | Telesquare SKT LTE Router SDT-CS3B1 firmware version 1.2.0 contains an insecure direct object reference vulnerability th... |
| [CVE-2017-20222](https://nvd.nist.gov/vuln/detail/CVE-2017-20222) | 8.7 | HIGH | CWE-306 | No | 0.2% | 6.10 | 2026-03-16 | Telesquare SKT LTE Router SDT-CS3B1 software version 1.2.0 contains an unauthenticated remote reboot vulnerability that... |
| [CVE-2017-20221](https://nvd.nist.gov/vuln/detail/CVE-2017-20221) | 5.3 | MEDIUM | CWE-352 | No | 0.0% | 3.71 | 2026-03-16 | Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains a cross-site request forgery vulnerability that allows authen... |
| [CVE-2017-20220](https://nvd.nist.gov/vuln/detail/CVE-2017-20220) | 8.7 | HIGH | CWE-306 | No | 0.2% | 6.10 | 2026-03-16 | Serviio PRO 1.8 contains an improper access control vulnerability in the Configuration REST API that allows unauthentica... |
| [CVE-2017-20219](https://nvd.nist.gov/vuln/detail/CVE-2017-20219) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-03-16 | Serviio PRO 1.8 DLNA Media Streaming Server contains a DOM-based cross-site scripting vulnerability that allows attacker... |
| [CVE-2017-20218](https://nvd.nist.gov/vuln/detail/CVE-2017-20218) | 8.5 | HIGH | CWE-428 | No | 0.0% | 5.95 | 2026-03-16 | Serviio PRO 1.8 contains an unquoted search path vulnerability in the Windows service that allows local users to execute... |
| [CVE-2017-20217](https://nvd.nist.gov/vuln/detail/CVE-2017-20217) | 8.7 | HIGH | CWE-306 | No | 0.1% | 6.09 | 2026-03-16 | Serviio PRO 1.8 contains an information disclosure vulnerability due to improper access control enforcement in the Confi... |
| [CVE-2016-20036](https://nvd.nist.gov/vuln/detail/CVE-2016-20036) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-03-16 | Wowza Streaming Engine 4.5.0 contains multiple reflected cross-site scripting vulnerabilities in the enginemanager inter... |
| [CVE-2016-20035](https://nvd.nist.gov/vuln/detail/CVE-2016-20035) | 6.9 | MEDIUM | CWE-352 | No | 0.0% | 4.83 | 2026-03-16 | Wowza Streaming Engine 4.5.0 contains a cross-site request forgery vulnerability that allows attackers to perform admini... |
| [CVE-2016-20034](https://nvd.nist.gov/vuln/detail/CVE-2016-20034) | 8.7 | HIGH | CWE-352 | No | 0.0% | 6.09 | 2026-03-16 | Wowza Streaming Engine 4.5.0 contains a privilege escalation vulnerability that allows authenticated read-only users to... |
| [CVE-2016-20033](https://nvd.nist.gov/vuln/detail/CVE-2016-20033) | 8.5 | HIGH | CWE-639 | No | 0.0% | 5.95 | 2026-03-16 | Wowza Streaming Engine 4.5.0 contains a local privilege escalation vulnerability that allows authenticated users to esca... |
| [CVE-2016-20032](https://nvd.nist.gov/vuln/detail/CVE-2016-20032) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-03-16 | ZKTeco ZKAccess Security System 5.3.1 contains a stored cross-site scripting vulnerability that allows attackers to exec... |
| [CVE-2016-20031](https://nvd.nist.gov/vuln/detail/CVE-2016-20031) | 6.8 | MEDIUM | CWE-798 | No | 0.0% | 4.76 | 2026-03-16 | ZKTeco ZKBioSecurity 3.0 contains a local authorization bypass vulnerability in visLogin.jsp that allows attackers to au... |
| [CVE-2016-20030](https://nvd.nist.gov/vuln/detail/CVE-2016-20030) | 9.3 | CRITICAL | CWE-551 | No | 0.0% | 6.51 | 2026-03-16 | ZKTeco ZKBioSecurity 3.0 contains a user enumeration vulnerability that allows unauthenticated attackers to discover val... |
| [CVE-2016-20029](https://nvd.nist.gov/vuln/detail/CVE-2016-20029) | 6.9 | MEDIUM | CWE-276 | No | 0.0% | 4.83 | 2026-03-16 | ZKTeco ZKBioSecurity 3.0 contains a file path manipulation vulnerability that allows attackers to access arbitrary files... |
| [CVE-2016-20028](https://nvd.nist.gov/vuln/detail/CVE-2016-20028) | 5.3 | MEDIUM | CWE-352 | No | 0.0% | 3.71 | 2026-03-16 | ZKTeco ZKBioSecurity 3.0 contains a cross-site request forgery vulnerability that allows attackers to perform administra... |
| [CVE-2016-20027](https://nvd.nist.gov/vuln/detail/CVE-2016-20027) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-03-16 | ZKTeco ZKBioSecurity 3.0 contains multiple reflected cross-site scripting vulnerabilities that allow attackers to execut... |
| [CVE-2016-20026](https://nvd.nist.gov/vuln/detail/CVE-2016-20026) | 9.3 | CRITICAL | CWE-798 | No | 0.0% | 6.51 | 2026-03-16 | ZKTeco ZKBioSecurity 3.0 contains hardcoded credentials in the bundled Apache Tomcat server that allow unauthenticated a... |
| [CVE-2016-20025](https://nvd.nist.gov/vuln/detail/CVE-2016-20025) | 8.7 | HIGH | CWE-552 | No | 0.0% | 6.09 | 2026-03-16 | ZKTeco ZKAccess Professional 3.5.3 contains an insecure file permissions vulnerability that allows authenticated users t... |
| [CVE-2016-20024](https://nvd.nist.gov/vuln/detail/CVE-2016-20024) | 9.3 | CRITICAL | CWE-538 | No | 0.0% | 6.51 | 2026-03-16 | ZKTeco ZKTime.Net 3.0.1.6 contains an insecure file permissions vulnerability that allows unprivileged users to escalate... |
| [CVE-2015-20121](https://nvd.nist.gov/vuln/detail/CVE-2015-20121) | 8.8 | HIGH | CWE-89 | No | 0.2% | 6.17 | 2026-03-16 | Next Click Ventures RealtyScript 4.0.2 contains SQL injection vulnerabilities that allow unauthenticated attackers to ma... |
| [CVE-2015-20120](https://nvd.nist.gov/vuln/detail/CVE-2015-20120) | 8.8 | HIGH | CWE-89 | No | 0.4% | 6.17 | 2026-03-16 | Next Click Ventures RealtyScript 4.0.2 contains multiple time-based blind SQL injection vulnerabilities that allow unaut... |
| [CVE-2015-20119](https://nvd.nist.gov/vuln/detail/CVE-2015-20119) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-03-16 | Next Click Ventures RealtyScript 4.0.2 contains a stored cross-site scripting vulnerability that allows authenticated at... |
| [CVE-2015-20118](https://nvd.nist.gov/vuln/detail/CVE-2015-20118) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-03-16 | Next Click Ventures RealtyScript 4.0.2 contains a stored cross-site scripting vulnerability in the location_name paramet... |
| [CVE-2015-20117](https://nvd.nist.gov/vuln/detail/CVE-2015-20117) | 6.9 | MEDIUM | CWE-352 | No | 0.1% | 4.83 | 2026-03-16 | Next Click Ventures RealtyScript 4.0.2 contains a cross-site request forgery vulnerability that allows unauthenticated a... |
| [CVE-2015-20116](https://nvd.nist.gov/vuln/detail/CVE-2015-20116) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-03-16 | Next Click Ventures RealtyScript 4.0.2 fails to properly sanitize CSV file uploads, allowing attackers to inject malicio... |
| [CVE-2015-20115](https://nvd.nist.gov/vuln/detail/CVE-2015-20115) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-03-16 | Next Click Ventures RealtyScript 4.0.2 fails to properly sanitize file uploads, allowing attackers to store malicious sc... |
| [CVE-2015-20114](https://nvd.nist.gov/vuln/detail/CVE-2015-20114) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-03-16 | Next Click Ventures RealtyScript 4.0.2 contains a cross-site scripting vulnerability that allows attackers to execute ar... |
| [CVE-2015-20113](https://nvd.nist.gov/vuln/detail/CVE-2015-20113) | 6.9 | MEDIUM | CWE-352 | No | 0.0% | 4.83 | 2026-03-16 | Next Click Ventures RealtyScript 4.0.2 contains cross-site request forgery and persistent cross-site scripting vulnerabi... |
| [CVE-2013-20006](https://nvd.nist.gov/vuln/detail/CVE-2013-20006) | 8.7 | HIGH | CWE-79 | No | 0.1% | 6.09 | 2026-03-16 | Qool CMS contains multiple persistent cross-site scripting vulnerabilities in several administrative scripts where POST... |
| [CVE-2013-20005](https://nvd.nist.gov/vuln/detail/CVE-2013-20005) | 6.9 | MEDIUM | CWE-79 | No | 0.0% | 4.83 | 2026-03-16 | Qool CMS 2.0 RC2 contains a cross-site request forgery vulnerability that allows attackers to perform administrative act... |
| [CVE-2026-4111](https://nvd.nist.gov/vuln/detail/CVE-2026-4111) | 7.5 | HIGH | CWE-835 | No | 0.0% | 5.25 | 2026-03-13 | A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive... |
| [CVE-2026-4105](https://nvd.nist.gov/vuln/detail/CVE-2026-4105) | 6.7 | MEDIUM | CWE-284 | No | 0.0% | 4.69 | 2026-03-13 | A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insuf... |
| [CVE-2026-4092](https://nvd.nist.gov/vuln/detail/CVE-2026-4092) | 8.7 | HIGH | CWE-22 | No | 0.3% | 6.10 | 2026-03-13 | Path Traversal in Clasp impacting versions < 3.2.0 allows a remote attacker to perform remote code execution via a malic... |
| [CVE-2026-4063](https://nvd.nist.gov/vuln/detail/CVE-2026-4063) | 4.3 | MEDIUM | CWE-862 | No | 0.0% | 3.01 | 2026-03-13 | The Social Icons Widget & Block by WPZOOM plugin for WordPress is vulnerable to unauthorized data modification due to a... |
| [CVE-2026-3986](https://nvd.nist.gov/vuln/detail/CVE-2026-3986) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-03-13 | The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form settings in al... |
| [CVE-2026-3910](https://nvd.nist.gov/vuln/detail/CVE-2026-3910) | 8.8 | HIGH | CWE-94 | Yes | 0.7% | 6.18 | 2026-03-13 | Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrar... |
| [CVE-2026-3909](https://nvd.nist.gov/vuln/detail/CVE-2026-3909) | 8.8 | HIGH | CWE-787 | Yes | 0.3% | 6.17 | 2026-03-13 | Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds m... |
| [CVE-2026-3891](https://nvd.nist.gov/vuln/detail/CVE-2026-3891) | 9.8 | CRITICAL | CWE-434 | No | 0.1% | 6.86 | 2026-03-13 | The Pix for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check and... |
| [CVE-2026-3045](https://nvd.nist.gov/vuln/detail/CVE-2026-3045) | 7.5 | HIGH | CWE-862 | No | 0.0% | 5.25 | 2026-03-13 | The Appointment Booking Calendar — Simply Schedule Appointments plugin for WordPress is vulnerable to unauthorized acces... |
| [CVE-2026-32746](https://nvd.nist.gov/vuln/detail/CVE-2026-32746) | 9.8 | CRITICAL | CWE-120 | No | 0.0% | 6.86 | 2026-03-13 | telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption... |
| [CVE-2026-32745](https://nvd.nist.gov/vuln/detail/CVE-2026-32745) | 6.3 | MEDIUM | CWE-614 | No | 0.0% | 4.41 | 2026-03-13 | In JetBrains Datalore before 2026.1 session hijacking was possible due to missing secure attribute for cookie settings |
| [CVE-2026-32612](https://nvd.nist.gov/vuln/detail/CVE-2026-32612) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-13 | Statamic is a Laravel and Git powered content management system (CMS). Prior to 6.6.2, stored XSS in the control panel c... |
| [CVE-2026-32598](https://nvd.nist.gov/vuln/detail/CVE-2026-32598) | 6.9 | MEDIUM | CWE-532 | No | 0.0% | 4.83 | 2026-03-13 | OneUptime is a solution for monitoring and managing online services. Prior to 10.0.24, the password reset flow logs the... |
| [CVE-2026-32597](https://nvd.nist.gov/vuln/detail/CVE-2026-32597) | 7.5 | HIGH | CWE-345 | No | 0.0% | 5.25 | 2026-03-13 | PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit (Critical) Header... |
| [CVE-2026-32543](https://nvd.nist.gov/vuln/detail/CVE-2026-32543) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-13 | Missing Authorization vulnerability in CyberChimps Responsive Blocks responsive-block-editor-addons allows Exploiting In... |
| [CVE-2026-32487](https://nvd.nist.gov/vuln/detail/CVE-2026-32487) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-13 | Missing Authorization vulnerability in raratheme Lawyer Landing Page lawyer-landing-page allows Exploiting Incorrectly C... |
| [CVE-2026-32486](https://nvd.nist.gov/vuln/detail/CVE-2026-32486) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-13 | Missing Authorization vulnerability in wptravelengine Travel Booking travel-booking allows Exploiting Incorrectly Config... |
| [CVE-2026-32462](https://nvd.nist.gov/vuln/detail/CVE-2026-32462) | 5.9 | MEDIUM | CWE-79 | No | 0.0% | 4.13 | 2026-03-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Liton Arefin Maste... |
| [CVE-2026-32461](https://nvd.nist.gov/vuln/detail/CVE-2026-32461) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-13 | Missing Authorization vulnerability in Really Simple Plugins Really Simple SSL really-simple-ssl allows Exploiting Incor... |
| [CVE-2026-32460](https://nvd.nist.gov/vuln/detail/CVE-2026-32460) | 6.5 | MEDIUM | CWE-79 | No | 0.0% | 4.55 | 2026-03-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Ultimate... |
| [CVE-2026-32459](https://nvd.nist.gov/vuln/detail/CVE-2026-32459) | 8.5 | HIGH | CWE-89 | No | 0.0% | 5.95 | 2026-03-13 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in flycart UpsellWP c... |
| [CVE-2026-32458](https://nvd.nist.gov/vuln/detail/CVE-2026-32458) | 7.6 | HIGH | CWE-89 | No | 0.0% | 5.32 | 2026-03-13 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 WOLF bu... |
| [CVE-2026-32457](https://nvd.nist.gov/vuln/detail/CVE-2026-32457) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-13 | Missing Authorization vulnerability in Wombat Plugins Advanced Product Fields (Product Addons) for WooCommerce advanced-... |
| [CVE-2026-32456](https://nvd.nist.gov/vuln/detail/CVE-2026-32456) | 4.3 | MEDIUM | CWE-352 | No | 0.0% | 3.01 | 2026-03-13 | Cross-Site Request Forgery (CSRF) vulnerability in Janis Elsts Admin Menu Editor admin-menu-editor allows Cross Site Req... |
| [CVE-2026-32455](https://nvd.nist.gov/vuln/detail/CVE-2026-32455) | 6.5 | MEDIUM | CWE-79 | No | 0.0% | 4.55 | 2026-03-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 MDTF wp... |
| [CVE-2026-32454](https://nvd.nist.gov/vuln/detail/CVE-2026-32454) | 6.5 | MEDIUM | CWE-79 | No | 0.0% | 4.55 | 2026-03-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeFusion Avada... |
| [CVE-2026-32453](https://nvd.nist.gov/vuln/detail/CVE-2026-32453) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-13 | Missing Authorization vulnerability in ThemeFusion Avada Core fusion-core allows Exploiting Incorrectly Configured Acces... |
| [CVE-2026-32452](https://nvd.nist.gov/vuln/detail/CVE-2026-32452) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-13 | Missing Authorization vulnerability in ThemeFusion Fusion Builder fusion-builder allows Exploiting Incorrectly Configure... |
| [CVE-2026-32451](https://nvd.nist.gov/vuln/detail/CVE-2026-32451) | 6.3 | MEDIUM | CWE-862 | No | 0.0% | 4.41 | 2026-03-13 | Missing Authorization vulnerability in ThemeFusion Fusion Builder fusion-builder allows Exploiting Incorrectly Configure... |
| [CVE-2026-32450](https://nvd.nist.gov/vuln/detail/CVE-2026-32450) | 6.5 | MEDIUM | CWE-79 | No | 0.0% | 4.55 | 2026-03-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 Active... |
| [CVE-2026-32449](https://nvd.nist.gov/vuln/detail/CVE-2026-32449) | 6.5 | MEDIUM | CWE-79 | No | 0.0% | 4.55 | 2026-03-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify... |
| [CVE-2026-32448](https://nvd.nist.gov/vuln/detail/CVE-2026-32448) | 6.5 | MEDIUM | CWE-79 | No | 0.0% | 4.55 | 2026-03-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eric Teubert Podlo... |
| [CVE-2026-32447](https://nvd.nist.gov/vuln/detail/CVE-2026-32447) | 4.3 | MEDIUM | CWE-862 | No | 0.0% | 3.01 | 2026-03-13 | Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Exploiting Incorrectly Confi... |
| [CVE-2026-32446](https://nvd.nist.gov/vuln/detail/CVE-2026-32446) | 4.3 | MEDIUM | CWE-862 | No | 0.0% | 3.01 | 2026-03-13 | Missing Authorization vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Exploiting Incorrectly Co... |
| [CVE-2026-32445](https://nvd.nist.gov/vuln/detail/CVE-2026-32445) | 2.7 | LOW | CWE-862 | No | 0.0% | 1.89 | 2026-03-13 | Missing Authorization vulnerability in Elementor Elementor Website Builder elementor allows Exploiting Incorrectly Confi... |
| [CVE-2026-32443](https://nvd.nist.gov/vuln/detail/CVE-2026-32443) | 6.5 | MEDIUM | CWE-352 | No | 0.0% | 4.55 | 2026-03-13 | Cross-Site Request Forgery (CSRF) vulnerability in Josh Kohlbach Product Feed PRO for WooCommerce woo-product-feed-pro a... |
| [CVE-2026-32442](https://nvd.nist.gov/vuln/detail/CVE-2026-32442) | 4.3 | MEDIUM | CWE-862 | No | 0.0% | 3.01 | 2026-03-13 | Missing Authorization vulnerability in E2Pdf e2pdf e2pdf allows Exploiting Incorrectly Configured Access Control Securit... |
| [CVE-2026-32440](https://nvd.nist.gov/vuln/detail/CVE-2026-32440) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-13 | Missing Authorization vulnerability in Ex-Themes WP Food wp-food allows Exploiting Incorrectly Configured Access Control... |
| [CVE-2026-32439](https://nvd.nist.gov/vuln/detail/CVE-2026-32439) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-13 | Missing Authorization vulnerability in WebGeniusLab BigHearts bighearts allows Exploiting Incorrectly Configured Access... |
| [CVE-2026-32438](https://nvd.nist.gov/vuln/detail/CVE-2026-32438) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-13 | Missing Authorization vulnerability in vowelweb VW School Education vw-school-education allows Exploiting Incorrectly Co... |
| [CVE-2026-32437](https://nvd.nist.gov/vuln/detail/CVE-2026-32437) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-13 | Missing Authorization vulnerability in vowelweb VW Portfolio vw-portfolio allows Exploiting Incorrectly Configured Acces... |
| [CVE-2026-32436](https://nvd.nist.gov/vuln/detail/CVE-2026-32436) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-13 | Missing Authorization vulnerability in vowelweb VW Photography vw-photography allows Exploiting Incorrectly Configured A... |
| [CVE-2026-32435](https://nvd.nist.gov/vuln/detail/CVE-2026-32435) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-13 | Missing Authorization vulnerability in vowelweb VW Pet Shop vw-pet-shop allows Exploiting Incorrectly Configured Access... |
| [CVE-2026-32434](https://nvd.nist.gov/vuln/detail/CVE-2026-32434) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-13 | Missing Authorization vulnerability in vowelweb VW Fitness vw-fitness allows Exploiting Incorrectly Configured Access Co... |
| [CVE-2026-32433](https://nvd.nist.gov/vuln/detail/CVE-2026-32433) | 8.5 | HIGH | CWE-89 | No | 0.0% | 5.95 | 2026-03-13 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in codepeople CP Cont... |
| [CVE-2026-32432](https://nvd.nist.gov/vuln/detail/CVE-2026-32432) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-13 | Missing Authorization vulnerability in codepeople WP Time Slots Booking Form wp-time-slots-booking-form allows Exploitin... |
| [CVE-2026-32431](https://nvd.nist.gov/vuln/detail/CVE-2026-32431) | 6.5 | MEDIUM | CWE-79 | No | 0.0% | 4.55 | 2026-03-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force A... |
| [CVE-2026-32430](https://nvd.nist.gov/vuln/detail/CVE-2026-32430) | 6.5 | MEDIUM | CWE-79 | No | 0.0% | 4.55 | 2026-03-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IdeaBox Creations... |
| [CVE-2026-32429](https://nvd.nist.gov/vuln/detail/CVE-2026-32429) | 6.5 | MEDIUM | CWE-79 | No | 0.0% | 4.55 | 2026-03-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam Magical... |
| [CVE-2026-32428](https://nvd.nist.gov/vuln/detail/CVE-2026-32428) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-13 | Missing Authorization vulnerability in Ays Pro Popup Like box ays-facebook-popup-likebox allows Exploiting Incorrectly C... |
| [CVE-2026-32427](https://nvd.nist.gov/vuln/detail/CVE-2026-32427) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-13 | Missing Authorization vulnerability in vowelweb VW Education Lite vw-education-lite allows Exploiting Incorrectly Config... |
| [CVE-2026-32426](https://nvd.nist.gov/vuln/detail/CVE-2026-32426) | 7.5 | HIGH | CWE-98 | No | 0.1% | 5.25 | 2026-03-13 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-32425](https://nvd.nist.gov/vuln/detail/CVE-2026-32425) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-13 | Missing Authorization vulnerability in linknacional Payment Gateway Pix For GiveWP payment-gateway-pix-for-givewp allows... |
| [CVE-2026-32424](https://nvd.nist.gov/vuln/detail/CVE-2026-32424) | 6.5 | MEDIUM | CWE-79 | No | 0.0% | 4.55 | 2026-03-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldGrid Sprout Cl... |
| [CVE-2026-32423](https://nvd.nist.gov/vuln/detail/CVE-2026-32423) | 5.4 | MEDIUM | CWE-862 | No | 0.0% | 3.78 | 2026-03-13 | Missing Authorization vulnerability in Bowo Admin and Site Enhancements (ASE) admin-site-enhancements allows Exploiting... |
| [CVE-2026-32422](https://nvd.nist.gov/vuln/detail/CVE-2026-32422) | 8.5 | HIGH | CWE-89 | No | 0.0% | 5.95 | 2026-03-13 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in levelfourdevelopme... |
| [CVE-2026-32421](https://nvd.nist.gov/vuln/detail/CVE-2026-32421) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-13 | Missing Authorization vulnerability in Agile Logix Post Timeline post-timeline allows Exploiting Incorrectly Configured... |
| [CVE-2026-32420](https://nvd.nist.gov/vuln/detail/CVE-2026-32420) | 5.4 | MEDIUM | CWE-352 | No | 0.0% | 3.78 | 2026-03-13 | Cross-Site Request Forgery (CSRF) vulnerability in Ruben Garcia GamiPress gamipress allows Cross Site Request Forgery.Th... |
| [CVE-2026-32419](https://nvd.nist.gov/vuln/detail/CVE-2026-32419) | 5.9 | MEDIUM | CWE-79 | No | 0.0% | 4.13 | 2026-03-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fernando Briano Li... |
| [CVE-2026-32418](https://nvd.nist.gov/vuln/detail/CVE-2026-32418) | 7.6 | HIGH | CWE-89 | No | 0.0% | 5.32 | 2026-03-13 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jordy Meow Meow Ga... |
| [CVE-2026-32417](https://nvd.nist.gov/vuln/detail/CVE-2026-32417) | 5.4 | MEDIUM | CWE-862 | No | 0.0% | 3.78 | 2026-03-13 | Missing Authorization vulnerability in wppochipp Pochipp pochipp allows Exploiting Incorrectly Configured Access Control... |
| [CVE-2026-32416](https://nvd.nist.gov/vuln/detail/CVE-2026-32416) | 5.4 | MEDIUM | CWE-862 | No | 0.0% | 3.78 | 2026-03-13 | Missing Authorization vulnerability in bPlugins PDF Poster pdf-poster allows Exploiting Incorrectly Configured Access Co... |
| [CVE-2026-32415](https://nvd.nist.gov/vuln/detail/CVE-2026-32415) | 5.0 | MEDIUM | CWE-35 | No | 0.0% | 3.50 | 2026-03-13 | Path Traversal: '.../...//' vulnerability in Bogdan Bendziukov Squeeze squeeze allows Path Traversal.This issue affects... |
| [CVE-2026-32414](https://nvd.nist.gov/vuln/detail/CVE-2026-32414) | 7.2 | HIGH | CWE-94 | No | 0.1% | 5.04 | 2026-03-13 | Improper Control of Generation of Code ('Code Injection') vulnerability in ILLID Advanced Woo Labels advanced-woo-labels... |
| [CVE-2026-32413](https://nvd.nist.gov/vuln/detail/CVE-2026-32413) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-13 | Missing Authorization vulnerability in Maciej Bis Permalink Manager Lite permalink-manager allows Exploiting Incorrectly... |
| [CVE-2026-32412](https://nvd.nist.gov/vuln/detail/CVE-2026-32412) | 5.4 | MEDIUM | CWE-918 | No | 0.0% | 3.78 | 2026-03-13 | Server-Side Request Forgery (SSRF) vulnerability in Gift Up! Gift Up Gift Cards for WordPress and WooCommerce gift-up al... |
| [CVE-2026-32411](https://nvd.nist.gov/vuln/detail/CVE-2026-32411) | 6.5 | MEDIUM | CWE-79 | No | 0.0% | 4.55 | 2026-03-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Simpma Embed Calen... |
| [CVE-2026-32410](https://nvd.nist.gov/vuln/detail/CVE-2026-32410) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-13 | Missing Authorization vulnerability in WBW Plugins WBW Currency Switcher for WooCommerce woo-currency allows Exploiting... |
| [CVE-2026-32409](https://nvd.nist.gov/vuln/detail/CVE-2026-32409) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-13 | Missing Authorization vulnerability in WPMU DEV - Your All-in-One WordPress Platform Forminator forminator allows Exploi... |
| [CVE-2026-32408](https://nvd.nist.gov/vuln/detail/CVE-2026-32408) | 4.3 | MEDIUM | CWE-862 | No | 0.0% | 3.01 | 2026-03-13 | Missing Authorization vulnerability in themefusecom Brizy brizy allows Exploiting Incorrectly Configured Access Control... |
| [CVE-2026-32407](https://nvd.nist.gov/vuln/detail/CVE-2026-32407) | 4.3 | MEDIUM | CWE-862 | No | 0.0% | 3.01 | 2026-03-13 | Missing Authorization vulnerability in WPClever WPC Smart Wishlist for WooCommerce woo-smart-wishlist allows Exploiting... |
| [CVE-2026-32406](https://nvd.nist.gov/vuln/detail/CVE-2026-32406) | 4.3 | MEDIUM | CWE-862 | No | 0.0% | 3.01 | 2026-03-13 | Missing Authorization vulnerability in WPClever WPC Product Bundles for WooCommerce woo-product-bundle allows Exploiting... |
| [CVE-2026-32405](https://nvd.nist.gov/vuln/detail/CVE-2026-32405) | 5.3 | MEDIUM | CWE-497 | No | 0.0% | 3.71 | 2026-03-13 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in xtemos WoodMart woodmart all... |
| [CVE-2026-32404](https://nvd.nist.gov/vuln/detail/CVE-2026-32404) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-13 | Missing Authorization vulnerability in Studio99 Studio99 WP Monitor studio99-wp-monitor allows Exploiting Incorrectly Co... |
| [CVE-2026-32403](https://nvd.nist.gov/vuln/detail/CVE-2026-32403) | 6.5 | MEDIUM | CWE-79 | No | 0.0% | 4.55 | 2026-03-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in toocheke Toocheke... |
| [CVE-2026-32402](https://nvd.nist.gov/vuln/detail/CVE-2026-32402) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-13 | Missing Authorization vulnerability in Ays Pro Image Slider by Ays ays-slider allows Exploiting Incorrectly Configured A... |
| [CVE-2026-32401](https://nvd.nist.gov/vuln/detail/CVE-2026-32401) | 7.2 | HIGH | CWE-98 | No | 0.2% | 5.04 | 2026-03-13 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-32400](https://nvd.nist.gov/vuln/detail/CVE-2026-32400) | 7.5 | HIGH | CWE-98 | No | 0.1% | 5.25 | 2026-03-13 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-32399](https://nvd.nist.gov/vuln/detail/CVE-2026-32399) | 8.5 | HIGH | CWE-89 | No | 0.0% | 5.95 | 2026-03-13 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David Lingren Medi... |
| [CVE-2026-32398](https://nvd.nist.gov/vuln/detail/CVE-2026-32398) | 5.3 | MEDIUM | CWE-362 | No | 0.1% | 3.71 | 2026-03-13 | Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Subrata Mal... |
| [CVE-2026-32397](https://nvd.nist.gov/vuln/detail/CVE-2026-32397) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-13 | Missing Authorization vulnerability in YMC Filter & Grids ymc-smart-filter allows Exploiting Incorrectly Configured Acce... |
| [CVE-2026-32396](https://nvd.nist.gov/vuln/detail/CVE-2026-32396) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-13 | Missing Authorization vulnerability in RadiusTheme Team tlp-team allows Exploiting Incorrectly Configured Access Control... |
| [CVE-2026-32395](https://nvd.nist.gov/vuln/detail/CVE-2026-32395) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-13 | Missing Authorization vulnerability in Xpro Xpro Addons For Beaver Builder &#8211; Lite xpro-addons-beaver-builder-eleme... |
| [CVE-2026-32394](https://nvd.nist.gov/vuln/detail/CVE-2026-32394) | 4.3 | MEDIUM | CWE-862 | No | 0.0% | 3.01 | 2026-03-13 | Missing Authorization vulnerability in PublishPress PublishPress Capabilities capability-manager-enhanced allows Exploit... |
| [CVE-2026-32393](https://nvd.nist.gov/vuln/detail/CVE-2026-32393) | 7.5 | HIGH | CWE-98 | No | 0.1% | 5.25 | 2026-03-13 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-32392](https://nvd.nist.gov/vuln/detail/CVE-2026-32392) | 7.5 | HIGH | CWE-98 | No | 0.1% | 5.25 | 2026-03-13 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-32391](https://nvd.nist.gov/vuln/detail/CVE-2026-32391) | 5.4 | MEDIUM | CWE-862 | No | 0.0% | 3.78 | 2026-03-13 | Missing Authorization vulnerability in linethemes SmartFix smartfix allows Exploiting Incorrectly Configured Access Cont... |
| [CVE-2026-32390](https://nvd.nist.gov/vuln/detail/CVE-2026-32390) | 5.4 | MEDIUM | CWE-862 | No | 0.0% | 3.78 | 2026-03-13 | Missing Authorization vulnerability in linethemes Nanosoft nanosoft allows Exploiting Incorrectly Configured Access Cont... |
| [CVE-2026-32388](https://nvd.nist.gov/vuln/detail/CVE-2026-32388) | 5.4 | MEDIUM | CWE-862 | No | 0.0% | 3.78 | 2026-03-13 | Missing Authorization vulnerability in linethemes GLB glb allows Exploiting Incorrectly Configured Access Control Securi... |
| [CVE-2026-32387](https://nvd.nist.gov/vuln/detail/CVE-2026-32387) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-13 | Missing Authorization vulnerability in Noor Alam Checkout for PayPal checkout-for-paypal allows Exploiting Incorrectly C... |
| [CVE-2026-32386](https://nvd.nist.gov/vuln/detail/CVE-2026-32386) | 5.4 | MEDIUM | CWE-862 | No | 0.0% | 3.78 | 2026-03-13 | Missing Authorization vulnerability in EnvoThemes Envo Extra envo-extra allows Exploiting Incorrectly Configured Access... |
| [CVE-2026-32385](https://nvd.nist.gov/vuln/detail/CVE-2026-32385) | 5.4 | MEDIUM | CWE-862 | No | 0.0% | 3.78 | 2026-03-13 | Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-mana... |
| [CVE-2026-32384](https://nvd.nist.gov/vuln/detail/CVE-2026-32384) | 7.5 | HIGH | CWE-98 | No | 0.1% | 5.25 | 2026-03-13 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-32383](https://nvd.nist.gov/vuln/detail/CVE-2026-32383) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-13 | Missing Authorization vulnerability in raratheme Ridhi ridhi allows Exploiting Incorrectly Configured Access Control Sec... |
| [CVE-2026-32382](https://nvd.nist.gov/vuln/detail/CVE-2026-32382) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-13 | Missing Authorization vulnerability in raratheme Digital Download digital-download allows Exploiting Incorrectly Configu... |
| [CVE-2026-32381](https://nvd.nist.gov/vuln/detail/CVE-2026-32381) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-13 | Missing Authorization vulnerability in raratheme App Landing Page app-landing-page allows Exploiting Incorrectly Configu... |
| [CVE-2026-32380](https://nvd.nist.gov/vuln/detail/CVE-2026-32380) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-13 | Missing Authorization vulnerability in raratheme Numinous numinous allows Exploiting Incorrectly Configured Access Contr... |
| [CVE-2026-32379](https://nvd.nist.gov/vuln/detail/CVE-2026-32379) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-13 | Missing Authorization vulnerability in raratheme Rara Academic rara-academic allows Exploiting Incorrectly Configured Ac... |
| [CVE-2026-32378](https://nvd.nist.gov/vuln/detail/CVE-2026-32378) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-13 | Missing Authorization vulnerability in raratheme Book Landing Page book-landing-page allows Exploiting Incorrectly Confi... |
| [CVE-2026-32377](https://nvd.nist.gov/vuln/detail/CVE-2026-32377) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-13 | Missing Authorization vulnerability in raratheme Pranayama Yoga pranayama-yoga allows Exploiting Incorrectly Configured... |
| [CVE-2026-32376](https://nvd.nist.gov/vuln/detail/CVE-2026-32376) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-13 | Missing Authorization vulnerability in raratheme Kalon kalon allows Exploiting Incorrectly Configured Access Control Sec... |
| [CVE-2026-32375](https://nvd.nist.gov/vuln/detail/CVE-2026-32375) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-13 | Missing Authorization vulnerability in raratheme Travel Diaries travel-diaries allows Exploiting Incorrectly Configured... |
| [CVE-2026-32374](https://nvd.nist.gov/vuln/detail/CVE-2026-32374) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-13 | Missing Authorization vulnerability in raratheme The Minimal the-minimal allows Exploiting Incorrectly Configured Access... |
| [CVE-2026-32373](https://nvd.nist.gov/vuln/detail/CVE-2026-32373) | 5.4 | MEDIUM | CWE-862 | No | 0.0% | 3.78 | 2026-03-13 | Missing Authorization vulnerability in Cozy Vision SMS Alert Order Notifications sms-alert allows Exploiting Incorrectly... |
| [CVE-2026-32372](https://nvd.nist.gov/vuln/detail/CVE-2026-32372) | 5.3 | MEDIUM | CWE-497 | No | 0.0% | 3.71 | 2026-03-13 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RadiusTheme ShopBuilder – El... |
| [CVE-2026-32371](https://nvd.nist.gov/vuln/detail/CVE-2026-32371) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-13 | Missing Authorization vulnerability in raratheme Elegant Pink elegant-pink allows Exploiting Incorrectly Configured Acce... |
| [CVE-2026-32370](https://nvd.nist.gov/vuln/detail/CVE-2026-32370) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-13 | Missing Authorization vulnerability in raratheme Influencer influencer allows Exploiting Incorrectly Configured Access C... |
| [CVE-2026-32369](https://nvd.nist.gov/vuln/detail/CVE-2026-32369) | 7.5 | HIGH | CWE-98 | No | 0.1% | 5.25 | 2026-03-13 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-32368](https://nvd.nist.gov/vuln/detail/CVE-2026-32368) | 8.5 | HIGH | CWE-89 | No | 0.0% | 5.95 | 2026-03-13 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in delphiknight Geo t... |
| [CVE-2026-32367](https://nvd.nist.gov/vuln/detail/CVE-2026-32367) | 9.1 | CRITICAL | CWE-94 | No | 0.1% | 6.37 | 2026-03-13 | Improper Control of Generation of Code ('Code Injection') vulnerability in Yannick Lefebvre Modal Dialog modal-dialog al... |
| [CVE-2026-32366](https://nvd.nist.gov/vuln/detail/CVE-2026-32366) | 8.5 | HIGH | CWE-89 | No | 0.0% | 5.95 | 2026-03-13 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in robfelty Collapsin... |
| [CVE-2026-32365](https://nvd.nist.gov/vuln/detail/CVE-2026-32365) | 8.5 | HIGH | CWE-89 | No | 0.0% | 5.95 | 2026-03-13 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in robfelty Collapsin... |
| [CVE-2026-32364](https://nvd.nist.gov/vuln/detail/CVE-2026-32364) | 7.5 | HIGH | CWE-98 | No | 0.1% | 5.25 | 2026-03-13 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-32363](https://nvd.nist.gov/vuln/detail/CVE-2026-32363) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-13 | Missing Authorization vulnerability in Funlus Oy WPLifeCycle free-php-version-info allows Exploiting Incorrectly Configu... |
| [CVE-2026-32362](https://nvd.nist.gov/vuln/detail/CVE-2026-32362) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-13 | Missing Authorization vulnerability in activity-log.com WP Sessions Time Monitoring Full Automatic activitytime allows E... |
| [CVE-2026-32361](https://nvd.nist.gov/vuln/detail/CVE-2026-32361) | 6.5 | MEDIUM | CWE-79 | No | 0.0% | 4.55 | 2026-03-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marketing Fire Edi... |
| [CVE-2026-32360](https://nvd.nist.gov/vuln/detail/CVE-2026-32360) | 5.9 | MEDIUM | CWE-79 | No | 0.0% | 4.13 | 2026-03-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in richplugins Rich S... |
| [CVE-2026-32359](https://nvd.nist.gov/vuln/detail/CVE-2026-32359) | 6.5 | MEDIUM | CWE-79 | No | 0.0% | 4.55 | 2026-03-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins Icon List... |
| [CVE-2026-32358](https://nvd.nist.gov/vuln/detail/CVE-2026-32358) | 7.6 | HIGH | CWE-89 | No | 0.0% | 5.32 | 2026-03-13 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdevelop Booking... |
| [CVE-2026-32357](https://nvd.nist.gov/vuln/detail/CVE-2026-32357) | 6.4 | MEDIUM | CWE-918 | No | 0.0% | 4.48 | 2026-03-13 | Server-Side Request Forgery (SSRF) vulnerability in Katsushi Kawamori Simple Blog Card simple-blog-card allows Server Si... |
| [CVE-2026-32356](https://nvd.nist.gov/vuln/detail/CVE-2026-32356) | 6.5 | MEDIUM | CWE-79 | No | 0.0% | 4.55 | 2026-03-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in robosoft Robo Gall... |
| [CVE-2026-32355](https://nvd.nist.gov/vuln/detail/CVE-2026-32355) | 8.8 | HIGH | CWE-502 | No | 0.1% | 6.16 | 2026-03-13 | Deserialization of Untrusted Data vulnerability in Crocoblock JetEngine jet-engine allows Object Injection.This issue af... |
| [CVE-2026-32354](https://nvd.nist.gov/vuln/detail/CVE-2026-32354) | 5.3 | MEDIUM | CWE-201 | No | 0.0% | 3.71 | 2026-03-13 | Insertion of Sensitive Information Into Sent Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Retri... |
| [CVE-2026-32353](https://nvd.nist.gov/vuln/detail/CVE-2026-32353) | 6.4 | MEDIUM | CWE-918 | No | 0.0% | 4.48 | 2026-03-13 | Server-Side Request Forgery (SSRF) vulnerability in MailerPress Team MailerPress mailerpress allows Server Side Request... |
| [CVE-2026-32352](https://nvd.nist.gov/vuln/detail/CVE-2026-32352) | 6.5 | MEDIUM | CWE-79 | No | 0.0% | 4.55 | 2026-03-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor Elemento... |
| [CVE-2026-32351](https://nvd.nist.gov/vuln/detail/CVE-2026-32351) | 5.9 | MEDIUM | CWE-79 | No | 0.0% | 4.13 | 2026-03-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in blubrry PowerPress... |
| [CVE-2026-32350](https://nvd.nist.gov/vuln/detail/CVE-2026-32350) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-13 | Missing Authorization vulnerability in wpradiant Chocolate House chocolate-house allows Exploiting Incorrectly Configure... |
| [CVE-2026-32349](https://nvd.nist.gov/vuln/detail/CVE-2026-32349) | 4.9 | MEDIUM | CWE-918 | No | 0.0% | 3.43 | 2026-03-13 | Server-Side Request Forgery (SSRF) vulnerability in Andy Fragen Embed PDF Viewer embed-pdf-viewer allows Server Side Req... |
| [CVE-2026-32348](https://nvd.nist.gov/vuln/detail/CVE-2026-32348) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-13 | Missing Authorization vulnerability in MadrasThemes MAS Videos masvideos allows Exploiting Incorrectly Configured Access... |
| [CVE-2026-32347](https://nvd.nist.gov/vuln/detail/CVE-2026-32347) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-13 | Missing Authorization vulnerability in raratheme Restaurant and Cafe restaurant-and-cafe allows Exploiting Incorrectly C... |
| [CVE-2026-32346](https://nvd.nist.gov/vuln/detail/CVE-2026-32346) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-13 | Missing Authorization vulnerability in raratheme Travel Agency travel-agency allows Exploiting Incorrectly Configured Ac... |
| [CVE-2026-32345](https://nvd.nist.gov/vuln/detail/CVE-2026-32345) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-13 | Missing Authorization vulnerability in raratheme Perfect Portfolio perfect-portfolio allows Exploiting Incorrectly Confi... |
| [CVE-2026-32344](https://nvd.nist.gov/vuln/detail/CVE-2026-32344) | 4.3 | MEDIUM | CWE-352 | No | 0.0% | 3.01 | 2026-03-13 | Cross-Site Request Forgery (CSRF) vulnerability in desertthemes Corpiva corpiva allows Cross Site Request Forgery.This i... |
| [CVE-2026-32343](https://nvd.nist.gov/vuln/detail/CVE-2026-32343) | 4.3 | MEDIUM | CWE-352 | No | 0.0% | 3.01 | 2026-03-13 | Cross-Site Request Forgery (CSRF) vulnerability in Magazine3 Easy Table of Contents easy-table-of-contents allows Cross... |
| [CVE-2026-32342](https://nvd.nist.gov/vuln/detail/CVE-2026-32342) | 4.3 | MEDIUM | CWE-352 | No | 0.0% | 3.01 | 2026-03-13 | Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Quiz Maker quiz-maker allows Cross Site Request Forgery.This... |
| [CVE-2026-32341](https://nvd.nist.gov/vuln/detail/CVE-2026-32341) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-13 | Missing Authorization vulnerability in raratheme Benevolent benevolent allows Exploiting Incorrectly Configured Access C... |
| [CVE-2026-32340](https://nvd.nist.gov/vuln/detail/CVE-2026-32340) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-13 | Missing Authorization vulnerability in raratheme Business One Page business-one-page allows Exploiting Incorrectly Confi... |
| [CVE-2026-32339](https://nvd.nist.gov/vuln/detail/CVE-2026-32339) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-13 | Missing Authorization vulnerability in raratheme Bakes And Cakes bakes-and-cakes allows Exploiting Incorrectly Configure... |
| [CVE-2026-32338](https://nvd.nist.gov/vuln/detail/CVE-2026-32338) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-13 | Missing Authorization vulnerability in raratheme Construction Landing Page construction-landing-page allows Exploiting I... |
| [CVE-2026-32337](https://nvd.nist.gov/vuln/detail/CVE-2026-32337) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-13 | Missing Authorization vulnerability in raratheme Preschool and Kindergarten preschool-and-kindergarten allows Exploiting... |
| [CVE-2026-32336](https://nvd.nist.gov/vuln/detail/CVE-2026-32336) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-13 | Missing Authorization vulnerability in raratheme Rara Business rara-business allows Exploiting Incorrectly Configured Ac... |
| [CVE-2026-32335](https://nvd.nist.gov/vuln/detail/CVE-2026-32335) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-13 | Missing Authorization vulnerability in raratheme The Conference the-conference allows Exploiting Incorrectly Configured... |
| [CVE-2026-32334](https://nvd.nist.gov/vuln/detail/CVE-2026-32334) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-13 | Missing Authorization vulnerability in raratheme JobScout jobscout allows Exploiting Incorrectly Configured Access Contr... |
| [CVE-2026-32332](https://nvd.nist.gov/vuln/detail/CVE-2026-32332) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-13 | Missing Authorization vulnerability in Ays Pro Easy Form easy-form allows Exploiting Incorrectly Configured Access Contr... |
| [CVE-2026-32331](https://nvd.nist.gov/vuln/detail/CVE-2026-32331) | 4.3 | MEDIUM | CWE-862 | No | 0.0% | 3.01 | 2026-03-13 | Missing Authorization vulnerability in Israpil Textmetrics webtexttool allows Exploiting Incorrectly Configured Access C... |
| [CVE-2026-32330](https://nvd.nist.gov/vuln/detail/CVE-2026-32330) | 4.3 | MEDIUM | CWE-352 | No | 0.0% | 3.01 | 2026-03-13 | Cross-Site Request Forgery (CSRF) vulnerability in 10Web Photo Gallery by 10Web photo-gallery allows Cross Site Request... |
| [CVE-2026-32329](https://nvd.nist.gov/vuln/detail/CVE-2026-32329) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-13 | Missing Authorization vulnerability in Ays Pro Advanced Related Posts advanced-related-posts allows Exploiting Incorrect... |
| [CVE-2026-32328](https://nvd.nist.gov/vuln/detail/CVE-2026-32328) | 5.4 | MEDIUM | CWE-352 | No | 0.0% | 3.78 | 2026-03-13 | Cross-Site Request Forgery (CSRF) vulnerability in shufflehound Lemmony lemmony allows Cross Site Request Forgery.This i... |
| [CVE-2026-32322](https://nvd.nist.gov/vuln/detail/CVE-2026-32322) | 5.3 | MEDIUM | CWE-697 | No | 0.0% | 3.71 | 2026-03-13 | soroban-sdk is a Rust SDK for Soroban contracts. Prior to 22.0.11, 23.5.3, and 25.3.0, The Fr (scalar field) types for B... |
| [CVE-2026-32320](https://nvd.nist.gov/vuln/detail/CVE-2026-32320) | 6.5 | MEDIUM | CWE-125 | No | 0.1% | 4.55 | 2026-03-13 | Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a PathSwitchReque... |
| [CVE-2026-32319](https://nvd.nist.gov/vuln/detail/CVE-2026-32319) | 7.5 | HIGH | CWE-125 | No | 0.1% | 5.25 | 2026-03-13 | Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a malformed integ... |
| [CVE-2026-32308](https://nvd.nist.gov/vuln/detail/CVE-2026-32308) | 7.6 | HIGH | CWE-79 | No | 0.0% | 5.32 | 2026-03-13 | OneUptime is a solution for monitoring and managing online services. Prior to 10.0.23, the Markdown viewer component ren... |
| [CVE-2026-32306](https://nvd.nist.gov/vuln/detail/CVE-2026-32306) | 9.9 | CRITICAL | CWE-89 | No | 0.5% | 6.94 | 2026-03-13 | OneUptime is a solution for monitoring and managing online services. Prior to 10.0.23, the telemetry aggregation API acc... |
| [CVE-2026-32304](https://nvd.nist.gov/vuln/detail/CVE-2026-32304) | 9.8 | CRITICAL | CWE-94 | No | 0.1% | 6.86 | 2026-03-13 | Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior to 3.0.14, the creat... |
| [CVE-2026-32302](https://nvd.nist.gov/vuln/detail/CVE-2026-32302) | 8.1 | HIGH | CWE-346 | No | 0.0% | 5.67 | 2026-03-13 | OpenClaw is a personal AI assistant. Prior to 2026.3.11, browser-originated WebSocket connections could bypass origin va... |
| [CVE-2026-32301](https://nvd.nist.gov/vuln/detail/CVE-2026-32301) | 9.3 | CRITICAL | CWE-918 | No | 0.1% | 6.51 | 2026-03-13 | Centrifugo is an open-source scalable real-time messaging server. Prior to 6.7.0, Centrifugo is vulnerable to Server-Sid... |
| [CVE-2026-31949](https://nvd.nist.gov/vuln/detail/CVE-2026-31949) | 6.5 | MEDIUM | CWE-248 | No | 0.1% | 4.55 | 2026-03-13 | LibreChat is a ChatGPT clone with additional features. Prior to 0.8.3-rc1, a Denial of Service (DoS) vulnerability exist... |
| [CVE-2026-31944](https://nvd.nist.gov/vuln/detail/CVE-2026-31944) | 7.6 | HIGH | CWE-306 | No | 0.0% | 5.32 | 2026-03-13 | LibreChat is a ChatGPT clone with additional features. From 0.8.2 to 0.8.2-rc3, The MCP (Model Context Protocol) OAuth c... |
| [CVE-2026-31922](https://nvd.nist.gov/vuln/detail/CVE-2026-31922) | 8.5 | HIGH | CWE-89 | No | 0.0% | 5.95 | 2026-03-13 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ays Pro Fox LMS fo... |
| [CVE-2026-31919](https://nvd.nist.gov/vuln/detail/CVE-2026-31919) | 4.3 | MEDIUM | CWE-862 | No | 0.0% | 3.01 | 2026-03-13 | Missing Authorization vulnerability in Josh Kohlbach Advanced Coupons for WooCommerce Coupons advanced-coupons-for-wooco... |
| [CVE-2026-31918](https://nvd.nist.gov/vuln/detail/CVE-2026-31918) | 6.5 | MEDIUM | CWE-79 | No | 0.0% | 4.55 | 2026-03-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in immonex immonex Ki... |
| [CVE-2026-31917](https://nvd.nist.gov/vuln/detail/CVE-2026-31917) | 8.5 | HIGH | CWE-89 | No | 0.0% | 5.95 | 2026-03-13 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP ERP erp... |
| [CVE-2026-31916](https://nvd.nist.gov/vuln/detail/CVE-2026-31916) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-13 | Missing Authorization vulnerability in Iulia Cazan Latest Post Shortcode latest-post-shortcode allows Exploiting Incorre... |
| [CVE-2026-31915](https://nvd.nist.gov/vuln/detail/CVE-2026-31915) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-13 | Missing Authorization vulnerability in UX-themes Flatsome flatsome allows Exploiting Incorrectly Configured Access Contr... |
| [CVE-2026-31899](https://nvd.nist.gov/vuln/detail/CVE-2026-31899) | 7.5 | HIGH | CWE-674 | No | 0.1% | 5.25 | 2026-03-13 | CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to Kozea/CairoSVG has exponential denial of se... |
| [CVE-2026-31897](https://nvd.nist.gov/vuln/detail/CVE-2026-31897) | 0.0 | NONE | CWE-125 | No | 0.0% | 0.00 | 2026-03-13 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, there is an out-of-bounds read in free... |
| [CVE-2026-31886](https://nvd.nist.gov/vuln/detail/CVE-2026-31886) | 9.1 | CRITICAL | CWE-22 | No | 0.2% | 6.38 | 2026-03-13 | Dagu is a workflow engine with a built-in Web user interface. Prior to 2.2.4, the dagRunId request field accepted by the... |
| [CVE-2026-31885](https://nvd.nist.gov/vuln/detail/CVE-2026-31885) | 6.5 | MEDIUM | CWE-125 | No | 0.0% | 4.55 | 2026-03-13 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, there is an out-of-bounds read in MS-A... |
| [CVE-2026-31884](https://nvd.nist.gov/vuln/detail/CVE-2026-31884) | 6.5 | MEDIUM | CWE-369 | No | 0.0% | 4.55 | 2026-03-13 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, division by zero in MS-ADPCM and IMA-A... |
| [CVE-2026-31883](https://nvd.nist.gov/vuln/detail/CVE-2026-31883) | 6.5 | MEDIUM | CWE-122 | No | 0.0% | 4.55 | 2026-03-13 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a size_t underflow in the IMA-ADPCM an... |
| [CVE-2026-31882](https://nvd.nist.gov/vuln/detail/CVE-2026-31882) | 7.5 | HIGH | CWE-306 | No | 0.3% | 5.26 | 2026-03-13 | Dagu is a workflow engine with a built-in Web user interface. Prior to 2.2.4, when Dagu is configured with HTTP Basic au... |
| [CVE-2026-31864](https://nvd.nist.gov/vuln/detail/CVE-2026-31864) | 6.8 | MEDIUM | CWE-1336 | No | 0.1% | 4.76 | 2026-03-13 | JumpServer is an open source bastion host and an operation and maintenance security audit system. a Server-Side Template... |
| [CVE-2026-31814](https://nvd.nist.gov/vuln/detail/CVE-2026-31814) | 8.7 | HIGH | CWE-190 | No | 0.1% | 6.09 | 2026-03-13 | Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. From 0.13.0 to before 0.13.9, a special... |
| [CVE-2026-31806](https://nvd.nist.gov/vuln/detail/CVE-2026-31806) | 9.3 | CRITICAL | CWE-122 | No | 0.0% | 6.51 | 2026-03-13 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0,  the gdi_surface_bits() function proce... |
| [CVE-2026-31798](https://nvd.nist.gov/vuln/detail/CVE-2026-31798) | 5.0 | MEDIUM | CWE-295 | No | 0.0% | 3.50 | 2026-03-13 | JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v4.10.16-lts,... |
| [CVE-2026-30961](https://nvd.nist.gov/vuln/detail/CVE-2026-30961) | 4.3 | MEDIUM | CWE-770 | No | 0.0% | 3.01 | 2026-03-13 | Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, the chunke... |
| [CVE-2026-30955](https://nvd.nist.gov/vuln/detail/CVE-2026-30955) | 6.5 | MEDIUM | CWE-400 | No | 0.0% | 4.55 | 2026-03-13 | Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, An API end... |
| [CVE-2026-30943](https://nvd.nist.gov/vuln/detail/CVE-2026-30943) | 4.1 | MEDIUM | CWE-863 | No | 0.0% | 2.87 | 2026-03-13 | Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, An insuffi... |
| [CVE-2026-30915](https://nvd.nist.gov/vuln/detail/CVE-2026-30915) | 5.3 | MEDIUM | CWE-22 | No | 0.1% | 3.71 | 2026-03-13 | SFTPGo is an open source, event-driven file transfer solution. SFTPGo versions before v2.7.1 contain an input validation... |
| [CVE-2026-30914](https://nvd.nist.gov/vuln/detail/CVE-2026-30914) | 5.3 | MEDIUM | CWE-22 | No | 0.0% | 3.71 | 2026-03-13 | SFTPGo is an open source, event-driven file transfer solution. In SFTPGo versions prior to 2.7.1, a path normalization d... |
| [CVE-2026-30853](https://nvd.nist.gov/vuln/detail/CVE-2026-30853) | 5.0 | MEDIUM | CWE-22 | No | 0.0% | 3.50 | 2026-03-13 | calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to 9.5.0, a p... |
| [CVE-2026-2890](https://nvd.nist.gov/vuln/detail/CVE-2026-2890) | 7.5 | HIGH | CWE-862 | No | 0.1% | 5.25 | 2026-03-13 | The Formidable Forms plugin for WordPress is vulnerable to a payment integrity bypass in all versions up to, and includi... |
| [CVE-2026-2888](https://nvd.nist.gov/vuln/detail/CVE-2026-2888) | 5.3 | MEDIUM | CWE-639 | No | 0.1% | 3.71 | 2026-03-13 | The Formidable Forms plugin for WordPress is vulnerable to an authorization bypass through user-controlled key in all ve... |
| [CVE-2026-2879](https://nvd.nist.gov/vuln/detail/CVE-2026-2879) | 5.4 | MEDIUM | CWE-639 | No | 0.0% | 3.78 | 2026-03-13 | The GetGenie plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including... |
| [CVE-2026-2859](https://nvd.nist.gov/vuln/detail/CVE-2026-2859) | 6.3 | MEDIUM | CWE-204 | No | 0.0% | 4.41 | 2026-03-13 | Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p23, 2.3.0 before 2.3.0p43, and 2.2.0 (EOL) allows... |
| [CVE-2026-2257](https://nvd.nist.gov/vuln/detail/CVE-2026-2257) | 6.4 | MEDIUM | CWE-639 | No | 0.0% | 4.48 | 2026-03-13 | The GetGenie plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including... |
| [CVE-2026-29776](https://nvd.nist.gov/vuln/detail/CVE-2026-29776) | 3.1 | LOW | CWE-190 | No | 0.0% | 2.17 | 2026-03-13 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, Integer Underflow in update_read_cache... |
| [CVE-2026-29775](https://nvd.nist.gov/vuln/detail/CVE-2026-29775) | 5.3 | MEDIUM | CWE-787 | No | 0.1% | 3.71 | 2026-03-13 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a client-side heap out-of-bounds read/... |
| [CVE-2026-29774](https://nvd.nist.gov/vuln/detail/CVE-2026-29774) | 5.3 | MEDIUM | CWE-787 | No | 0.1% | 3.71 | 2026-03-13 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a client-side heap buffer overflow occ... |
| [CVE-2026-29079](https://nvd.nist.gov/vuln/detail/CVE-2026-29079) | 8.2 | HIGH | CWE-843 | No | 0.1% | 5.74 | 2026-03-13 | Lexbor is a web browser engine library. Prior to 2.7.0, a type‑confusion vulnerability exists in Lexbor’s HTML fragment... |
| [CVE-2026-29078](https://nvd.nist.gov/vuln/detail/CVE-2026-29078) | 8.2 | HIGH | CWE-191 | No | 0.1% | 5.74 | 2026-03-13 | Lexbor is a web browser engine library. Prior to 2.7.0, the ISO‑2022‑JP encoder in Lexbor fails to reset the temporary s... |
| [CVE-2026-26954](https://nvd.nist.gov/vuln/detail/CVE-2026-26954) | 10.0 | CRITICAL | CWE-94 | No | 0.1% | 7.00 | 2026-03-13 | SandboxJS is a JavaScript sandboxing library. Prior to 0.8.34, it is possible to obtain arrays containing Function, whic... |
| [CVE-2026-25823](https://nvd.nist.gov/vuln/detail/CVE-2026-25823) | 9.8 | CRITICAL | CWE-121 | No | 0.3% | 6.87 | 2026-03-13 | HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23... |
| [CVE-2026-25819](https://nvd.nist.gov/vuln/detail/CVE-2026-25819) | 7.5 | HIGH | CWE-400 | No | 0.3% | 5.26 | 2026-03-13 | HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23... |
| [CVE-2026-25818](https://nvd.nist.gov/vuln/detail/CVE-2026-25818) | 9.1 | CRITICAL | CWE-315 | No | 0.0% | 6.37 | 2026-03-13 | HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23... |
| [CVE-2026-25817](https://nvd.nist.gov/vuln/detail/CVE-2026-25817) | 8.8 | HIGH | CWE-94 | No | 0.3% | 6.17 | 2026-03-13 | HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23... |
| [CVE-2026-25076](https://nvd.nist.gov/vuln/detail/CVE-2026-25076) | 8.5 | HIGH | CWE-89 | No | 0.1% | 5.95 | 2026-03-13 | Anchore Enterprise versions before 5.25.1 contain an SQL injection vulnerability in the GraphQL Reports API. An authenti... |
| [CVE-2026-24097](https://nvd.nist.gov/vuln/detail/CVE-2026-24097) | 5.3 | MEDIUM | CWE-204 | No | 0.0% | 3.71 | 2026-03-13 | Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p23, 2.3.0 before 2.3.0p43, and 2.2.0 (EOL) allows... |
| [CVE-2026-22216](https://nvd.nist.gov/vuln/detail/CVE-2026-22216) | 6.9 | MEDIUM | CWE-799 | No | 0.1% | 4.83 | 2026-03-13 | wpDiscuz before 7.6.47 contains a missing rate limiting vulnerability that allows unauthenticated attackers to subscribe... |
| [CVE-2026-22215](https://nvd.nist.gov/vuln/detail/CVE-2026-22215) | 5.3 | MEDIUM | CWE-352 | No | 0.0% | 3.71 | 2026-03-13 | wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerability in the getFollowsPage() function that allows... |
| [CVE-2026-22210](https://nvd.nist.gov/vuln/detail/CVE-2026-22210) | 2.1 | LOW | CWE-79 | No | 0.0% | 1.47 | 2026-03-13 | wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability that allows attackers to inject malicious code thro... |
| [CVE-2026-22209](https://nvd.nist.gov/vuln/detail/CVE-2026-22209) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-03-13 | wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability in the customCss field that allows administrators t... |
| [CVE-2026-22204](https://nvd.nist.gov/vuln/detail/CVE-2026-22204) | 6.3 | MEDIUM | CWE-20 | No | 0.1% | 4.41 | 2026-03-13 | wpDiscuz before 7.6.47 contains an email header injection vulnerability that allows attackers to manipulate mail recipie... |
| [CVE-2026-22203](https://nvd.nist.gov/vuln/detail/CVE-2026-22203) | 6.9 | MEDIUM | CWE-200 | No | 0.0% | 4.83 | 2026-03-13 | wpDiscuz before 7.6.47 contains an information disclosure vulnerability that allows administrators to inadvertently expo... |
| [CVE-2026-22202](https://nvd.nist.gov/vuln/detail/CVE-2026-22202) | 6.1 | MEDIUM | CWE-352 | No | 0.0% | 4.27 | 2026-03-13 | wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerability that allows attackers to delete all comments... |
| [CVE-2026-22201](https://nvd.nist.gov/vuln/detail/CVE-2026-22201) | 6.9 | MEDIUM | CWE-348 | No | 0.0% | 4.83 | 2026-03-13 | wpDiscuz before 7.6.47 contains an IP spoofing vulnerability in the getIP() function that allows attackers to bypass IP-... |
| [CVE-2026-22199](https://nvd.nist.gov/vuln/detail/CVE-2026-22199) | 6.9 | MEDIUM | CWE-290 | No | 0.0% | 4.83 | 2026-03-13 | wpDiscuz before 7.6.47 contains a vote manipulation vulnerability that allows attackers to manipulate comment votes by o... |
| [CVE-2026-22193](https://nvd.nist.gov/vuln/detail/CVE-2026-22193) | 9.2 | CRITICAL | CWE-89 | No | 0.0% | 6.44 | 2026-03-13 | wpDiscuz before 7.6.47 contains an SQL injection vulnerability in the getAllSubscriptions() function where string parame... |
| [CVE-2026-22192](https://nvd.nist.gov/vuln/detail/CVE-2026-22192) | 6.3 | MEDIUM | CWE-79 | No | 0.0% | 4.41 | 2026-03-13 | wpDiscuz before 7.6.47 contains a stored cross-site scripting vulnerability that allows authenticated attackers to injec... |
| [CVE-2026-22191](https://nvd.nist.gov/vuln/detail/CVE-2026-22191) | 6.9 | MEDIUM | CWE-94 | No | 0.0% | 4.83 | 2026-03-13 | wpDiscuz before 7.6.47 contains a shortcode injection vulnerability that allows attackers to execute arbitrary shortcode... |
| [CVE-2026-22183](https://nvd.nist.gov/vuln/detail/CVE-2026-22183) | 5.3 | MEDIUM | CWE-79 | No | 0.0% | 3.71 | 2026-03-13 | wpDiscuz before 7.6.47 contains a stored cross-site scripting vulnerability in the inline comment preview functionality... |
| [CVE-2026-22182](https://nvd.nist.gov/vuln/detail/CVE-2026-22182) | 8.7 | HIGH | CWE-862 | No | 0.0% | 6.09 | 2026-03-13 | wpDiscuz before 7.6.47 contains an unauthenticated denial of service vulnerability that allows anonymous users to trigge... |
| [CVE-2026-1704](https://nvd.nist.gov/vuln/detail/CVE-2026-1704) | 4.3 | MEDIUM | CWE-639 | No | 0.0% | 3.01 | 2026-03-13 | The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Ins... |
| [CVE-2026-1668](https://nvd.nist.gov/vuln/detail/CVE-2026-1668) | 7.7 | HIGH | CWE-20 | No | 0.4% | 5.40 | 2026-03-13 | The web interface on multiple Omada switches does not adequately validate certain external inputs, which may lead to out... |
| [CVE-2026-0957](https://nvd.nist.gov/vuln/detail/CVE-2026-0957) | 8.5 | HIGH | CWE-787 | No | 0.0% | 5.95 | 2026-03-13 | There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted file in Digilent DASYL... |
| [CVE-2026-0956](https://nvd.nist.gov/vuln/detail/CVE-2026-0956) | 8.5 | HIGH | CWE-125 | No | 0.0% | 5.95 | 2026-03-13 | There is a memory corruption vulnerability due to an out-of-bounds read when loading a corrupted file in Digilent DASYLa... |
| [CVE-2026-0955](https://nvd.nist.gov/vuln/detail/CVE-2026-0955) | 8.5 | HIGH | CWE-125 | No | 0.0% | 5.95 | 2026-03-13 | There is a memory corruption vulnerability due to an out-of-bounds read when loading a corrupted file in Digilent DASYLa... |
| [CVE-2026-0954](https://nvd.nist.gov/vuln/detail/CVE-2026-0954) | 8.5 | HIGH | CWE-787 | No | 0.0% | 5.95 | 2026-03-13 | There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted DSB file in Digilent D... |
| [CVE-2026-0835](https://nvd.nist.gov/vuln/detail/CVE-2026-0835) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-13 | IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0... |
| [CVE-2025-8766](https://nvd.nist.gov/vuln/detail/CVE-2025-8766) | 6.4 | MEDIUM | CWE-276 | No | 0.0% | 4.48 | 2026-03-13 | A container privilege escalation flaw was found in certain Multi-Cloud Object Gateway Core images. This issue stems from... |
| [CVE-2025-71263](https://nvd.nist.gov/vuln/detail/CVE-2025-71263) | 7.4 | HIGH | CWE-120 | No | 0.0% | 5.18 | 2026-03-13 | In UNIX Fourth Research Edition (v4), the su command is vulnerable to a buffer overflow due to the 'password' variable h... |
| [CVE-2025-57849](https://nvd.nist.gov/vuln/detail/CVE-2025-57849) | 6.4 | MEDIUM | CWE-276 | No | 0.0% | 4.48 | 2026-03-13 | A container privilege escalation flaw was found in certain Fuse images. This issue stems from the /etc/passwd file being... |
| [CVE-2025-36368](https://nvd.nist.gov/vuln/detail/CVE-2025-36368) | 6.5 | MEDIUM | CWE-89 | No | 0.0% | 4.55 | 2026-03-13 | IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, and 6.2.... |
| [CVE-2025-15515](https://nvd.nist.gov/vuln/detail/CVE-2025-15515) | 6.9 | MEDIUM | CWE-306 | No | 0.0% | 4.83 | 2026-03-13 | The authentication mechanism for a specific feature in the EasyShare module contains a vulnerability. If specific condit... |
| [CVE-2025-14811](https://nvd.nist.gov/vuln/detail/CVE-2025-14811) | 3.1 | LOW | CWE-598 | No | 0.0% | 2.17 | 2026-03-13 | IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to o... |
| [CVE-2025-14504](https://nvd.nist.gov/vuln/detail/CVE-2025-14504) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-13 | IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0... |
| [CVE-2025-14483](https://nvd.nist.gov/vuln/detail/CVE-2025-14483) | 4.3 | MEDIUM | CWE-201 | No | 0.0% | 3.01 | 2026-03-13 | IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0... |
| [CVE-2025-13779](https://nvd.nist.gov/vuln/detail/CVE-2025-13779) | 7.2 | HIGH | CWE-306 | No | 0.0% | 5.04 | 2026-03-13 | Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AW... |
| [CVE-2025-13778](https://nvd.nist.gov/vuln/detail/CVE-2025-13778) | 7.1 | HIGH | CWE-306 | No | 0.0% | 4.97 | 2026-03-13 | Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AW... |
| [CVE-2025-13777](https://nvd.nist.gov/vuln/detail/CVE-2025-13777) | 7.2 | HIGH | CWE-294 | No | 0.0% | 5.04 | 2026-03-13 | Authentication bypass by capture-replay vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW... |
| [CVE-2025-13726](https://nvd.nist.gov/vuln/detail/CVE-2025-13726) | 5.3 | MEDIUM | CWE-209 | No | 0.1% | 3.71 | 2026-03-13 | IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow a remote attacke... |
| [CVE-2025-13723](https://nvd.nist.gov/vuln/detail/CVE-2025-13723) | 5.3 | MEDIUM | CWE-324 | No | 0.0% | 3.71 | 2026-03-13 | IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to o... |
| [CVE-2025-13718](https://nvd.nist.gov/vuln/detail/CVE-2025-13718) | 3.7 | LOW | CWE-319 | No | 0.0% | 2.59 | 2026-03-13 | IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow a remote attacke... |
| [CVE-2025-13702](https://nvd.nist.gov/vuln/detail/CVE-2025-13702) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-03-13 | IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 is vulnerable to cross-site... |
| [CVE-2025-13337](https://nvd.nist.gov/vuln/detail/CVE-2025-13337) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-03-13 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. |
| [CVE-2023-40693](https://nvd.nist.gov/vuln/detail/CVE-2023-40693) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-13 | IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, and 6.2.0.0 through 6.2.0.5_1, 6.2.... |
| [CVE-2026-3611](https://nvd.nist.gov/vuln/detail/CVE-2026-3611) | 10.0 | CRITICAL | CWE-306 | No | 0.2% | 7.01 | 2026-03-12 | The Honeywell IQ4x building management controller, exposes its full web-based HMI without authentication in its factory-... |
| [CVE-2026-32274](https://nvd.nist.gov/vuln/detail/CVE-2026-32274) | 8.7 | HIGH | CWE-22 | No | 0.0% | 6.09 | 2026-03-12 | Black is the uncompromising Python code formatter. Prior to 26.3.1, Black writes a cache file, the name of which is comp... |
| [CVE-2026-32269](https://nvd.nist.gov/vuln/detail/CVE-2026-32269) | 6.3 | MEDIUM | CWE-683 | No | 0.0% | 4.41 | 2026-03-12 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-a... |
| [CVE-2026-32260](https://nvd.nist.gov/vuln/detail/CVE-2026-32260) | 8.1 | HIGH | CWE-78 | No | 0.1% | 5.67 | 2026-03-12 | Deno is a JavaScript, TypeScript, and WebAssembly runtime. From 2.7.0 to 2.7.1,  A command injection vulnerability exist... |
| [CVE-2026-32259](https://nvd.nist.gov/vuln/detail/CVE-2026-32259) | 6.7 | MEDIUM | CWE-121 | No | 0.0% | 4.69 | 2026-03-12 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-16 and 6.9... |
| [CVE-2026-32251](https://nvd.nist.gov/vuln/detail/CVE-2026-32251) | 9.3 | CRITICAL | CWE-611 | No | 0.0% | 6.51 | 2026-03-12 | Tolgee is an open-source localization platform. Prior to 3.166.3, the XML parsers used for importing Android XML resourc... |
| [CVE-2026-32249](https://nvd.nist.gov/vuln/detail/CVE-2026-32249) | 5.3 | MEDIUM | CWE-476 | No | 0.0% | 3.71 | 2026-03-12 | Vim is an open source, command line text editor. From 9.1.0011 to before 9.2.0137, Vim's NFA regex compiler, when encoun... |
| [CVE-2026-32248](https://nvd.nist.gov/vuln/detail/CVE-2026-32248) | 9.3 | CRITICAL | CWE-943 | No | 0.1% | 6.51 | 2026-03-12 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-a... |
| [CVE-2026-32240](https://nvd.nist.gov/vuln/detail/CVE-2026-32240) | 6.3 | MEDIUM | CWE-197 | No | 0.1% | 4.41 | 2026-03-12 | Cap'n Proto is a data interchange format and capability-based RPC system. Prior to 1.4.0, when using Transfer-Encoding:... |
| [CVE-2026-32239](https://nvd.nist.gov/vuln/detail/CVE-2026-32239) | 6.3 | MEDIUM | CWE-190 | No | 0.1% | 4.41 | 2026-03-12 | Cap'n Proto is a data interchange format and capability-based RPC system. Prior to 1.4.0, a negative Content-Length valu... |
| [CVE-2026-3497](https://nvd.nist.gov/vuln/detail/CVE-2026-3497) | 6.9 | MEDIUM | CWE-908 | No | 0.0% | 4.83 | 2026-03-12 | Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI... |
| [CVE-2026-32247](https://nvd.nist.gov/vuln/detail/CVE-2026-32247) | 8.1 | HIGH | CWE-943 | No | 0.0% | 5.67 | 2026-03-12 | Graphiti is a framework for building and querying temporal context graphs for AI agents. Graphiti versions before 0.28.2... |
| [CVE-2026-32246](https://nvd.nist.gov/vuln/detail/CVE-2026-32246) | 8.5 | HIGH | CWE-287 | No | 0.0% | 5.95 | 2026-03-12 | Tinyauth is an authentication and authorization server. Prior to 5.0.3, the OIDC authorization endpoint allows users wit... |
| [CVE-2026-32245](https://nvd.nist.gov/vuln/detail/CVE-2026-32245) | 6.5 | MEDIUM | CWE-863 | No | 0.1% | 4.55 | 2026-03-12 | Tinyauth is an authentication and authorization server. Prior to 5.0.3, the OIDC token endpoint does not verify that the... |
| [CVE-2026-32242](https://nvd.nist.gov/vuln/detail/CVE-2026-32242) | 9.1 | CRITICAL | CWE-362 | No | 0.1% | 6.37 | 2026-03-12 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-a... |
| [CVE-2026-32237](https://nvd.nist.gov/vuln/detail/CVE-2026-32237) | 4.4 | MEDIUM | CWE-200 | No | 0.0% | 3.08 | 2026-03-12 | Backstage is an open framework for building developer portals. Prior to 3.1.5, authenticated users with permission to ex... |
| [CVE-2026-32235](https://nvd.nist.gov/vuln/detail/CVE-2026-32235) | 5.9 | MEDIUM | CWE-601 | No | 0.0% | 4.13 | 2026-03-12 | Backstage is an open framework for building developer portals. Prior to 0.27.1, the experimental OIDC provider in @backs... |
| [CVE-2026-32232](https://nvd.nist.gov/vuln/detail/CVE-2026-32232) | 8.8 | HIGH | CWE-22 | No | 0.1% | 6.16 | 2026-03-12 | ZeptoClaw is a personal AI assistant. Prior to 0.7.6, there is a Dangling Symlink Component Bypass, TOCTOU Between Valid... |
| [CVE-2026-32231](https://nvd.nist.gov/vuln/detail/CVE-2026-32231) | 8.2 | HIGH | CWE-306 | No | 0.0% | 5.74 | 2026-03-12 | ZeptoClaw is a personal AI assistant. Prior to 0.7.6, the generic webhook channel trusts caller-supplied identity fields... |
| [CVE-2026-32230](https://nvd.nist.gov/vuln/detail/CVE-2026-32230) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-12 | Uptime Kuma is an open source, self-hosted monitoring tool. From 2.0.0 to 2.1.3 , the GET /api/badge/:id/ping/:duration?... |
| [CVE-2026-32142](https://nvd.nist.gov/vuln/detail/CVE-2026-32142) | 5.3 | MEDIUM | CWE-200 | No | 0.0% | 3.71 | 2026-03-12 | Shopware is an open commerce platform. /api/_info/config route exposes information about licenses. This vulnerability is... |
| [CVE-2026-32138](https://nvd.nist.gov/vuln/detail/CVE-2026-32138) | 8.2 | HIGH | CWE-284 | No | 0.1% | 5.74 | 2026-03-12 | NEXULEAN is a cybersecurity portfolio & service platform for an Ethical Hacker, AI Enthusiast, and Penetration Tester. P... |
| [CVE-2026-26793](https://nvd.nist.gov/vuln/detail/CVE-2026-26793) | 9.8 | CRITICAL | CWE-77 | No | 0.9% | 6.89 | 2026-03-12 | GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the set_config function. Thi... |
| [CVE-2025-70873](https://nvd.nist.gov/vuln/detail/CVE-2025-70873) | 7.5 | HIGH | CWE-244 | No | 0.0% | 5.25 | 2026-03-12 | An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier al... |
| [CVE-2025-70245](https://nvd.nist.gov/vuln/detail/CVE-2025-70245) | 9.8 | CRITICAL | CWE-787 | No | 0.1% | 6.86 | 2026-03-12 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWizardSelectMode. |
| [CVE-2025-66955](https://nvd.nist.gov/vuln/detail/CVE-2025-66955) | 6.5 | MEDIUM | N/A | No | 0.1% | 4.55 | 2026-03-12 | Local File Inclusion in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote authenticated... |
| [CVE-2025-61154](https://nvd.nist.gov/vuln/detail/CVE-2025-61154) | 6.5 | MEDIUM | CWE-122 | No | 0.1% | 4.55 | 2026-03-12 | Heap buffer overflow vulnerability in LibreDWG versions v0.13.3.7571 up to v0.13.3.7835 allows a crafted DWG file to cau... |
| [CVE-2025-13913](https://nvd.nist.gov/vuln/detail/CVE-2025-13913) | 5.4 | MEDIUM | CWE-502 | No | 0.0% | 3.78 | 2026-03-12 | A privileged Ignition user, intentionally or otherwise, imports an external file with a specially crafted payload, which... |
| [CVE-2026-3841](https://nvd.nist.gov/vuln/detail/CVE-2026-3841) | 8.5 | HIGH | CWE-78 | No | 1.0% | 5.98 | 2026-03-12 | A command injection vulnerability has been identified in the Telnet command-line interface (CLI) of TP-Link TL-MR6400 v5... |
| [CVE-2026-32141](https://nvd.nist.gov/vuln/detail/CVE-2026-32141) | 7.5 | HIGH | CWE-674 | No | 0.0% | 5.25 | 2026-03-12 | flatted is a circular JSON parser. Prior to 3.4.0, flatted's parse() function uses a recursive revive() phase to resolve... |
| [CVE-2026-32140](https://nvd.nist.gov/vuln/detail/CVE-2026-32140) | 9.3 | CRITICAL | CWE-22 | No | 0.4% | 6.52 | 2026-03-12 | Dataease is an open source data visualization analysis tool. Prior to 2.10.20, By controlling the IniFile parameter, an... |
| [CVE-2026-32139](https://nvd.nist.gov/vuln/detail/CVE-2026-32139) | 5.3 | MEDIUM | CWE-79 | No | 0.0% | 3.71 | 2026-03-12 | Dataease is an open source data visualization analysis tool. In DataEase 2.10.19 and earlier, the static resource upload... |
| [CVE-2026-32137](https://nvd.nist.gov/vuln/detail/CVE-2026-32137) | 9.3 | CRITICAL | CWE-89 | No | 0.1% | 6.51 | 2026-03-12 | Dataease is an open source data visualization analysis tool. Prior to 2.10.20, The table parameter for /de2api/datasourc... |
| [CVE-2026-32129](https://nvd.nist.gov/vuln/detail/CVE-2026-32129) | 8.7 | HIGH | CWE-328 | No | 0.0% | 6.09 | 2026-03-12 | soroban-poseidon provides Poseidon and Poseidon2 cryptographic hash functions for Soroban smart contracts. Poseidon V1 (... |
| [CVE-2026-32116](https://nvd.nist.gov/vuln/detail/CVE-2026-32116) | 8.2 | HIGH | CWE-22 | No | 0.1% | 5.74 | 2026-03-12 | Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. From 0.21.0... |
| [CVE-2026-32100](https://nvd.nist.gov/vuln/detail/CVE-2026-32100) | 5.3 | MEDIUM | CWE-200 | No | 0.0% | 3.71 | 2026-03-12 | Shopware is an open commerce platform. /api/_info/config route exposes information about active security fixes. This vul... |
| [CVE-2026-31890](https://nvd.nist.gov/vuln/detail/CVE-2026-31890) | 4.8 | MEDIUM | CWE-223 | No | 0.0% | 3.36 | 2026-03-12 | Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Li... |
| [CVE-2026-31873](https://nvd.nist.gov/vuln/detail/CVE-2026-31873) | 0.0 | NONE | CWE-79 | No | 0.0% | 0.00 | 2026-03-12 | Unhead is a document head and template manager. Prior to 2.1.11, The link.href check in makeTagSafe (safe.ts) uses Strin... |
| [CVE-2026-31860](https://nvd.nist.gov/vuln/detail/CVE-2026-31860) | 5.3 | MEDIUM | CWE-79 | No | 0.0% | 3.71 | 2026-03-12 | Unhead is a document head and template manager. Prior to 2.1.11, useHeadSafe() can be bypassed to inject arbitrary HTML... |
| [CVE-2026-28256](https://nvd.nist.gov/vuln/detail/CVE-2026-28256) | 6.9 | MEDIUM | CWE-547 | No | 0.1% | 4.83 | 2026-03-12 | A Use of Hard-coded, Security-relevant Constants vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge coul... |
| [CVE-2026-28255](https://nvd.nist.gov/vuln/detail/CVE-2026-28255) | 8.2 | HIGH | CWE-798 | No | 0.0% | 5.74 | 2026-03-12 | A Use of Hard-coded Credentials vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attack... |
| [CVE-2026-28254](https://nvd.nist.gov/vuln/detail/CVE-2026-28254) | 6.9 | MEDIUM | CWE-862 | No | 0.0% | 4.83 | 2026-03-12 | A Missing Authorization vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticate... |
| [CVE-2026-28253](https://nvd.nist.gov/vuln/detail/CVE-2026-28253) | 8.7 | HIGH | CWE-789 | No | 0.1% | 6.09 | 2026-03-12 | A Memory Allocation with Excessive Size Value vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could a... |
| [CVE-2026-28252](https://nvd.nist.gov/vuln/detail/CVE-2026-28252) | 9.2 | CRITICAL | CWE-327 | No | 0.0% | 6.44 | 2026-03-12 | A Use of a Broken or Risky Cryptographic Algorithm vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge co... |
| [CVE-2026-26795](https://nvd.nist.gov/vuln/detail/CVE-2026-26795) | 9.8 | CRITICAL | CWE-77 | No | 0.9% | 6.89 | 2026-03-12 | GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the module parameter in the... |
| [CVE-2026-26794](https://nvd.nist.gov/vuln/detail/CVE-2026-26794) | 8.8 | HIGH | CWE-89 | No | 0.3% | 6.17 | 2026-03-12 | GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a SQL injection vulnerability via the add_group() function. This v... |
| [CVE-2026-26792](https://nvd.nist.gov/vuln/detail/CVE-2026-26792) | 9.8 | CRITICAL | CWE-77 | No | 0.9% | 6.89 | 2026-03-12 | GL-iNet GL-AR300M16 v4.3.11 was discovered to contain multiple command injection vulnerabilities in the set_upgrade func... |
| [CVE-2026-26791](https://nvd.nist.gov/vuln/detail/CVE-2026-26791) | 9.8 | CRITICAL | CWE-77 | No | 0.9% | 6.89 | 2026-03-12 | GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the string port parameter in... |
| [CVE-2025-13462](https://nvd.nist.gov/vuln/detail/CVE-2025-13462) | 2.0 | LOW | CWE-20 | No | 0.0% | 1.40 | 2026-03-12 | The "tarfile" module would still apply normalization of AREGTYPE (\x00) blocks to DIRTYPE, even while processing a multi... |
| [CVE-2026-4045](https://nvd.nist.gov/vuln/detail/CVE-2026-4045) | 6.3 | MEDIUM | CWE-203 | No | 0.0% | 4.41 | 2026-03-12 | A flaw has been found in projectsend up to r1945. This impacts an unknown function of the file includes/Classes/Auth.php... |
| [CVE-2026-31841](https://nvd.nist.gov/vuln/detail/CVE-2026-31841) | 6.5 | MEDIUM | CWE-433 | No | 0.0% | 4.55 | 2026-03-12 | Hyperterse is a tool-first MCP framework for building AI-ready backend surfaces from declarative config. Prior to v2.2.0... |
| [CVE-2026-29066](https://nvd.nist.gov/vuln/detail/CVE-2026-29066) | 6.2 | MEDIUM | CWE-200 | No | 3.4% | 4.44 | 2026-03-12 | Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI dev server configures Vite with server.fs.... |
| [CVE-2026-28793](https://nvd.nist.gov/vuln/detail/CVE-2026-28793) | 8.4 | HIGH | CWE-22 | No | 0.0% | 5.88 | 2026-03-12 | Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI development server exposes media endpoints... |
| [CVE-2026-28792](https://nvd.nist.gov/vuln/detail/CVE-2026-28792) | 9.6 | CRITICAL | CWE-22 | No | 0.3% | 6.73 | 2026-03-12 | Tina is a headless content management system. Prior to 2.1.8 , the TinaCMS CLI dev server combines a permissive CORS con... |
| [CVE-2026-28791](https://nvd.nist.gov/vuln/detail/CVE-2026-28791) | 7.4 | HIGH | CWE-22 | No | 0.1% | 5.18 | 2026-03-12 | Tina is a headless content management system. Prior to 2.1.7, a path traversal vulnerability exists in the TinaCMS devel... |
| [CVE-2026-28356](https://nvd.nist.gov/vuln/detail/CVE-2026-28356) | 7.5 | HIGH | CWE-1333 | No | 0.8% | 5.27 | 2026-03-12 | multipart is a fast multipart/form-data parser for python. Prior to 1.2.2, 1.3.1 and 1.4.0-dev, the parse_options_header... |
| [CVE-2026-27940](https://nvd.nist.gov/vuln/detail/CVE-2026-27940) | 7.8 | HIGH | CWE-122 | No | 0.0% | 5.46 | 2026-03-12 | llama.cpp is an inference of several LLM models in C/C++. Prior to b8146, the gguf_init_from_file_impl() in gguf.cpp is... |
| [CVE-2026-25529](https://nvd.nist.gov/vuln/detail/CVE-2026-25529) | 8.1 | HIGH | CWE-79 | No | 0.0% | 5.67 | 2026-03-12 | Postal is an open source SMTP server. Postal versions less than 3.3.5 had a HTML injection vulnerability that allowed un... |
| [CVE-2026-24125](https://nvd.nist.gov/vuln/detail/CVE-2026-24125) | 6.3 | MEDIUM | CWE-22 | No | 0.1% | 4.41 | 2026-03-12 | Tina is a headless content management system. Prior to 2.1.2, TinaCMS allows users to create, update, and delete content... |
| [CVE-2026-21887](https://nvd.nist.gov/vuln/detail/CVE-2026-21887) | 7.7 | HIGH | CWE-918 | No | 0.0% | 5.39 | 2026-03-12 | OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.8.16, th... |
| [CVE-2026-21708](https://nvd.nist.gov/vuln/detail/CVE-2026-21708) | 9.9 | CRITICAL | N/A | No | 1.3% | 6.97 | 2026-03-12 | A vulnerability allowing a Backup Viewer to perform remote code execution (RCE) as the postgres user. |
| [CVE-2026-21672](https://nvd.nist.gov/vuln/detail/CVE-2026-21672) | 8.8 | HIGH | N/A | No | 0.0% | 6.16 | 2026-03-12 | A vulnerability allowing local privilege escalation on Windows-based Veeam Backup & Replication servers. |
| [CVE-2026-4044](https://nvd.nist.gov/vuln/detail/CVE-2026-4044) | 5.1 | MEDIUM | CWE-22 | No | 0.1% | 3.57 | 2026-03-12 | A vulnerability was detected in projectsend up to r1945. This affects the function realpath of the file /import-orphans.... |
| [CVE-2026-4043](https://nvd.nist.gov/vuln/detail/CVE-2026-4043) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-12 | A security vulnerability has been detected in Tenda i12 1.0.0.6(2204). The impacted element is the function formwrlSSIDg... |
| [CVE-2019-25543](https://nvd.nist.gov/vuln/detail/CVE-2019-25543) | 8.8 | HIGH | CWE-89 | No | 0.2% | 6.17 | 2026-03-12 | Netartmedia Real Estate Portal 5.0 contains an SQL injection vulnerability that allows unauthenticated attackers to mani... |
| [CVE-2019-25542](https://nvd.nist.gov/vuln/detail/CVE-2019-25542) | 8.8 | HIGH | CWE-89 | No | 0.2% | 6.17 | 2026-03-12 | Netartmedia Real Estate Portal 5.0 contains a SQL injection vulnerability that allows unauthenticated attackers to manip... |
| [CVE-2019-25541](https://nvd.nist.gov/vuln/detail/CVE-2019-25541) | 8.8 | HIGH | CWE-89 | No | 0.1% | 6.16 | 2026-03-12 | Netartmedia PHP Mall 4.1 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipul... |
| [CVE-2019-25540](https://nvd.nist.gov/vuln/detail/CVE-2019-25540) | 8.8 | HIGH | CWE-89 | No | 0.1% | 6.16 | 2026-03-12 | Netartmedia PHP Mall 4.1 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipul... |
| [CVE-2019-25539](https://nvd.nist.gov/vuln/detail/CVE-2019-25539) | 8.8 | HIGH | CWE-89 | No | 0.2% | 6.17 | 2026-03-12 | 202CMS v10 beta contains a blind SQL injection vulnerability that allows unauthenticated attackers to manipulate databas... |
| [CVE-2019-25538](https://nvd.nist.gov/vuln/detail/CVE-2019-25538) | 8.8 | HIGH | CWE-89 | No | 0.2% | 6.17 | 2026-03-12 | 202CMS v10 beta contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database que... |
| [CVE-2019-25537](https://nvd.nist.gov/vuln/detail/CVE-2019-25537) | 8.8 | HIGH | CWE-89 | No | 0.1% | 6.16 | 2026-03-12 | Netartmedia Event Portal 2.0 contains a time-based blind SQL injection vulnerability that allows unauthenticated attacke... |
| [CVE-2019-25536](https://nvd.nist.gov/vuln/detail/CVE-2019-25536) | 8.8 | HIGH | CWE-89 | No | 0.1% | 6.16 | 2026-03-12 | Netartmedia PHP Real Estate Agency 4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to... |
| [CVE-2019-25535](https://nvd.nist.gov/vuln/detail/CVE-2019-25535) | 8.8 | HIGH | CWE-89 | No | 0.1% | 6.16 | 2026-03-12 | Netartmedia PHP Dating Site contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate d... |
| [CVE-2019-25534](https://nvd.nist.gov/vuln/detail/CVE-2019-25534) | 8.8 | HIGH | CWE-89 | No | 0.1% | 6.16 | 2026-03-12 | Netartmedia PHP Car Dealer contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbi... |
| [CVE-2019-25533](https://nvd.nist.gov/vuln/detail/CVE-2019-25533) | 8.8 | HIGH | CWE-89 | No | 0.3% | 6.17 | 2026-03-12 | Netartmedia PHP Business Directory 4.2 contains an SQL injection vulnerability that allows unauthenticated attackers to... |
| [CVE-2019-25532](https://nvd.nist.gov/vuln/detail/CVE-2019-25532) | 8.8 | HIGH | CWE-89 | No | 0.3% | 6.17 | 2026-03-12 | Netartmedia Jobs Portal 6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate... |
| [CVE-2019-25531](https://nvd.nist.gov/vuln/detail/CVE-2019-25531) | 8.8 | HIGH | CWE-89 | No | 0.3% | 6.17 | 2026-03-12 | Netartmedia Deals Portal contains an SQL injection vulnerability in the Email parameter of loginaction.php that allows u... |
| [CVE-2019-25530](https://nvd.nist.gov/vuln/detail/CVE-2019-25530) | 8.8 | HIGH | CWE-89 | No | 0.1% | 6.16 | 2026-03-12 | uHotelBooking System contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate databas... |
| [CVE-2019-25529](https://nvd.nist.gov/vuln/detail/CVE-2019-25529) | 7.1 | HIGH | CWE-89 | No | 0.0% | 4.97 | 2026-03-12 | Placeto CMS Alpha rv.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate databas... |
| [CVE-2019-25528](https://nvd.nist.gov/vuln/detail/CVE-2019-25528) | 8.8 | HIGH | CWE-89 | No | 0.1% | 6.16 | 2026-03-12 | Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to m... |
| [CVE-2019-25527](https://nvd.nist.gov/vuln/detail/CVE-2019-25527) | 8.8 | HIGH | CWE-89 | No | 0.2% | 6.17 | 2026-03-12 | Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to m... |
| [CVE-2019-25526](https://nvd.nist.gov/vuln/detail/CVE-2019-25526) | 8.8 | HIGH | CWE-89 | No | 0.1% | 6.16 | 2026-03-12 | Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to m... |
| [CVE-2019-25525](https://nvd.nist.gov/vuln/detail/CVE-2019-25525) | 8.8 | HIGH | CWE-89 | No | 0.2% | 6.17 | 2026-03-12 | Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to m... |
| [CVE-2019-25524](https://nvd.nist.gov/vuln/detail/CVE-2019-25524) | 8.8 | HIGH | CWE-89 | No | 0.2% | 6.17 | 2026-03-12 | XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database q... |
| [CVE-2019-25523](https://nvd.nist.gov/vuln/detail/CVE-2019-25523) | 8.8 | HIGH | CWE-89 | No | 0.2% | 6.17 | 2026-03-12 | XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database q... |
| [CVE-2019-25522](https://nvd.nist.gov/vuln/detail/CVE-2019-25522) | 8.8 | HIGH | CWE-89 | No | 0.2% | 6.17 | 2026-03-12 | XooGallery Latest contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate dat... |
| [CVE-2019-25521](https://nvd.nist.gov/vuln/detail/CVE-2019-25521) | 8.8 | HIGH | CWE-89 | No | 0.1% | 6.16 | 2026-03-12 | XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database q... |
| [CVE-2019-25520](https://nvd.nist.gov/vuln/detail/CVE-2019-25520) | 8.8 | HIGH | CWE-89 | No | 0.2% | 6.17 | 2026-03-12 | Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an authentication bypass vulnerability in the administration panel th... |
| [CVE-2019-25519](https://nvd.nist.gov/vuln/detail/CVE-2019-25519) | 8.8 | HIGH | CWE-89 | No | 0.0% | 6.16 | 2026-03-12 | Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows attackers to manipulate da... |
| [CVE-2019-25518](https://nvd.nist.gov/vuln/detail/CVE-2019-25518) | 8.8 | HIGH | CWE-89 | No | 0.1% | 6.16 | 2026-03-12 | Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers... |
| [CVE-2019-25517](https://nvd.nist.gov/vuln/detail/CVE-2019-25517) | 8.8 | HIGH | CWE-89 | No | 0.1% | 6.16 | 2026-03-12 | Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers... |
| [CVE-2019-25516](https://nvd.nist.gov/vuln/detail/CVE-2019-25516) | 8.8 | HIGH | CWE-89 | No | 0.1% | 6.16 | 2026-03-12 | Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers... |
| [CVE-2019-25515](https://nvd.nist.gov/vuln/detail/CVE-2019-25515) | 8.7 | HIGH | CWE-89 | No | 0.7% | 6.11 | 2026-03-12 | Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an authentication bypass vulnerability in the login.php administratio... |
| [CVE-2019-25514](https://nvd.nist.gov/vuln/detail/CVE-2019-25514) | 8.8 | HIGH | CWE-89 | No | 0.1% | 6.16 | 2026-03-12 | Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malici... |
| [CVE-2019-25513](https://nvd.nist.gov/vuln/detail/CVE-2019-25513) | 8.8 | HIGH | CWE-89 | No | 0.3% | 6.17 | 2026-03-12 | Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers... |
| [CVE-2019-25512](https://nvd.nist.gov/vuln/detail/CVE-2019-25512) | 8.8 | HIGH | CWE-89 | No | 0.0% | 6.16 | 2026-03-12 | Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malici... |
| [CVE-2019-25511](https://nvd.nist.gov/vuln/detail/CVE-2019-25511) | 8.8 | HIGH | CWE-89 | No | 0.1% | 6.16 | 2026-03-12 | Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers... |
| [CVE-2019-25510](https://nvd.nist.gov/vuln/detail/CVE-2019-25510) | 8.8 | HIGH | CWE-89 | No | 0.2% | 6.17 | 2026-03-12 | Jettweb PHP Hazir Haber Sitesi Scripti V2 contains an authentication bypass vulnerability in the administration panel th... |
| [CVE-2019-25509](https://nvd.nist.gov/vuln/detail/CVE-2019-25509) | 8.8 | HIGH | CWE-89 | No | 0.1% | 6.16 | 2026-03-12 | XooDigital Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database q... |
| [CVE-2019-25508](https://nvd.nist.gov/vuln/detail/CVE-2019-25508) | 8.8 | HIGH | CWE-89 | No | 0.1% | 6.16 | 2026-03-12 | Jettweb Php Hazir Ilan Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers t... |
| [CVE-2019-25488](https://nvd.nist.gov/vuln/detail/CVE-2019-25488) | 8.8 | HIGH | CWE-89 | No | 0.1% | 6.16 | 2026-03-12 | Jettweb Hazir Rent A Car Scripti V4 contains multiple SQL injection vulnerabilities in the admin panel that allow unauth... |
| [CVE-2019-25482](https://nvd.nist.gov/vuln/detail/CVE-2019-25482) | 8.8 | HIGH | CWE-89 | No | 0.1% | 6.16 | 2026-03-12 | Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attac... |
| [CVE-2019-25481](https://nvd.nist.gov/vuln/detail/CVE-2019-25481) | 8.8 | HIGH | CWE-89 | No | 0.1% | 6.16 | 2026-03-12 | iScripts ReserveLogic contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate databa... |
| [CVE-2019-25479](https://nvd.nist.gov/vuln/detail/CVE-2019-25479) | 8.8 | HIGH | CWE-89 | No | 0.1% | 6.16 | 2026-03-12 | Inout RealEstate contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database qu... |
| [CVE-2019-25473](https://nvd.nist.gov/vuln/detail/CVE-2019-25473) | 7.1 | HIGH | CWE-89 | No | 0.0% | 4.97 | 2026-03-12 | Clinic Pro contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by... |
| [CVE-2026-4042](https://nvd.nist.gov/vuln/detail/CVE-2026-4042) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-12 | A weakness has been identified in Tenda i12 1.0.0.6(2204). The affected element is the function formWifiMacFilterGet of... |
| [CVE-2026-4041](https://nvd.nist.gov/vuln/detail/CVE-2026-4041) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-12 | A security flaw has been discovered in Tenda i12 1.0.0.6(2204). Impacted is the function vos_strcpy of the file /goform/... |
| [CVE-2026-28384](https://nvd.nist.gov/vuln/detail/CVE-2026-28384) | 9.4 | CRITICAL | CWE-78 | No | 0.1% | 6.58 | 2026-03-12 | An improper sanitization of the compression_algorithm parameter in Canonical LXD allows an authenticated, unprivileged u... |
| [CVE-2026-21671](https://nvd.nist.gov/vuln/detail/CVE-2026-21671) | 9.1 | CRITICAL | CWE-94 | No | 0.3% | 6.38 | 2026-03-12 | A vulnerability allowing an authenticated user with the Backup Administrator role to perform remote code execution (RCE)... |
| [CVE-2026-21670](https://nvd.nist.gov/vuln/detail/CVE-2026-21670) | 7.7 | HIGH | CWE-522 | No | 0.0% | 5.39 | 2026-03-12 | A vulnerability allowing a low-privileged user to extract saved SSH credentials. |
| [CVE-2026-21669](https://nvd.nist.gov/vuln/detail/CVE-2026-21669) | 9.9 | CRITICAL | CWE-94 | No | 0.3% | 6.94 | 2026-03-12 | A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server. |
| [CVE-2026-21668](https://nvd.nist.gov/vuln/detail/CVE-2026-21668) | 8.8 | HIGH | CWE-862 | No | 0.0% | 6.16 | 2026-03-12 | A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup... |
| [CVE-2026-21667](https://nvd.nist.gov/vuln/detail/CVE-2026-21667) | 9.9 | CRITICAL | CWE-284 | No | 0.3% | 6.94 | 2026-03-12 | A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server. |
| [CVE-2026-21666](https://nvd.nist.gov/vuln/detail/CVE-2026-21666) | 9.9 | CRITICAL | CWE-284 | No | 0.3% | 6.94 | 2026-03-12 | A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server. |
| [CVE-2026-3099](https://nvd.nist.gov/vuln/detail/CVE-2026-3099) | 5.8 | MEDIUM | CWE-323 | No | 0.4% | 4.07 | 2026-03-12 | A flaw was found in Libsoup. The server-side digest authentication implementation in the SoupAuthDomainDigest class does... |
| [CVE-2026-2987](https://nvd.nist.gov/vuln/detail/CVE-2026-2987) | 6.1 | MEDIUM | CWE-79 | No | 0.1% | 4.27 | 2026-03-12 | The Simple Ajax Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'c' parameter in versions... |
| [CVE-2026-2514](https://nvd.nist.gov/vuln/detail/CVE-2026-2514) | 8.6 | HIGH | CWE-79 | No | 0.0% | 6.02 | 2026-03-12 | In Progress Flowmon ADS versions prior to 12.5.5 and 13.0.3, a vulnerability exists whereby an adversary with access to... |
| [CVE-2026-2513](https://nvd.nist.gov/vuln/detail/CVE-2026-2513) | 8.6 | HIGH | CWE-79 | No | 0.1% | 6.02 | 2026-03-12 | A vulnerability exists in Progress Flowmon ADS versions prior to 12.5.5 and 13.0.3, whereby an administrator who clicks... |
| [CVE-2026-4040](https://nvd.nist.gov/vuln/detail/CVE-2026-4040) | 4.8 | MEDIUM | CWE-200 | No | 0.0% | 3.36 | 2026-03-12 | A vulnerability was identified in OpenClaw up to 2026.2.17. This issue affects the function tools.exec.safeBins of the c... |
| [CVE-2026-4039](https://nvd.nist.gov/vuln/detail/CVE-2026-4039) | 5.3 | MEDIUM | CWE-74 | No | 0.1% | 3.71 | 2026-03-12 | A vulnerability was determined in OpenClaw 2026.2.19-2. This vulnerability affects the function applySkillConfigenvOverr... |
| [CVE-2026-3989](https://nvd.nist.gov/vuln/detail/CVE-2026-3989) | 7.8 | HIGH | N/A | No | 0.0% | 5.46 | 2026-03-12 | SGLangs `replay_request_dump.py` contains an insecure pickle.load() without validation and proper deserialization. An at... |
| [CVE-2026-3060](https://nvd.nist.gov/vuln/detail/CVE-2026-3060) | 9.8 | CRITICAL | CWE-502 | No | 1.4% | 6.90 | 2026-03-12 | SGLang' encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disagg... |
| [CVE-2026-3059](https://nvd.nist.gov/vuln/detail/CVE-2026-3059) | 9.8 | CRITICAL | CWE-502 | No | 1.4% | 6.90 | 2026-03-12 | SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, whi... |
| [CVE-2026-3234](https://nvd.nist.gov/vuln/detail/CVE-2026-3234) | 4.3 | MEDIUM | CWE-93 | No | 0.2% | 3.02 | 2026-03-12 | A flaw was found in  mod_proxy_cluster. This vulnerability, a Carriage Return Line Feed (CRLF) injection in the decodeen... |
| [CVE-2026-2366](https://nvd.nist.gov/vuln/detail/CVE-2026-2366) | 3.1 | LOW | CWE-639 | No | 0.0% | 2.17 | 2026-03-12 | A flaw was found in Keycloak. An authorization bypass vulnerability in the Keycloak Admin API allows any authenticated u... |
| [CVE-2026-4016](https://nvd.nist.gov/vuln/detail/CVE-2026-4016) | 4.8 | MEDIUM | CWE-119 | No | 0.0% | 3.36 | 2026-03-12 | A security vulnerability has been detected in GPAC 26.03-DEV. Affected by this vulnerability is the function svgin_proce... |
| [CVE-2026-4015](https://nvd.nist.gov/vuln/detail/CVE-2026-4015) | 4.8 | MEDIUM | CWE-119 | No | 0.0% | 3.36 | 2026-03-12 | A weakness has been identified in GPAC 26.03-DEV. Affected is the function txtin_process_texml of the file src/filters/l... |
| [CVE-2026-4014](https://nvd.nist.gov/vuln/detail/CVE-2026-4014) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-12 | A security flaw has been discovered in itsourcecode Cafe Reservation System 1.0. This impacts an unknown function of the... |
| [CVE-2026-4013](https://nvd.nist.gov/vuln/detail/CVE-2026-4013) | 5.3 | MEDIUM | CWE-266 | No | 0.0% | 3.71 | 2026-03-12 | A vulnerability was identified in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unkno... |
| [CVE-2026-4012](https://nvd.nist.gov/vuln/detail/CVE-2026-4012) | 1.9 | LOW | CWE-119 | No | 0.0% | 1.33 | 2026-03-12 | A vulnerability was determined in rxi fe up to ed4cda96bd582cbb08520964ba627efb40f3dd91. The impacted element is the fun... |
| [CVE-2026-4010](https://nvd.nist.gov/vuln/detail/CVE-2026-4010) | 4.8 | MEDIUM | CWE-119 | No | 0.0% | 3.36 | 2026-03-12 | A vulnerability was found in ThakeeNathees pocketlang up to cc73ca61b113d48ee130d837a7a8b145e41de5ce. The affected eleme... |
| [CVE-2026-4009](https://nvd.nist.gov/vuln/detail/CVE-2026-4009) | 4.8 | MEDIUM | CWE-119 | No | 0.0% | 3.36 | 2026-03-12 | A vulnerability has been found in jarikomppa soloud up to 20200207. Impacted is the function drwav_read_pcm_frames_s16__... |
| [CVE-2026-4008](https://nvd.nist.gov/vuln/detail/CVE-2026-4008) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-12 | A flaw has been found in Tenda W3 1.0.0.3(2204). This issue affects some unknown processing of the file /goform/wifiSSID... |
| [CVE-2026-4007](https://nvd.nist.gov/vuln/detail/CVE-2026-4007) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-12 | A vulnerability was detected in Tenda W3 1.0.0.3(2204). This vulnerability affects unknown code of the file /goform/wifi... |
| [CVE-2026-3994](https://nvd.nist.gov/vuln/detail/CVE-2026-3994) | 4.8 | MEDIUM | CWE-119 | No | 0.0% | 3.36 | 2026-03-12 | A vulnerability was detected in rui314 mold up to 2.40.4. This issue affects the function mold::ObjectFilemold::X86_64::... |
| [CVE-2026-3993](https://nvd.nist.gov/vuln/detail/CVE-2026-3993) | 5.3 | MEDIUM | CWE-79 | No | 0.0% | 3.71 | 2026-03-12 | A security vulnerability has been detected in itsourcecode Payroll Management System 1.0. This vulnerability affects unk... |
| [CVE-2026-3992](https://nvd.nist.gov/vuln/detail/CVE-2026-3992) | 5.3 | MEDIUM | CWE-74 | No | 0.1% | 3.71 | 2026-03-12 | A weakness has been identified in CodeGenieApp serverless-express up to 4.17.1. This affects an unknown part of the file... |
| [CVE-2026-3990](https://nvd.nist.gov/vuln/detail/CVE-2026-3990) | 5.3 | MEDIUM | CWE-79 | No | 0.0% | 3.71 | 2026-03-12 | A security flaw has been discovered in CesiumGS CesiumJS up to 1.137.0. Affected by this issue is some unknown functiona... |
| [CVE-2026-3984](https://nvd.nist.gov/vuln/detail/CVE-2026-3984) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-03-12 | A weakness has been identified in Campcodes Division Regional Athletic Meet Game Result Matrix System 2.1. This vulnerab... |
| [CVE-2026-3983](https://nvd.nist.gov/vuln/detail/CVE-2026-3983) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-03-12 | A security flaw has been discovered in Campcodes Division Regional Athletic Meet Game Result Matrix System 2.1. This aff... |
| [CVE-2026-2687](https://nvd.nist.gov/vuln/detail/CVE-2026-2687) | 4.3 | MEDIUM | CWE-79 | No | 0.0% | 3.01 | 2026-03-12 | The Reading progressbar WordPress plugin before 1.3.1 does not sanitise and escape some of its settings, which could all... |
| [CVE-2025-15473](https://nvd.nist.gov/vuln/detail/CVE-2025-15473) | 4.3 | MEDIUM | CWE-862 | No | 0.1% | 3.01 | 2026-03-12 | The Timetics  WordPress plugin before 1.0.52 does not have authorization in a REST endpoint, allowing unauthenticated us... |
| [CVE-2026-3982](https://nvd.nist.gov/vuln/detail/CVE-2026-3982) | 5.3 | MEDIUM | CWE-79 | No | 0.0% | 3.71 | 2026-03-12 | A vulnerability was determined in itsourcecode University Management System 1.0. Affected by this vulnerability is an un... |
| [CVE-2026-3981](https://nvd.nist.gov/vuln/detail/CVE-2026-3981) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-12 | A vulnerability was found in itsourcecode Online Doctor Appointment System 1.0. Affected is an unknown function of the f... |
| [CVE-2026-3980](https://nvd.nist.gov/vuln/detail/CVE-2026-3980) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-12 | A vulnerability has been found in itsourcecode Online Doctor Appointment System 1.0. This impacts an unknown function of... |
| [CVE-2026-3979](https://nvd.nist.gov/vuln/detail/CVE-2026-3979) | 4.8 | MEDIUM | CWE-119 | No | 0.0% | 3.36 | 2026-03-12 | A flaw has been found in quickjs-ng quickjs up to 0.12.1. This affects the function js_iterator_concat_return of the fil... |
| [CVE-2026-3978](https://nvd.nist.gov/vuln/detail/CVE-2026-3978) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-12 | A vulnerability was detected in D-Link DIR-513 1.10. The impacted element is an unknown function of the file /goform/for... |
| [CVE-2026-3977](https://nvd.nist.gov/vuln/detail/CVE-2026-3977) | 5.3 | MEDIUM | CWE-862 | No | 0.1% | 3.71 | 2026-03-12 | A security vulnerability has been detected in projectsend up to r1945. The affected element is an unknown function of th... |
| [CVE-2026-3976](https://nvd.nist.gov/vuln/detail/CVE-2026-3976) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-12 | A weakness has been identified in Tenda W3 1.0.0.3(2204). Impacted is the function formWifiMacFilterSet of the file /gof... |
| [CVE-2026-3975](https://nvd.nist.gov/vuln/detail/CVE-2026-3975) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-12 | A security flaw has been discovered in Tenda W3 1.0.0.3(2204). This issue affects the function formWifiMacFilterGet of t... |
| [CVE-2026-3974](https://nvd.nist.gov/vuln/detail/CVE-2026-3974) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-12 | A vulnerability was identified in Tenda W3 1.0.0.3(2204). This vulnerability affects the function formexeCommand of the... |
| [CVE-2026-3657](https://nvd.nist.gov/vuln/detail/CVE-2026-3657) | 7.5 | HIGH | CWE-89 | No | 0.2% | 5.26 | 2026-03-12 | The My Sticky Bar plugin for WordPress is vulnerable to SQL injection via the `stickymenu_contact_lead_form` AJAX action... |
| [CVE-2026-3226](https://nvd.nist.gov/vuln/detail/CVE-2026-3226) | 4.3 | MEDIUM | CWE-862 | No | 0.0% | 3.01 | 2026-03-12 | The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized email notification triggering d... |
| [CVE-2026-1878](https://nvd.nist.gov/vuln/detail/CVE-2026-1878) | 5.4 | MEDIUM | CWE-494 | No | 0.0% | 3.78 | 2026-03-12 | An Insufficient Integrity Verification vulnerability in the ASUS ROG peripheral driver installation process allows privi... |
| [CVE-2026-3973](https://nvd.nist.gov/vuln/detail/CVE-2026-3973) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-12 | A vulnerability was determined in Tenda W3 1.0.0.3(2204). This affects the function formSetAutoPing of the file /goform/... |
| [CVE-2026-3972](https://nvd.nist.gov/vuln/detail/CVE-2026-3972) | 8.7 | HIGH | CWE-119 | No | 0.1% | 6.09 | 2026-03-12 | A vulnerability was found in Tenda W3 1.0.0.3(2204). Affected by this issue is the function formSetCfm of the file /gofo... |
| [CVE-2026-1182](https://nvd.nist.gov/vuln/detail/CVE-2026-1182) | 4.3 | MEDIUM | CWE-212 | No | 0.0% | 3.01 | 2026-03-12 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.14 before 18.7.6, 18.8 before 18.8.6, and 1... |
| [CVE-2026-3971](https://nvd.nist.gov/vuln/detail/CVE-2026-3971) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-12 | A vulnerability has been found in Tenda i3 1.0.0.6(2204). Affected by this vulnerability is the function formwrlSSIDset... |
| [CVE-2026-3970](https://nvd.nist.gov/vuln/detail/CVE-2026-3970) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-12 | A flaw has been found in Tenda i3 1.0.0.6(2204). Affected is the function formwrlSSIDget of the file /goform/wifiSSIDget... |
| [CVE-2026-3969](https://nvd.nist.gov/vuln/detail/CVE-2026-3969) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-12 | A vulnerability was detected in FeMiner wms up to 1.0. This impacts an unknown function of the file /wms-master/src/basi... |
| [CVE-2026-3968](https://nvd.nist.gov/vuln/detail/CVE-2026-3968) | 5.3 | MEDIUM | CWE-74 | No | 0.1% | 3.71 | 2026-03-12 | A vulnerability has been found in AutohomeCorp frostmourne up to 1.0. This affects the function scriptEngine.eval of the... |
| [CVE-2023-43010](https://nvd.nist.gov/vuln/detail/CVE-2023-43010) | 8.8 | HIGH | CWE-787 | No | 0.1% | 6.16 | 2026-03-12 | The issue was addressed with improved memory handling. This issue is fixed in iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.... |
| [CVE-2026-3967](https://nvd.nist.gov/vuln/detail/CVE-2026-3967) | 5.3 | MEDIUM | CWE-20 | No | 0.1% | 3.71 | 2026-03-12 | A flaw has been found in Alfresco Activiti up to 7.19/8.8.0. Affected by this issue is the function deserialize/createOb... |
| [CVE-2026-3966](https://nvd.nist.gov/vuln/detail/CVE-2026-3966) | 5.3 | MEDIUM | CWE-918 | No | 0.0% | 3.71 | 2026-03-12 | A vulnerability was detected in 648540858 wvp-GB28181-pro up to 2.7.4-20260107. Affected by this vulnerability is the fu... |
| [CVE-2026-3965](https://nvd.nist.gov/vuln/detail/CVE-2026-3965) | 5.3 | MEDIUM | CWE-693 | No | 0.1% | 3.71 | 2026-03-12 | A security vulnerability has been detected in whyour qinglong up to 2.20.1. Affected is an unknown function of the file... |
| [CVE-2026-2808](https://nvd.nist.gov/vuln/detail/CVE-2026-2808) | 6.8 | MEDIUM | CWE-59 | No | 0.0% | 4.76 | 2026-03-12 | HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when confi... |
| [CVE-2026-3964](https://nvd.nist.gov/vuln/detail/CVE-2026-3964) | 4.8 | MEDIUM | CWE-77 | No | 0.4% | 3.37 | 2026-03-11 | A weakness has been identified in OpenAkita up to 1.24.3. This impacts the function run of the file src/openakita/tools/... |
| [CVE-2026-3962](https://nvd.nist.gov/vuln/detail/CVE-2026-3962) | 5.3 | MEDIUM | CWE-79 | No | 0.0% | 3.71 | 2026-03-11 | A vulnerability was identified in Jcharis Machine-Learning-Web-Apps up to a6996b634d98ccec4701ac8934016e8175b60eb5. The... |
| [CVE-2026-31988](https://nvd.nist.gov/vuln/detail/CVE-2026-31988) | 6.9 | MEDIUM | CWE-193 | No | 0.1% | 4.83 | 2026-03-11 | yauzl (aka Yet Another Unzip Library) version 3.2.0 for Node.js contains an off-by-one error in the NTFS extended timest... |
| [CVE-2026-3961](https://nvd.nist.gov/vuln/detail/CVE-2026-3961) | 5.3 | MEDIUM | CWE-918 | No | 0.1% | 3.71 | 2026-03-11 | A vulnerability was determined in zyddnys manga-image-translator up to beta-0.3. The affected element is the function to... |
| [CVE-2026-3959](https://nvd.nist.gov/vuln/detail/CVE-2026-3959) | 4.8 | MEDIUM | CWE-77 | No | 0.4% | 3.37 | 2026-03-11 | A vulnerability was found in 0xKoda WireMCP up to 7f45f8b2b4adeb76be8c6227eefb38533fdd6b1e. Impacted is the function ser... |
| [CVE-2026-3958](https://nvd.nist.gov/vuln/detail/CVE-2026-3958) | 5.3 | MEDIUM | CWE-918 | No | 0.0% | 3.71 | 2026-03-11 | A vulnerability has been found in Woahai321 ListSync up to 0.6.6. This issue affects the function requests.post of the f... |
| [CVE-2026-3942](https://nvd.nist.gov/vuln/detail/CVE-2026-3942) | 4.3 | MEDIUM | CWE-451 | No | 0.0% | 3.01 | 2026-03-11 | Incorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform U... |
| [CVE-2026-3941](https://nvd.nist.gov/vuln/detail/CVE-2026-3941) | 4.3 | MEDIUM | CWE-602 | No | 0.0% | 3.01 | 2026-03-11 | Insufficient policy enforcement in DevTools in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass... |
| [CVE-2026-3940](https://nvd.nist.gov/vuln/detail/CVE-2026-3940) | 5.3 | MEDIUM | NVD-CWE-noinfo | No | 0.0% | 3.71 | 2026-03-11 | Insufficient policy enforcement in DevTools in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass... |
| [CVE-2026-3939](https://nvd.nist.gov/vuln/detail/CVE-2026-3939) | 5.3 | MEDIUM | NVD-CWE-noinfo | No | 0.0% | 3.71 | 2026-03-11 | Insufficient policy enforcement in PDF in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navig... |
| [CVE-2026-3938](https://nvd.nist.gov/vuln/detail/CVE-2026-3938) | 4.3 | MEDIUM | NVD-CWE-noinfo | No | 0.0% | 3.01 | 2026-03-11 | Insufficient policy enforcement in Clipboard in Google Chrome prior to 146.0.7680.71 allowed a remote attacker who had c... |
| [CVE-2026-3937](https://nvd.nist.gov/vuln/detail/CVE-2026-3937) | 6.5 | MEDIUM | NVD-CWE-noinfo | No | 0.0% | 4.55 | 2026-03-11 | Incorrect security UI in Downloads in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to perfo... |
| [CVE-2026-3936](https://nvd.nist.gov/vuln/detail/CVE-2026-3936) | 8.8 | HIGH | CWE-416 | No | 0.1% | 6.16 | 2026-03-11 | Use after free in WebView in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to potentially ex... |
| [CVE-2026-3935](https://nvd.nist.gov/vuln/detail/CVE-2026-3935) | 6.5 | MEDIUM | NVD-CWE-noinfo | No | 0.0% | 4.55 | 2026-03-11 | Incorrect security UI in WebAppInstalls in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI... |
| [CVE-2026-3934](https://nvd.nist.gov/vuln/detail/CVE-2026-3934) | 6.5 | MEDIUM | NVD-CWE-noinfo | No | 0.0% | 4.55 | 2026-03-11 | Insufficient policy enforcement in ChromeDriver in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to byp... |
| [CVE-2026-3932](https://nvd.nist.gov/vuln/detail/CVE-2026-3932) | 7.5 | HIGH | NVD-CWE-noinfo | No | 0.0% | 5.25 | 2026-03-11 | Insufficient policy enforcement in PDF in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to b... |
| [CVE-2026-3931](https://nvd.nist.gov/vuln/detail/CVE-2026-3931) | 8.8 | HIGH | CWE-122 | No | 0.1% | 6.16 | 2026-03-11 | Heap buffer overflow in Skia in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform out of bounds... |
| [CVE-2026-3930](https://nvd.nist.gov/vuln/detail/CVE-2026-3930) | 5.3 | MEDIUM | NVD-CWE-noinfo | No | 0.0% | 3.71 | 2026-03-11 | Unsafe navigation in Navigation in Google Chrome on iOS prior to 146.0.7680.71 allowed a remote attacker to bypass navig... |
| [CVE-2026-3929](https://nvd.nist.gov/vuln/detail/CVE-2026-3929) | 3.1 | LOW | CWE-1300 | No | 0.0% | 2.17 | 2026-03-11 | Side-channel information leakage in ResourceTiming in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to... |
| [CVE-2026-3928](https://nvd.nist.gov/vuln/detail/CVE-2026-3928) | 4.3 | MEDIUM | CWE-451 | No | 0.0% | 3.01 | 2026-03-11 | Insufficient policy enforcement in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced... |
| [CVE-2026-3927](https://nvd.nist.gov/vuln/detail/CVE-2026-3927) | 4.3 | MEDIUM | CWE-451 | No | 0.0% | 3.01 | 2026-03-11 | Incorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform U... |
| [CVE-2026-3926](https://nvd.nist.gov/vuln/detail/CVE-2026-3926) | 8.8 | HIGH | CWE-125 | No | 0.1% | 6.16 | 2026-03-11 | Out of bounds read in V8 in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform out of bounds memo... |
| [CVE-2026-3925](https://nvd.nist.gov/vuln/detail/CVE-2026-3925) | 4.3 | MEDIUM | CWE-451 | No | 0.0% | 3.01 | 2026-03-11 | Incorrect security UI in LookalikeChecks in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to... |
| [CVE-2026-3924](https://nvd.nist.gov/vuln/detail/CVE-2026-3924) | 7.5 | HIGH | CWE-416 | No | 0.1% | 5.25 | 2026-03-11 | use after free in WindowDialog in Google Chrome prior to 146.0.7680.71 allowed a remote attacker who had compromised the... |
| [CVE-2026-3923](https://nvd.nist.gov/vuln/detail/CVE-2026-3923) | 8.8 | HIGH | CWE-416 | No | 0.1% | 6.16 | 2026-03-11 | Use after free in WebMIDI in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap... |
| [CVE-2026-3922](https://nvd.nist.gov/vuln/detail/CVE-2026-3922) | 8.8 | HIGH | CWE-416 | No | 0.1% | 6.16 | 2026-03-11 | Use after free in MediaStream in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit h... |
| [CVE-2026-3921](https://nvd.nist.gov/vuln/detail/CVE-2026-3921) | 8.8 | HIGH | CWE-416 | No | 0.1% | 6.16 | 2026-03-11 | Use after free in TextEncoding in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit... |
| [CVE-2026-3920](https://nvd.nist.gov/vuln/detail/CVE-2026-3920) | 8.8 | HIGH | CWE-125 | No | 0.1% | 6.16 | 2026-03-11 | Out of bounds memory access in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially ex... |
| [CVE-2026-3919](https://nvd.nist.gov/vuln/detail/CVE-2026-3919) | 8.8 | HIGH | CWE-416 | No | 0.0% | 6.16 | 2026-03-11 | Use after free in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced a user to install... |
| [CVE-2026-3918](https://nvd.nist.gov/vuln/detail/CVE-2026-3918) | 8.8 | HIGH | CWE-416 | No | 0.1% | 6.16 | 2026-03-11 | Use after free in WebMCP in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap c... |
| [CVE-2026-3917](https://nvd.nist.gov/vuln/detail/CVE-2026-3917) | 8.8 | HIGH | CWE-416 | No | 0.1% | 6.16 | 2026-03-11 | Use after free in Agents in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap c... |
| [CVE-2026-3916](https://nvd.nist.gov/vuln/detail/CVE-2026-3916) | 9.6 | CRITICAL | CWE-125 | No | 0.1% | 6.72 | 2026-03-11 | Out of bounds read in Web Speech in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially perfor... |
| [CVE-2026-3915](https://nvd.nist.gov/vuln/detail/CVE-2026-3915) | 8.8 | HIGH | CWE-122 | No | 0.1% | 6.16 | 2026-03-11 | Heap buffer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform an out of bou... |
| [CVE-2026-3914](https://nvd.nist.gov/vuln/detail/CVE-2026-3914) | 8.8 | HIGH | CWE-472 | No | 0.1% | 6.16 | 2026-03-11 | Integer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap... |
| [CVE-2026-3913](https://nvd.nist.gov/vuln/detail/CVE-2026-3913) | 8.8 | HIGH | CWE-122 | No | 0.1% | 6.16 | 2026-03-11 | Heap buffer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit h... |
| [CVE-2026-32136](https://nvd.nist.gov/vuln/detail/CVE-2026-32136) | 9.8 | CRITICAL | CWE-287 | No | 0.7% | 6.88 | 2026-03-11 | AdGuard Home is a network-wide software for blocking ads and tracking. Prior to 0.107.73, an unauthenticated remote atta... |
| [CVE-2026-32133](https://nvd.nist.gov/vuln/detail/CVE-2026-32133) | 7.8 | HIGH | CWE-918 | No | 0.0% | 5.46 | 2026-03-11 | 2FAuth is a web app to manage Two-Factor Authentication (2FA) accounts and generate their security codes. Prior to 6.1.0... |
| [CVE-2026-32132](https://nvd.nist.gov/vuln/detail/CVE-2026-32132) | 7.4 | HIGH | CWE-613 | No | 0.0% | 5.18 | 2026-03-11 | ZITADEL is an open source identity management platform. Prior to 3.4.8 and 4.12.2, a potential vulnerability exists in Z... |
| [CVE-2026-32131](https://nvd.nist.gov/vuln/detail/CVE-2026-32131) | 7.7 | HIGH | CWE-639 | No | 0.0% | 5.39 | 2026-03-11 | ZITADEL is an open source identity management platform. Prior to 3.4.8 and 4.12.2, a vulnerability in Zitadel's Manageme... |
| [CVE-2026-32130](https://nvd.nist.gov/vuln/detail/CVE-2026-32130) | 7.5 | HIGH | CWE-288 | No | 0.2% | 5.26 | 2026-03-11 | ZITADEL is an open source identity management platform. From 2.68.0 to before 3.4.8 and 4.12.2, Zitadel provides a Syste... |
| [CVE-2026-32128](https://nvd.nist.gov/vuln/detail/CVE-2026-32128) | 6.3 | MEDIUM | CWE-184 | No | 0.1% | 4.41 | 2026-03-11 | FastGPT is an AI Agent building platform. In 4.14.7 and earlier, FastGPT's Python Sandbox (fastgpt-sandbox) includes gua... |
| [CVE-2026-32117](https://nvd.nist.gov/vuln/detail/CVE-2026-32117) | 7.6 | HIGH | CWE-79 | No | 0.0% | 5.32 | 2026-03-11 | The grafanacubism-panel plugin allows use of cubism.js in Grafana. In 0.1.2 and earlier, the panel's zoom-link handler p... |
| [CVE-2026-27591](https://nvd.nist.gov/vuln/detail/CVE-2026-27591) | 9.9 | CRITICAL | CWE-284 | No | 0.1% | 6.93 | 2026-03-11 | Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Prior to 1.0.477, 1.1.... |
| [CVE-2025-62328](https://nvd.nist.gov/vuln/detail/CVE-2025-62328) | 3.7 | LOW | CWE-1021 | No | 0.0% | 2.59 | 2026-03-11 | HCL Nomad server on Domino did not configure the frame-ancestors directive in the Content-Security-Policy header by defa... |
| [CVE-2026-3957](https://nvd.nist.gov/vuln/detail/CVE-2026-3957) | 5.1 | MEDIUM | CWE-74 | No | 0.0% | 3.57 | 2026-03-11 | A flaw has been found in xierongwkhd weimai-wetapp up to 5fe9e8225be4f73f2c5087f134aff657bdf1c6f2. This vulnerability af... |
| [CVE-2026-3956](https://nvd.nist.gov/vuln/detail/CVE-2026-3956) | 5.1 | MEDIUM | CWE-74 | No | 0.0% | 3.57 | 2026-03-11 | A vulnerability was detected in xierongwkhd weimai-wetapp up to 5fe9e8225be4f73f2c5087f134aff657bdf1c6f2. This affects t... |
| [CVE-2026-3955](https://nvd.nist.gov/vuln/detail/CVE-2026-3955) | 5.3 | MEDIUM | CWE-74 | No | 0.1% | 3.71 | 2026-03-11 | A security vulnerability has been detected in elecV2P up to 3.8.3. Affected by this issue is the function runJSFile of t... |
| [CVE-2026-32127](https://nvd.nist.gov/vuln/detail/CVE-2026-32127) | 8.8 | HIGH | CWE-89 | No | 0.0% | 6.16 | 2026-03-11 | OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.... |
| [CVE-2026-32126](https://nvd.nist.gov/vuln/detail/CVE-2026-32126) | 7.1 | HIGH | CWE-862 | No | 0.1% | 4.97 | 2026-03-11 | OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.... |
| [CVE-2026-32125](https://nvd.nist.gov/vuln/detail/CVE-2026-32125) | 5.4 | MEDIUM | CWE-79 | No | 0.2% | 3.79 | 2026-03-11 | OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.... |
| [CVE-2026-32124](https://nvd.nist.gov/vuln/detail/CVE-2026-32124) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-11 | OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.... |
| [CVE-2026-32123](https://nvd.nist.gov/vuln/detail/CVE-2026-32123) | 7.7 | HIGH | CWE-863 | No | 0.1% | 5.39 | 2026-03-11 | OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.... |
| [CVE-2026-32122](https://nvd.nist.gov/vuln/detail/CVE-2026-32122) | 4.3 | MEDIUM | CWE-862 | No | 0.1% | 3.01 | 2026-03-11 | OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.... |
| [CVE-2026-32121](https://nvd.nist.gov/vuln/detail/CVE-2026-32121) | 7.7 | HIGH | CWE-79 | No | 0.2% | 5.40 | 2026-03-11 | OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.... |
| [CVE-2026-32118](https://nvd.nist.gov/vuln/detail/CVE-2026-32118) | 5.4 | MEDIUM | CWE-79 | No | 0.1% | 3.78 | 2026-03-11 | OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.... |
| [CVE-2026-32112](https://nvd.nist.gov/vuln/detail/CVE-2026-32112) | 6.8 | MEDIUM | CWE-79 | No | 0.0% | 4.76 | 2026-03-11 | ha-mcp is a Home Assistant MCP Server. Prior to 7.0.0, the ha-mcp OAuth consent form renders user-controlled parameters... |
| [CVE-2026-32111](https://nvd.nist.gov/vuln/detail/CVE-2026-32111) | 5.3 | MEDIUM | CWE-918 | No | 0.0% | 3.71 | 2026-03-11 | ha-mcp is a Home Assistant MCP Server. Prior to 7.0.0, the ha-mcp OAuth consent form (beta feature) accepts a user-suppl... |
| [CVE-2026-32110](https://nvd.nist.gov/vuln/detail/CVE-2026-32110) | 8.3 | HIGH | CWE-918 | No | 0.1% | 5.81 | 2026-03-11 | SiYuan is a personal knowledge management system. Prior to 3.6.0, the /api/network/forwardProxy endpoint allows authenti... |
| [CVE-2026-32109](https://nvd.nist.gov/vuln/detail/CVE-2026-32109) | 3.7 | LOW | CWE-79 | No | 0.0% | 2.59 | 2026-03-11 | Copyparty is a portable file server. Prior to 1.20.12, if an attacker has been given both read- and write-permissions to... |
| [CVE-2026-32108](https://nvd.nist.gov/vuln/detail/CVE-2026-32108) | 2.3 | LOW | CWE-863 | No | 0.0% | 1.61 | 2026-03-11 | Copyparty is a portable file server. Prior to 1.20.12, there was a missing permission-check in the shares feature (the s... |
| [CVE-2026-32106](https://nvd.nist.gov/vuln/detail/CVE-2026-32106) | 4.7 | MEDIUM | CWE-269 | No | 0.0% | 3.29 | 2026-03-11 | StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.3, the REST API crea... |
| [CVE-2026-32104](https://nvd.nist.gov/vuln/detail/CVE-2026-32104) | 5.4 | MEDIUM | CWE-639 | No | 0.0% | 3.78 | 2026-03-11 | StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.3, the updateUserNot... |
| [CVE-2026-32103](https://nvd.nist.gov/vuln/detail/CVE-2026-32103) | 6.8 | MEDIUM | CWE-639 | No | 0.0% | 4.76 | 2026-03-11 | StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.3, the POST /studioc... |
| [CVE-2026-32102](https://nvd.nist.gov/vuln/detail/CVE-2026-32102) | 7.1 | HIGH | CWE-284 | No | 0.0% | 4.97 | 2026-03-11 | OliveTin gives access to predefined shell commands from a web interface. In 3000.10.2 and earlier, OliveTin’s live Event... |
| [CVE-2026-32101](https://nvd.nist.gov/vuln/detail/CVE-2026-32101) | 7.6 | HIGH | CWE-863 | No | 0.0% | 5.32 | 2026-03-11 | StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.3.1, the S3 storage ma... |
| [CVE-2026-2640](https://nvd.nist.gov/vuln/detail/CVE-2026-2640) | 6.8 | MEDIUM | CWE-269 | No | 0.0% | 4.76 | 2026-03-11 | During an internal security assessment, a potential vulnerability was discovered in Lenovo PC Manager that could allow a... |
| [CVE-2026-2368](https://nvd.nist.gov/vuln/detail/CVE-2026-2368) | 7.5 | HIGH | CWE-295 | No | 0.0% | 5.25 | 2026-03-11 | An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user ca... |
| [CVE-2026-1717](https://nvd.nist.gov/vuln/detail/CVE-2026-1717) | 6.8 | MEDIUM | CWE-88 | No | 0.0% | 4.76 | 2026-03-11 | An input validation vulnerability was reported in the LenovoProductivitySystemAddin used in Lenovo Vantage and Lenovo Ba... |
| [CVE-2026-1716](https://nvd.nist.gov/vuln/detail/CVE-2026-1716) | 6.9 | MEDIUM | CWE-88 | No | 0.0% | 4.83 | 2026-03-11 | An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo Vantage and Lenovo Baiyin... |
| [CVE-2026-1715](https://nvd.nist.gov/vuln/detail/CVE-2026-1715) | 6.9 | MEDIUM | CWE-88 | No | 0.0% | 4.83 | 2026-03-11 | An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo Vantage and Lenovo Baiyin... |
| [CVE-2026-1653](https://nvd.nist.gov/vuln/detail/CVE-2026-1653) | 6.8 | MEDIUM | CWE-369 | No | 0.0% | 4.76 | 2026-03-11 | A potential divide by zero vulnerability was reported in the Lenovo Virtual Bus driver used in Smart Connect that could... |
| [CVE-2026-1652](https://nvd.nist.gov/vuln/detail/CVE-2026-1652) | 6.9 | MEDIUM | CWE-122 | No | 0.0% | 4.83 | 2026-03-11 | A potential buffer overflow vulnerability was reported in the Lenovo Virtual Bus driver used in Smart Connect that could... |
| [CVE-2026-1068](https://nvd.nist.gov/vuln/detail/CVE-2026-1068) | 6.0 | MEDIUM | CWE-295 | No | 0.0% | 4.20 | 2026-03-11 | An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user ca... |
| [CVE-2026-0940](https://nvd.nist.gov/vuln/detail/CVE-2026-0940) | 8.4 | HIGH | CWE-665 | No | 0.0% | 5.88 | 2026-03-11 | A potential improper initialization vulnerability was reported in the BIOS of some ThinkPads that could allow a local pr... |
| [CVE-2026-0520](https://nvd.nist.gov/vuln/detail/CVE-2026-0520) | 2.4 | LOW | CWE-532 | No | 0.0% | 1.68 | 2026-03-11 | A potential vulnerability was reported in the Lenovo FileZ Android application that, under certain conditions, could all... |
| [CVE-2025-70041](https://nvd.nist.gov/vuln/detail/CVE-2025-70041) | 9.8 | CRITICAL | N/A | No | 0.1% | 6.86 | 2026-03-11 | An issue pertaining to CWE-259: Use of Hard-coded Password was discovered in oslabs-beta ThermaKube master. |
| [CVE-2025-70024](https://nvd.nist.gov/vuln/detail/CVE-2025-70024) | 9.8 | CRITICAL | CWE-89 | No | 0.1% | 6.86 | 2026-03-11 | An issue pertaining to CWE-89: Improper Neutralization of Special Elements used in an SQL Command was discovered in benk... |
| [CVE-2025-66956](https://nvd.nist.gov/vuln/detail/CVE-2025-66956) | 9.9 | CRITICAL | CWE-284 | No | 0.1% | 6.93 | 2026-03-11 | Insecure Access Control in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote attackers t... |
| [CVE-2026-3954](https://nvd.nist.gov/vuln/detail/CVE-2026-3954) | 6.9 | MEDIUM | CWE-22 | No | 0.1% | 4.83 | 2026-03-11 | A weakness has been identified in OpenBMB XAgent 1.0.0. Affected by this vulnerability is the function workspace of the... |
| [CVE-2026-3951](https://nvd.nist.gov/vuln/detail/CVE-2026-3951) | 5.3 | MEDIUM | CWE-79 | No | 0.0% | 3.71 | 2026-03-11 | A security flaw has been discovered in LockerProject Locker 0.0.0/0.0.1/0.1.0. Affected is the function authIsAwesome of... |
| [CVE-2026-3950](https://nvd.nist.gov/vuln/detail/CVE-2026-3950) | 4.8 | MEDIUM | CWE-119 | No | 0.0% | 3.36 | 2026-03-11 | A vulnerability was identified in strukturag libheif up to 1.21.2. This impacts the function Track::load of the file lib... |
| [CVE-2026-32234](https://nvd.nist.gov/vuln/detail/CVE-2026-32234) | 5.1 | MEDIUM | CWE-89 | No | 0.0% | 3.57 | 2026-03-11 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-a... |
| [CVE-2026-32098](https://nvd.nist.gov/vuln/detail/CVE-2026-32098) | 6.9 | MEDIUM | CWE-200 | No | 0.0% | 4.83 | 2026-03-11 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-a... |
| [CVE-2026-32097](https://nvd.nist.gov/vuln/detail/CVE-2026-32097) | 8.6 | HIGH | CWE-639 | No | 0.1% | 6.02 | 2026-03-11 | PingPong is a platform for using large language models (LLMs) for teaching and learning. Prior to 7.27.2, an authenticat... |
| [CVE-2026-32096](https://nvd.nist.gov/vuln/detail/CVE-2026-32096) | 9.3 | CRITICAL | CWE-918 | No | 0.1% | 6.51 | 2026-03-11 | Plunk is an open-source email platform built on top of AWS SES. Prior to 0.7.0, a Server-Side Request Forgery (SSRF) vul... |
| [CVE-2026-32095](https://nvd.nist.gov/vuln/detail/CVE-2026-32095) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-11 | Plunk is an open-source email platform built on top of AWS SES. Prior to 0.7.1, Plunk's image upload endpoint accepted S... |
| [CVE-2026-32094](https://nvd.nist.gov/vuln/detail/CVE-2026-32094) | 6.9 | MEDIUM | CWE-200 | No | 0.0% | 4.83 | 2026-03-11 | Shescape is a simple shell escape library for JavaScript. Prior to 2.1.10, Shescape#escape() does not escape square-brac... |
| [CVE-2026-31979](https://nvd.nist.gov/vuln/detail/CVE-2026-31979) | 8.8 | HIGH | CWE-59 | No | 0.0% | 6.16 | 2026-03-11 | Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Prior to 3.1.0 and 2.3.8, the himmelbla... |
| [CVE-2026-31976](https://nvd.nist.gov/vuln/detail/CVE-2026-31976) | 9.3 | CRITICAL | CWE-506 | No | 0.1% | 6.51 | 2026-03-11 | xygeni-action is the GitHub Action for Xygeni Scanner. On March 3, 2026, an attacker with access to compromised credenti... |
| [CVE-2026-31974](https://nvd.nist.gov/vuln/detail/CVE-2026-31974) | 3.0 | LOW | CWE-918 | No | 0.0% | 2.10 | 2026-03-11 | OpenProject is an open-source, web-based project management software. Prior to 17.2.0, OpenProject SMTP test endpoint (P... |
| [CVE-2026-31961](https://nvd.nist.gov/vuln/detail/CVE-2026-31961) | 5.5 | MEDIUM | CWE-770 | No | 0.0% | 3.85 | 2026-03-11 | Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 contains an unb... |
| [CVE-2026-31960](https://nvd.nist.gov/vuln/detail/CVE-2026-31960) | 5.3 | MEDIUM | CWE-770 | No | 0.0% | 3.71 | 2026-03-11 | Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 has unbounded r... |
| [CVE-2026-31959](https://nvd.nist.gov/vuln/detail/CVE-2026-31959) | 5.3 | MEDIUM | CWE-918 | No | 0.0% | 3.71 | 2026-03-11 | Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 contains a Serv... |
| [CVE-2026-31958](https://nvd.nist.gov/vuln/detail/CVE-2026-31958) | 8.7 | HIGH | CWE-400 | No | 0.0% | 6.09 | 2026-03-11 | Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only l... |
| [CVE-2026-31957](https://nvd.nist.gov/vuln/detail/CVE-2026-31957) | 10.0 | CRITICAL | CWE-1188 | No | 0.3% | 7.01 | 2026-03-11 | Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 3.0.0 to before 3.1.0, if Himmelbl... |
| [CVE-2026-31954](https://nvd.nist.gov/vuln/detail/CVE-2026-31954) | 0.0 | NONE | CWE-352 | No | 0.0% | 0.00 | 2026-03-11 | Emlog is an open source website building system. In 2.6.6 and earlier, the delete_async action (asynchronous delete) lac... |
| [CVE-2026-31901](https://nvd.nist.gov/vuln/detail/CVE-2026-31901) | 6.3 | MEDIUM | CWE-204 | No | 0.0% | 4.41 | 2026-03-11 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.34... |
| [CVE-2026-31900](https://nvd.nist.gov/vuln/detail/CVE-2026-31900) | 8.7 | HIGH | CWE-20 | No | 0.2% | 6.10 | 2026-03-11 | Black is the uncompromising Python code formatter. Black provides a GitHub action for formatting code. This action suppo... |
| [CVE-2026-31896](https://nvd.nist.gov/vuln/detail/CVE-2026-31896) | 9.8 | CRITICAL | CWE-89 | No | 0.0% | 6.86 | 2026-03-11 | WeGIA is a web manager for charitable institutions. Prior to version 3.6.6, a critical SQL injection vulnerability exist... |
| [CVE-2026-31895](https://nvd.nist.gov/vuln/detail/CVE-2026-31895) | 8.8 | HIGH | CWE-89 | No | 0.0% | 6.16 | 2026-03-11 | WeGIA is a web manager for charitable institutions. Prior to version 3.6.6, WeGIA (Web gerenciador para instituições ass... |
| [CVE-2026-31894](https://nvd.nist.gov/vuln/detail/CVE-2026-31894) | 6.9 | MEDIUM | CWE-59 | No | 0.1% | 4.83 | 2026-03-11 | WeGIA is a web manager for charitable institutions. In 3.6.5, The patched loadBackupDB() extracts tar.gz archives to a t... |
| [CVE-2026-31889](https://nvd.nist.gov/vuln/detail/CVE-2026-31889) | 8.9 | HIGH | CWE-290 | No | 0.1% | 6.23 | 2026-03-11 | Shopware is an open commerce platform. Prior to 6.6.10.15 and 6.7.8.1, a vulnerability in the Shopware app registration... |
| [CVE-2026-27703](https://nvd.nist.gov/vuln/detail/CVE-2026-27703) | 7.5 | HIGH | CWE-787 | No | 0.1% | 5.25 | 2026-03-11 | RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT)... |
| [CVE-2026-27478](https://nvd.nist.gov/vuln/detail/CVE-2026-27478) | 9.1 | CRITICAL | CWE-290 | No | 0.0% | 6.37 | 2026-03-11 | Unity Catalog is an open, multi-modal Catalog for data and AI. In 0.4.0 and earlier, a critical authentication bypass vu... |
| [CVE-2026-24510](https://nvd.nist.gov/vuln/detail/CVE-2026-24510) | 6.7 | MEDIUM | CWE-269 | No | 0.0% | 4.69 | 2026-03-11 | Dell Alienware Command Center (AWCC), versions prior to 6.12.24.0, contain an Improper Privilege Management vulnerabilit... |
| [CVE-2026-24508](https://nvd.nist.gov/vuln/detail/CVE-2026-24508) | 2.5 | LOW | CWE-295 | No | 0.0% | 1.75 | 2026-03-11 | Dell Alienware Command Center (AWCC), versions prior to 6.12.24.0, contain an Improper Certificate Validation vulnerabil... |
| [CVE-2026-3949](https://nvd.nist.gov/vuln/detail/CVE-2026-3949) | 4.8 | MEDIUM | CWE-119 | No | 0.0% | 3.36 | 2026-03-11 | A vulnerability was determined in strukturag libheif up to 1.21.2. This affects the function vvdec_push_data2 of the fil... |
| [CVE-2026-31888](https://nvd.nist.gov/vuln/detail/CVE-2026-31888) | 5.3 | MEDIUM | CWE-204 | No | 0.1% | 3.71 | 2026-03-11 | Shopware is an open commerce platform. Prior to 6.7.8.1 and 6.6.10.15, the Store API login endpoint (POST /store-api/acc... |
| [CVE-2026-31887](https://nvd.nist.gov/vuln/detail/CVE-2026-31887) | 8.9 | HIGH | CWE-863 | No | 0.0% | 6.23 | 2026-03-11 | Shopware is an open commerce platform. Prior to 6.7.8.1 and 6.6.10.15, an insufficient check on the filter types for una... |
| [CVE-2026-31881](https://nvd.nist.gov/vuln/detail/CVE-2026-31881) | 7.7 | HIGH | CWE-306 | No | 0.3% | 5.40 | 2026-03-11 | Runtipi is a personal homeserver orchestrator. Prior to 4.8.0, an unauthenticated attacker can reset the operator (admin... |
| [CVE-2026-31879](https://nvd.nist.gov/vuln/detail/CVE-2026-31879) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-03-11 | Frappe is a full-stack web application framework. Prior to 14.100.2, 15.101.0, and 16.10.0, due to a lack of validation... |
| [CVE-2026-31878](https://nvd.nist.gov/vuln/detail/CVE-2026-31878) | 5.0 | MEDIUM | CWE-918 | No | 0.0% | 3.50 | 2026-03-11 | Frappe is a full-stack web application framework. Prior to 14.100.1, 15.100.0, and 16.6.0, a malicious user could send a... |
| [CVE-2026-31877](https://nvd.nist.gov/vuln/detail/CVE-2026-31877) | 9.3 | CRITICAL | CWE-89 | No | 0.1% | 6.51 | 2026-03-11 | Frappe is a full-stack web application framework. Prior to 15.84.0 and 14.99.0, a specially crafted request made to a ce... |
| [CVE-2026-31876](https://nvd.nist.gov/vuln/detail/CVE-2026-31876) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-11 | Notesnook is a note-taking app focused on user privacy & ease of use. Prior to 3.3.9, a Stored Cross-Site Scripting (XSS... |
| [CVE-2026-31874](https://nvd.nist.gov/vuln/detail/CVE-2026-31874) | 9.8 | CRITICAL | CWE-284 | No | 0.2% | 6.87 | 2026-03-11 | Taskosaur is an open source project management platform with conversational AI for task execution in-app. In 1.0.0, the... |
| [CVE-2026-24509](https://nvd.nist.gov/vuln/detail/CVE-2026-24509) | 3.6 | LOW | CWE-284 | No | 0.0% | 2.52 | 2026-03-11 | Dell Alienware Command Center (AWCC), versions prior to 6.12.24.0, contain an Improper Access Control vulnerability. A l... |
| [CVE-2019-25487](https://nvd.nist.gov/vuln/detail/CVE-2019-25487) | 9.3 | CRITICAL | CWE-639 | No | 0.2% | 6.52 | 2026-03-11 | SAPIDO RB-1732 V2.0.43 contains a remote command execution vulnerability that allows unauthenticated attackers to execut... |
| [CVE-2019-25486](https://nvd.nist.gov/vuln/detail/CVE-2019-25486) | 8.8 | HIGH | CWE-89 | No | 0.4% | 6.17 | 2026-03-11 | Varient 1.6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queri... |
| [CVE-2019-25485](https://nvd.nist.gov/vuln/detail/CVE-2019-25485) | 6.9 | MEDIUM | CWE-787 | No | 0.0% | 4.83 | 2026-03-11 | R 3.4.4 on Windows x64 contains a buffer overflow vulnerability in the GUI Preferences language menu field that allows l... |
| [CVE-2019-25484](https://nvd.nist.gov/vuln/detail/CVE-2019-25484) | 6.9 | MEDIUM | CWE-787 | No | 0.0% | 4.83 | 2026-03-11 | WinMPG iPod Convert 3.0 contains a buffer overflow vulnerability in the Register dialog that allows local attackers to c... |
| [CVE-2019-25483](https://nvd.nist.gov/vuln/detail/CVE-2019-25483) | 8.6 | HIGH | CWE-306 | No | 0.0% | 6.02 | 2026-03-11 | Comtrend AR-5310 GE31-412SSG-C01_R10.A2pG039u.d24k contains a restricted shell escape vulnerability that allows local us... |
| [CVE-2019-25480](https://nvd.nist.gov/vuln/detail/CVE-2019-25480) | 8.7 | HIGH | CWE-22 | No | 0.2% | 6.10 | 2026-03-11 | ARMBot contains an unrestricted file upload vulnerability in upload.php that allows unauthenticated attackers to upload... |
| [CVE-2019-25478](https://nvd.nist.gov/vuln/detail/CVE-2019-25478) | 8.7 | HIGH | CWE-787 | No | 0.1% | 6.09 | 2026-03-11 | GetGo Download Manager 6.2.2.3300 contains a buffer overflow vulnerability that allows remote attackers to cause denial... |
| [CVE-2019-25477](https://nvd.nist.gov/vuln/detail/CVE-2019-25477) | 6.9 | MEDIUM | CWE-787 | No | 0.0% | 4.83 | 2026-03-11 | RAR Password Recovery 1.80 contains a buffer overflow vulnerability that allows local attackers to crash the application... |
| [CVE-2019-25476](https://nvd.nist.gov/vuln/detail/CVE-2019-25476) | 6.9 | MEDIUM | CWE-787 | No | 0.0% | 4.83 | 2026-03-11 | Outlook Password Recovery 2.10 contains a buffer overflow vulnerability that allows local attackers to crash the applica... |
| [CVE-2019-25475](https://nvd.nist.gov/vuln/detail/CVE-2019-25475) | 6.9 | MEDIUM | CWE-787 | No | 0.0% | 4.83 | 2026-03-11 | SQL Server Password Changer 1.90 contains a buffer overflow vulnerability that allows local attackers to crash the appli... |
| [CVE-2019-25474](https://nvd.nist.gov/vuln/detail/CVE-2019-25474) | 6.9 | MEDIUM | CWE-787 | No | 0.0% | 4.83 | 2026-03-11 | Easy MP3 Downloader 4.7.8.8 contains a buffer overflow vulnerability that allows local attackers to crash the applicatio... |
| [CVE-2019-25472](https://nvd.nist.gov/vuln/detail/CVE-2019-25472) | 8.7 | HIGH | CWE-73 | No | 0.0% | 6.09 | 2026-03-11 | IntelBras Telefone IP TIP200 and 200 LITE contain an unauthenticated arbitrary file read vulnerability in the dumpConfig... |
| [CVE-2019-25471](https://nvd.nist.gov/vuln/detail/CVE-2019-25471) | 9.3 | CRITICAL | CWE-22 | No | 0.6% | 6.53 | 2026-03-11 | FileThingie 2.5.7 contains an arbitrary file upload vulnerability that allows attackers to upload malicious files by sen... |
| [CVE-2019-25470](https://nvd.nist.gov/vuln/detail/CVE-2019-25470) | 8.7 | HIGH | CWE-798 | No | 0.1% | 6.09 | 2026-03-11 | eWON Firmware versions 12.2 to 13.0 contain an authentication bypass vulnerability that allows attackers with minimal pr... |
| [CVE-2019-25469](https://nvd.nist.gov/vuln/detail/CVE-2019-25469) | 6.9 | MEDIUM | CWE-787 | No | 0.0% | 4.83 | 2026-03-11 | Folder Lock 7.7.9 contains a buffer overflow vulnerability in the serial number registration field that allows local att... |
| [CVE-2019-25468](https://nvd.nist.gov/vuln/detail/CVE-2019-25468) | 9.3 | CRITICAL | CWE-94 | No | 0.3% | 6.52 | 2026-03-11 | NetGain EM Plus 10.1.68 contains a remote code execution vulnerability that allows unauthenticated attackers to execute... |
| [CVE-2019-25467](https://nvd.nist.gov/vuln/detail/CVE-2019-25467) | 8.6 | HIGH | CWE-787 | No | 0.0% | 6.02 | 2026-03-11 | Verypdf docPrint Pro 8.0 contains a structured exception handling buffer overflow vulnerability that allows local attack... |
| [CVE-2019-25466](https://nvd.nist.gov/vuln/detail/CVE-2019-25466) | 8.6 | HIGH | CWE-787 | No | 0.0% | 6.02 | 2026-03-11 | Easy File Sharing Web Server 7.2 contains a local structured exception handling buffer overflow vulnerability that allow... |
| [CVE-2019-25465](https://nvd.nist.gov/vuln/detail/CVE-2019-25465) | 8.7 | HIGH | CWE-260 | No | 0.3% | 6.10 | 2026-03-11 | Hisilicon HiIpcam V100R003 contains a directory traversal vulnerability that allows unauthenticated attackers to access... |
| [CVE-2019-25464](https://nvd.nist.gov/vuln/detail/CVE-2019-25464) | 6.7 | MEDIUM | CWE-770 | No | 0.0% | 4.69 | 2026-03-11 | InputMapper 1.6.10 contains a buffer overflow vulnerability in the username field that allows local attackers to crash t... |
| [CVE-2019-25463](https://nvd.nist.gov/vuln/detail/CVE-2019-25463) | 6.9 | MEDIUM | CWE-787 | No | 0.0% | 4.83 | 2026-03-11 | SpotIE Internet Explorer Password Recovery 2.9.5 contains a denial of service vulnerability in the registration key inpu... |
| [CVE-2018-25159](https://nvd.nist.gov/vuln/detail/CVE-2018-25159) | 9.3 | CRITICAL | CWE-1334 | No | 0.1% | 6.51 | 2026-03-11 | Epross AVCON6 systems management platform contains an object-graph navigation language (OGNL) injection vulnerability th... |
| [CVE-2026-31975](https://nvd.nist.gov/vuln/detail/CVE-2026-31975) | 8.7 | HIGH | CWE-78 | No | 0.6% | 6.11 | 2026-03-11 | Cloud CLI (aka Claude Code UI) is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1... |
| [CVE-2026-31875](https://nvd.nist.gov/vuln/detail/CVE-2026-31875) | 8.2 | HIGH | CWE-672 | No | 0.1% | 5.74 | 2026-03-11 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-a... |
| [CVE-2026-31872](https://nvd.nist.gov/vuln/detail/CVE-2026-31872) | 8.7 | HIGH | CWE-284 | No | 0.0% | 6.09 | 2026-03-11 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-a... |
| [CVE-2026-31871](https://nvd.nist.gov/vuln/detail/CVE-2026-31871) | 9.3 | CRITICAL | CWE-89 | No | 0.0% | 6.51 | 2026-03-11 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-a... |
| [CVE-2026-31870](https://nvd.nist.gov/vuln/detail/CVE-2026-31870) | 7.5 | HIGH | CWE-248 | No | 0.1% | 5.25 | 2026-03-11 | cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.1, when a cpp-httplib cl... |
| [CVE-2026-31868](https://nvd.nist.gov/vuln/detail/CVE-2026-31868) | 6.3 | MEDIUM | CWE-79 | No | 0.1% | 4.41 | 2026-03-11 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-a... |
| [CVE-2026-31867](https://nvd.nist.gov/vuln/detail/CVE-2026-31867) | 6.3 | MEDIUM | CWE-639 | No | 0.1% | 4.41 | 2026-03-11 | Craft Commerce is an ecommerce platform for Craft CMS. Prior to 4.11.0 and 5.6.0, An Insecure Direct Object Reference (I... |
| [CVE-2026-31866](https://nvd.nist.gov/vuln/detail/CVE-2026-31866) | 7.5 | HIGH | CWE-770 | No | 0.1% | 5.25 | 2026-03-11 | flagd is a feature flag daemon with a Unix philosophy. Prior to 0.14.2, flagd exposes OFREP (/ofrep/v1/evaluate/...) and... |
| [CVE-2026-31863](https://nvd.nist.gov/vuln/detail/CVE-2026-31863) | 3.6 | LOW | CWE-307 | No | 0.0% | 2.52 | 2026-03-11 | Anytype Heart is the middleware library for Anytype. The challenge-based authentication for the local gRPC client API ca... |
| [CVE-2026-31862](https://nvd.nist.gov/vuln/detail/CVE-2026-31862) | 9.1 | CRITICAL | CWE-78 | No | 0.1% | 6.37 | 2026-03-11 | Cloud CLI (aka Claude Code UI) is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1... |
| [CVE-2026-31861](https://nvd.nist.gov/vuln/detail/CVE-2026-31861) | 8.7 | HIGH | CWE-94 | No | 0.1% | 6.09 | 2026-03-11 | Cloud CLI (aka Claude Code UI) is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1... |
| [CVE-2026-31859](https://nvd.nist.gov/vuln/detail/CVE-2026-31859) | 6.9 | MEDIUM | CWE-79 | No | 0.0% | 4.83 | 2026-03-11 | Craft is a content management system (CMS). The fix for CVE-2025-35939 in craftcms/cms introduced a strip_tags() call in... |
| [CVE-2026-31858](https://nvd.nist.gov/vuln/detail/CVE-2026-31858) | 8.7 | HIGH | CWE-89 | No | 0.0% | 6.09 | 2026-03-11 | Craft is a content management system (CMS). The ElementSearchController::actionSearch() endpoint is missing the unset()... |
| [CVE-2026-31857](https://nvd.nist.gov/vuln/detail/CVE-2026-31857) | 8.1 | HIGH | CWE-94 | No | 0.1% | 5.67 | 2026-03-11 | Craft is a content management system (CMS). Prior to 5.9.9 and 4.17.4, a Remote Code Execution vulnerability exists in t... |
| [CVE-2026-31856](https://nvd.nist.gov/vuln/detail/CVE-2026-31856) | 9.3 | CRITICAL | CWE-89 | No | 0.0% | 6.51 | 2026-03-11 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A SQL injection... |
| [CVE-2026-30226](https://nvd.nist.gov/vuln/detail/CVE-2026-30226) | 6.3 | MEDIUM | CWE-1321 | No | 0.1% | 4.41 | 2026-03-11 | Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the... |
| [CVE-2026-0230](https://nvd.nist.gov/vuln/detail/CVE-2026-0230) | 4.0 | MEDIUM | CWE-754 | No | 0.0% | 2.80 | 2026-03-11 | A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on macOS allows a local administrator t... |
| [CVE-2026-3429](https://nvd.nist.gov/vuln/detail/CVE-2026-3429) | 4.2 | MEDIUM | CWE-284 | No | 0.1% | 2.94 | 2026-03-11 | A flaw was identified in the Account REST API of Keycloak that allows a user authenticated at a lower security level to... |
| [CVE-2026-31854](https://nvd.nist.gov/vuln/detail/CVE-2026-31854) | 8.7 | HIGH | CWE-78 | No | 0.1% | 6.09 | 2026-03-11 | Cursor is a code editor built for programming with AI. Prior to 2.0 ,if a visited website contains maliciously crafted i... |
| [CVE-2026-31853](https://nvd.nist.gov/vuln/detail/CVE-2026-31853) | 5.7 | MEDIUM | CWE-122 | No | 0.0% | 3.99 | 2026-03-11 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-16 and 6.9... |
| [CVE-2026-31852](https://nvd.nist.gov/vuln/detail/CVE-2026-31852) | 10.0 | CRITICAL | CWE-269 | No | 0.1% | 7.00 | 2026-03-11 | Jellyfin is an open-source media system. The code-quality.yml GitHub Actions workflow in jellyfin/jellyfin-ios is vulner... |
| [CVE-2026-31840](https://nvd.nist.gov/vuln/detail/CVE-2026-31840) | 9.3 | CRITICAL | CWE-89 | No | 0.1% | 6.51 | 2026-03-11 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-a... |
| [CVE-2026-31839](https://nvd.nist.gov/vuln/detail/CVE-2026-31839) | 8.2 | HIGH | CWE-354 | No | 0.0% | 5.74 | 2026-03-11 | Striae is a firearms examiner's comparison companion. A high-severity integrity bypass vulnerability existed in Striae's... |
| [CVE-2026-31813](https://nvd.nist.gov/vuln/detail/CVE-2026-31813) | 4.8 | MEDIUM | CWE-290 | No | 0.0% | 3.36 | 2026-03-11 | Supabase Auth is a JWT based API for managing users and issuing JWT tokens. Prior to 2.185.0, a vulnerability has been i... |
| [CVE-2026-30868](https://nvd.nist.gov/vuln/detail/CVE-2026-30868) | 6.3 | MEDIUM | CWE-352 | No | 0.0% | 4.41 | 2026-03-11 | OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.4, multiple OPNsense MVC API endpoints perform... |
| [CVE-2026-30239](https://nvd.nist.gov/vuln/detail/CVE-2026-30239) | 6.5 | MEDIUM | CWE-863 | No | 0.0% | 4.55 | 2026-03-11 | OpenProject is an open-source, web-based project management software. Prior to 17.2.0, when budgets are deleted, the wor... |
| [CVE-2026-30236](https://nvd.nist.gov/vuln/detail/CVE-2026-30236) | 4.3 | MEDIUM | CWE-863 | No | 0.0% | 3.01 | 2026-03-11 | OpenProject is an open-source, web-based project management software. Prior to 17.2.0, when editing a project budget and... |
| [CVE-2026-30235](https://nvd.nist.gov/vuln/detail/CVE-2026-30235) | 6.5 | MEDIUM | CWE-79 | No | 0.1% | 4.55 | 2026-03-11 | OpenProject is an open-source, web-based project management software. Prior to 17.2.0, this vulnerability occurs due to... |
| [CVE-2026-20165](https://nvd.nist.gov/vuln/detail/CVE-2026-20165) | 6.3 | MEDIUM | CWE-532 | No | 0.0% | 4.41 | 2026-03-11 | In Splunk Enterprise versions below 10.2.1, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.251... |
| [CVE-2026-20164](https://nvd.nist.gov/vuln/detail/CVE-2026-20164) | 6.5 | MEDIUM | CWE-200 | No | 0.0% | 4.55 | 2026-03-11 | In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.251... |
| [CVE-2026-20163](https://nvd.nist.gov/vuln/detail/CVE-2026-20163) | 7.2 | HIGH | CWE-77 | No | 0.1% | 5.04 | 2026-03-11 | In Splunk Enterprise versions below 10.2.0, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.251... |
| [CVE-2025-70082](https://nvd.nist.gov/vuln/detail/CVE-2025-70082) | 9.8 | CRITICAL | CWE-78 | No | 0.1% | 6.86 | 2026-03-11 | An issue in Lantronix EDS3000PS v.3.1.0.0R2 allows an attacker to execute arbitrary code and obtain sensitive informatio... |
| [CVE-2025-68623](https://nvd.nist.gov/vuln/detail/CVE-2025-68623) | 8.8 | HIGH | CWE-284 | No | 0.0% | 6.16 | 2026-03-11 | In Microsoft DirectX End-User Runtime Web Installer 9.29.1974.0, a low-privilege user can replace an executable file dur... |
| [CVE-2025-67041](https://nvd.nist.gov/vuln/detail/CVE-2025-67041) | 9.8 | CRITICAL | CWE-78 | No | 0.1% | 6.86 | 2026-03-11 | An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The host parameter of the TFTP client in the Filesystem Browse... |
| [CVE-2025-67039](https://nvd.nist.gov/vuln/detail/CVE-2025-67039) | 9.1 | CRITICAL | CWE-288 | No | 0.1% | 6.37 | 2026-03-11 | An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The authentication on management pages can be bypassed by appe... |
| [CVE-2025-67038](https://nvd.nist.gov/vuln/detail/CVE-2025-67038) | 9.8 | CRITICAL | CWE-94 | No | 0.1% | 6.86 | 2026-03-11 | An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when... |
| [CVE-2025-67037](https://nvd.nist.gov/vuln/detail/CVE-2025-67037) | 8.8 | HIGH | CWE-94 | No | 0.1% | 6.16 | 2026-03-11 | An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "tunne... |
| [CVE-2025-67036](https://nvd.nist.gov/vuln/detail/CVE-2025-67036) | 8.8 | HIGH | CWE-94 | No | 0.1% | 6.16 | 2026-03-11 | An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The Log Info page allows users to see log files by specifying th... |
| [CVE-2025-67035](https://nvd.nist.gov/vuln/detail/CVE-2025-67035) | 9.8 | CRITICAL | CWE-94 | No | 0.1% | 6.86 | 2026-03-11 | An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The SSH Client and SSH Server pages are affected by multiple OS... |
| [CVE-2025-67034](https://nvd.nist.gov/vuln/detail/CVE-2025-67034) | 8.8 | HIGH | CWE-94 | No | 0.1% | 6.16 | 2026-03-11 | An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "name"... |
| [CVE-2025-12555](https://nvd.nist.gov/vuln/detail/CVE-2025-12555) | 4.3 | MEDIUM | CWE-863 | No | 0.0% | 3.01 | 2026-03-11 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.7.6, 18.8 before 18.8.6, and 1... |
| [CVE-2026-3848](https://nvd.nist.gov/vuln/detail/CVE-2026-3848) | 5.0 | MEDIUM | CWE-93 | No | 0.0% | 3.50 | 2026-03-11 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.11 before 18.7.6, 18.8 before 18.8.6, and 1... |
| [CVE-2026-31892](https://nvd.nist.gov/vuln/detail/CVE-2026-31892) | 8.9 | HIGH | CWE-863 | No | 0.0% | 6.23 | 2026-03-11 | Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 2.... |
| [CVE-2026-30741](https://nvd.nist.gov/vuln/detail/CVE-2026-30741) | 9.8 | CRITICAL | CWE-94 | No | 0.4% | 6.87 | 2026-03-11 | A remote code execution (RCE) vulnerability in OpenClaw Agent Platform v2026.2.6 allows attackers to execute arbitrary c... |
| [CVE-2026-30234](https://nvd.nist.gov/vuln/detail/CVE-2026-30234) | 6.5 | MEDIUM | CWE-22 | No | 0.0% | 4.55 | 2026-03-11 | OpenProject is an open-source, web-based project management software. Prior to 17.2.0, an authenticated project member w... |
| [CVE-2026-29777](https://nvd.nist.gov/vuln/detail/CVE-2026-29777) | 6.1 | MEDIUM | CWE-74 | No | 0.0% | 4.27 | 2026-03-11 | Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.10, A tenant with write access to an HTTPRoute resource... |
| [CVE-2026-28803](https://nvd.nist.gov/vuln/detail/CVE-2026-28803) | 6.5 | MEDIUM | CWE-284 | No | 0.0% | 4.55 | 2026-03-11 | Open Forms allows users create and publish smart forms. Prior to 3.3.13 and 3.4.5, to be able to cosign, the cosigner re... |
| [CVE-2026-28229](https://nvd.nist.gov/vuln/detail/CVE-2026-28229) | 9.8 | CRITICAL | CWE-863 | No | 0.0% | 6.86 | 2026-03-11 | Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior t... |
| [CVE-2026-27897](https://nvd.nist.gov/vuln/detail/CVE-2026-27897) | 10.0 | CRITICAL | CWE-22 | No | 0.1% | 7.00 | 2026-03-11 | Vociferous provides cross-platform, offline speech-to-text with local AI refinement. Prior to 4.4.2, the vulnerability e... |
| [CVE-2026-22248](https://nvd.nist.gov/vuln/detail/CVE-2026-22248) | 8.0 | HIGH | CWE-502 | No | 0.2% | 5.61 | 2026-03-11 | GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses track... |
| [CVE-2026-21888](https://nvd.nist.gov/vuln/detail/CVE-2026-21888) | 7.5 | HIGH | CWE-125 | No | 0.1% | 5.25 | 2026-03-11 | NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. MQTT v5 Variable Byte Integer parsing out-of-bound... |
| [CVE-2026-1732](https://nvd.nist.gov/vuln/detail/CVE-2026-1732) | 4.3 | MEDIUM | CWE-212 | No | 0.0% | 3.01 | 2026-03-11 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.6 before 18.7.6, 18.8 before 18.8.6, and 1... |
| [CVE-2026-1663](https://nvd.nist.gov/vuln/detail/CVE-2026-1663) | 4.3 | MEDIUM | CWE-862 | No | 0.0% | 3.01 | 2026-03-11 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.4 before 18.7.6, 18.8 before 18.8.6, and 1... |
| [CVE-2026-1230](https://nvd.nist.gov/vuln/detail/CVE-2026-1230) | 4.1 | MEDIUM | CWE-706 | No | 0.1% | 2.87 | 2026-03-11 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 1.0 before 18.7.6, 18.8 before 18.8.6, and 18... |
| [CVE-2026-1090](https://nvd.nist.gov/vuln/detail/CVE-2026-1090) | 8.7 | HIGH | CWE-79 | No | 0.1% | 6.09 | 2026-03-11 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6 before 18.7.6, 18.8 before 18.8.6, and 1... |
| [CVE-2026-1069](https://nvd.nist.gov/vuln/detail/CVE-2026-1069) | 7.5 | HIGH | CWE-674 | No | 0.0% | 5.25 | 2026-03-11 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9 before 18.9.2 that could have allowed an... |
| [CVE-2026-0602](https://nvd.nist.gov/vuln/detail/CVE-2026-0602) | 4.3 | MEDIUM | CWE-288 | No | 0.0% | 3.01 | 2026-03-11 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 before 18.7.6, 18.8 before 18.8.6, and 1... |
| [CVE-2025-14513](https://nvd.nist.gov/vuln/detail/CVE-2025-14513) | 7.5 | HIGH | CWE-1284 | No | 0.0% | 5.25 | 2026-03-11 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.11 before 18.7.6, 18.8 before 18.8.6, and... |
| [CVE-2025-13929](https://nvd.nist.gov/vuln/detail/CVE-2025-13929) | 7.5 | HIGH | CWE-770 | No | 0.1% | 5.25 | 2026-03-11 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.0 before 18.7.6, 18.8 before 18.8.6, and 1... |
| [CVE-2025-13690](https://nvd.nist.gov/vuln/detail/CVE-2025-13690) | 6.5 | MEDIUM | CWE-770 | No | 0.1% | 4.55 | 2026-03-11 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.11 before 18.7.6, 18.8 before 18.8.6, and... |
| [CVE-2025-12704](https://nvd.nist.gov/vuln/detail/CVE-2025-12704) | 3.5 | LOW | CWE-862 | No | 0.0% | 2.45 | 2026-03-11 | GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.7.6, 18.8 before 18.8.6, and 18.9... |
| [CVE-2025-12697](https://nvd.nist.gov/vuln/detail/CVE-2025-12697) | 2.2 | LOW | CWE-116 | No | 0.0% | 1.54 | 2026-03-11 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.5 before 18.7.6, 18.8 before 18.8.6, and 1... |
| [CVE-2025-12690](https://nvd.nist.gov/vuln/detail/CVE-2025-12690) | 7.3 | HIGH | CWE-250 | No | 0.0% | 5.11 | 2026-03-11 | Execution with unnecessary privileges in Forcepoint NGFW Engine allows local privilege escalation.This issue affects NGF... |
| [CVE-2025-12576](https://nvd.nist.gov/vuln/detail/CVE-2025-12576) | 6.5 | MEDIUM | CWE-770 | No | 0.0% | 4.55 | 2026-03-11 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.3 before 18.7.6, 18.8 before 18.8.6, and 18... |
| [CVE-2026-3946](https://nvd.nist.gov/vuln/detail/CVE-2026-3946) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-03-11 | A vulnerability was detected in PHPEMS 11.0. The affected element is an unknown function of the file /index.php?ask=app-... |
| [CVE-2026-3013](https://nvd.nist.gov/vuln/detail/CVE-2026-3013) | 8.7 | HIGH | CWE-22 | No | 0.4% | 6.10 | 2026-03-11 | Coppermine Photo Gallery in versions 1.6.09 through 1.6.27 is vulnerable to path traversal. Unauthenticated remote attac... |
| [CVE-2026-32229](https://nvd.nist.gov/vuln/detail/CVE-2026-32229) | 6.8 | MEDIUM | CWE-290 | No | 0.0% | 4.76 | 2026-03-11 | In JetBrains Hub before 2026.1 possible on sign-in account mismatch with non-SSO auth and 2FA disabled |
| [CVE-2026-30903](https://nvd.nist.gov/vuln/detail/CVE-2026-30903) | 9.6 | CRITICAL | CWE-73 | No | 0.1% | 6.72 | 2026-03-11 | External Control of File Name or Path in the Mail feature of Zoom Workplace for Windows before 6.6.0 may allow an unauth... |
| [CVE-2026-30902](https://nvd.nist.gov/vuln/detail/CVE-2026-30902) | 7.8 | HIGH | CWE-269 | No | 0.0% | 5.46 | 2026-03-11 | Improper Privilege Management in certain Zoom Clients for Windows may allow an authenticated user to conduct an escalati... |
| [CVE-2026-30901](https://nvd.nist.gov/vuln/detail/CVE-2026-30901) | 7.0 | HIGH | CWE-20 | No | 0.0% | 4.90 | 2026-03-11 | Improper Input Validation in Zoom Rooms for Windows before 6.6.5 in Kiosk Mode may allow an authenticated user to conduc... |
| [CVE-2026-30900](https://nvd.nist.gov/vuln/detail/CVE-2026-30900) | 7.8 | HIGH | CWE-754 | No | 0.0% | 5.46 | 2026-03-11 | Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an authenticated... |
| [CVE-2025-70330](https://nvd.nist.gov/vuln/detail/CVE-2025-70330) | 3.3 | LOW | CWE-125 | No | 0.0% | 2.31 | 2026-03-11 | Easy Grade Pro 4.1.0.2 contains a file parsing logic flaw in the handling of proprietary .EGP gradebook files. By modify... |
| [CVE-2025-70027](https://nvd.nist.gov/vuln/detail/CVE-2025-70027) | 7.5 | HIGH | CWE-918 | No | 0.0% | 5.25 | 2026-03-11 | An issue pertaining to CWE-918: Server-Side Request Forgery was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. This... |
| [CVE-2025-67298](https://nvd.nist.gov/vuln/detail/CVE-2025-67298) | 8.1 | HIGH | CWE-290 | No | 0.1% | 5.67 | 2026-03-11 | An issue in ClasroomIO before v.0.2.6 allows a remote attacker to escalate privileges via the endpoints /api/verify and... |
| [CVE-2026-3496](https://nvd.nist.gov/vuln/detail/CVE-2026-3496) | 7.5 | HIGH | CWE-89 | No | 0.1% | 5.25 | 2026-03-11 | The JetBooking plugin for WordPress is vulnerable to SQL Injection via the 'check_in_date' parameter in all versions up... |
| [CVE-2026-32063](https://nvd.nist.gov/vuln/detail/CVE-2026-32063) | 6.9 | MEDIUM | CWE-77 | No | 0.1% | 4.83 | 2026-03-11 | OpenClaw version 2026.2.19-2 prior to 2026.2.21 contains a command injection vulnerability in systemd unit file generati... |
| [CVE-2026-32062](https://nvd.nist.gov/vuln/detail/CVE-2026-32062) | 8.7 | HIGH | CWE-770 | No | 0.1% | 6.09 | 2026-03-11 | OpenClaw versions2026.2.21-2 prior to 2026.2.22 and @openclaw/voice-call versions 2026.2.21 prior to 2026.2.22 accept me... |
| [CVE-2026-32061](https://nvd.nist.gov/vuln/detail/CVE-2026-32061) | 6.7 | MEDIUM | CWE-22 | No | 0.0% | 4.69 | 2026-03-11 | OpenClaw versions prior to 2026.2.17 contain a path traversal vulnerability in the $include directive resolution that al... |
| [CVE-2026-32060](https://nvd.nist.gov/vuln/detail/CVE-2026-32060) | 8.7 | HIGH | CWE-22 | No | 0.4% | 6.10 | 2026-03-11 | OpenClaw versions prior to 2026.2.14 contain a path traversal vulnerability in apply_patch that allows attackers to writ... |
| [CVE-2026-32059](https://nvd.nist.gov/vuln/detail/CVE-2026-32059) | 8.7 | HIGH | CWE-863 | No | 0.1% | 6.09 | 2026-03-11 | OpenClaw version 2026.2.22-2 prior to 2026.2.23 tools.exec.safeBins validation for sort command fails to properly valida... |
| [CVE-2026-3944](https://nvd.nist.gov/vuln/detail/CVE-2026-3944) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-11 | A vulnerability was determined in itsourcecode University Management System 1.0. This vulnerability affects unknown code... |
| [CVE-2026-3943](https://nvd.nist.gov/vuln/detail/CVE-2026-3943) | 6.9 | MEDIUM | CWE-74 | No | 0.7% | 4.85 | 2026-03-11 | A vulnerability was found in H3C ACG1000-AK230 up to 20260227. This affects an unknown part of the file /webui/?aaa_port... |
| [CVE-2026-3178](https://nvd.nist.gov/vuln/detail/CVE-2026-3178) | 7.2 | HIGH | CWE-79 | No | 0.1% | 5.04 | 2026-03-11 | The Name Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name_directory_name' param... |
| [CVE-2026-3906](https://nvd.nist.gov/vuln/detail/CVE-2026-3906) | 4.3 | MEDIUM | CWE-862 | No | 0.0% | 3.01 | 2026-03-11 | WordPress core is vulnerable to unauthorized access in versions 6.9 through 6.9.1. The Notes feature (block-level collab... |
| [CVE-2026-3492](https://nvd.nist.gov/vuln/detail/CVE-2026-3492) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-03-11 | The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including... |
| [CVE-2026-3231](https://nvd.nist.gov/vuln/detail/CVE-2026-3231) | 7.2 | HIGH | CWE-79 | No | 0.1% | 5.04 | 2026-03-11 | The Checkout Field Editor (Checkout Manager) for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scr... |
| [CVE-2026-1993](https://nvd.nist.gov/vuln/detail/CVE-2026-1993) | 8.8 | HIGH | CWE-269 | No | 0.1% | 6.16 | 2026-03-11 | The ExactMetrics – Google Analytics Dashboard for WordPress plugin is vulnerable to Improper Privilege Management in ver... |
| [CVE-2026-1992](https://nvd.nist.gov/vuln/detail/CVE-2026-1992) | 8.8 | HIGH | CWE-639 | No | 0.1% | 6.16 | 2026-03-11 | The ExactMetrics – Google Analytics Dashboard for WordPress plugin is vulnerable to Insecure Direct Object Reference in... |
| [CVE-2026-1454](https://nvd.nist.gov/vuln/detail/CVE-2026-1454) | 7.2 | HIGH | CWE-79 | No | 0.1% | 5.04 | 2026-03-11 | The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scr... |
| [CVE-2026-3903](https://nvd.nist.gov/vuln/detail/CVE-2026-3903) | 4.3 | MEDIUM | CWE-352 | No | 0.0% | 3.01 | 2026-03-11 | The Modular DS: Monitor, update, and backup multiple websites plugin for WordPress is vulnerable to Cross-Site Request F... |
| [CVE-2026-2918](https://nvd.nist.gov/vuln/detail/CVE-2026-2918) | 6.4 | MEDIUM | CWE-639 | No | 0.0% | 4.48 | 2026-03-11 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up... |
| [CVE-2026-2917](https://nvd.nist.gov/vuln/detail/CVE-2026-2917) | 5.4 | MEDIUM | CWE-639 | No | 0.0% | 3.78 | 2026-03-11 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up... |
| [CVE-2026-1708](https://nvd.nist.gov/vuln/detail/CVE-2026-1708) | 7.5 | HIGH | CWE-89 | No | 0.2% | 5.26 | 2026-03-11 | The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to bli... |
| [CVE-2026-3826](https://nvd.nist.gov/vuln/detail/CVE-2026-3826) | 9.3 | CRITICAL | CWE-98 | No | 0.3% | 6.52 | 2026-03-11 | IFTOP developed by WellChoose has a Local File Inclusion vulnerability, allowing unauthenticated remote attackers to exe... |
| [CVE-2026-3825](https://nvd.nist.gov/vuln/detail/CVE-2026-3825) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-03-11 | IFTOP developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing authenticated remote attacker... |
| [CVE-2026-3824](https://nvd.nist.gov/vuln/detail/CVE-2026-3824) | 5.1 | MEDIUM | CWE-601 | No | 0.0% | 3.57 | 2026-03-11 | IFTOP developed by WellChoose has an Open redirect vulnerability, allowing authenticated remote attackers to craft a URL... |
| [CVE-2026-3534](https://nvd.nist.gov/vuln/detail/CVE-2026-3534) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-03-11 | The Astra theme for WordPress is vulnerable to Stored Cross-Site Scripting via the `ast-page-background-meta` and `ast-c... |
| [CVE-2026-31844](https://nvd.nist.gov/vuln/detail/CVE-2026-31844) | 8.7 | HIGH | CWE-89 | No | 0.1% | 6.09 | 2026-03-11 | An authenticated SQL Injection vulnerability (CWE-89) exists in the Koha staff interface in the /cgi-bin/koha/suggestion... |
| [CVE-2026-3911](https://nvd.nist.gov/vuln/detail/CVE-2026-3911) | 2.7 | LOW | CWE-359 | No | 0.0% | 1.89 | 2026-03-11 | A flaw was found in Keycloak. An authenticated user with the view-users role could exploit a vulnerability in the UserRe... |
| [CVE-2026-3884](https://nvd.nist.gov/vuln/detail/CVE-2026-3884) | 2.0 | LOW | CWE-79 | No | 0.0% | 1.40 | 2026-03-11 | Versions of the package spin.js before 3.0.0 are vulnerable to Cross-site Scripting (XSS) via the spin() function that a... |
| [CVE-2026-3222](https://nvd.nist.gov/vuln/detail/CVE-2026-3222) | 7.5 | HIGH | CWE-89 | No | 0.2% | 5.26 | 2026-03-11 | The WP Maps plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'location_id' parameter in all... |
| [CVE-2026-2707](https://nvd.nist.gov/vuln/detail/CVE-2026-2707) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-03-11 | The weForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API entry submission endpoint... |
| [CVE-2026-2631](https://nvd.nist.gov/vuln/detail/CVE-2026-2631) | 9.8 | CRITICAL | CWE-269 | No | 0.1% | 6.86 | 2026-03-11 | The Datalogics Ecommerce Delivery  WordPress plugin before 2.6.60 exposes an unauthenticated REST endpoint that allows a... |
| [CVE-2026-2626](https://nvd.nist.gov/vuln/detail/CVE-2026-2626) | 8.1 | HIGH | CWE-352 | No | 0.0% | 5.67 | 2026-03-11 | The divi-booster WordPress plugin before 5.0.2 does not have authorization and CSRF checks in one of its fixing function... |
| [CVE-2026-2466](https://nvd.nist.gov/vuln/detail/CVE-2026-2466) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-11 | The DukaPress WordPress plugin through 3.2.4 does not sanitise and escape a parameter before outputting it back in the p... |
| [CVE-2026-2358](https://nvd.nist.gov/vuln/detail/CVE-2026-2358) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-03-11 | The WP ULike plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `[wp_ulike_likers_box]` shortcode... |
| [CVE-2026-27842](https://nvd.nist.gov/vuln/detail/CVE-2026-27842) | 9.3 | CRITICAL | CWE-288 | No | 0.1% | 6.51 | 2026-03-11 | Authentication bypass issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to bypass authentication an... |
| [CVE-2026-24448](https://nvd.nist.gov/vuln/detail/CVE-2026-24448) | 9.3 | CRITICAL | CWE-798 | No | 0.1% | 6.51 | 2026-03-11 | Use of hard-coded credentials issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to obtain administr... |
| [CVE-2026-20892](https://nvd.nist.gov/vuln/detail/CVE-2026-20892) | 8.6 | HIGH | CWE-94 | No | 0.1% | 6.02 | 2026-03-11 | Code injection vulnerability exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker with administrative privil... |
| [CVE-2026-1867](https://nvd.nist.gov/vuln/detail/CVE-2026-1867) | 5.9 | MEDIUM | CWE-200 | No | 0.1% | 4.13 | 2026-03-11 | The Guest posting / Frontend Posting / Front Editor  WordPress plugin before 5.0.6 allows passing a URL parameter to reg... |
| [CVE-2026-1753](https://nvd.nist.gov/vuln/detail/CVE-2026-1753) | 6.8 | MEDIUM | CWE-639 | No | 0.0% | 4.76 | 2026-03-11 | The Gutena Forms  WordPress plugin before 1.6.1 does not validate option to be updated, which could allow contributors a... |
| [CVE-2023-27573](https://nvd.nist.gov/vuln/detail/CVE-2023-27573) | 9.0 | CRITICAL | CWE-1392 | No | 0.1% | 6.30 | 2026-03-11 | netbox-docker before 2.5.0 has a superuser account with default credentials (admin password for the admin account, and 0... |
| [CVE-2026-2413](https://nvd.nist.gov/vuln/detail/CVE-2026-2413) | 7.5 | HIGH | CWE-89 | No | 26.5% | 6.04 | 2026-03-11 | The Ally – Web Accessibility & Usability plugin for WordPress is vulnerable to SQL Injection via the URL path in all ver... |
| [CVE-2025-13067](https://nvd.nist.gov/vuln/detail/CVE-2025-13067) | 8.8 | HIGH | CWE-434 | No | 0.1% | 6.16 | 2026-03-11 | The Royal Addons for Elementor plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and in... |
| [CVE-2026-29515](https://nvd.nist.gov/vuln/detail/CVE-2026-29515) | 9.3 | CRITICAL | CWE-303 | No | 0.1% | 6.51 | 2026-03-11 | MiCode FileExplorer contains an authentication bypass vulnerability in the embedded SwiFTP FTP server component that all... |
| [CVE-2026-23817](https://nvd.nist.gov/vuln/detail/CVE-2026-23817) | 6.5 | MEDIUM | CWE-601 | No | 0.0% | 4.55 | 2026-03-11 | A vulnerability in the web-based management interface of AOS-CX Switches could allow an unauthenticated remote attacker... |
| [CVE-2026-23816](https://nvd.nist.gov/vuln/detail/CVE-2026-23816) | 7.2 | HIGH | CWE-78 | No | 0.2% | 5.05 | 2026-03-11 | A vulnerability in the command line interface of AOS-CX Switches could allow an authenticated remote attacker to execute... |
| [CVE-2026-23815](https://nvd.nist.gov/vuln/detail/CVE-2026-23815) | 7.2 | HIGH | CWE-77 | No | 0.4% | 5.05 | 2026-03-11 | A vulnerability in a custom binary used in AOS-CX Switches' CLI could allow an authenticated remote attacker with high p... |
| [CVE-2026-23814](https://nvd.nist.gov/vuln/detail/CVE-2026-23814) | 8.8 | HIGH | CWE-77 | No | 0.2% | 6.16 | 2026-03-11 | A vulnerability in the command parameters of a certain AOS-CX CLI command could allow a low-privilege authenticated remo... |
| [CVE-2026-23813](https://nvd.nist.gov/vuln/detail/CVE-2026-23813) | 9.8 | CRITICAL | CWE-287 | No | 0.1% | 6.86 | 2026-03-11 | A vulnerability has been identified in the web-based management interface of AOS-CX switches that could potentially allo... |
| [CVE-2026-3453](https://nvd.nist.gov/vuln/detail/CVE-2026-3453) | 8.1 | HIGH | CWE-639 | No | 0.1% | 5.67 | 2026-03-11 | The ProfilePress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and inclu... |
| [CVE-2026-21361](https://nvd.nist.gov/vuln/detail/CVE-2026-21361) | 8.1 | HIGH | CWE-79 | No | 0.1% | 5.67 | 2026-03-11 | Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a... |
| [CVE-2026-21360](https://nvd.nist.gov/vuln/detail/CVE-2026-21360) | 6.8 | MEDIUM | CWE-22 | No | 0.2% | 4.77 | 2026-03-11 | Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an... |
| [CVE-2026-21359](https://nvd.nist.gov/vuln/detail/CVE-2026-21359) | 4.7 | MEDIUM | CWE-863 | No | 0.1% | 3.29 | 2026-03-11 | Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an... |
| [CVE-2026-21311](https://nvd.nist.gov/vuln/detail/CVE-2026-21311) | 8.0 | HIGH | CWE-79 | No | 0.1% | 5.60 | 2026-03-11 | Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a... |
| [CVE-2026-21310](https://nvd.nist.gov/vuln/detail/CVE-2026-21310) | 5.3 | MEDIUM | CWE-20 | No | 0.5% | 3.72 | 2026-03-11 | Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an... |
| [CVE-2026-21309](https://nvd.nist.gov/vuln/detail/CVE-2026-21309) | 7.5 | HIGH | CWE-863 | No | 0.1% | 5.25 | 2026-03-11 | Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an... |
| [CVE-2026-21297](https://nvd.nist.gov/vuln/detail/CVE-2026-21297) | 4.3 | MEDIUM | CWE-863 | No | 0.1% | 3.01 | 2026-03-11 | Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an... |
| [CVE-2026-21296](https://nvd.nist.gov/vuln/detail/CVE-2026-21296) | 4.3 | MEDIUM | CWE-863 | No | 0.1% | 3.01 | 2026-03-11 | Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an... |
| [CVE-2026-21295](https://nvd.nist.gov/vuln/detail/CVE-2026-21295) | 3.1 | LOW | CWE-601 | No | 0.0% | 2.17 | 2026-03-11 | Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a... |
| [CVE-2026-21294](https://nvd.nist.gov/vuln/detail/CVE-2026-21294) | 5.5 | MEDIUM | CWE-918 | No | 0.1% | 3.85 | 2026-03-11 | Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a... |
| [CVE-2026-21293](https://nvd.nist.gov/vuln/detail/CVE-2026-21293) | 5.5 | MEDIUM | CWE-918 | No | 0.1% | 3.85 | 2026-03-11 | Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a... |
| [CVE-2026-21292](https://nvd.nist.gov/vuln/detail/CVE-2026-21292) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-11 | Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a... |
| [CVE-2026-21291](https://nvd.nist.gov/vuln/detail/CVE-2026-21291) | 4.8 | MEDIUM | CWE-79 | No | 0.1% | 3.36 | 2026-03-11 | Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a... |
| [CVE-2026-21290](https://nvd.nist.gov/vuln/detail/CVE-2026-21290) | 8.7 | HIGH | CWE-79 | No | 0.0% | 6.09 | 2026-03-11 | Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a... |
| [CVE-2026-21289](https://nvd.nist.gov/vuln/detail/CVE-2026-21289) | 7.5 | HIGH | CWE-863 | No | 0.1% | 5.25 | 2026-03-11 | Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an... |
| [CVE-2026-21286](https://nvd.nist.gov/vuln/detail/CVE-2026-21286) | 5.3 | MEDIUM | CWE-863 | No | 0.1% | 3.71 | 2026-03-11 | Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an... |
| [CVE-2026-21285](https://nvd.nist.gov/vuln/detail/CVE-2026-21285) | 4.3 | MEDIUM | CWE-863 | No | 0.1% | 3.01 | 2026-03-11 | Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an... |
| [CVE-2026-21284](https://nvd.nist.gov/vuln/detail/CVE-2026-21284) | 8.1 | HIGH | CWE-79 | No | 0.1% | 5.67 | 2026-03-11 | Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a... |
| [CVE-2026-21282](https://nvd.nist.gov/vuln/detail/CVE-2026-21282) | 5.3 | MEDIUM | CWE-20 | No | 0.3% | 3.72 | 2026-03-11 | Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an... |
| [CVE-2026-2324](https://nvd.nist.gov/vuln/detail/CVE-2026-2324) | 6.1 | MEDIUM | CWE-352 | No | 0.0% | 4.27 | 2026-03-11 | The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Cross-Site Req... |
| [CVE-2026-1781](https://nvd.nist.gov/vuln/detail/CVE-2026-1781) | 6.5 | MEDIUM | CWE-862 | No | 0.1% | 4.55 | 2026-03-11 | The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, an... |
| [CVE-2025-12473](https://nvd.nist.gov/vuln/detail/CVE-2025-12473) | 6.1 | MEDIUM | CWE-79 | No | 0.1% | 4.27 | 2026-03-11 | The RTMKit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'themebuilder' parameter in all... |
| [CVE-2026-27266](https://nvd.nist.gov/vuln/detail/CVE-2026-27266) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-11 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability t... |
| [CVE-2026-27265](https://nvd.nist.gov/vuln/detail/CVE-2026-27265) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-11 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability t... |
| [CVE-2026-27264](https://nvd.nist.gov/vuln/detail/CVE-2026-27264) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-03-11 | Rejected reason: This CVE ID was issued in error by its CVE Numbering Authority. |
| [CVE-2026-27263](https://nvd.nist.gov/vuln/detail/CVE-2026-27263) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-03-11 | Rejected reason: This CVE ID was issued in error by its CVE Numbering Authority. |
| [CVE-2026-27262](https://nvd.nist.gov/vuln/detail/CVE-2026-27262) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-11 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability t... |
| [CVE-2026-27261](https://nvd.nist.gov/vuln/detail/CVE-2026-27261) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-03-11 | Rejected reason: This CVE ID was issued in error by its CVE Numbering Authority. |
| [CVE-2026-27260](https://nvd.nist.gov/vuln/detail/CVE-2026-27260) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-03-11 | Rejected reason: This CVE ID was issued in error by its CVE Numbering Authority. |
| [CVE-2026-27259](https://nvd.nist.gov/vuln/detail/CVE-2026-27259) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-03-11 | Rejected reason: This CVE ID was issued in error by its CVE Numbering Authority. |
| [CVE-2026-27257](https://nvd.nist.gov/vuln/detail/CVE-2026-27257) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-11 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability t... |
| [CVE-2026-27256](https://nvd.nist.gov/vuln/detail/CVE-2026-27256) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-11 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability t... |
| [CVE-2026-27255](https://nvd.nist.gov/vuln/detail/CVE-2026-27255) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-11 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability t... |
| [CVE-2026-27254](https://nvd.nist.gov/vuln/detail/CVE-2026-27254) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-11 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability t... |
| [CVE-2026-27253](https://nvd.nist.gov/vuln/detail/CVE-2026-27253) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-11 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability t... |
| [CVE-2026-27252](https://nvd.nist.gov/vuln/detail/CVE-2026-27252) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-11 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability t... |
| [CVE-2026-27251](https://nvd.nist.gov/vuln/detail/CVE-2026-27251) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-11 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability t... |
| [CVE-2026-27250](https://nvd.nist.gov/vuln/detail/CVE-2026-27250) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-11 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability t... |
| [CVE-2026-27249](https://nvd.nist.gov/vuln/detail/CVE-2026-27249) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-11 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability t... |
| [CVE-2026-27248](https://nvd.nist.gov/vuln/detail/CVE-2026-27248) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-11 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability t... |
| [CVE-2026-27247](https://nvd.nist.gov/vuln/detail/CVE-2026-27247) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-11 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability t... |
| [CVE-2026-27244](https://nvd.nist.gov/vuln/detail/CVE-2026-27244) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-11 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability t... |
| [CVE-2026-27242](https://nvd.nist.gov/vuln/detail/CVE-2026-27242) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-11 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability t... |
| [CVE-2026-27241](https://nvd.nist.gov/vuln/detail/CVE-2026-27241) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-11 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability t... |
| [CVE-2026-27240](https://nvd.nist.gov/vuln/detail/CVE-2026-27240) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-11 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability t... |
| [CVE-2026-27239](https://nvd.nist.gov/vuln/detail/CVE-2026-27239) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-11 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability t... |
| [CVE-2026-27237](https://nvd.nist.gov/vuln/detail/CVE-2026-27237) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-11 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability t... |
| [CVE-2026-27236](https://nvd.nist.gov/vuln/detail/CVE-2026-27236) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-11 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability t... |
| [CVE-2026-27235](https://nvd.nist.gov/vuln/detail/CVE-2026-27235) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-11 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability t... |
| [CVE-2026-27234](https://nvd.nist.gov/vuln/detail/CVE-2026-27234) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-11 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability t... |
| [CVE-2026-27233](https://nvd.nist.gov/vuln/detail/CVE-2026-27233) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-11 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability t... |
| [CVE-2026-27232](https://nvd.nist.gov/vuln/detail/CVE-2026-27232) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-11 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability t... |
| [CVE-2026-27231](https://nvd.nist.gov/vuln/detail/CVE-2026-27231) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-11 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability t... |
| [CVE-2026-27230](https://nvd.nist.gov/vuln/detail/CVE-2026-27230) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-11 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability t... |
| [CVE-2026-27229](https://nvd.nist.gov/vuln/detail/CVE-2026-27229) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-11 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability t... |
| [CVE-2026-27228](https://nvd.nist.gov/vuln/detail/CVE-2026-27228) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-11 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability t... |
| [CVE-2026-27226](https://nvd.nist.gov/vuln/detail/CVE-2026-27226) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-11 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability t... |
| [CVE-2026-27225](https://nvd.nist.gov/vuln/detail/CVE-2026-27225) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-11 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability t... |
| [CVE-2026-27224](https://nvd.nist.gov/vuln/detail/CVE-2026-27224) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-11 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability t... |
| [CVE-2026-27223](https://nvd.nist.gov/vuln/detail/CVE-2026-27223) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-11 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability t... |
| [CVE-2026-2569](https://nvd.nist.gov/vuln/detail/CVE-2026-2569) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-03-11 | The Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer plugin for WordPress is vulnerable to Stored Cross-... |
| [CVE-2026-27272](https://nvd.nist.gov/vuln/detail/CVE-2026-27272) | 7.8 | HIGH | CWE-787 | No | 0.0% | 5.46 | 2026-03-10 | Illustrator versions 29.8.4, 30.1 and earlier are affected by an out-of-bounds write vulnerability that could result in... |
| [CVE-2026-27271](https://nvd.nist.gov/vuln/detail/CVE-2026-27271) | 7.8 | HIGH | CWE-122 | No | 0.0% | 5.46 | 2026-03-10 | Illustrator versions 29.8.4, 30.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could resu... |
| [CVE-2026-27270](https://nvd.nist.gov/vuln/detail/CVE-2026-27270) | 5.5 | MEDIUM | CWE-125 | No | 0.0% | 3.85 | 2026-03-10 | Illustrator versions 29.8.4, 30.1 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to mem... |
| [CVE-2026-27268](https://nvd.nist.gov/vuln/detail/CVE-2026-27268) | 5.5 | MEDIUM | CWE-125 | No | 0.0% | 3.85 | 2026-03-10 | Illustrator versions 29.8.4, 30.1 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to mem... |
| [CVE-2026-27267](https://nvd.nist.gov/vuln/detail/CVE-2026-27267) | 7.8 | HIGH | CWE-121 | No | 0.0% | 5.46 | 2026-03-10 | Illustrator versions 29.8.4, 30.1 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could res... |
| [CVE-2026-21362](https://nvd.nist.gov/vuln/detail/CVE-2026-21362) | 7.8 | HIGH | CWE-787 | No | 0.0% | 5.46 | 2026-03-10 | Illustrator versions 29.8.4, 30.1 and earlier are affected by an out-of-bounds write vulnerability that could result in... |
| [CVE-2026-21333](https://nvd.nist.gov/vuln/detail/CVE-2026-21333) | 8.6 | HIGH | CWE-426 | No | 0.0% | 6.02 | 2026-03-10 | Illustrator versions 29.8.4, 30.1 and earlier are affected by an Untrusted Search Path vulnerability that might allow at... |
| [CVE-2025-22850](https://nvd.nist.gov/vuln/detail/CVE-2025-22850) | 5.6 | MEDIUM | CWE-367 | No | 0.0% | 3.92 | 2026-03-10 | Time-of-check time-of-use race condition in the UEFI PdaSmm module for some Intel(R) reference platforms may allow an in... |
| [CVE-2025-22444](https://nvd.nist.gov/vuln/detail/CVE-2025-22444) | 5.6 | MEDIUM | CWE-668 | No | 0.0% | 3.92 | 2026-03-10 | Exposure of resource to wrong sphere in the UEFI PdaSmm module for some Intel(R) reference platforms may allow an inform... |
| [CVE-2025-20105](https://nvd.nist.gov/vuln/detail/CVE-2025-20105) | 8.7 | HIGH | CWE-20 | No | 0.0% | 6.09 | 2026-03-10 | Improper input validation in some UEFI firmware SMM module for the Intel(R) reference platforms may allow an escalation... |
| [CVE-2025-20096](https://nvd.nist.gov/vuln/detail/CVE-2025-20096) | 5.9 | MEDIUM | CWE-20 | No | 0.0% | 4.13 | 2026-03-10 | Improper input validation in the UEFI firmware for some Intel Reference Platforms may allow an escalation of privilege.... |
| [CVE-2025-20073](https://nvd.nist.gov/vuln/detail/CVE-2025-20073) | 1.8 | LOW | CWE-119 | No | 0.0% | 1.26 | 2026-03-10 | Improper buffer restrictions in the UEFI DXE module for some Intel(R) Reference Platforms within UEFI may allow an infor... |
| [CVE-2025-20068](https://nvd.nist.gov/vuln/detail/CVE-2025-20068) | 7.1 | HIGH | CWE-20 | No | 0.0% | 4.97 | 2026-03-10 | Improper input validation in the UEFI ImcErrorHandler module for some Intel(R) reference platforms may allow an escalati... |
| [CVE-2025-20064](https://nvd.nist.gov/vuln/detail/CVE-2025-20064) | 8.7 | HIGH | CWE-20 | No | 0.0% | 6.09 | 2026-03-10 | Improper input validation in the UEFI FlashUcAcmSmm module for some Intel(R) reference platforms may allow an escalation... |
| [CVE-2025-20028](https://nvd.nist.gov/vuln/detail/CVE-2025-20028) | 7.1 | HIGH | CWE-367 | No | 0.0% | 4.97 | 2026-03-10 | Time-of-check time-of-use race condition in the WheaERST SMM module for some Intel(R) reference platforms may allow an e... |
| [CVE-2025-20027](https://nvd.nist.gov/vuln/detail/CVE-2025-20027) | 7.1 | HIGH | CWE-20 | No | 0.0% | 4.97 | 2026-03-10 | Improper input validation in the UEFI WheaERST module for some Intel(R) reference platforms may allow an escalation of p... |
| [CVE-2025-20005](https://nvd.nist.gov/vuln/detail/CVE-2025-20005) | 5.6 | MEDIUM | CWE-119 | No | 0.0% | 3.92 | 2026-03-10 | Improper buffer restrictions in some UEFI firmware for some Intel(R) reference platforms may allow an escalation of priv... |
| [CVE-2026-31838](https://nvd.nist.gov/vuln/detail/CVE-2026-31838) | 6.9 | MEDIUM | CWE-863 | No | 0.0% | 4.83 | 2026-03-10 | Istio is an open platform to connect, manage, and secure microservices. Prior to 1.29.1, 1.28.5, and 1.27.8, a vulnerabi... |
| [CVE-2026-31837](https://nvd.nist.gov/vuln/detail/CVE-2026-31837) | 8.7 | HIGH | CWE-200 | No | 0.1% | 6.09 | 2026-03-10 | Istio is an open platform to connect, manage, and secure microservices. Prior to 1.29.1, 1.28.5, and 1.27.8, a user of I... |
| [CVE-2026-31834](https://nvd.nist.gov/vuln/detail/CVE-2026-31834) | 7.2 | HIGH | CWE-269 | No | 0.1% | 5.04 | 2026-03-10 | Umbraco is an ASP.NET CMS. From 15.3.1 to before 16.5.1 and 17.2.2, A privilege escalation vulnerability has been identi... |
| [CVE-2026-31833](https://nvd.nist.gov/vuln/detail/CVE-2026-31833) | 6.7 | MEDIUM | CWE-79 | No | 0.1% | 4.69 | 2026-03-10 | Umbraco is an ASP.NET CMS. From 16.2.0 to before 16.5.1 and 17.2.2, An authenticated backoffice user with access to Sett... |
| [CVE-2026-31832](https://nvd.nist.gov/vuln/detail/CVE-2026-31832) | 5.4 | MEDIUM | CWE-639 | No | 0.0% | 3.78 | 2026-03-10 | Umbraco is an ASP.NET CMS. From 14.0.0 to before 16.5.1 and 17.2.2, A broken object-level authorization vulnerability ex... |
| [CVE-2026-31830](https://nvd.nist.gov/vuln/detail/CVE-2026-31830) | 7.5 | HIGH | CWE-252 | No | 0.0% | 5.25 | 2026-03-10 | sigstore-ruby is a pure Ruby implementation of the sigstore verify command from the sigstore/cosign project. Prior to 0.... |
| [CVE-2026-31829](https://nvd.nist.gov/vuln/detail/CVE-2026-31829) | 7.1 | HIGH | CWE-918 | No | 0.1% | 4.97 | 2026-03-10 | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.0.13, Flowise expose... |
| [CVE-2026-31828](https://nvd.nist.gov/vuln/detail/CVE-2026-31828) | 6.0 | MEDIUM | CWE-90 | No | 0.1% | 4.20 | 2026-03-10 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-a... |
| [CVE-2026-31827](https://nvd.nist.gov/vuln/detail/CVE-2026-31827) | 7.1 | HIGH | CWE-362 | No | 0.0% | 4.97 | 2026-03-10 | Alienbin is an anonymous code and text sharing web service. In 1.0.0 and earlier, the /save endpoint in server.js drops... |
| [CVE-2026-31826](https://nvd.nist.gov/vuln/detail/CVE-2026-31826) | 6.8 | MEDIUM | CWE-770 | No | 0.0% | 4.76 | 2026-03-10 | pypdf is a free and open-source pure-python PDF library. Prior to 6.8.0, an attacker who uses this vulnerability can cra... |
| [CVE-2026-31825](https://nvd.nist.gov/vuln/detail/CVE-2026-31825) | 5.3 | MEDIUM | CWE-89 | No | 0.0% | 3.71 | 2026-03-10 | Sylius is an Open Source eCommerce Framework on Symfony. Sylius API filters ProductPriceOrderFilter and TranslationOrder... |
| [CVE-2026-31824](https://nvd.nist.gov/vuln/detail/CVE-2026-31824) | 8.2 | HIGH | CWE-362 | No | 0.1% | 5.74 | 2026-03-10 | Sylius is an Open Source eCommerce Framework on Symfony. A Time-of-Check To Time-of-Use (TOCTOU) race condition was disc... |
| [CVE-2026-31823](https://nvd.nist.gov/vuln/detail/CVE-2026-31823) | 4.8 | MEDIUM | CWE-79 | No | 0.0% | 3.36 | 2026-03-10 | Sylius is an Open Source eCommerce Framework on Symfony. An authenticated stored cross-site scripting (XSS) vulnerabilit... |
| [CVE-2026-31822](https://nvd.nist.gov/vuln/detail/CVE-2026-31822) | 5.3 | MEDIUM | CWE-79 | No | 0.0% | 3.71 | 2026-03-10 | Sylius is an Open Source eCommerce Framework on Symfony. A cross-site scripting (XSS) vulnerability exists in the shop c... |
| [CVE-2026-31821](https://nvd.nist.gov/vuln/detail/CVE-2026-31821) | 6.9 | MEDIUM | CWE-862 | No | 0.1% | 4.83 | 2026-03-10 | Sylius is an Open Source eCommerce Framework on Symfony. The POST /api/v2/shop/orders/{tokenValue}/items endpoint does n... |
| [CVE-2026-31820](https://nvd.nist.gov/vuln/detail/CVE-2026-31820) | 7.1 | HIGH | CWE-639 | No | 0.0% | 4.97 | 2026-03-10 | Sylius is an Open Source eCommerce Framework on Symfony. An authenticated Insecure Direct Object Reference (IDOR) vulner... |
| [CVE-2026-31819](https://nvd.nist.gov/vuln/detail/CVE-2026-31819) | 6.9 | MEDIUM | CWE-601 | No | 0.1% | 4.83 | 2026-03-10 | Sylius is an Open Source eCommerce Framework on Symfony. CurrencySwitchController::switchAction(), ImpersonateUserContro... |
| [CVE-2026-31817](https://nvd.nist.gov/vuln/detail/CVE-2026-31817) | 8.5 | HIGH | CWE-22 | No | 0.3% | 5.96 | 2026-03-10 | OliveTin gives access to predefined shell commands from a web interface. Prior to 3000.11.2, when the saveLogs feature i... |
| [CVE-2026-31815](https://nvd.nist.gov/vuln/detail/CVE-2026-31815) | 5.3 | MEDIUM | CWE-284 | No | 0.1% | 3.71 | 2026-03-10 | Unicorn adds modern reactive component functionality to your Django templates. Prior to 0.67.0, component state manipula... |
| [CVE-2026-31812](https://nvd.nist.gov/vuln/detail/CVE-2026-31812) | 8.7 | HIGH | CWE-248 | No | 0.2% | 6.10 | 2026-03-10 | Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. Prior to 0.11.14, a remote, u... |
| [CVE-2026-27278](https://nvd.nist.gov/vuln/detail/CVE-2026-27278) | 7.8 | HIGH | CWE-416 | No | 0.0% | 5.46 | 2026-03-10 | Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by a Use After Free vulnerabil... |
| [CVE-2026-27221](https://nvd.nist.gov/vuln/detail/CVE-2026-27221) | 5.5 | MEDIUM | CWE-295 | No | 0.0% | 3.85 | 2026-03-10 | Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by an Improper Certificate Val... |
| [CVE-2026-27220](https://nvd.nist.gov/vuln/detail/CVE-2026-27220) | 7.8 | HIGH | CWE-416 | No | 0.0% | 5.46 | 2026-03-10 | Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by a Use After Free vulnerabil... |
| [CVE-2026-31809](https://nvd.nist.gov/vuln/detail/CVE-2026-31809) | 6.4 | MEDIUM | CWE-79 | No | 0.8% | 4.50 | 2026-03-10 | SiYuan is a personal knowledge management system. Prior to 3.5.10, SiYuan's SVG sanitizer (SanitizeSVG) checks href attr... |
| [CVE-2026-31808](https://nvd.nist.gov/vuln/detail/CVE-2026-31808) | 5.3 | MEDIUM | CWE-835 | No | 0.0% | 3.71 | 2026-03-10 | file-type detects the file type of a file, stream, or data. Prior to 21.3.1, a denial of service vulnerability exists in... |
| [CVE-2026-31807](https://nvd.nist.gov/vuln/detail/CVE-2026-31807) | 6.4 | MEDIUM | CWE-79 | No | 0.7% | 4.50 | 2026-03-10 | SiYuan is a personal knowledge management system. Prior to 3.5.10, SiYuan's SVG sanitizer (SanitizeSVG) blocks dangerous... |
| [CVE-2026-31801](https://nvd.nist.gov/vuln/detail/CVE-2026-31801) | 7.7 | HIGH | CWE-863 | No | 0.0% | 5.39 | 2026-03-10 | zot is ancontainer image/artifact registry based on the Open Container Initiative Distribution Specification. From 1.3.0... |
| [CVE-2026-31800](https://nvd.nist.gov/vuln/detail/CVE-2026-31800) | 8.8 | HIGH | CWE-862 | No | 0.1% | 6.16 | 2026-03-10 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-a... |
| [CVE-2026-30972](https://nvd.nist.gov/vuln/detail/CVE-2026-30972) | 6.9 | MEDIUM | CWE-799 | No | 0.1% | 4.83 | 2026-03-10 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior o 9.5.2-al... |
| [CVE-2026-30967](https://nvd.nist.gov/vuln/detail/CVE-2026-30967) | 7.6 | HIGH | CWE-287 | No | 0.1% | 5.32 | 2026-03-10 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-a... |
| [CVE-2026-30966](https://nvd.nist.gov/vuln/detail/CVE-2026-30966) | 10.0 | CRITICAL | CWE-284 | No | 0.1% | 7.00 | 2026-03-10 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-a... |
| [CVE-2026-30965](https://nvd.nist.gov/vuln/detail/CVE-2026-30965) | 9.9 | CRITICAL | CWE-863 | No | 0.1% | 6.93 | 2026-03-10 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-a... |
| [CVE-2026-30962](https://nvd.nist.gov/vuln/detail/CVE-2026-30962) | 7.1 | HIGH | CWE-284 | No | 0.0% | 4.97 | 2026-03-10 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-a... |
| [CVE-2026-30954](https://nvd.nist.gov/vuln/detail/CVE-2026-30954) | 5.3 | MEDIUM | CWE-639 | No | 0.0% | 3.71 | 2026-03-10 | LinkAce is a self-hosted archive to collect website links. In 2.1.0 and earlier, the processTaxonomy() method in LinkRep... |
| [CVE-2026-30953](https://nvd.nist.gov/vuln/detail/CVE-2026-30953) | 7.7 | HIGH | CWE-918 | No | 0.0% | 5.39 | 2026-03-10 | LinkAce is a self-hosted archive to collect website links. When a user creates a link via POST /links, the server fetche... |
| [CVE-2026-30952](https://nvd.nist.gov/vuln/detail/CVE-2026-30952) | 8.7 | HIGH | CWE-22 | No | 0.0% | 6.09 | 2026-03-10 | liquidjs is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.0, the layout, render... |
| [CVE-2026-30951](https://nvd.nist.gov/vuln/detail/CVE-2026-30951) | 7.5 | HIGH | CWE-89 | No | 0.0% | 5.25 | 2026-03-10 | Sequelize is a Node.js ORM tool. Prior to 6.37.8, there is SQL injection via unescaped cast type in JSON/JSONB where cla... |
| [CVE-2026-30949](https://nvd.nist.gov/vuln/detail/CVE-2026-30949) | 7.6 | HIGH | CWE-287 | No | 0.0% | 5.32 | 2026-03-10 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-a... |
| [CVE-2026-30948](https://nvd.nist.gov/vuln/detail/CVE-2026-30948) | 8.3 | HIGH | CWE-79 | No | 0.0% | 5.81 | 2026-03-10 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-a... |
| [CVE-2026-30947](https://nvd.nist.gov/vuln/detail/CVE-2026-30947) | 8.7 | HIGH | CWE-863 | No | 0.0% | 6.09 | 2026-03-10 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-a... |
| [CVE-2026-30946](https://nvd.nist.gov/vuln/detail/CVE-2026-30946) | 8.7 | HIGH | CWE-770 | No | 0.0% | 6.09 | 2026-03-10 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior 9.5.2-alph... |
| [CVE-2026-30837](https://nvd.nist.gov/vuln/detail/CVE-2026-30837) | 7.5 | HIGH | CWE-1333 | No | 0.0% | 5.25 | 2026-03-10 | Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation and client-server communi... |
| [CVE-2026-0124](https://nvd.nist.gov/vuln/detail/CVE-2026-0124) | 10.0 | CRITICAL | CWE-787 | No | 0.0% | 7.00 | 2026-03-10 | There is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege... |
| [CVE-2026-0123](https://nvd.nist.gov/vuln/detail/CVE-2026-0123) | 8.4 | HIGH | CWE-787 | No | 0.0% | 5.88 | 2026-03-10 | In EfwApTransport::ProcessRxRing of efw_ap_transport.cc, there is a possible out of bounds write due to a missing bounds... |
| [CVE-2026-0122](https://nvd.nist.gov/vuln/detail/CVE-2026-0122) | 8.4 | HIGH | CWE-787 | No | 0.0% | 5.88 | 2026-03-10 | In multiple places, there is a possible out of bounds write due to memory corruption. This could lead to remote code exe... |
| [CVE-2026-0121](https://nvd.nist.gov/vuln/detail/CVE-2026-0121) | 2.9 | LOW | CWE-362 | No | 0.0% | 2.03 | 2026-03-10 | In VPU, there is a possible use-after-free read due to a race condition. This could lead to local information disclosure... |
| [CVE-2026-0120](https://nvd.nist.gov/vuln/detail/CVE-2026-0120) | 9.8 | CRITICAL | CWE-787 | No | 0.2% | 6.87 | 2026-03-10 | In modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execu... |
| [CVE-2026-0119](https://nvd.nist.gov/vuln/detail/CVE-2026-0119) | 6.8 | MEDIUM | CWE-787 | No | 0.0% | 4.76 | 2026-03-10 | In usim_SendMCCMNCIndMsg of usim_Registration.c, there is a possible out of bounds write due to memory corruption. This... |
| [CVE-2026-0118](https://nvd.nist.gov/vuln/detail/CVE-2026-0118) | 8.4 | HIGH | CWE-693 | No | 0.0% | 5.88 | 2026-03-10 | In oobconfig, there is a possible bypass of carrier restrictions due to a logic error. This could lead to local escalati... |
| [CVE-2026-0117](https://nvd.nist.gov/vuln/detail/CVE-2026-0117) | 8.4 | HIGH | CWE-787 | No | 0.0% | 5.88 | 2026-03-10 | In mfc_dec_dqbuf of mfc_dec_v4l2.c, there is a possible out of bounds write due to an incorrect bounds check. This could... |
| [CVE-2026-0116](https://nvd.nist.gov/vuln/detail/CVE-2026-0116) | 9.8 | CRITICAL | CWE-787 | No | 0.2% | 6.87 | 2026-03-10 | In __mfc_handle_released_buf of mfc_core_isr.c, there is a possible out of bounds write due to a missing bounds check. T... |
| [CVE-2026-0115](https://nvd.nist.gov/vuln/detail/CVE-2026-0115) | 2.1 | LOW | CWE-1300 | No | 0.0% | 1.47 | 2026-03-10 | In Trusted Execution Environment, there is a possible key leak due to side channel information disclosure. This could le... |
| [CVE-2026-0114](https://nvd.nist.gov/vuln/detail/CVE-2026-0114) | 9.8 | CRITICAL | CWE-787 | No | 0.2% | 6.87 | 2026-03-10 | In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execu... |
| [CVE-2026-0113](https://nvd.nist.gov/vuln/detail/CVE-2026-0113) | 9.8 | CRITICAL | CWE-787 | No | 0.2% | 6.87 | 2026-03-10 | In ns_GetUserData of ns_SmscbUtilities.c, there is a possible out of bounds write due to an incorrect bounds check. This... |
| [CVE-2026-0112](https://nvd.nist.gov/vuln/detail/CVE-2026-0112) | 7.4 | HIGH | CWE-362 | No | 0.0% | 5.18 | 2026-03-10 | In vpu_open_inst of vpu_ioctl.c, there is a possible use after free due to a race condition. This could lead to local es... |
| [CVE-2026-0111](https://nvd.nist.gov/vuln/detail/CVE-2026-0111) | 9.8 | CRITICAL | CWE-787 | No | 0.2% | 6.87 | 2026-03-10 | In ns_GetUserData of ns_SmscbUtilities.c, there is a possible out of bounds write due to an incorrect bounds check. This... |
| [CVE-2026-0110](https://nvd.nist.gov/vuln/detail/CVE-2026-0110) | 9.8 | CRITICAL | CWE-120 | No | 0.2% | 6.87 | 2026-03-10 | In MM_DATA_IND of cn_NrSmMsgHdlrFromMM.cpp, there is a possible EoP due to memory corruption. This could lead to remote... |
| [CVE-2026-0109](https://nvd.nist.gov/vuln/detail/CVE-2026-0109) | 7.5 | HIGH | CWE-754 | No | 0.2% | 5.26 | 2026-03-10 | In dhd_tcpdata_info_get of dhd_ip.c, there is a possible Denial of Service due to a precondition check failure. This cou... |
| [CVE-2026-0108](https://nvd.nist.gov/vuln/detail/CVE-2026-0108) | 4.0 | MEDIUM | CWE-284 | No | 0.0% | 2.80 | 2026-03-10 | The register protection of the PowerVR GPU is incorrectly configured. This could lead to local information disclosure wi... |
| [CVE-2026-0107](https://nvd.nist.gov/vuln/detail/CVE-2026-0107) | 8.4 | HIGH | CWE-441 | No | 0.0% | 5.88 | 2026-03-10 | In gmc_ddr_handle_mba_mr_req of gmc_mba_ddr.c, there is a possible escalation of privileges due to a confused deputy. Th... |
| [CVE-2025-70802](https://nvd.nist.gov/vuln/detail/CVE-2025-70802) | 8.4 | HIGH | CWE-259 | No | 0.0% | 5.88 | 2026-03-10 | Tenda G1V3.1si V16.01.7.8 Firmware V16.01.7.8 was discovered to contain a hardcoded password vulnerability in /etc_ro/sh... |
| [CVE-2025-70798](https://nvd.nist.gov/vuln/detail/CVE-2025-70798) | 8.4 | HIGH | CWE-259 | No | 0.0% | 5.88 | 2026-03-10 | Tenda i24V3.0si V3.0.0.5 Firmware V3.0.0.5 was discovered to contain a hardcoded password vulnerability in /etc_ro/shado... |
| [CVE-2025-70244](https://nvd.nist.gov/vuln/detail/CVE-2025-70244) | 7.5 | HIGH | CWE-121 | No | 0.0% | 5.25 | 2026-03-10 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the webPage parameter to goform/formWlanSetup. |
| [CVE-2025-66413](https://nvd.nist.gov/vuln/detail/CVE-2025-66413) | 7.4 | HIGH | CWE-200 | No | 0.0% | 5.18 | 2026-03-10 | Git for Windows is the Windows port of Git. Prior to 2.53.0(2), it is possible to obtain a user's NTLM hash by tricking... |
| [CVE-2025-36920](https://nvd.nist.gov/vuln/detail/CVE-2025-36920) | 8.4 | HIGH | CWE-20 | No | 0.0% | 5.88 | 2026-03-10 | In hyp_alloc of arch/arm64/kvm/hyp/nvhe/alloc.c, there is a possible out of bounds write due to improper input validatio... |
| [CVE-2025-13213](https://nvd.nist.gov/vuln/detail/CVE-2025-13213) | 5.4 | MEDIUM | CWE-644 | No | 0.0% | 3.78 | 2026-03-10 | IBM Aspera Orchestrator 3.0.0 through 4.1.2 is vulnerable to HTTP header injection, caused by improper validation of inp... |
| [CVE-2026-3582](https://nvd.nist.gov/vuln/detail/CVE-2026-3582) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-10 | An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user w... |
| [CVE-2026-2713](https://nvd.nist.gov/vuln/detail/CVE-2026-2713) | 7.4 | HIGH | CWE-427 | No | 0.0% | 5.18 | 2026-03-10 | IBM Trusteer Rapport installer 3.5.2309.290 IBM Trusteer Rapport could allow a local attacker to execute arbitrary code... |
| [CVE-2026-2266](https://nvd.nist.gov/vuln/detail/CVE-2026-2266) | 7.4 | HIGH | CWE-79 | No | 0.0% | 5.18 | 2026-03-10 | An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed DOM-based cros... |
| [CVE-2026-29793](https://nvd.nist.gov/vuln/detail/CVE-2026-29793) | 9.3 | CRITICAL | CWE-943 | No | 0.0% | 6.51 | 2026-03-10 | Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript.  From 5.0.0 to... |
| [CVE-2026-29792](https://nvd.nist.gov/vuln/detail/CVE-2026-29792) | 9.3 | CRITICAL | CWE-287 | No | 0.1% | 6.51 | 2026-03-10 | Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. From 5.0.0 to... |
| [CVE-2026-29177](https://nvd.nist.gov/vuln/detail/CVE-2026-29177) | 1.9 | LOW | CWE-79 | No | 0.0% | 1.33 | 2026-03-10 | Craft Commerce is an ecommerce platform for Craft CMS. Prior to 4.10.2 and 5.5.3, a Stored Cross-Site Scripting (XSS) vu... |
| [CVE-2026-29176](https://nvd.nist.gov/vuln/detail/CVE-2026-29176) | 4.8 | MEDIUM | CWE-79 | No | 0.0% | 3.36 | 2026-03-10 | Craft Commerce is an ecommerce platform for Craft CMS. Prior to 5.5.3, A stored XSS vulnerability exists in the Commerce... |
| [CVE-2026-29175](https://nvd.nist.gov/vuln/detail/CVE-2026-29175) | 8.6 | HIGH | CWE-79 | No | 0.0% | 6.02 | 2026-03-10 | Craft Commerce is an ecommerce platform for Craft CMS. Prior to 5.5.3, Stored XSS vulnerabilities exist in the Commerce... |
| [CVE-2026-29174](https://nvd.nist.gov/vuln/detail/CVE-2026-29174) | 8.7 | HIGH | CWE-89 | No | 0.0% | 6.09 | 2026-03-10 | Craft Commerce is an ecommerce platform for Craft CMS. Prior to 5.5.3, Craft Commerce is vulnerable to SQL Injection in... |
| [CVE-2026-29173](https://nvd.nist.gov/vuln/detail/CVE-2026-29173) | 1.9 | LOW | CWE-79 | No | 0.0% | 1.33 | 2026-03-10 | Craft Commerce is an ecommerce platform for Craft CMS. Prior to 4.10.2 and 5.5.3, a stored XSS vulnerability exists when... |
| [CVE-2026-29172](https://nvd.nist.gov/vuln/detail/CVE-2026-29172) | 8.7 | HIGH | CWE-89 | No | 0.0% | 6.09 | 2026-03-10 | Craft Commerce is an ecommerce platform for Craft CMS. Prior to 4.10.2 and 5.5.3, Craft Commerce is vulnerable to SQL In... |
| [CVE-2026-29113](https://nvd.nist.gov/vuln/detail/CVE-2026-29113) | 2.3 | LOW | CWE-352 | No | 0.0% | 1.61 | 2026-03-10 | Craft is a content management system (CMS). Prior to 4.17.4 and 5.9.7, Craft CMS has a CSRF issue in the preview token e... |
| [CVE-2026-28495](https://nvd.nist.gov/vuln/detail/CVE-2026-28495) | 9.6 | CRITICAL | CWE-352 | No | 0.1% | 6.72 | 2026-03-10 | GetSimple CMS is a content management system. The massiveAdmin plugin (v6.0.3) bundled with GetSimpleCMS-CE v3.3.22 allo... |
| [CVE-2026-27825](https://nvd.nist.gov/vuln/detail/CVE-2026-27825) | 9.0 | CRITICAL | CWE-22 | No | 0.0% | 6.30 | 2026-03-10 | MCP Atlassian is a Model Context Protocol (MCP) server for Atlassian products (Confluence and Jira). Prior to version 0.... |
| [CVE-2026-26330](https://nvd.nist.gov/vuln/detail/CVE-2026-26330) | 5.3 | MEDIUM | CWE-416 | No | 0.0% | 3.71 | 2026-03-10 | Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, At the rate limit f... |
| [CVE-2026-26311](https://nvd.nist.gov/vuln/detail/CVE-2026-26311) | 5.9 | MEDIUM | CWE-416 | No | 0.0% | 4.13 | 2026-03-10 | Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, a logic vulnerabili... |
| [CVE-2026-26310](https://nvd.nist.gov/vuln/detail/CVE-2026-26310) | 5.9 | MEDIUM | CWE-20 | No | 0.0% | 4.13 | 2026-03-10 | Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, calling Utility::ge... |
| [CVE-2026-26309](https://nvd.nist.gov/vuln/detail/CVE-2026-26309) | 5.3 | MEDIUM | CWE-193 | No | 0.0% | 3.71 | 2026-03-10 | Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, an off-by-one write... |
| [CVE-2026-26308](https://nvd.nist.gov/vuln/detail/CVE-2026-26308) | 7.5 | HIGH | CWE-863 | No | 0.0% | 5.25 | 2026-03-10 | Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, the Envoy RBAC (Rol... |
| [CVE-2026-26123](https://nvd.nist.gov/vuln/detail/CVE-2026-26123) | 5.5 | MEDIUM | CWE-939 | No | 0.0% | 3.85 | 2026-03-10 | Cwe is not in rca categories in Microsoft Authenticator allows an unauthorized attacker to disclose information locally. |
| [CVE-2026-23868](https://nvd.nist.gov/vuln/detail/CVE-2026-23868) | 5.1 | MEDIUM | CWE-415 | No | 0.0% | 3.57 | 2026-03-10 | Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect erro... |
| [CVE-2025-70251](https://nvd.nist.gov/vuln/detail/CVE-2025-70251) | 7.5 | HIGH | CWE-121 | No | 0.0% | 5.25 | 2026-03-10 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the webPage parameter to goform/formWlanGuestSetup. |
| [CVE-2025-70249](https://nvd.nist.gov/vuln/detail/CVE-2025-70249) | 7.5 | HIGH | CWE-121 | No | 0.1% | 5.25 | 2026-03-10 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWizard2. |
| [CVE-2025-70247](https://nvd.nist.gov/vuln/detail/CVE-2025-70247) | 7.5 | HIGH | CWE-121 | No | 0.1% | 5.25 | 2026-03-10 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWizard1. |
| [CVE-2025-70246](https://nvd.nist.gov/vuln/detail/CVE-2025-70246) | 7.5 | HIGH | CWE-121 | No | 0.1% | 5.25 | 2026-03-10 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formVirtualServ. |
| [CVE-2025-70242](https://nvd.nist.gov/vuln/detail/CVE-2025-70242) | 7.5 | HIGH | CWE-121 | No | 0.0% | 5.25 | 2026-03-10 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the webPage parameter to goform/formSetWanPPTP. |
| [CVE-2025-70227](https://nvd.nist.gov/vuln/detail/CVE-2025-70227) | 7.5 | HIGH | CWE-121 | No | 0.1% | 5.25 | 2026-03-10 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the nextPage parameter to goform/formLanguageChange. |
| [CVE-2025-70129](https://nvd.nist.gov/vuln/detail/CVE-2025-70129) | 5.3 | MEDIUM | CWE-804 | No | 0.0% | 3.71 | 2026-03-10 | If the anti spam-captcha functionality in PluXml versions 5.8.22 and earlier is enabled, a captcha challenge is generate... |
| [CVE-2025-70128](https://nvd.nist.gov/vuln/detail/CVE-2025-70128) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-03-10 | A Stored Cross-Site Scripting (XSS) vulnerability exists in the PluXml article comments feature for PluXml versions 5.8.... |
| [CVE-2025-48611](https://nvd.nist.gov/vuln/detail/CVE-2025-48611) | 10.0 | CRITICAL | CWE-120 | No | 0.0% | 7.00 | 2026-03-10 | In DeviceId of DeviceId.java, there is a possible desync in persistence due to a missing bounds check. This could lead t... |
| [CVE-2025-36227](https://nvd.nist.gov/vuln/detail/CVE-2025-36227) | 5.4 | MEDIUM | CWE-644 | No | 0.0% | 3.78 | 2026-03-10 | IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to HTTP header injection, caused by improper validation of inpu... |
| [CVE-2025-36226](https://nvd.nist.gov/vuln/detail/CVE-2025-36226) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-10 | IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to cross-site scripting. This vulnerability allows an authentic... |
| [CVE-2025-13219](https://nvd.nist.gov/vuln/detail/CVE-2025-13219) | 5.9 | MEDIUM | CWE-598 | No | 0.0% | 4.13 | 2026-03-10 | IBM Aspera Orchestrator 3.0.0 through 4.1.2 stores sensitive information in URL parameters. This may lead to information... |
| [CVE-2026-3370](https://nvd.nist.gov/vuln/detail/CVE-2026-3370) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-03-10 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All r... |
| [CVE-2026-28292](https://nvd.nist.gov/vuln/detail/CVE-2026-28292) | 9.8 | CRITICAL | CWE-78 | No | 0.1% | 6.86 | 2026-03-10 | `simple-git`, an interface for running git commands in any node.js application, has an issue in versions 3.15.0 through... |
| [CVE-2026-27826](https://nvd.nist.gov/vuln/detail/CVE-2026-27826) | 8.2 | HIGH | CWE-918 | No | 0.1% | 5.74 | 2026-03-10 | MCP Atlassian is a Model Context Protocol (MCP) server for Atlassian products (Confluence and Jira). Prior to version 0.... |
| [CVE-2026-27281](https://nvd.nist.gov/vuln/detail/CVE-2026-27281) | 5.5 | MEDIUM | CWE-190 | No | 0.0% | 3.85 | 2026-03-10 | DNG SDK versions 1.7.1 2471 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could lead... |
| [CVE-2026-27280](https://nvd.nist.gov/vuln/detail/CVE-2026-27280) | 7.8 | HIGH | CWE-787 | No | 0.0% | 5.46 | 2026-03-10 | DNG SDK versions 1.7.1 2471 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitr... |
| [CVE-2026-27279](https://nvd.nist.gov/vuln/detail/CVE-2026-27279) | 7.8 | HIGH | CWE-787 | No | 0.0% | 5.46 | 2026-03-10 | Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result i... |
| [CVE-2026-27277](https://nvd.nist.gov/vuln/detail/CVE-2026-27277) | 7.8 | HIGH | CWE-416 | No | 0.0% | 5.46 | 2026-03-10 | Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that could result in arbi... |
| [CVE-2026-27276](https://nvd.nist.gov/vuln/detail/CVE-2026-27276) | 7.8 | HIGH | CWE-416 | No | 0.0% | 5.46 | 2026-03-10 | Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that could result in arbi... |
| [CVE-2026-27275](https://nvd.nist.gov/vuln/detail/CVE-2026-27275) | 7.8 | HIGH | CWE-787 | No | 0.0% | 5.46 | 2026-03-10 | Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result i... |
| [CVE-2026-27274](https://nvd.nist.gov/vuln/detail/CVE-2026-27274) | 7.8 | HIGH | CWE-787 | No | 0.0% | 5.46 | 2026-03-10 | Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result i... |
| [CVE-2026-27273](https://nvd.nist.gov/vuln/detail/CVE-2026-27273) | 7.8 | HIGH | CWE-787 | No | 0.0% | 5.46 | 2026-03-10 | Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result i... |
| [CVE-2026-27269](https://nvd.nist.gov/vuln/detail/CVE-2026-27269) | 7.8 | HIGH | CWE-125 | No | 0.0% | 5.46 | 2026-03-10 | Premiere Pro versions 25.5 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file,... |
| [CVE-2026-27219](https://nvd.nist.gov/vuln/detail/CVE-2026-27219) | 5.5 | MEDIUM | CWE-125 | No | 0.0% | 3.85 | 2026-03-10 | Substance3D - Painter versions 11.1.2 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to... |
| [CVE-2026-27218](https://nvd.nist.gov/vuln/detail/CVE-2026-27218) | 5.5 | MEDIUM | CWE-476 | No | 0.0% | 3.85 | 2026-03-10 | Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could le... |
| [CVE-2026-27217](https://nvd.nist.gov/vuln/detail/CVE-2026-27217) | 5.5 | MEDIUM | CWE-476 | No | 0.0% | 3.85 | 2026-03-10 | Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could le... |
| [CVE-2026-27216](https://nvd.nist.gov/vuln/detail/CVE-2026-27216) | 5.5 | MEDIUM | CWE-125 | No | 0.0% | 3.85 | 2026-03-10 | Substance3D - Painter versions 11.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to... |
| [CVE-2026-27215](https://nvd.nist.gov/vuln/detail/CVE-2026-27215) | 5.5 | MEDIUM | CWE-476 | No | 0.0% | 3.85 | 2026-03-10 | Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could le... |
| [CVE-2026-27214](https://nvd.nist.gov/vuln/detail/CVE-2026-27214) | 5.5 | MEDIUM | CWE-476 | No | 0.0% | 3.85 | 2026-03-10 | Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could le... |
| [CVE-2026-26801](https://nvd.nist.gov/vuln/detail/CVE-2026-26801) | 7.5 | HIGH | CWE-918 | No | 0.0% | 5.25 | 2026-03-10 | Server-Side Request Forgery (SSRF) vulnerability in pdfmake versions 0.3.0-beta.2 through 0.3.5 allows a remote attacker... |
| [CVE-2026-26742](https://nvd.nist.gov/vuln/detail/CVE-2026-26742) | 8.1 | HIGH | CWE-862 | No | 0.0% | 5.67 | 2026-03-10 | PX4 Autopilot versions 1.12.x through 1.15.x contain a protection mechanism failure in the "Re-arm Grace Period" logic.... |
| [CVE-2026-26741](https://nvd.nist.gov/vuln/detail/CVE-2026-26741) | 8.1 | HIGH | CWE-862 | No | 0.0% | 5.67 | 2026-03-10 | PX4 Autopilot versions 1.12.x through 1.15.x contain a logic flaw in the mode switching mechanism. When switching from A... |
| [CVE-2026-21365](https://nvd.nist.gov/vuln/detail/CVE-2026-21365) | 5.5 | MEDIUM | CWE-125 | No | 0.0% | 3.85 | 2026-03-10 | Substance3D - Painter versions 11.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to... |
| [CVE-2026-21364](https://nvd.nist.gov/vuln/detail/CVE-2026-21364) | 5.5 | MEDIUM | CWE-476 | No | 0.0% | 3.85 | 2026-03-10 | Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could le... |
| [CVE-2026-21363](https://nvd.nist.gov/vuln/detail/CVE-2026-21363) | 5.5 | MEDIUM | CWE-476 | No | 0.0% | 3.85 | 2026-03-10 | Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could le... |
| [CVE-2026-3862](https://nvd.nist.gov/vuln/detail/CVE-2026-3862) | 4.6 | MEDIUM | CWE-79 | No | 0.1% | 3.22 | 2026-03-10 | Cross-site Scripting (XSS) allows an attacker to submit specially crafted data to the application which is returned unal... |
| [CVE-2026-3854](https://nvd.nist.gov/vuln/detail/CVE-2026-3854) | 8.7 | HIGH | CWE-77 | No | 0.4% | 6.10 | 2026-03-10 | An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an... |
| [CVE-2026-3847](https://nvd.nist.gov/vuln/detail/CVE-2026-3847) | 8.8 | HIGH | CWE-119 | No | 0.0% | 6.16 | 2026-03-10 | Memory safety bugs present in Firefox 148.0.2. Some of these bugs showed evidence of memory corruption and we presume th... |
| [CVE-2026-3846](https://nvd.nist.gov/vuln/detail/CVE-2026-3846) | 6.5 | MEDIUM | CWE-346 | No | 0.0% | 4.55 | 2026-03-10 | Same-origin policy bypass in the CSS Parsing and Computation component. This vulnerability was fixed in Firefox 148.0.2. |
| [CVE-2026-3845](https://nvd.nist.gov/vuln/detail/CVE-2026-3845) | 8.8 | HIGH | CWE-122 | No | 0.0% | 6.16 | 2026-03-10 | Heap buffer overflow in the Audio/Video: Playback component in Firefox for Android. This vulnerability was fixed in Fire... |
| [CVE-2026-3843](https://nvd.nist.gov/vuln/detail/CVE-2026-3843) | 9.3 | CRITICAL | CWE-89 | No | 0.7% | 6.53 | 2026-03-10 | Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 on Linux contains a SQL Injection vulnerability (CWE-8... |
| [CVE-2026-3483](https://nvd.nist.gov/vuln/detail/CVE-2026-3483) | 7.8 | HIGH | CWE-749 | No | 0.0% | 5.46 | 2026-03-10 | An exposed dangerous method in Ivanti DSM before version 2026.1.1 allows a local authenticated attacker to escalate thei... |
| [CVE-2026-3315](https://nvd.nist.gov/vuln/detail/CVE-2026-3315) | 5.8 | MEDIUM | CWE-250 | No | 0.0% | 4.06 | 2026-03-10 | Incorrect Default Permissions, : Execution with Unnecessary Privileges, : Incorrect Permission Assignment for Critical R... |
| [CVE-2026-3306](https://nvd.nist.gov/vuln/detail/CVE-2026-3306) | 5.3 | MEDIUM | CWE-639 | No | 0.0% | 3.71 | 2026-03-10 | An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed a user with read access... |
| [CVE-2026-3228](https://nvd.nist.gov/vuln/detail/CVE-2026-3228) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-03-10 | The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `... |
| [CVE-2026-31797](https://nvd.nist.gov/vuln/detail/CVE-2026-31797) | 6.1 | MEDIUM | CWE-125 | No | 0.0% | 4.27 | 2026-03-10 | iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is... |
| [CVE-2026-31796](https://nvd.nist.gov/vuln/detail/CVE-2026-31796) | 7.8 | HIGH | CWE-122 | No | 0.0% | 5.46 | 2026-03-10 | iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is... |
| [CVE-2026-31795](https://nvd.nist.gov/vuln/detail/CVE-2026-31795) | 7.8 | HIGH | CWE-120 | No | 0.0% | 5.46 | 2026-03-10 | iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is... |
| [CVE-2026-31794](https://nvd.nist.gov/vuln/detail/CVE-2026-31794) | 5.5 | MEDIUM | CWE-125 | No | 0.0% | 3.85 | 2026-03-10 | iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is... |
| [CVE-2026-31793](https://nvd.nist.gov/vuln/detail/CVE-2026-31793) | 5.5 | MEDIUM | CWE-125 | No | 0.0% | 3.85 | 2026-03-10 | iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is... |
| [CVE-2026-31792](https://nvd.nist.gov/vuln/detail/CVE-2026-31792) | 7.8 | HIGH | CWE-476 | No | 0.0% | 5.46 | 2026-03-10 | iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is... |
| [CVE-2026-30987](https://nvd.nist.gov/vuln/detail/CVE-2026-30987) | 7.8 | HIGH | CWE-120 | No | 0.0% | 5.46 | 2026-03-10 | iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is... |
| [CVE-2026-30986](https://nvd.nist.gov/vuln/detail/CVE-2026-30986) | 5.5 | MEDIUM | CWE-125 | No | 0.0% | 3.85 | 2026-03-10 | iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is... |
| [CVE-2026-30985](https://nvd.nist.gov/vuln/detail/CVE-2026-30985) | 7.8 | HIGH | CWE-120 | No | 0.0% | 5.46 | 2026-03-10 | iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is... |
| [CVE-2026-30984](https://nvd.nist.gov/vuln/detail/CVE-2026-30984) | 6.1 | MEDIUM | CWE-125 | No | 0.0% | 4.27 | 2026-03-10 | iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is... |
| [CVE-2026-30983](https://nvd.nist.gov/vuln/detail/CVE-2026-30983) | 7.8 | HIGH | CWE-120 | No | 0.0% | 5.46 | 2026-03-10 | iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is... |
| [CVE-2026-30982](https://nvd.nist.gov/vuln/detail/CVE-2026-30982) | 6.1 | MEDIUM | CWE-122 | No | 0.0% | 4.27 | 2026-03-10 | iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is... |
| [CVE-2026-30981](https://nvd.nist.gov/vuln/detail/CVE-2026-30981) | 6.1 | MEDIUM | CWE-120 | No | 0.0% | 4.27 | 2026-03-10 | iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is... |
| [CVE-2026-30980](https://nvd.nist.gov/vuln/detail/CVE-2026-30980) | 5.5 | MEDIUM | CWE-121 | No | 0.0% | 3.85 | 2026-03-10 | iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is... |
| [CVE-2026-30979](https://nvd.nist.gov/vuln/detail/CVE-2026-30979) | 7.8 | HIGH | CWE-120 | No | 0.0% | 5.46 | 2026-03-10 | iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is... |
| [CVE-2026-30978](https://nvd.nist.gov/vuln/detail/CVE-2026-30978) | 7.8 | HIGH | CWE-416 | No | 0.0% | 5.46 | 2026-03-10 | iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is... |
| [CVE-2026-30977](https://nvd.nist.gov/vuln/detail/CVE-2026-30977) | 2.0 | LOW | CWE-79 | No | 0.1% | 1.40 | 2026-03-10 | RenderBlocking is a MediaWiki extension that allows interface administrators to specify render-blocking CSS and JavaScri... |
| [CVE-2026-30974](https://nvd.nist.gov/vuln/detail/CVE-2026-30974) | 4.6 | MEDIUM | CWE-79 | No | 0.0% | 3.22 | 2026-03-10 | Copyparty is a portable file server. Prior to v1.20.11., the nohtml config option, intended to prevent execution of Java... |
| [CVE-2026-30973](https://nvd.nist.gov/vuln/detail/CVE-2026-30973) | 6.5 | MEDIUM | CWE-22 | No | 0.0% | 4.55 | 2026-03-10 | Appium is an automation framework that provides WebDriver-based automation possibilities for a wide range platforms. Pri... |
| [CVE-2026-30970](https://nvd.nist.gov/vuln/detail/CVE-2026-30970) | 8.8 | HIGH | CWE-862 | No | 0.1% | 6.16 | 2026-03-10 | Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The I... |
| [CVE-2026-30969](https://nvd.nist.gov/vuln/detail/CVE-2026-30969) | 7.6 | HIGH | CWE-639 | No | 0.1% | 5.32 | 2026-03-10 | Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The I... |
| [CVE-2026-30968](https://nvd.nist.gov/vuln/detail/CVE-2026-30968) | 8.6 | HIGH | CWE-862 | No | 0.1% | 6.02 | 2026-03-10 | Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The I... |
| [CVE-2026-30964](https://nvd.nist.gov/vuln/detail/CVE-2026-30964) | 5.4 | MEDIUM | CWE-346 | No | 0.0% | 3.78 | 2026-03-10 | web-auth/webauthn-lib is an open source set of PHP libraries and a Symfony bundle to allow developers to integrate that... |
| [CVE-2026-30960](https://nvd.nist.gov/vuln/detail/CVE-2026-30960) | 9.4 | CRITICAL | CWE-94 | No | 0.0% | 6.58 | 2026-03-10 | rssn is a scientific computing library for Rust, combining a high-performance symbolic computation engine with numerical... |
| [CVE-2026-30959](https://nvd.nist.gov/vuln/detail/CVE-2026-30959) | 5.3 | MEDIUM | CWE-285 | No | 0.0% | 3.71 | 2026-03-10 | OneUptime is a solution for monitoring and managing online services. The resend-verification-code endpoint allows any au... |
| [CVE-2026-30958](https://nvd.nist.gov/vuln/detail/CVE-2026-30958) | 7.2 | HIGH | CWE-22 | No | 0.2% | 5.04 | 2026-03-10 | OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, an unauthenticated path traversal... |
| [CVE-2026-30957](https://nvd.nist.gov/vuln/detail/CVE-2026-30957) | 9.9 | CRITICAL | CWE-749 | No | 0.3% | 6.94 | 2026-03-10 | OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, OneUptime Synthetic Monitors allo... |
| [CVE-2026-30956](https://nvd.nist.gov/vuln/detail/CVE-2026-30956) | 9.9 | CRITICAL | CWE-285 | No | 0.1% | 6.93 | 2026-03-10 | OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, a low‑privileged user can bypass... |
| [CVE-2026-30945](https://nvd.nist.gov/vuln/detail/CVE-2026-30945) | 7.1 | HIGH | CWE-639 | No | 0.0% | 4.97 | 2026-03-10 | StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.0, the DELETE /studi... |
| [CVE-2026-30944](https://nvd.nist.gov/vuln/detail/CVE-2026-30944) | 8.8 | HIGH | CWE-639 | No | 0.1% | 6.16 | 2026-03-10 | StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.0, the /studiocms_ap... |
| [CVE-2026-30942](https://nvd.nist.gov/vuln/detail/CVE-2026-30942) | 8.3 | HIGH | CWE-22 | No | 0.2% | 5.82 | 2026-03-10 | Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to 1.7.3, an... |
| [CVE-2026-30941](https://nvd.nist.gov/vuln/detail/CVE-2026-30941) | 8.7 | HIGH | CWE-943 | No | 0.1% | 6.09 | 2026-03-10 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.14... |
| [CVE-2026-30939](https://nvd.nist.gov/vuln/detail/CVE-2026-30939) | 8.8 | HIGH | CWE-1321 | No | 0.2% | 6.17 | 2026-03-10 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.13... |
| [CVE-2026-30938](https://nvd.nist.gov/vuln/detail/CVE-2026-30938) | 6.9 | MEDIUM | CWE-693 | No | 0.1% | 4.83 | 2026-03-10 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.12... |
| [CVE-2026-30934](https://nvd.nist.gov/vuln/detail/CVE-2026-30934) | 8.9 | HIGH | CWE-79 | No | 0.0% | 6.23 | 2026-03-10 | FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, Stored XSS is... |
| [CVE-2026-30933](https://nvd.nist.gov/vuln/detail/CVE-2026-30933) | 7.5 | HIGH | CWE-200 | No | 0.1% | 5.25 | 2026-03-10 | FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, the remediatio... |
| [CVE-2026-30930](https://nvd.nist.gov/vuln/detail/CVE-2026-30930) | 8.6 | HIGH | CWE-89 | No | 0.0% | 6.02 | 2026-03-10 | Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, The TimescaleDB export module construct... |
| [CVE-2026-30928](https://nvd.nist.gov/vuln/detail/CVE-2026-30928) | 8.7 | HIGH | CWE-200 | No | 3.7% | 6.20 | 2026-03-10 | Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, the /api/4/config REST API endpoint ret... |
| [CVE-2026-30897](https://nvd.nist.gov/vuln/detail/CVE-2026-30897) | 6.6 | MEDIUM | CWE-121 | No | 0.0% | 4.62 | 2026-03-10 | A stack-based buffer overflow vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, Fort... |
| [CVE-2026-2724](https://nvd.nist.gov/vuln/detail/CVE-2026-2724) | 7.2 | HIGH | CWE-79 | No | 0.1% | 5.04 | 2026-03-10 | The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form entr... |
| [CVE-2026-2339](https://nvd.nist.gov/vuln/detail/CVE-2026-2339) | 7.5 | HIGH | CWE-306 | No | 0.2% | 5.26 | 2026-03-10 | Missing Authentication for Critical Function vulnerability in TUBITAK BILGEM Software Technologies Research Institute Li... |
| [CVE-2026-2273](https://nvd.nist.gov/vuln/detail/CVE-2026-2273) | 7.2 | HIGH | CWE-94 | No | 0.0% | 5.04 | 2026-03-10 | CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exist that could cause execution of untr... |
| [CVE-2026-27661](https://nvd.nist.gov/vuln/detail/CVE-2026-27661) | 5.3 | MEDIUM | CWE-1230 | No | 0.0% | 3.71 | 2026-03-10 | A vulnerability has been identified in SINEC Security Monitor (All versions < V4.9.0). The affected application leaks co... |
| [CVE-2026-26738](https://nvd.nist.gov/vuln/detail/CVE-2026-26738) | 7.8 | HIGH | CWE-121 | No | 0.1% | 5.46 | 2026-03-10 | Buffer Overflow vulnerability in Uderzo Software SpaceSniffer v.2.0.5.18 allows a remote attacker to execute arbitrary c... |
| [CVE-2026-26148](https://nvd.nist.gov/vuln/detail/CVE-2026-26148) | 8.1 | HIGH | CWE-454 | No | 0.1% | 5.67 | 2026-03-10 | External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate... |
| [CVE-2026-26144](https://nvd.nist.gov/vuln/detail/CVE-2026-26144) | 7.5 | HIGH | CWE-79 | No | 0.1% | 5.25 | 2026-03-10 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Excel allows an... |
| [CVE-2026-26141](https://nvd.nist.gov/vuln/detail/CVE-2026-26141) | 7.8 | HIGH | CWE-287 | No | 0.1% | 5.46 | 2026-03-10 | Improper authentication in Azure Arc allows an authorized attacker to elevate privileges locally. |
| [CVE-2026-26134](https://nvd.nist.gov/vuln/detail/CVE-2026-26134) | 7.8 | HIGH | CWE-190 | No | 0.1% | 5.46 | 2026-03-10 | Integer overflow or wraparound in Microsoft Office allows an authorized attacker to elevate privileges locally. |
| [CVE-2026-26132](https://nvd.nist.gov/vuln/detail/CVE-2026-26132) | 7.8 | HIGH | CWE-416 | No | 0.1% | 5.46 | 2026-03-10 | Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. |
| [CVE-2026-26131](https://nvd.nist.gov/vuln/detail/CVE-2026-26131) | 7.8 | HIGH | CWE-276 | No | 0.0% | 5.46 | 2026-03-10 | Incorrect default permissions in .NET allows an authorized attacker to elevate privileges locally. |
| [CVE-2026-26130](https://nvd.nist.gov/vuln/detail/CVE-2026-26130) | 7.5 | HIGH | CWE-770 | No | 0.7% | 5.27 | 2026-03-10 | Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service ove... |
| [CVE-2026-26128](https://nvd.nist.gov/vuln/detail/CVE-2026-26128) | 7.8 | HIGH | CWE-287 | No | 0.1% | 5.46 | 2026-03-10 | Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally. |
| [CVE-2026-26127](https://nvd.nist.gov/vuln/detail/CVE-2026-26127) | 7.5 | HIGH | CWE-125 | No | 0.1% | 5.25 | 2026-03-10 | Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network. |
| [CVE-2026-26121](https://nvd.nist.gov/vuln/detail/CVE-2026-26121) | 7.5 | HIGH | CWE-20 | No | 0.2% | 5.26 | 2026-03-10 | Server-side request forgery (ssrf) in Azure IoT Explorer allows an unauthorized attacker to perform spoofing over a netw... |
| [CVE-2026-26118](https://nvd.nist.gov/vuln/detail/CVE-2026-26118) | 8.8 | HIGH | CWE-918 | No | 0.1% | 6.16 | 2026-03-10 | Server-side request forgery (ssrf) in Azure MCP Server allows an authorized attacker to elevate privileges over a networ... |
| [CVE-2026-26117](https://nvd.nist.gov/vuln/detail/CVE-2026-26117) | 7.8 | HIGH | CWE-288 | No | 0.1% | 5.46 | 2026-03-10 | Authentication bypass using an alternate path or channel in Azure Windows Virtual Machine Agent allows an authorized att... |
| [CVE-2026-26116](https://nvd.nist.gov/vuln/detail/CVE-2026-26116) | 8.8 | HIGH | CWE-89 | No | 0.1% | 6.16 | 2026-03-10 | Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized... |
| [CVE-2026-26115](https://nvd.nist.gov/vuln/detail/CVE-2026-26115) | 8.8 | HIGH | CWE-1287 | No | 0.1% | 6.16 | 2026-03-10 | Improper validation of specified type of input in SQL Server allows an authorized attacker to elevate privileges over a... |
| [CVE-2026-26114](https://nvd.nist.gov/vuln/detail/CVE-2026-26114) | 8.8 | HIGH | CWE-502 | No | 1.6% | 6.21 | 2026-03-10 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a ne... |
| [CVE-2026-26113](https://nvd.nist.gov/vuln/detail/CVE-2026-26113) | 8.4 | HIGH | CWE-822 | No | 0.1% | 5.88 | 2026-03-10 | Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally. |
| [CVE-2026-26112](https://nvd.nist.gov/vuln/detail/CVE-2026-26112) | 7.8 | HIGH | CWE-822 | No | 0.1% | 5.46 | 2026-03-10 | Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
| [CVE-2026-26111](https://nvd.nist.gov/vuln/detail/CVE-2026-26111) | 8.0 | HIGH | CWE-122 | No | 0.1% | 5.60 | 2026-03-10 | Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to exec... |
| [CVE-2026-26110](https://nvd.nist.gov/vuln/detail/CVE-2026-26110) | 8.4 | HIGH | CWE-843 | No | 0.1% | 5.88 | 2026-03-10 | Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to exe... |
| [CVE-2026-26109](https://nvd.nist.gov/vuln/detail/CVE-2026-26109) | 8.4 | HIGH | CWE-125 | No | 0.1% | 5.88 | 2026-03-10 | Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
| [CVE-2026-26108](https://nvd.nist.gov/vuln/detail/CVE-2026-26108) | 7.8 | HIGH | CWE-122 | No | 0.1% | 5.46 | 2026-03-10 | Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
| [CVE-2026-26107](https://nvd.nist.gov/vuln/detail/CVE-2026-26107) | 7.8 | HIGH | CWE-416 | No | 0.1% | 5.46 | 2026-03-10 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
| [CVE-2026-26106](https://nvd.nist.gov/vuln/detail/CVE-2026-26106) | 8.8 | HIGH | CWE-20 | No | 0.1% | 6.16 | 2026-03-10 | Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. |
| [CVE-2026-26105](https://nvd.nist.gov/vuln/detail/CVE-2026-26105) | 8.1 | HIGH | CWE-79 | No | 0.1% | 5.67 | 2026-03-10 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allo... |
| [CVE-2026-25972](https://nvd.nist.gov/vuln/detail/CVE-2026-25972) | 4.3 | MEDIUM | CWE-79 | No | 0.1% | 3.01 | 2026-03-10 | An improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiS... |
| [CVE-2026-25836](https://nvd.nist.gov/vuln/detail/CVE-2026-25836) | 7.2 | HIGH | CWE-78 | No | 0.1% | 5.04 | 2026-03-10 | An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet... |
| [CVE-2026-25689](https://nvd.nist.gov/vuln/detail/CVE-2026-25689) | 6.5 | MEDIUM | CWE-88 | No | 0.1% | 4.55 | 2026-03-10 | An improper neutralization of argument delimiters in a command ('argument injection') vulnerability in Fortinet FortiDec... |
| [CVE-2026-25605](https://nvd.nist.gov/vuln/detail/CVE-2026-25605) | 5.9 | MEDIUM | CWE-73 | No | 0.0% | 4.13 | 2026-03-10 | A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The affected application performs file d... |
| [CVE-2026-25573](https://nvd.nist.gov/vuln/detail/CVE-2026-25573) | 8.6 | HIGH | CWE-73 | No | 0.0% | 6.02 | 2026-03-10 | A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The affected application builds shell co... |
| [CVE-2026-25572](https://nvd.nist.gov/vuln/detail/CVE-2026-25572) | 5.9 | MEDIUM | CWE-130 | No | 0.0% | 4.13 | 2026-03-10 | A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The SICAM SIAPP SDK server component doe... |
| [CVE-2026-25571](https://nvd.nist.gov/vuln/detail/CVE-2026-25571) | 5.9 | MEDIUM | CWE-130 | No | 0.0% | 4.13 | 2026-03-10 | A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The SICAM SIAPP SDK client component doe... |
| [CVE-2026-25570](https://nvd.nist.gov/vuln/detail/CVE-2026-25570) | 7.5 | HIGH | CWE-121 | No | 0.0% | 5.25 | 2026-03-10 | A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The SICAM SIAPP SDK does not perform che... |
| [CVE-2026-25569](https://nvd.nist.gov/vuln/detail/CVE-2026-25569) | 7.5 | HIGH | CWE-787 | No | 0.0% | 5.25 | 2026-03-10 | A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). An out-of-bounds write vulnerability exi... |
| [CVE-2026-25190](https://nvd.nist.gov/vuln/detail/CVE-2026-25190) | 7.8 | HIGH | CWE-426 | No | 0.1% | 5.46 | 2026-03-10 | Untrusted search path in Windows GDI allows an unauthorized attacker to execute code locally. |
| [CVE-2026-25189](https://nvd.nist.gov/vuln/detail/CVE-2026-25189) | 7.8 | HIGH | CWE-416 | No | 0.1% | 5.46 | 2026-03-10 | Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. |
| [CVE-2026-25188](https://nvd.nist.gov/vuln/detail/CVE-2026-25188) | 8.8 | HIGH | CWE-122 | No | 0.1% | 6.16 | 2026-03-10 | Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to elevate privileges over an ad... |
| [CVE-2026-25187](https://nvd.nist.gov/vuln/detail/CVE-2026-25187) | 7.8 | HIGH | CWE-59 | No | 0.1% | 5.46 | 2026-03-10 | Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate priv... |
| [CVE-2026-25186](https://nvd.nist.gov/vuln/detail/CVE-2026-25186) | 5.5 | MEDIUM | CWE-200 | No | 0.1% | 3.85 | 2026-03-10 | Exposure of sensitive information to an unauthorized actor in Windows Accessibility Infrastructure (ATBroker.exe) allows... |
| [CVE-2026-25185](https://nvd.nist.gov/vuln/detail/CVE-2026-25185) | 5.3 | MEDIUM | CWE-200 | No | 0.1% | 3.71 | 2026-03-10 | Exposure of sensitive information to an unauthorized actor in Windows Shell Link Processing allows an unauthorized attac... |
| [CVE-2026-25181](https://nvd.nist.gov/vuln/detail/CVE-2026-25181) | 7.5 | HIGH | CWE-125 | No | 0.1% | 5.25 | 2026-03-10 | Out-of-bounds read in Windows GDI+ allows an unauthorized attacker to disclose information over a network. |
| [CVE-2026-25180](https://nvd.nist.gov/vuln/detail/CVE-2026-25180) | 5.5 | MEDIUM | CWE-125 | No | 0.1% | 3.85 | 2026-03-10 | Out-of-bounds read in Microsoft Graphics Component allows an unauthorized attacker to disclose information locally. |
| [CVE-2026-25179](https://nvd.nist.gov/vuln/detail/CVE-2026-25179) | 7.0 | HIGH | CWE-1287 | No | 0.1% | 4.90 | 2026-03-10 | Improper validation of specified type of input in Windows Ancillary Function Driver for WinSock allows an authorized att... |
| [CVE-2026-25178](https://nvd.nist.gov/vuln/detail/CVE-2026-25178) | 7.0 | HIGH | CWE-416 | No | 0.0% | 4.90 | 2026-03-10 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges loca... |
| [CVE-2026-25177](https://nvd.nist.gov/vuln/detail/CVE-2026-25177) | 8.8 | HIGH | CWE-641 | No | 0.1% | 6.16 | 2026-03-10 | Improper restriction of names for files and other resources in Active Directory Domain Services allows an authorized att... |
| [CVE-2026-25176](https://nvd.nist.gov/vuln/detail/CVE-2026-25176) | 7.8 | HIGH | CWE-284 | No | 0.1% | 5.46 | 2026-03-10 | Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privil... |
| [CVE-2026-25175](https://nvd.nist.gov/vuln/detail/CVE-2026-25175) | 7.8 | HIGH | CWE-125 | No | 0.1% | 5.46 | 2026-03-10 | Out-of-bounds read in Windows NTFS allows an authorized attacker to elevate privileges locally. |
| [CVE-2026-25174](https://nvd.nist.gov/vuln/detail/CVE-2026-25174) | 7.8 | HIGH | CWE-125 | No | 0.1% | 5.46 | 2026-03-10 | Out-of-bounds read in Windows Extensible File Allocation allows an authorized attacker to elevate privileges locally. |
| [CVE-2026-25173](https://nvd.nist.gov/vuln/detail/CVE-2026-25173) | 8.0 | HIGH | CWE-122 | No | 0.1% | 5.60 | 2026-03-10 | Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to exec... |
| [CVE-2026-25172](https://nvd.nist.gov/vuln/detail/CVE-2026-25172) | 8.0 | HIGH | CWE-122 | No | 0.1% | 5.60 | 2026-03-10 | Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to exec... |
| [CVE-2026-25171](https://nvd.nist.gov/vuln/detail/CVE-2026-25171) | 7.0 | HIGH | CWE-416 | No | 0.0% | 4.90 | 2026-03-10 | Use after free in Windows Authentication Methods allows an authorized attacker to elevate privileges locally. |
| [CVE-2026-25170](https://nvd.nist.gov/vuln/detail/CVE-2026-25170) | 7.0 | HIGH | CWE-416 | No | 0.0% | 4.90 | 2026-03-10 | Use after free in Windows Hyper-V allows an authorized attacker to elevate privileges locally. |
| [CVE-2026-25169](https://nvd.nist.gov/vuln/detail/CVE-2026-25169) | 6.2 | MEDIUM | CWE-369 | No | 0.1% | 4.34 | 2026-03-10 | Divide by zero in Microsoft Graphics Component allows an unauthorized attacker to deny service locally. |
| [CVE-2026-25168](https://nvd.nist.gov/vuln/detail/CVE-2026-25168) | 6.2 | MEDIUM | CWE-476 | No | 0.0% | 4.34 | 2026-03-10 | Null pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to deny service locally. |
| [CVE-2026-25167](https://nvd.nist.gov/vuln/detail/CVE-2026-25167) | 7.4 | HIGH | CWE-416 | No | 0.0% | 5.18 | 2026-03-10 | Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally. |
| [CVE-2026-25166](https://nvd.nist.gov/vuln/detail/CVE-2026-25166) | 7.8 | HIGH | CWE-502 | No | 0.5% | 5.47 | 2026-03-10 | Deserialization of untrusted data in Windows System Image Manager allows an authorized attacker to execute code locally. |
| [CVE-2026-25165](https://nvd.nist.gov/vuln/detail/CVE-2026-25165) | 7.8 | HIGH | CWE-476 | No | 0.1% | 5.46 | 2026-03-10 | Null pointer dereference in Windows Performance Counters allows an authorized attacker to elevate privileges locally. |
| [CVE-2026-24641](https://nvd.nist.gov/vuln/detail/CVE-2026-24641) | 2.7 | LOW | CWE-476 | No | 0.2% | 1.89 | 2026-03-10 | A NULL Pointer Dereference vulnerability [CWE-476] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.... |
| [CVE-2026-24640](https://nvd.nist.gov/vuln/detail/CVE-2026-24640) | 6.6 | MEDIUM | CWE-121 | No | 0.0% | 4.62 | 2026-03-10 | A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7... |
| [CVE-2026-24297](https://nvd.nist.gov/vuln/detail/CVE-2026-24297) | 6.5 | MEDIUM | CWE-362 | No | 0.0% | 4.55 | 2026-03-10 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kerberos allows a... |
| [CVE-2026-24296](https://nvd.nist.gov/vuln/detail/CVE-2026-24296) | 7.0 | HIGH | CWE-362 | No | 0.0% | 4.90 | 2026-03-10 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Device Associatio... |
| [CVE-2026-24295](https://nvd.nist.gov/vuln/detail/CVE-2026-24295) | 7.0 | HIGH | CWE-362 | No | 0.0% | 4.90 | 2026-03-10 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Device Associatio... |
| [CVE-2026-24294](https://nvd.nist.gov/vuln/detail/CVE-2026-24294) | 7.8 | HIGH | CWE-287 | No | 0.1% | 5.46 | 2026-03-10 | Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally. |
| [CVE-2026-24293](https://nvd.nist.gov/vuln/detail/CVE-2026-24293) | 7.8 | HIGH | CWE-476 | No | 0.1% | 5.46 | 2026-03-10 | Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privi... |
| [CVE-2026-24292](https://nvd.nist.gov/vuln/detail/CVE-2026-24292) | 7.8 | HIGH | CWE-416 | No | 0.1% | 5.46 | 2026-03-10 | Use after free in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locall... |
| [CVE-2026-24291](https://nvd.nist.gov/vuln/detail/CVE-2026-24291) | 7.8 | HIGH | CWE-732 | No | 0.1% | 5.46 | 2026-03-10 | Incorrect permission assignment for critical resource in Windows Accessibility Infrastructure (ATBroker.exe) allows an a... |
| [CVE-2026-24290](https://nvd.nist.gov/vuln/detail/CVE-2026-24290) | 7.8 | HIGH | CWE-284 | No | 0.1% | 5.46 | 2026-03-10 | Improper access control in Windows Projected File System allows an authorized attacker to elevate privileges locally. |
| [CVE-2026-24289](https://nvd.nist.gov/vuln/detail/CVE-2026-24289) | 7.8 | HIGH | CWE-416 | No | 0.1% | 5.46 | 2026-03-10 | Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. |
| [CVE-2026-24288](https://nvd.nist.gov/vuln/detail/CVE-2026-24288) | 6.8 | MEDIUM | CWE-122 | No | 0.1% | 4.76 | 2026-03-10 | Heap-based buffer overflow in Windows Mobile Broadband allows an unauthorized attacker to execute code with a physical a... |
| [CVE-2026-24287](https://nvd.nist.gov/vuln/detail/CVE-2026-24287) | 7.8 | HIGH | CWE-73 | No | 0.1% | 5.46 | 2026-03-10 | External control of file name or path in Windows Kernel allows an authorized attacker to elevate privileges locally. |
| [CVE-2026-24285](https://nvd.nist.gov/vuln/detail/CVE-2026-24285) | 7.0 | HIGH | CWE-416 | No | 0.1% | 4.90 | 2026-03-10 | Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally. |
| [CVE-2026-24283](https://nvd.nist.gov/vuln/detail/CVE-2026-24283) | 8.8 | HIGH | CWE-122 | No | 0.1% | 6.16 | 2026-03-10 | Heap-based buffer overflow in Windows File Server allows an authorized attacker to elevate privileges locally. |
| [CVE-2026-24282](https://nvd.nist.gov/vuln/detail/CVE-2026-24282) | 5.5 | MEDIUM | CWE-125 | No | 0.0% | 3.85 | 2026-03-10 | Out-of-bounds read in Push Message Routing Service allows an authorized attacker to disclose information locally. |
| [CVE-2026-24018](https://nvd.nist.gov/vuln/detail/CVE-2026-24018) | 7.8 | HIGH | CWE-61 | No | 0.0% | 5.46 | 2026-03-10 | A UNIX symbolic link (Symlink) following vulnerability in Fortinet FortiClientLinux 7.4.0 through 7.4.4, FortiClientLinu... |
| [CVE-2026-24017](https://nvd.nist.gov/vuln/detail/CVE-2026-24017) | 8.1 | HIGH | CWE-799 | No | 0.1% | 5.67 | 2026-03-10 | An Improper Control of Interaction Frequency vulnerability [CWE-799] vulnerability in Fortinet FortiWeb 8.0.0 through 8.... |
| [CVE-2026-23674](https://nvd.nist.gov/vuln/detail/CVE-2026-23674) | 7.5 | HIGH | CWE-41 | No | 0.1% | 5.25 | 2026-03-10 | Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security fea... |
| [CVE-2026-23673](https://nvd.nist.gov/vuln/detail/CVE-2026-23673) | 7.8 | HIGH | CWE-125 | No | 0.1% | 5.46 | 2026-03-10 | Out-of-bounds read in Windows Resilient File System (ReFS) allows an authorized attacker to elevate privileges locally. |
| [CVE-2026-23672](https://nvd.nist.gov/vuln/detail/CVE-2026-23672) | 7.8 | HIGH | CWE-125 | No | 0.1% | 5.46 | 2026-03-10 | Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability |
| [CVE-2026-23671](https://nvd.nist.gov/vuln/detail/CVE-2026-23671) | 7.0 | HIGH | CWE-362 | No | 0.0% | 4.90 | 2026-03-10 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth RFCOM P... |
| [CVE-2026-23669](https://nvd.nist.gov/vuln/detail/CVE-2026-23669) | 8.8 | HIGH | CWE-416 | No | 0.1% | 6.16 | 2026-03-10 | Use after free in RPC Runtime allows an authorized attacker to execute code over a network. |
| [CVE-2026-23668](https://nvd.nist.gov/vuln/detail/CVE-2026-23668) | 7.0 | HIGH | CWE-362 | No | 0.0% | 4.90 | 2026-03-10 | Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Compon... |
| [CVE-2026-23667](https://nvd.nist.gov/vuln/detail/CVE-2026-23667) | 7.0 | HIGH | CWE-416 | No | 0.0% | 4.90 | 2026-03-10 | Use after free in Broadcast DVR allows an authorized attacker to elevate privileges locally. |
| [CVE-2026-23665](https://nvd.nist.gov/vuln/detail/CVE-2026-23665) | 7.8 | HIGH | CWE-122 | No | 0.1% | 5.46 | 2026-03-10 | Heap-based buffer overflow in Azure Linux Virtual Machines allows an authorized attacker to elevate privileges locally. |
| [CVE-2026-23664](https://nvd.nist.gov/vuln/detail/CVE-2026-23664) | 7.5 | HIGH | CWE-923 | No | 0.1% | 5.25 | 2026-03-10 | Improper restriction of communication channel to intended endpoints in Azure IoT Explorer allows an unauthorized attacke... |
| [CVE-2026-23662](https://nvd.nist.gov/vuln/detail/CVE-2026-23662) | 7.5 | HIGH | CWE-306 | No | 0.1% | 5.25 | 2026-03-10 | Missing authentication for critical function in Azure IoT Explorer allows an unauthorized attacker to disclose informati... |
| [CVE-2026-23661](https://nvd.nist.gov/vuln/detail/CVE-2026-23661) | 7.5 | HIGH | CWE-319 | No | 0.0% | 5.25 | 2026-03-10 | Cleartext transmission of sensitive information in Azure IoT Explorer allows an unauthorized attacker to disclose inform... |
| [CVE-2026-23660](https://nvd.nist.gov/vuln/detail/CVE-2026-23660) | 7.8 | HIGH | CWE-284 | No | 0.1% | 5.46 | 2026-03-10 | Improper access control in Azure Portal Windows Admin Center allows an authorized attacker to elevate privileges locally... |
| [CVE-2026-23656](https://nvd.nist.gov/vuln/detail/CVE-2026-23656) | 5.9 | MEDIUM | CWE-345 | No | 0.0% | 4.13 | 2026-03-10 | Insufficient verification of data authenticity in Windows App Installer allows an unauthorized attacker to perform spoof... |
| [CVE-2026-23654](https://nvd.nist.gov/vuln/detail/CVE-2026-23654) | 8.8 | HIGH | NVD-CWE-noinfo | No | 0.1% | 6.16 | 2026-03-10 | Dependency on vulnerable third-party component in GitHub Repo: zero-shot-scfoundation allows an unauthorized attacker to... |
| [CVE-2026-22629](https://nvd.nist.gov/vuln/detail/CVE-2026-22629) | 3.7 | LOW | CWE-307 | No | 0.1% | 2.59 | 2026-03-10 | An improper restriction of excessive authentication attempts vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4... |
| [CVE-2026-22628](https://nvd.nist.gov/vuln/detail/CVE-2026-22628) | 5.3 | MEDIUM | CWE-284 | No | 0.0% | 3.71 | 2026-03-10 | An improper access control vulnerability in Fortinet FortiSwitchAXFixed 1.0.0 through 1.0.1 may allow an authenticated a... |
| [CVE-2026-22627](https://nvd.nist.gov/vuln/detail/CVE-2026-22627) | 8.8 | HIGH | CWE-120 | No | 0.0% | 6.16 | 2026-03-10 | A buffer copy without checking size of input ('classic buffer overflow') vulnerability in Fortinet FortiSwitchAXFixed 1.... |
| [CVE-2026-22572](https://nvd.nist.gov/vuln/detail/CVE-2026-22572) | 7.2 | HIGH | CWE-288 | No | 0.1% | 5.04 | 2026-03-10 | An authentication bypass using an alternate path or channel vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3,... |
| [CVE-2026-21791](https://nvd.nist.gov/vuln/detail/CVE-2026-21791) | 3.3 | LOW | CWE-532 | No | 0.0% | 2.31 | 2026-03-10 | HCL Sametime for Android is impacted by a sensitive information disclosure.  Hostnames information is written in applica... |
| [CVE-2026-21262](https://nvd.nist.gov/vuln/detail/CVE-2026-21262) | 8.8 | HIGH | CWE-284 | No | 0.2% | 6.16 | 2026-03-10 | Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network. |
| [CVE-2026-20967](https://nvd.nist.gov/vuln/detail/CVE-2026-20967) | 8.8 | HIGH | CWE-20 | No | 0.1% | 6.16 | 2026-03-10 | Improper input validation in System Center Operations Manager allows an authorized attacker to elevate privileges over a... |
| [CVE-2026-1286](https://nvd.nist.gov/vuln/detail/CVE-2026-1286) | 7.0 | HIGH | CWE-502 | No | 0.3% | 4.91 | 2026-03-10 | CWE-502: Deserialization of untrusted data vulnerability exists that could lead to loss of confidentiality, integrity an... |
| [CVE-2026-1261](https://nvd.nist.gov/vuln/detail/CVE-2026-1261) | 7.2 | HIGH | CWE-79 | No | 0.1% | 5.04 | 2026-03-10 | The MetForm Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Quiz feature in all versions u... |
| [CVE-2025-70025](https://nvd.nist.gov/vuln/detail/CVE-2025-70025) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-03-10 | An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in benkeen gen... |
| [CVE-2025-69615](https://nvd.nist.gov/vuln/detail/CVE-2025-69615) | 9.1 | CRITICAL | CWE-307 | No | 0.0% | 6.37 | 2026-03-10 | Incorrect Access Control via missing 2FA rate-limiting allowing unlimited brute-force retries and full MFA bypass with n... |
| [CVE-2025-69614](https://nvd.nist.gov/vuln/detail/CVE-2025-69614) | 9.4 | CRITICAL | CWE-640 | No | 0.0% | 6.58 | 2026-03-10 | Incorrect Access Control via activation token reuse on the password-reset endpoint allowing unauthorized password resets... |
| [CVE-2025-68648](https://nvd.nist.gov/vuln/detail/CVE-2025-68648) | 7.2 | HIGH | CWE-134 | No | 0.1% | 5.04 | 2026-03-10 | A use of externally-controlled format string vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer... |
| [CVE-2025-68482](https://nvd.nist.gov/vuln/detail/CVE-2025-68482) | 6.9 | MEDIUM | CWE-295 | No | 0.0% | 4.83 | 2026-03-10 | A improper certificate validation vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 throu... |
| [CVE-2025-66178](https://nvd.nist.gov/vuln/detail/CVE-2025-66178) | 7.2 | HIGH | CWE-78 | No | 0.0% | 5.04 | 2026-03-10 | A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet F... |
| [CVE-2025-56422](https://nvd.nist.gov/vuln/detail/CVE-2025-56422) | 9.8 | CRITICAL | CWE-502 | No | 0.2% | 6.87 | 2026-03-10 | A deserialization vulnerability in LimeSurvey before v6.15.0+250623 allows a remote attacker to execute arbitrary code o... |
| [CVE-2025-56421](https://nvd.nist.gov/vuln/detail/CVE-2025-56421) | 7.5 | HIGH | CWE-89 | No | 0.0% | 5.25 | 2026-03-10 | SQL Injection vulnerability in LimeSurvey before v.6.15.4+250710 allows a remote attacker to obtain sensitive informatio... |
| [CVE-2025-55717](https://nvd.nist.gov/vuln/detail/CVE-2025-55717) | 4.0 | MEDIUM | CWE-312 | No | 0.0% | 2.80 | 2026-03-10 | A cleartext storage of sensitive information vulnerability [CWE-312] vulnerability in Fortinet FortiMail 7.6.0 through 7... |
| [CVE-2025-54820](https://nvd.nist.gov/vuln/detail/CVE-2025-54820) | 8.1 | HIGH | CWE-121 | No | 0.1% | 5.67 | 2026-03-10 | A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiManager 7.4.0 through 7.4.2, FortiM... |
| [CVE-2025-54659](https://nvd.nist.gov/vuln/detail/CVE-2025-54659) | 5.8 | MEDIUM | CWE-22 | No | 0.2% | 4.06 | 2026-03-10 | An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] vulnerability i... |
| [CVE-2025-53706](https://nvd.nist.gov/vuln/detail/CVE-2025-53706) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-03-10 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requ... |
| [CVE-2025-53608](https://nvd.nist.gov/vuln/detail/CVE-2025-53608) | 4.8 | MEDIUM | CWE-79 | No | 0.0% | 3.36 | 2026-03-10 | An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerabi... |
| [CVE-2025-49784](https://nvd.nist.gov/vuln/detail/CVE-2025-49784) | 6.0 | MEDIUM | CWE-89 | No | 0.1% | 4.20 | 2026-03-10 | An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiA... |
| [CVE-2025-48840](https://nvd.nist.gov/vuln/detail/CVE-2025-48840) | 5.3 | MEDIUM | CWE-290 | No | 0.1% | 3.71 | 2026-03-10 | An authentication bypass by spoofing vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWeb 7.4.0 through 7.4.... |
| [CVE-2025-48418](https://nvd.nist.gov/vuln/detail/CVE-2025-48418) | 6.7 | MEDIUM | CWE-912 | No | 0.1% | 4.69 | 2026-03-10 | A hidden functionality vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, F... |
| [CVE-2025-41712](https://nvd.nist.gov/vuln/detail/CVE-2025-41712) | 6.5 | MEDIUM | CWE-732 | No | 0.0% | 4.55 | 2026-03-10 | An unauthenticated remote attacker who tricks a user to upload a manipulated HTML file can get access to sensitive infor... |
| [CVE-2025-41711](https://nvd.nist.gov/vuln/detail/CVE-2025-41711) | 5.3 | MEDIUM | CWE-327 | No | 0.0% | 3.71 | 2026-03-10 | An unauthenticated remote attacker can use firmware images to extract password hashes and brute force plaintext password... |
| [CVE-2025-41710](https://nvd.nist.gov/vuln/detail/CVE-2025-41710) | 6.5 | MEDIUM | CWE-798 | No | 0.0% | 4.55 | 2026-03-10 | An unauthenticated remote attacker may use hardcodes credentials to get access to the previously activated FTP Server wi... |
| [CVE-2025-41709](https://nvd.nist.gov/vuln/detail/CVE-2025-41709) | 9.8 | CRITICAL | CWE-78 | No | 0.6% | 6.88 | 2026-03-10 | An unauthenticated remote attacker can perform a command injection via Modbus-TCP or Modbus-RTU to gain read and write a... |
| [CVE-2025-27769](https://nvd.nist.gov/vuln/detail/CVE-2025-27769) | 2.4 | LOW | CWE-923 | No | 0.0% | 1.68 | 2026-03-10 | A vulnerability has been identified in Heliox Flex 180 kW EV Charging Station (All versions < F4.11.1), Heliox Mobile DC... |
| [CVE-2025-13957](https://nvd.nist.gov/vuln/detail/CVE-2025-13957) | 7.5 | HIGH | CWE-798 | No | 0.5% | 5.26 | 2026-03-10 | CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause information disclosure and remote code exec... |
| [CVE-2025-13902](https://nvd.nist.gov/vuln/detail/CVE-2025-13902) | 5.1 | MEDIUM | CWE-79 | No | 0.1% | 3.57 | 2026-03-10 | CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that co... |
| [CVE-2025-13901](https://nvd.nist.gov/vuln/detail/CVE-2025-13901) | 6.9 | MEDIUM | CWE-404 | No | 0.1% | 4.83 | 2026-03-10 | CWE-404 Improper Resource Shutdown or Release vulnerability exists that could cause partial Denial of Service on Machine... |
| [CVE-2025-11739](https://nvd.nist.gov/vuln/detail/CVE-2025-11739) | 8.5 | HIGH | CWE-502 | No | 0.1% | 5.95 | 2026-03-10 | CWE‑502: Deserialization of Untrusted Data vulnerability exists that could cause arbitrary code execution with administr... |
| [CVE-2022-4977](https://nvd.nist.gov/vuln/detail/CVE-2022-4977) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-03-10 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All r... |
| [CVE-2026-3585](https://nvd.nist.gov/vuln/detail/CVE-2026-3585) | 7.5 | HIGH | CWE-22 | No | 0.1% | 5.25 | 2026-03-10 | The The Events Calendar plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.15.... |
| [CVE-2026-30927](https://nvd.nist.gov/vuln/detail/CVE-2026-30927) | 5.3 | MEDIUM | CWE-639 | No | 0.0% | 3.71 | 2026-03-10 | Admidio is an open-source user management solution. Prior to 5.0.6, in modules/events/events_function.php, the event par... |
| [CVE-2026-30925](https://nvd.nist.gov/vuln/detail/CVE-2026-30925) | 8.2 | HIGH | CWE-1333 | No | 0.0% | 5.74 | 2026-03-10 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.0-a... |
| [CVE-2026-30921](https://nvd.nist.gov/vuln/detail/CVE-2026-30921) | 9.9 | CRITICAL | CWE-749 | No | 0.0% | 6.93 | 2026-03-10 | OneUptime is a solution for monitoring and managing online services. Prior to 10.0.20, OneUptime Synthetic Monitors allo... |
| [CVE-2026-30920](https://nvd.nist.gov/vuln/detail/CVE-2026-30920) | 8.6 | HIGH | CWE-345 | No | 0.0% | 6.02 | 2026-03-10 | OneUptime is a solution for monitoring and managing online services. Prior to 10.0.19, OneUptime's GitHub App callback t... |
| [CVE-2026-30919](https://nvd.nist.gov/vuln/detail/CVE-2026-30919) | 7.6 | HIGH | CWE-79 | No | 0.0% | 5.32 | 2026-03-10 | facileManager is a modular suite of web apps built with the sysadmin in mind. Prior to 6.0.4 , stored XSS (also known as... |
| [CVE-2026-30918](https://nvd.nist.gov/vuln/detail/CVE-2026-30918) | 7.6 | HIGH | CWE-79 | No | 0.0% | 5.32 | 2026-03-10 | facileManager is a modular suite of web apps built with the sysadmin in mind. Prior to 6.0.4 , a reflected XSS occurs wh... |
| [CVE-2026-30917](https://nvd.nist.gov/vuln/detail/CVE-2026-30917) | 8.8 | HIGH | CWE-79 | No | 0.1% | 6.16 | 2026-03-10 | Bucket is a MediaWiki extension to store and retrieve structured data on articles. Prior to 2.1.1, a stored XSS can be i... |
| [CVE-2026-30916](https://nvd.nist.gov/vuln/detail/CVE-2026-30916) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-03-10 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: Further investigation determined that the softwa... |
| [CVE-2026-30913](https://nvd.nist.gov/vuln/detail/CVE-2026-30913) | 4.6 | MEDIUM | CWE-79 | No | 0.0% | 3.22 | 2026-03-10 | Flarum is open-source forum software. When the flarum/nicknames extension is enabled, a registered user can set their ni... |
| [CVE-2026-30887](https://nvd.nist.gov/vuln/detail/CVE-2026-30887) | 9.9 | CRITICAL | CWE-94 | No | 0.1% | 6.93 | 2026-03-10 | OneUptime is a solution for monitoring and managing online services. Prior to 10.0.18, OneUptime allows project members... |
| [CVE-2026-30885](https://nvd.nist.gov/vuln/detail/CVE-2026-30885) | 5.5 | MEDIUM | CWE-306 | No | 0.1% | 3.85 | 2026-03-10 | WWBN AVideo is an open source video platform. Prior to 25.0, the /objects/playlistsFromUser.json.php endpoint returns al... |
| [CVE-2026-30870](https://nvd.nist.gov/vuln/detail/CVE-2026-30870) | 6.5 | MEDIUM | CWE-285 | No | 0.0% | 4.55 | 2026-03-10 | PowerSync Service is the server-side component of the PowerSync sync engine. In version 1.20.0, when using new sync stre... |
| [CVE-2026-30869](https://nvd.nist.gov/vuln/detail/CVE-2026-30869) | 9.3 | CRITICAL | CWE-22 | No | 0.5% | 6.52 | 2026-03-10 | SiYuan is a personal knowledge management system. Prior to 3.5.10, a path traversal vulnerability in the /export endpoin... |
| [CVE-2026-30862](https://nvd.nist.gov/vuln/detail/CVE-2026-30862) | 9.0 | CRITICAL | CWE-79 | No | 0.1% | 6.30 | 2026-03-10 | Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.96, a Critical Stored XSS vulne... |
| [CVE-2026-2364](https://nvd.nist.gov/vuln/detail/CVE-2026-2364) | 7.3 | HIGH | CWE-367 | No | 0.0% | 5.11 | 2026-03-10 | If a legitimate user confirms a self-update prompt or initiate an installation of a CODESYS Development System, a low pr... |
| [CVE-2026-28513](https://nvd.nist.gov/vuln/detail/CVE-2026-28513) | 8.5 | HIGH | CWE-863 | No | 0.0% | 5.95 | 2026-03-10 | Pocket ID is an OIDC provider that allows users to authenticate with their passkeys to your services. Prior to 2.4.0, th... |
| [CVE-2026-28512](https://nvd.nist.gov/vuln/detail/CVE-2026-28512) | 7.1 | HIGH | CWE-601 | No | 0.0% | 4.97 | 2026-03-10 | Pocket ID is an OIDC provider that allows users to authenticate with their passkeys to your services. From 2.0.0 to befo... |
| [CVE-2026-28281](https://nvd.nist.gov/vuln/detail/CVE-2026-28281) | 7.1 | HIGH | CWE-352 | No | 0.0% | 4.97 | 2026-03-10 | InstantCMS is a free and open source content management system. Prior to 2.18.1, InstantCMS does not validate CSRF token... |
| [CVE-2026-28267](https://nvd.nist.gov/vuln/detail/CVE-2026-28267) | 6.8 | MEDIUM | CWE-276 | No | 0.0% | 4.76 | 2026-03-10 | Multiple i-フィルター products are configured with improper file access permission settings. Files may be created or overwrit... |
| [CVE-2026-27689](https://nvd.nist.gov/vuln/detail/CVE-2026-27689) | 7.7 | HIGH | CWE-606 | No | 0.1% | 5.39 | 2026-03-10 | Due to an uncontrolled resource consumption (Denial of Service) vulnerability, an authenticated attacker with regular us... |
| [CVE-2026-27688](https://nvd.nist.gov/vuln/detail/CVE-2026-27688) | 5.0 | MEDIUM | CWE-862 | No | 0.0% | 3.50 | 2026-03-10 | Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with user p... |
| [CVE-2026-27687](https://nvd.nist.gov/vuln/detail/CVE-2026-27687) | 5.8 | MEDIUM | CWE-862 | No | 0.0% | 4.06 | 2026-03-10 | Due to missing authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal, a user with high privileges cou... |
| [CVE-2026-27686](https://nvd.nist.gov/vuln/detail/CVE-2026-27686) | 5.9 | MEDIUM | CWE-862 | No | 0.0% | 4.13 | 2026-03-10 | Due to a Missing Authorization Check in SAP Business Warehouse (Service API), an authenticated attacker could perform un... |
| [CVE-2026-27685](https://nvd.nist.gov/vuln/detail/CVE-2026-27685) | 9.1 | CRITICAL | CWE-502 | No | 0.1% | 6.37 | 2026-03-10 | SAP NetWeaver Enterprise Portal Administration is vulnerable if a privileged user uploads untrusted or malicious content... |
| [CVE-2026-27684](https://nvd.nist.gov/vuln/detail/CVE-2026-27684) | 6.4 | MEDIUM | CWE-89 | No | 0.0% | 4.48 | 2026-03-10 | SAP NetWeaver Feedback Notifications Service contains a SQL injection vulnerability that allows an authenticated attacke... |
| [CVE-2026-24317](https://nvd.nist.gov/vuln/detail/CVE-2026-24317) | 5.0 | MEDIUM | CWE-427 | No | 0.0% | 3.50 | 2026-03-10 | SAP GUI for Windows allows DLL files to be loaded from arbitrary directories within the application. An unauthenticated... |
| [CVE-2026-24316](https://nvd.nist.gov/vuln/detail/CVE-2026-24316) | 6.4 | MEDIUM | CWE-918 | No | 0.0% | 4.48 | 2026-03-10 | SAP NetWeaver Application Server for ABAP provides an ABAP Report for testing purposes, which allows to send HTTP reques... |
| [CVE-2026-24313](https://nvd.nist.gov/vuln/detail/CVE-2026-24313) | 5.0 | MEDIUM | CWE-862 | No | 0.0% | 3.50 | 2026-03-10 | SAP Solution Tools Plug-In (ST-PI) contains a function module that does not perform the necessary authorization checks f... |
| [CVE-2026-24311](https://nvd.nist.gov/vuln/detail/CVE-2026-24311) | 5.6 | MEDIUM | CWE-312 | No | 0.0% | 3.92 | 2026-03-10 | The SAP Customer Checkout application exhibits certain design characteristics that involve locally storing operational d... |
| [CVE-2026-24310](https://nvd.nist.gov/vuln/detail/CVE-2026-24310) | 3.5 | LOW | CWE-862 | No | 0.0% | 2.45 | 2026-03-10 | Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute... |
| [CVE-2026-24309](https://nvd.nist.gov/vuln/detail/CVE-2026-24309) | 6.4 | MEDIUM | CWE-862 | No | 0.0% | 4.48 | 2026-03-10 | Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute... |
| [CVE-2026-1920](https://nvd.nist.gov/vuln/detail/CVE-2026-1920) | 5.3 | MEDIUM | CWE-306 | No | 0.1% | 3.71 | 2026-03-10 | The Booking Calendar for Appointments and Service Businesses – Booktics plugin for WordPress is vulnerable to unauthoriz... |
| [CVE-2026-1919](https://nvd.nist.gov/vuln/detail/CVE-2026-1919) | 5.3 | MEDIUM | CWE-306 | No | 0.0% | 3.71 | 2026-03-10 | The Booking Calendar for Appointments and Service Businesses – Booktics plugin for WordPress is vulnerable to unauthoriz... |
| [CVE-2026-1508](https://nvd.nist.gov/vuln/detail/CVE-2026-1508) | 4.3 | MEDIUM | CWE-352 | No | 0.0% | 3.01 | 2026-03-10 | The Court Reservation  WordPress plugin before 1.10.9 does not have CSRF check in place when deleting events, which coul... |
| [CVE-2026-0953](https://nvd.nist.gov/vuln/detail/CVE-2026-0953) | 9.8 | CRITICAL | CWE-287 | No | 0.1% | 6.86 | 2026-03-10 | The Tutor LMS Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.9.... |
| [CVE-2026-0489](https://nvd.nist.gov/vuln/detail/CVE-2026-0489) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-03-10 | Due to insufficient validation of user-controlled input in the URLs query parameter. SAP Business One Job Service could... |
| [CVE-2025-36173](https://nvd.nist.gov/vuln/detail/CVE-2025-36173) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-03-10 | Affected Product(s)Version(s)InfoSphere Data Architect9.2.1 |
| [CVE-2025-36105](https://nvd.nist.gov/vuln/detail/CVE-2025-36105) | 4.4 | MEDIUM | CWE-526 | No | 0.0% | 3.08 | 2026-03-10 | IBM Planning Analytics Advanced Certified Containers 3.1.0 through 3.1.4 could allow a local privileged user to obtain s... |
| [CVE-2025-2399](https://nvd.nist.gov/vuln/detail/CVE-2025-2399) | 5.9 | MEDIUM | CWE-1285 | No | 0.1% | 4.13 | 2026-03-10 | Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Mitsubishi Electric CNC M800V Seri... |
| [CVE-2025-11158](https://nvd.nist.gov/vuln/detail/CVE-2025-11158) | 9.1 | CRITICAL | CWE-862 | No | 0.0% | 6.37 | 2026-03-10 | Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6, including 9.3.x and 8.3.x, do not restric... |
| [CVE-2026-31802](https://nvd.nist.gov/vuln/detail/CVE-2026-31802) | 8.2 | HIGH | CWE-22 | No | 0.0% | 5.74 | 2026-03-10 | node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar (npm) can be tricked into creating a symlink t... |
| [CVE-2026-30937](https://nvd.nist.gov/vuln/detail/CVE-2026-30937) | 6.8 | MEDIUM | CWE-122 | No | 0.0% | 4.76 | 2026-03-10 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-1... |
| [CVE-2026-30936](https://nvd.nist.gov/vuln/detail/CVE-2026-30936) | 5.5 | MEDIUM | CWE-122 | No | 0.0% | 3.85 | 2026-03-10 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-1... |
| [CVE-2026-30935](https://nvd.nist.gov/vuln/detail/CVE-2026-30935) | 4.4 | MEDIUM | CWE-125 | No | 0.0% | 3.08 | 2026-03-10 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-1... |
| [CVE-2026-30931](https://nvd.nist.gov/vuln/detail/CVE-2026-30931) | 6.8 | MEDIUM | CWE-122 | No | 0.0% | 4.76 | 2026-03-10 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-1... |
| [CVE-2026-30929](https://nvd.nist.gov/vuln/detail/CVE-2026-30929) | 7.7 | HIGH | CWE-121 | No | 0.0% | 5.39 | 2026-03-10 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-1... |
| [CVE-2026-30926](https://nvd.nist.gov/vuln/detail/CVE-2026-30926) | 7.1 | HIGH | CWE-284 | No | 0.0% | 4.97 | 2026-03-10 | SiYuan is a personal knowledge management system. Prior to 3.5.10, a privilege escalation vulnerability exists in the pu... |
| [CVE-2026-30883](https://nvd.nist.gov/vuln/detail/CVE-2026-30883) | 5.7 | MEDIUM | CWE-119 | No | 0.0% | 3.99 | 2026-03-10 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-1... |
| [CVE-2026-28693](https://nvd.nist.gov/vuln/detail/CVE-2026-28693) | 8.1 | HIGH | CWE-125 | No | 0.1% | 5.67 | 2026-03-10 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-1... |
| [CVE-2026-28692](https://nvd.nist.gov/vuln/detail/CVE-2026-28692) | 4.8 | MEDIUM | CWE-125 | No | 0.0% | 3.36 | 2026-03-10 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-1... |
| [CVE-2026-28691](https://nvd.nist.gov/vuln/detail/CVE-2026-28691) | 7.5 | HIGH | CWE-252 | No | 0.1% | 5.25 | 2026-03-10 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-1... |
| [CVE-2026-28690](https://nvd.nist.gov/vuln/detail/CVE-2026-28690) | 6.9 | MEDIUM | CWE-121 | No | 0.0% | 4.83 | 2026-03-10 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-1... |
| [CVE-2026-28689](https://nvd.nist.gov/vuln/detail/CVE-2026-28689) | 6.3 | MEDIUM | CWE-59 | No | 0.0% | 4.41 | 2026-03-10 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-1... |
| [CVE-2026-28688](https://nvd.nist.gov/vuln/detail/CVE-2026-28688) | 4.0 | MEDIUM | CWE-416 | No | 0.0% | 2.80 | 2026-03-10 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-1... |
| [CVE-2026-28687](https://nvd.nist.gov/vuln/detail/CVE-2026-28687) | 5.3 | MEDIUM | CWE-416 | No | 0.1% | 3.71 | 2026-03-10 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-1... |
| [CVE-2026-28686](https://nvd.nist.gov/vuln/detail/CVE-2026-28686) | 6.8 | MEDIUM | CWE-122 | No | 0.0% | 4.76 | 2026-03-10 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-1... |
| [CVE-2026-28494](https://nvd.nist.gov/vuln/detail/CVE-2026-28494) | 7.1 | HIGH | CWE-121 | No | 0.0% | 4.97 | 2026-03-10 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-1... |
| [CVE-2026-28493](https://nvd.nist.gov/vuln/detail/CVE-2026-28493) | 6.5 | MEDIUM | CWE-190 | No | 0.1% | 4.55 | 2026-03-10 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-1... |
| [CVE-2026-28433](https://nvd.nist.gov/vuln/detail/CVE-2026-28433) | 2.3 | LOW | CWE-639 | No | 0.0% | 1.61 | 2026-03-10 | Misskey is an open source, federated social media platform. All Misskey servers running versions 10.93.0 and later, but... |
| [CVE-2026-28432](https://nvd.nist.gov/vuln/detail/CVE-2026-28432) | 7.1 | HIGH | CWE-347 | No | 0.0% | 4.97 | 2026-03-10 | Misskey is an open source, federated social media platform. All Misskey servers prior to 2026.3.1 contain a vulnerabilit... |
| [CVE-2026-28431](https://nvd.nist.gov/vuln/detail/CVE-2026-28431) | 9.2 | CRITICAL | CWE-285 | No | 0.0% | 6.44 | 2026-03-10 | Misskey is an open source, federated social media platform. All Misskey servers running versions 8.45.0 and later, but p... |
| [CVE-2026-26982](https://nvd.nist.gov/vuln/detail/CVE-2026-26982) | 6.3 | MEDIUM | CWE-78 | No | 0.0% | 4.41 | 2026-03-10 | Ghostty is a cross-platform terminal emulator. Ghostty allows control characters such as 0x03 (Ctrl+C) in pasted and dro... |
| [CVE-2026-1776](https://nvd.nist.gov/vuln/detail/CVE-2026-1776) | 6.0 | MEDIUM | CWE-22 | No | 0.1% | 4.20 | 2026-03-10 | Camaleon CMS versions 2.4.5.0 through 2.9.0, prior to commit f54a77e, contain a path traversal vulnerability in the AWS... |
| [CVE-2026-3288](https://nvd.nist.gov/vuln/detail/CVE-2026-3288) | 8.8 | HIGH | CWE-20 | No | 0.1% | 6.16 | 2026-03-09 | A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/rewrite-target` Ingress annotati... |
| [CVE-2026-31816](https://nvd.nist.gov/vuln/detail/CVE-2026-31816) | 9.1 | CRITICAL | CWE-74 | No | 9.1% | 6.64 | 2026-03-09 | Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.31.4 and earlier, the Bud... |
| [CVE-2026-30240](https://nvd.nist.gov/vuln/detail/CVE-2026-30240) | 9.6 | CRITICAL | CWE-22 | No | 0.0% | 6.72 | 2026-03-09 | Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.31.5 and earlier, a path... |
| [CVE-2026-25960](https://nvd.nist.gov/vuln/detail/CVE-2026-25960) | 7.1 | HIGH | CWE-918 | No | 0.0% | 4.97 | 2026-03-09 | vLLM is an inference and serving engine for large language models (LLMs). The SSRF protection fix for CVE-2026-24779 add... |
| [CVE-2026-25737](https://nvd.nist.gov/vuln/detail/CVE-2026-25737) | 8.9 | HIGH | CWE-602 | No | 0.1% | 6.23 | 2026-03-09 | Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.24.0 and earlier, an arbi... |
| [CVE-2026-25045](https://nvd.nist.gov/vuln/detail/CVE-2026-25045) | 8.7 | HIGH | CWE-862 | No | 0.0% | 6.09 | 2026-03-09 | Budibase is a low code platform for creating internal tools, workflows, and admin panels. This issue is a combination of... |
| [CVE-2025-70973](https://nvd.nist.gov/vuln/detail/CVE-2025-70973) | 4.8 | MEDIUM | CWE-384 | No | 0.1% | 3.36 | 2026-03-09 | ScadaBR 1.12.4 is vulnerable to Session Fixation. The application assigns a JSESSIONID session cookie to unauthenticated... |
| [CVE-2025-70028](https://nvd.nist.gov/vuln/detail/CVE-2025-70028) | 7.5 | HIGH | CWE-22 | No | 0.1% | 5.25 | 2026-03-09 | An issue pertaining to CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') was discov... |
| [CVE-2025-15603](https://nvd.nist.gov/vuln/detail/CVE-2025-15603) | 6.3 | MEDIUM | CWE-310 | No | 0.0% | 4.41 | 2026-03-09 | A security vulnerability has been detected in open-webui up to 0.6.16. Affected is an unknown function of the file backe... |
| [CVE-2026-25041](https://nvd.nist.gov/vuln/detail/CVE-2026-25041) | 8.6 | HIGH | CWE-78 | No | 0.1% | 6.02 | 2026-03-09 | Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.23.22 and earlier, the Po... |
| [CVE-2026-0846](https://nvd.nist.gov/vuln/detail/CVE-2026-0846) | 8.6 | HIGH | CWE-36 | No | 0.1% | 6.02 | 2026-03-09 | A vulnerability in the `filestring()` function of the `nltk.util` module in nltk version 3.9.2 allows arbitrary file rea... |
| [CVE-2025-70031](https://nvd.nist.gov/vuln/detail/CVE-2025-70031) | 8.8 | HIGH | CWE-352 | No | 0.0% | 6.16 | 2026-03-09 | An issue pertaining to CWE-352: Cross-Site Request Forgery was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. |
| [CVE-2025-70030](https://nvd.nist.gov/vuln/detail/CVE-2025-70030) | 7.5 | HIGH | CWE-1333 | No | 0.1% | 5.25 | 2026-03-09 | An issue pertaining to CWE-1333: Inefficient Regular Expression Complexity (4.19) was discovered in Sunbird-Ed SunbirdEd... |
| [CVE-2025-68402](https://nvd.nist.gov/vuln/detail/CVE-2025-68402) | 8.2 | HIGH | CWE-287 | No | 0.1% | 5.74 | 2026-03-09 | FreshRSS is a free, self-hostable RSS aggregator. From 57e1a37 - 00f2f04, the lengths of the nonce was changed from 40 c... |
| [CVE-2025-62166](https://nvd.nist.gov/vuln/detail/CVE-2025-62166) | 7.5 | HIGH | CWE-284 | No | 0.2% | 5.25 | 2026-03-09 | FreshRSS is a free, self-hostable RSS aggregator. Prior 1.28.0, a bug in the auth logic related to master authentication... |
| [CVE-2026-3638](https://nvd.nist.gov/vuln/detail/CVE-2026-3638) | 5.9 | MEDIUM | CWE-862 | No | 0.0% | 4.13 | 2026-03-09 | Improper access control in user and role restore API endpoints in Devolutions Server 2025.3.11.0 and earlier allows a lo... |
| [CVE-2026-30140](https://nvd.nist.gov/vuln/detail/CVE-2026-30140) | 7.5 | HIGH | CWE-284 | No | 0.1% | 5.25 | 2026-03-09 | An incorrect access control vulnerability exists in Tenda W15E V02.03.01.26_cn. An unauthenticated attacker can access t... |
| [CVE-2025-70032](https://nvd.nist.gov/vuln/detail/CVE-2025-70032) | 6.1 | MEDIUM | CWE-601 | No | 0.0% | 4.27 | 2026-03-09 | An issue pertaining to CWE-601: URL Redirection to Untrusted Site was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. |
| [CVE-2026-29023](https://nvd.nist.gov/vuln/detail/CVE-2026-29023) | 6.9 | MEDIUM | CWE-798 | No | 0.1% | 4.83 | 2026-03-09 | Keygraph Shannon contains a hard-coded API key in its router configuration that, when the router component is enabled an... |
| [CVE-2025-70039](https://nvd.nist.gov/vuln/detail/CVE-2025-70039) | 9.8 | CRITICAL | CWE-78 | No | 0.1% | 6.86 | 2026-03-09 | An issue pertaining to CWE-78: Improper Neutralization of Special Elements used in an OS Command was discovered in linag... |
| [CVE-2025-70038](https://nvd.nist.gov/vuln/detail/CVE-2025-70038) | 8.8 | HIGH | CWE-79 | No | 0.1% | 6.16 | 2026-03-09 | An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in linagora Tw... |
| [CVE-2025-70034](https://nvd.nist.gov/vuln/detail/CVE-2025-70034) | 7.5 | HIGH | CWE-1333 | No | 0.1% | 5.25 | 2026-03-09 | An issue pertaining to CWE-1333: Inefficient Regular Expression Complexity (4.19) was discovered in mscdex ssh2 v1.17.0. |
| [CVE-2025-70033](https://nvd.nist.gov/vuln/detail/CVE-2025-70033) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-09 | An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in Sunbird-Ed... |
| [CVE-2025-70037](https://nvd.nist.gov/vuln/detail/CVE-2025-70037) | 6.1 | MEDIUM | CWE-601 | No | 0.0% | 4.27 | 2026-03-09 | An issue pertaining to CWE-601: URL Redirection to Untrusted Site was discovered in linagora Twake v2023.Q1.1223. This a... |
| [CVE-2026-3588](https://nvd.nist.gov/vuln/detail/CVE-2026-3588) | 7.5 | HIGH | CWE-918 | No | 0.0% | 5.25 | 2026-03-09 | A server-side request forgery (SSRF) vulnerability in IKEA Dirigera v2.866.4 allows an attacker to exfiltrate private ke... |
| [CVE-2026-25866](https://nvd.nist.gov/vuln/detail/CVE-2026-25866) | 8.5 | HIGH | CWE-428 | No | 0.0% | 5.95 | 2026-03-09 | MobaXterm versions prior to 26.1 contain an uncontrolled search path element vulnerability. The application calls WinExe... |
| [CVE-2025-70060](https://nvd.nist.gov/vuln/detail/CVE-2025-70060) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-03-09 | An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in YMFE yapi v... |
| [CVE-2025-70050](https://nvd.nist.gov/vuln/detail/CVE-2025-70050) | 6.5 | MEDIUM | CWE-312 | No | 0.0% | 4.55 | 2026-03-09 | An issue pertaining to CWE-312: Cleartext Storage of Sensitive Information was discovered in lesspass lesspass v9.6.9 wh... |
| [CVE-2025-70048](https://nvd.nist.gov/vuln/detail/CVE-2025-70048) | 7.5 | HIGH | CWE-319 | No | 0.0% | 5.25 | 2026-03-09 | An issue pertaining to CWE-319: Cleartext Transmission of Sensitive Information was discovered in Nexusoft NexusInterfac... |
| [CVE-2025-70047](https://nvd.nist.gov/vuln/detail/CVE-2025-70047) | 7.5 | HIGH | CWE-400 | No | 0.1% | 5.25 | 2026-03-09 | An issue pertaining to CWE-400: Uncontrolled Resource Consumption was discovered in Nexusoft NexusInterface v3.2.0-beta.... |
| [CVE-2025-70046](https://nvd.nist.gov/vuln/detail/CVE-2025-70046) | 9.8 | CRITICAL | CWE-829 | No | 0.1% | 6.86 | 2026-03-09 | An issue pertaining to CWE-829: Inclusion of Functionality from Untrusted Control Sphere was discovered in Miazzy oa-fro... |
| [CVE-2025-70042](https://nvd.nist.gov/vuln/detail/CVE-2025-70042) | 9.8 | CRITICAL | CWE-918 | No | 0.1% | 6.86 | 2026-03-09 | An issue pertaining to CWE-918: Server-Side Request Forgery was discovered in oslabs-beta ThermaKube master. |
| [CVE-2025-70040](https://nvd.nist.gov/vuln/detail/CVE-2025-70040) | 5.3 | MEDIUM | CWE-532 | No | 0.0% | 3.71 | 2026-03-09 | An issue pertaining to CWE-532: Insertion of Sensitive Information into Log File was discovered in LupinLin1 jimeng-web-... |
| [CVE-2025-70250](https://nvd.nist.gov/vuln/detail/CVE-2025-70250) | 7.5 | HIGH | CWE-121 | No | 0.1% | 5.25 | 2026-03-09 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formdumpeasysetup. |
| [CVE-2025-70243](https://nvd.nist.gov/vuln/detail/CVE-2025-70243) | 7.5 | HIGH | CWE-121 | No | 0.1% | 5.25 | 2026-03-09 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard534. |
| [CVE-2025-70238](https://nvd.nist.gov/vuln/detail/CVE-2025-70238) | 7.5 | HIGH | CWE-121 | No | 0.1% | 5.25 | 2026-03-09 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard52. |
| [CVE-2025-70059](https://nvd.nist.gov/vuln/detail/CVE-2025-70059) | 7.5 | HIGH | CWE-400 | No | 0.1% | 5.25 | 2026-03-09 | An issue pertaining to CWE-400: Uncontrolled Resource Consumption was discovered in YMFE yapi v1.12.0 and allows attacke... |
| [CVE-2025-69648](https://nvd.nist.gov/vuln/detail/CVE-2025-69648) | 6.2 | MEDIUM | CWE-835 | No | 0.0% | 4.34 | 2026-03-09 | GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malfor... |
| [CVE-2025-69647](https://nvd.nist.gov/vuln/detail/CVE-2025-69647) | 6.2 | MEDIUM | CWE-835 | No | 0.0% | 4.34 | 2026-03-09 | GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malfor... |
| [CVE-2026-3089](https://nvd.nist.gov/vuln/detail/CVE-2026-3089) | 5.3 | MEDIUM | CWE-22 | No | 0.0% | 3.71 | 2026-03-09 | Actual Sync Server allows authenticated users to upload files through POST /sync/upload-user-file. In versions prior to... |
| [CVE-2026-2919](https://nvd.nist.gov/vuln/detail/CVE-2026-2919) | 4.3 | MEDIUM | CWE-451 | No | 0.0% | 3.01 | 2026-03-09 | Malicious scripts could display attacker-controlled web content under spoofed domains in Focus for iOS by stalling a _se... |
| [CVE-2026-3819](https://nvd.nist.gov/vuln/detail/CVE-2026-3819) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-03-09 | A vulnerability has been found in SourceCodester Resort Reservation System 1.0. The affected element is an unknown funct... |
| [CVE-2026-3818](https://nvd.nist.gov/vuln/detail/CVE-2026-3818) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-09 | A flaw has been found in Tiandy Easy7 CMS Windows 7.17.0. Impacted is an unknown function of the file /Easy7/apps/WebSer... |
| [CVE-2026-3817](https://nvd.nist.gov/vuln/detail/CVE-2026-3817) | 5.5 | MEDIUM | CWE-266 | No | 0.0% | 3.85 | 2026-03-09 | A vulnerability was detected in SourceCodester Patients Waiting Area Queue Management System 1.0. This issue affects som... |
| [CVE-2026-3816](https://nvd.nist.gov/vuln/detail/CVE-2026-3816) | 5.3 | MEDIUM | CWE-404 | No | 0.0% | 3.71 | 2026-03-09 | A security vulnerability has been detected in OWASP DefectDojo up to 2.55.4. This vulnerability affects the function inp... |
| [CVE-2026-3815](https://nvd.nist.gov/vuln/detail/CVE-2026-3815) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-09 | A weakness has been identified in UTT HiPER 810G up to 1.7.7-1711. This affects the function strcpy of the file /goform/... |
| [CVE-2026-3814](https://nvd.nist.gov/vuln/detail/CVE-2026-3814) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-09 | A security flaw has been discovered in UTT HiPER 810G up to 1.7.7-1711. Affected by this issue is the function strcpy of... |
| [CVE-2026-3813](https://nvd.nist.gov/vuln/detail/CVE-2026-3813) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-03-09 | A vulnerability was identified in opencc JFlow up to 5badc00db382d7cb82dad231e6a866b18e0addfe. Affected by this vulnerab... |
| [CVE-2025-40639](https://nvd.nist.gov/vuln/detail/CVE-2025-40639) | 8.7 | HIGH | CWE-89 | No | 0.0% | 6.09 | 2026-03-09 | A SQL injection vulnerability has been found in Eventobot. This vulnerability allows an attacker to retrieve, create, up... |
| [CVE-2025-33022](https://nvd.nist.gov/vuln/detail/CVE-2025-33022) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-03-09 | Rejected reason: The reporter agreed to not assign CVE ID |
| [CVE-2026-3812](https://nvd.nist.gov/vuln/detail/CVE-2026-3812) | 5.3 | MEDIUM | CWE-79 | No | 0.0% | 3.71 | 2026-03-09 | A vulnerability was determined in itsourcecode Payroll Management System 1.0. Affected is an unknown function of the fil... |
| [CVE-2026-3811](https://nvd.nist.gov/vuln/detail/CVE-2026-3811) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-09 | A vulnerability was found in Tenda FH1202 1.2.0.14(408). This impacts the function fromP2pListFilter of the file /goform... |
| [CVE-2025-69279](https://nvd.nist.gov/vuln/detail/CVE-2025-69279) | 7.5 | HIGH | NVD-CWE-noinfo | No | 0.2% | 5.26 | 2026-03-09 | In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of serv... |
| [CVE-2025-69278](https://nvd.nist.gov/vuln/detail/CVE-2025-69278) | 7.5 | HIGH | NVD-CWE-noinfo | No | 0.2% | 5.26 | 2026-03-09 | In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of serv... |
| [CVE-2025-61616](https://nvd.nist.gov/vuln/detail/CVE-2025-61616) | 7.5 | HIGH | NVD-CWE-noinfo | No | 0.1% | 5.25 | 2026-03-09 | In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of serv... |
| [CVE-2025-61615](https://nvd.nist.gov/vuln/detail/CVE-2025-61615) | 7.5 | HIGH | NVD-CWE-noinfo | No | 0.1% | 5.25 | 2026-03-09 | In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of serv... |
| [CVE-2025-61614](https://nvd.nist.gov/vuln/detail/CVE-2025-61614) | 7.5 | HIGH | NVD-CWE-noinfo | No | 0.1% | 5.25 | 2026-03-09 | In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of serv... |
| [CVE-2025-61613](https://nvd.nist.gov/vuln/detail/CVE-2025-61613) | 7.5 | HIGH | NVD-CWE-noinfo | No | 0.1% | 5.25 | 2026-03-09 | In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of serv... |
| [CVE-2025-61612](https://nvd.nist.gov/vuln/detail/CVE-2025-61612) | 7.5 | HIGH | NVD-CWE-noinfo | No | 0.1% | 5.25 | 2026-03-09 | In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of serv... |
| [CVE-2025-61611](https://nvd.nist.gov/vuln/detail/CVE-2025-61611) | 7.5 | HIGH | NVD-CWE-noinfo | No | 0.1% | 5.25 | 2026-03-09 | In modem, there is a possible improper input validation. This could lead to remote denial of service with no additional... |
| [CVE-2025-41772](https://nvd.nist.gov/vuln/detail/CVE-2025-41772) | 7.5 | HIGH | CWE-598 | No | 0.1% | 5.25 | 2026-03-09 | An unauthenticated remote attacker can obtain valid session tokens because they are exposed in plaintext within the URL... |
| [CVE-2025-41767](https://nvd.nist.gov/vuln/detail/CVE-2025-41767) | 7.2 | HIGH | CWE-347 | No | 0.0% | 5.04 | 2026-03-09 | A high-privileged remote attacker can fully compromise the device by abusing an update signature bypass vulnerability in... |
| [CVE-2025-41766](https://nvd.nist.gov/vuln/detail/CVE-2025-41766) | 8.8 | HIGH | CWE-787 | No | 0.0% | 6.16 | 2026-03-09 | A low-privileged remote attacker can trigger a stack-based buffer overflow via a crafted HTTP POST request using the ubr... |
| [CVE-2025-41765](https://nvd.nist.gov/vuln/detail/CVE-2025-41765) | 9.1 | CRITICAL | CWE-862 | No | 0.0% | 6.37 | 2026-03-09 | Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupload.cgi endpoint to... |
| [CVE-2025-41764](https://nvd.nist.gov/vuln/detail/CVE-2025-41764) | 9.1 | CRITICAL | CWE-862 | No | 0.0% | 6.37 | 2026-03-09 | Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupdate.cgi endpoint to... |
| [CVE-2025-41763](https://nvd.nist.gov/vuln/detail/CVE-2025-41763) | 6.5 | MEDIUM | CWE-497 | No | 0.0% | 4.55 | 2026-03-09 | A low‑privileged remote attacker can directly interact with the wwwdnload.cgi endpoint to download any resource availabl... |
| [CVE-2025-41762](https://nvd.nist.gov/vuln/detail/CVE-2025-41762) | 6.2 | MEDIUM | CWE-328 | No | 0.0% | 4.34 | 2026-03-09 | An unauthenticated attacker can abuse the weak hash of the backup generated by the wwwdnload.cgi endpoint to gain unauth... |
| [CVE-2025-41761](https://nvd.nist.gov/vuln/detail/CVE-2025-41761) | 7.8 | HIGH | CWE-88 | No | 0.0% | 5.46 | 2026-03-09 | A low‑privileged local attacker who gains access to the UBR service account (e.g., via SSH) can escalate privileges to o... |
| [CVE-2025-41760](https://nvd.nist.gov/vuln/detail/CVE-2025-41760) | 4.9 | MEDIUM | CWE-636 | No | 0.0% | 3.43 | 2026-03-09 | An administrator may attempt to block all traffic by configuring a pass filter with an empty table. However, in UBR, an... |
| [CVE-2025-41759](https://nvd.nist.gov/vuln/detail/CVE-2025-41759) | 4.9 | MEDIUM | CWE-636 | No | 0.0% | 3.43 | 2026-03-09 | An administrator may attempt to block all networks by specifying "\*" or "all" as the network identifier. However, these... |
| [CVE-2025-41758](https://nvd.nist.gov/vuln/detail/CVE-2025-41758) | 8.8 | HIGH | CWE-22 | No | 0.1% | 6.16 | 2026-03-09 | A low-privileged remote attacker can exploit an arbitrary file write vulnerability in the wwupload.cgi endpoint. Due to... |
| [CVE-2025-41757](https://nvd.nist.gov/vuln/detail/CVE-2025-41757) | 8.8 | HIGH | CWE-22 | No | 0.1% | 6.16 | 2026-03-09 | A low-privileged remote attacker can abuse the backup restore functionality of UBR (ubr-restore) which runs with elevate... |
| [CVE-2025-41756](https://nvd.nist.gov/vuln/detail/CVE-2025-41756) | 8.1 | HIGH | CWE-1242 | No | 0.0% | 5.67 | 2026-03-09 | A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpo... |
| [CVE-2025-41755](https://nvd.nist.gov/vuln/detail/CVE-2025-41755) | 6.5 | MEDIUM | CWE-22 | No | 0.0% | 4.55 | 2026-03-09 | A low-privileged remote attacker can exploit the ubr-logread method in wwwubr.cgi to read arbitrary files on the system.... |
| [CVE-2025-41754](https://nvd.nist.gov/vuln/detail/CVE-2025-41754) | 6.5 | MEDIUM | CWE-1242 | No | 0.0% | 4.55 | 2026-03-09 | A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpo... |
| [CVE-2026-3810](https://nvd.nist.gov/vuln/detail/CVE-2026-3810) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-09 | A vulnerability has been found in Tenda FH1202 1.2.0.14(408). This affects the function fromDhcpListClient of the file /... |
| [CVE-2026-3809](https://nvd.nist.gov/vuln/detail/CVE-2026-3809) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-09 | A flaw has been found in Tenda FH1202 1.2.0.14(408). The impacted element is the function fromNatStaticSetting of the fi... |
| [CVE-2026-3808](https://nvd.nist.gov/vuln/detail/CVE-2026-3808) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-09 | A vulnerability was detected in Tenda FH1202 1.2.0.14(408). The affected element is the function formWebTypeLibrary of t... |
| [CVE-2026-3823](https://nvd.nist.gov/vuln/detail/CVE-2026-3823) | 9.3 | CRITICAL | CWE-121 | No | 0.1% | 6.51 | 2026-03-09 | EHG2408 series switch developed by Atop Technologies has a Stack-based Buffer Overflow vulnerability, allowing unauthent... |
| [CVE-2026-3807](https://nvd.nist.gov/vuln/detail/CVE-2026-3807) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-09 | A security vulnerability has been detected in Tenda FH1202 1.2.0.14(408). Impacted is the function formWrlsafeset of the... |
| [CVE-2026-3806](https://nvd.nist.gov/vuln/detail/CVE-2026-3806) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-03-09 | A weakness has been identified in SourceCodester/janobe Resort Reservation System 1.0. This issue affects some unknown p... |
| [CVE-2026-3804](https://nvd.nist.gov/vuln/detail/CVE-2026-3804) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-09 | A security flaw has been discovered in Tenda i3 1.0.0.6(2204). This vulnerability affects the function formWifiMacFilter... |
| [CVE-2026-3803](https://nvd.nist.gov/vuln/detail/CVE-2026-3803) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-09 | A vulnerability was identified in Tenda i3 1.0.0.6(2204). This affects the function formWifiMacFilterGet of the file /go... |
| [CVE-2026-30896](https://nvd.nist.gov/vuln/detail/CVE-2026-30896) | 8.4 | HIGH | CWE-427 | No | 0.0% | 5.88 | 2026-03-09 | The installer for Qsee Client versions 1.0.1 and prior insecurely load Dynamic Link Libraries (DLLs). When a user is dir... |
| [CVE-2026-3802](https://nvd.nist.gov/vuln/detail/CVE-2026-3802) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-09 | A vulnerability was determined in Tenda i3 1.0.0.6(2204). Affected by this issue is the function formexeCommand of the f... |
| [CVE-2026-3822](https://nvd.nist.gov/vuln/detail/CVE-2026-3822) | 8.3 | HIGH | CWE-295 | No | 0.0% | 5.81 | 2026-03-09 | Taipower APP for Andorid developed by Taipower has an Improper Certificate Validation vulnerability. When establishing a... |
| [CVE-2026-3801](https://nvd.nist.gov/vuln/detail/CVE-2026-3801) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-09 | A vulnerability was found in Tenda i3 1.0.0.6(2204). Affected by this vulnerability is the function formSetAutoPing of t... |
| [CVE-2026-3800](https://nvd.nist.gov/vuln/detail/CVE-2026-3800) | 5.3 | MEDIUM | CWE-284 | No | 0.0% | 3.71 | 2026-03-09 | A vulnerability has been found in SourceCodester/janobe Resort Reservation System 1.0. Affected is the function doInsert... |
| [CVE-2026-3799](https://nvd.nist.gov/vuln/detail/CVE-2026-3799) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-09 | A flaw has been found in Tenda i3 1.0.0.6(2204). This impacts the function formSetCfm of the file /goform/setcfm. This m... |
| [CVE-2026-3798](https://nvd.nist.gov/vuln/detail/CVE-2026-3798) | 5.1 | MEDIUM | CWE-74 | No | 0.3% | 3.58 | 2026-03-09 | A vulnerability was detected in Comfast CF-AC100 2.6.0.8. This affects the function sub_44AC14 of the file /cgi-bin/mbox... |
| [CVE-2026-3797](https://nvd.nist.gov/vuln/detail/CVE-2026-3797) | 5.3 | MEDIUM | CWE-284 | No | 0.0% | 3.71 | 2026-03-09 | A security vulnerability has been detected in Tiandy Video Surveillance System 视频监控平台 7.17.0. The impacted element is th... |
| [CVE-2026-3796](https://nvd.nist.gov/vuln/detail/CVE-2026-3796) | 4.8 | MEDIUM | CWE-266 | No | 0.0% | 3.36 | 2026-03-09 | A weakness has been identified in Qi-ANXIN QAX Virus Removal up to 2025-10-22. The affected element is the function ZwTe... |
| [CVE-2026-3795](https://nvd.nist.gov/vuln/detail/CVE-2026-3795) | 5.3 | MEDIUM | CWE-22 | No | 0.0% | 3.71 | 2026-03-09 | A security flaw has been discovered in doramart DoraCMS 3.0.x. Impacted is the function createFileBypath of the file /Do... |
| [CVE-2026-3794](https://nvd.nist.gov/vuln/detail/CVE-2026-3794) | 6.9 | MEDIUM | CWE-287 | No | 0.1% | 4.83 | 2026-03-09 | A vulnerability was identified in doramart DoraCMS 3.0.x. This issue affects some unknown processing of the file /api/v1... |
| [CVE-2026-3793](https://nvd.nist.gov/vuln/detail/CVE-2026-3793) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-03-09 | A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code... |
| [CVE-2026-3792](https://nvd.nist.gov/vuln/detail/CVE-2026-3792) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-03-09 | A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file pur... |
| [CVE-2026-3791](https://nvd.nist.gov/vuln/detail/CVE-2026-3791) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-03-09 | A vulnerability has been found in SourceCodester Sales and Inventory System 1.0. Affected by this issue is some unknown... |
| [CVE-2026-3790](https://nvd.nist.gov/vuln/detail/CVE-2026-3790) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-03-09 | A flaw has been found in SourceCodester Sales and Inventory System 1.0. Affected by this vulnerability is an unknown fun... |
| [CVE-2026-3789](https://nvd.nist.gov/vuln/detail/CVE-2026-3789) | 5.3 | MEDIUM | CWE-918 | No | 0.1% | 3.71 | 2026-03-09 | A vulnerability was detected in Bytedesk up to 1.3.9. Affected is the function getModels of the file source-code/src/mai... |
| [CVE-2026-3788](https://nvd.nist.gov/vuln/detail/CVE-2026-3788) | 5.3 | MEDIUM | CWE-918 | No | 0.1% | 3.71 | 2026-03-09 | A security vulnerability has been detected in Bytedesk up to 1.3.9. This impacts the function getModels of the file sour... |
| [CVE-2026-3787](https://nvd.nist.gov/vuln/detail/CVE-2026-3787) | 7.3 | HIGH | CWE-426 | No | 0.0% | 5.11 | 2026-03-08 | A weakness has been identified in UltraVNC 1.6.4.0 on Windows. This affects an unknown function in the library cryptbase... |
| [CVE-2026-3786](https://nvd.nist.gov/vuln/detail/CVE-2026-3786) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-03-08 | A security flaw has been discovered in EasyCMS up to 1.6. The impacted element is an unknown function of the file /Rbacu... |
| [CVE-2026-3785](https://nvd.nist.gov/vuln/detail/CVE-2026-3785) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-03-08 | A vulnerability was identified in EasyCMS up to 1.6. The affected element is an unknown function of the file /RbacnodeAc... |
| [CVE-2026-3771](https://nvd.nist.gov/vuln/detail/CVE-2026-3771) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-03-08 | A vulnerability has been found in SourceCodester/janobe Resort Reservation System 1.0. This vulnerability affects unknow... |
| [CVE-2026-3770](https://nvd.nist.gov/vuln/detail/CVE-2026-3770) | 5.3 | MEDIUM | CWE-352 | No | 0.0% | 3.71 | 2026-03-08 | A flaw has been found in SourceCodester Computer Laboratory Management System 1.0. This affects an unknown part. This ma... |
| [CVE-2026-3769](https://nvd.nist.gov/vuln/detail/CVE-2026-3769) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-08 | A vulnerability was detected in Tenda F453 1.0.0.3. Affected by this issue is the function WrlclientSet of the file /gof... |
| [CVE-2026-3768](https://nvd.nist.gov/vuln/detail/CVE-2026-3768) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-08 | A security vulnerability has been detected in Tenda F453 1.0.0.3. Affected by this vulnerability is the function formWrl... |
| [CVE-2026-3767](https://nvd.nist.gov/vuln/detail/CVE-2026-3767) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-03-08 | A weakness has been identified in itsourcecode sanitize or validate this input 1.0. Affected is an unknown function of t... |
| [CVE-2026-3766](https://nvd.nist.gov/vuln/detail/CVE-2026-3766) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-03-08 | A security flaw has been discovered in SourceCodester Web-based Pharmacy Product Management System 1.0. This impacts an... |
| [CVE-2026-3765](https://nvd.nist.gov/vuln/detail/CVE-2026-3765) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-08 | A vulnerability was identified in itsourcecode University Management System 1.0. This affects an unknown function of the... |
| [CVE-2026-3764](https://nvd.nist.gov/vuln/detail/CVE-2026-3764) | 6.9 | MEDIUM | CWE-266 | No | 0.0% | 4.83 | 2026-03-08 | A vulnerability was determined in SourceCodester Client Database Management System 1.0. The impacted element is an unkno... |
| [CVE-2026-3763](https://nvd.nist.gov/vuln/detail/CVE-2026-3763) | 5.3 | MEDIUM | CWE-79 | No | 0.0% | 3.71 | 2026-03-08 | A vulnerability was found in code-projects Simple Flight Ticket Booking System 1.0. The affected element is an unknown f... |
| [CVE-2026-3762](https://nvd.nist.gov/vuln/detail/CVE-2026-3762) | 6.9 | MEDIUM | CWE-266 | No | 0.0% | 4.83 | 2026-03-08 | A vulnerability has been found in SourceCodester Client Database Management System 1.0/3.1. Impacted is an unknown funct... |
| [CVE-2026-3761](https://nvd.nist.gov/vuln/detail/CVE-2026-3761) | 5.3 | MEDIUM | CWE-266 | No | 0.0% | 3.71 | 2026-03-08 | A flaw has been found in SourceCodester Client Database Management System 1.0. This issue affects some unknown processin... |
| [CVE-2026-3760](https://nvd.nist.gov/vuln/detail/CVE-2026-3760) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-08 | A vulnerability was detected in itsourcecode University Management System 1.0. This vulnerability affects unknown code o... |
| [CVE-2026-3759](https://nvd.nist.gov/vuln/detail/CVE-2026-3759) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-08 | A security vulnerability has been detected in projectworlds Online Art Gallery Shop 1.0. This affects an unknown part of... |
| [CVE-2026-3758](https://nvd.nist.gov/vuln/detail/CVE-2026-3758) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-08 | A weakness has been identified in projectworlds Online Art Gallery Shop 1.0. Affected by this issue is some unknown func... |
| [CVE-2026-3757](https://nvd.nist.gov/vuln/detail/CVE-2026-3757) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-08 | A security flaw has been discovered in projectworlds Online Art Gallery Shop 1.0. Affected by this vulnerability is an u... |
| [CVE-2026-3756](https://nvd.nist.gov/vuln/detail/CVE-2026-3756) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-03-08 | A vulnerability was identified in SourceCodester Sales and Inventory System up to 1.0. Affected is an unknown function o... |
| [CVE-2026-3755](https://nvd.nist.gov/vuln/detail/CVE-2026-3755) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-03-08 | A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This impacts an unknown function of the... |
| [CVE-2026-3754](https://nvd.nist.gov/vuln/detail/CVE-2026-3754) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-03-08 | A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown function of the file... |
| [CVE-2026-3753](https://nvd.nist.gov/vuln/detail/CVE-2026-3753) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-03-08 | A vulnerability has been found in SourceCodester Sales and Inventory System up to 1.0. The impacted element is an unknow... |
| [CVE-2026-3752](https://nvd.nist.gov/vuln/detail/CVE-2026-3752) | 5.1 | MEDIUM | CWE-74 | No | 0.0% | 3.57 | 2026-03-08 | A flaw has been found in SourceCodester Employee Task Management System up to 1.0. The affected element is an unknown fu... |
| [CVE-2026-3751](https://nvd.nist.gov/vuln/detail/CVE-2026-3751) | 5.1 | MEDIUM | CWE-74 | No | 0.0% | 3.57 | 2026-03-08 | A vulnerability was detected in SourceCodester Employee Task Management System 1.0. Impacted is an unknown function of t... |
| [CVE-2026-3750](https://nvd.nist.gov/vuln/detail/CVE-2026-3750) | 5.1 | MEDIUM | CWE-918 | No | 0.0% | 3.57 | 2026-03-08 | A security vulnerability has been detected in ContiNew Admin up to 4.2.0. This issue affects the function URI.create of... |
| [CVE-2026-3749](https://nvd.nist.gov/vuln/detail/CVE-2026-3749) | 5.3 | MEDIUM | CWE-284 | No | 0.1% | 3.71 | 2026-03-08 | A weakness has been identified in Bytedesk up to 1.3.9. This vulnerability affects the function handleFileUpload of the... |
| [CVE-2026-3748](https://nvd.nist.gov/vuln/detail/CVE-2026-3748) | 5.3 | MEDIUM | CWE-284 | No | 0.1% | 3.71 | 2026-03-08 | A security flaw has been discovered in Bytedesk up to 1.3.9. This affects the function uploadFile of the file source-cod... |
| [CVE-2026-3747](https://nvd.nist.gov/vuln/detail/CVE-2026-3747) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-08 | A vulnerability was identified in itsourcecode University Management System 1.0. Affected by this issue is some unknown... |
| [CVE-2026-3746](https://nvd.nist.gov/vuln/detail/CVE-2026-3746) | 6.9 | MEDIUM | CWE-74 | No | 0.1% | 4.83 | 2026-03-08 | A vulnerability was determined in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability i... |
| [CVE-2026-3745](https://nvd.nist.gov/vuln/detail/CVE-2026-3745) | 5.3 | MEDIUM | CWE-74 | No | 0.1% | 3.71 | 2026-03-08 | A vulnerability was found in code-projects Student Web Portal 1.0. Affected is an unknown function of the file profile.p... |
| [CVE-2026-3744](https://nvd.nist.gov/vuln/detail/CVE-2026-3744) | 6.9 | MEDIUM | CWE-74 | No | 0.1% | 4.83 | 2026-03-08 | A vulnerability has been found in code-projects Student Web Portal 1.0. This impacts the function valreg_passwdation of... |
| [CVE-2026-3743](https://nvd.nist.gov/vuln/detail/CVE-2026-3743) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-03-08 | A flaw has been found in YiFang CMS 2.0.5. This affects the function update of the file app/db/admin/D_singlePageGroup.p... |
| [CVE-2026-3742](https://nvd.nist.gov/vuln/detail/CVE-2026-3742) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-03-08 | A vulnerability was detected in YiFang CMS 2.0.5. The impacted element is the function update of the file app/db/admin/D... |
| [CVE-2026-3741](https://nvd.nist.gov/vuln/detail/CVE-2026-3741) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-03-08 | A security vulnerability has been detected in YiFang CMS 2.0.5. The affected element is the function update of the file... |
| [CVE-2026-3740](https://nvd.nist.gov/vuln/detail/CVE-2026-3740) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-08 | A weakness has been identified in itsourcecode University Management System 1.0. Impacted is an unknown function of the... |
| [CVE-2026-3739](https://nvd.nist.gov/vuln/detail/CVE-2026-3739) | 5.3 | MEDIUM | CWE-287 | No | 0.1% | 3.71 | 2026-03-08 | A security flaw has been discovered in suitenumerique messages 0.2.0. This issue affects the function ThreadAccessSerial... |
| [CVE-2026-3738](https://nvd.nist.gov/vuln/detail/CVE-2026-3738) | 5.3 | MEDIUM | CWE-266 | No | 0.0% | 3.71 | 2026-03-08 | A vulnerability was identified in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknow... |
| [CVE-2026-3737](https://nvd.nist.gov/vuln/detail/CVE-2026-3737) | 5.3 | MEDIUM | CWE-266 | No | 0.0% | 3.71 | 2026-03-08 | A vulnerability was determined in SourceCodester Pet Grooming Management Software 1.0. This affects an unknown part of t... |
| [CVE-2026-3736](https://nvd.nist.gov/vuln/detail/CVE-2026-3736) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-08 | A vulnerability was found in code-projects Simple Flight Ticket Booking System 1.0. Affected by this issue is some unkno... |
| [CVE-2026-3735](https://nvd.nist.gov/vuln/detail/CVE-2026-3735) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-08 | A vulnerability has been found in code-projects Simple Flight Ticket Booking System 1.0. Affected by this vulnerability... |
| [CVE-2026-3734](https://nvd.nist.gov/vuln/detail/CVE-2026-3734) | 6.9 | MEDIUM | CWE-266 | No | 0.0% | 4.83 | 2026-03-08 | A flaw has been found in SourceCodester Client Database Management System 1.0. Affected is an unknown function of the fi... |
| [CVE-2026-3733](https://nvd.nist.gov/vuln/detail/CVE-2026-3733) | 5.3 | MEDIUM | CWE-918 | No | 0.1% | 3.71 | 2026-03-08 | A vulnerability was detected in xuxueli xxl-job up to 3.3.2. This impacts an unknown function of the file source-code/sr... |
| [CVE-2026-3732](https://nvd.nist.gov/vuln/detail/CVE-2026-3732) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-08 | A security vulnerability has been detected in Tenda F453 1.0.0.3. This affects the function strcpy of the file /goform/e... |
| [CVE-2026-3731](https://nvd.nist.gov/vuln/detail/CVE-2026-3731) | 6.9 | MEDIUM | CWE-119 | No | 0.1% | 4.83 | 2026-03-08 | A weakness has been identified in libssh up to 0.11.3. The impacted element is the function sftp_extensions_get_name/sft... |
| [CVE-2026-3730](https://nvd.nist.gov/vuln/detail/CVE-2026-3730) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-08 | A security flaw has been discovered in itsourcecode Free Hotel Reservation System 1.0. The affected element is an unknow... |
| [CVE-2026-3729](https://nvd.nist.gov/vuln/detail/CVE-2026-3729) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-08 | A vulnerability was identified in Tenda F453 1.0.0.3/3.As. Impacted is the function fromPptpUserAdd of the file /goform/... |
| [CVE-2026-3728](https://nvd.nist.gov/vuln/detail/CVE-2026-3728) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-03-08 | A vulnerability was determined in Tenda F453 1.0.0.3/1.If. This issue affects the function fromSetCfm of the file /gofor... |
| [CVE-2026-3727](https://nvd.nist.gov/vuln/detail/CVE-2026-3727) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-03-08 | A vulnerability was found in Tenda F453 1.0.0.3. This vulnerability affects the function sub_3C6C0 of the file /goform/Q... |
| [CVE-2026-3726](https://nvd.nist.gov/vuln/detail/CVE-2026-3726) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-08 | A vulnerability has been found in Tenda F453 1.0.0.3. This affects the function fromwebExcptypemanFilter of the file /go... |
| [CVE-2026-3725](https://nvd.nist.gov/vuln/detail/CVE-2026-3725) | 5.3 | MEDIUM | CWE-791 | No | 0.1% | 3.71 | 2026-03-08 | A flaw has been found in 1024-lab/lab1024 SmartAdmin up to 3.29. Affected by this issue is the function freemarkerResolv... |
| [CVE-2026-3724](https://nvd.nist.gov/vuln/detail/CVE-2026-3724) | 5.3 | MEDIUM | CWE-266 | No | 0.0% | 3.71 | 2026-03-08 | A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0. This impacts an unkn... |
| [CVE-2026-3723](https://nvd.nist.gov/vuln/detail/CVE-2026-3723) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-08 | A security flaw has been discovered in code-projects Simple Flight Ticket Booking System 1.0. This affects an unknown fu... |
| [CVE-2026-3721](https://nvd.nist.gov/vuln/detail/CVE-2026-3721) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-03-08 | A weakness has been identified in 1024-lab/lab1024 SmartAdmin up to 3.29. The affected element is an unknown function of... |
| [CVE-2026-3720](https://nvd.nist.gov/vuln/detail/CVE-2026-3720) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-03-08 | A security flaw has been discovered in 1024-lab/lab1024 SmartAdmin up to 3.29. Impacted is an unknown function of the fi... |
| [CVE-2026-3719](https://nvd.nist.gov/vuln/detail/CVE-2026-3719) | 5.5 | MEDIUM | CWE-22 | No | 0.1% | 3.85 | 2026-03-08 | A vulnerability was identified in Tsinghua Unigroup Electronic Archives System 3.2.210802(62532). This issue affects som... |
| [CVE-2026-3716](https://nvd.nist.gov/vuln/detail/CVE-2026-3716) | 4.8 | MEDIUM | CWE-79 | No | 0.0% | 3.36 | 2026-03-08 | A vulnerability was determined in Wavlink WL-WN579X3-C 231124. This vulnerability affects the function sub_401AD4 of the... |
| [CVE-2026-3715](https://nvd.nist.gov/vuln/detail/CVE-2026-3715) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-08 | A vulnerability was found in Wavlink WL-WN579X3-C 231124. This affects the function sub_40139C of the file /cgi-bin/fire... |
| [CVE-2026-3714](https://nvd.nist.gov/vuln/detail/CVE-2026-3714) | 5.1 | MEDIUM | CWE-791 | No | 0.1% | 3.57 | 2026-03-08 | A vulnerability has been found in OpenCart 4.0.2.3. Affected by this issue is the function Save of the file admin/contro... |
| [CVE-2026-3713](https://nvd.nist.gov/vuln/detail/CVE-2026-3713) | 4.8 | MEDIUM | CWE-119 | No | 0.0% | 3.36 | 2026-03-08 | A flaw has been found in pnggroup libpng up to 1.6.55. Affected by this vulnerability is the function do_pnm2png of the... |
| [CVE-2026-3711](https://nvd.nist.gov/vuln/detail/CVE-2026-3711) | 5.1 | MEDIUM | CWE-74 | No | 0.0% | 3.57 | 2026-03-08 | A vulnerability was detected in code-projects Simple Flight Ticket Booking System 1.0. Affected is an unknown function o... |
| [CVE-2026-3710](https://nvd.nist.gov/vuln/detail/CVE-2026-3710) | 5.1 | MEDIUM | CWE-74 | No | 0.0% | 3.57 | 2026-03-08 | A security vulnerability has been detected in code-projects Simple Flight Ticket Booking System 1.0. This impacts an unk... |
| [CVE-2026-3709](https://nvd.nist.gov/vuln/detail/CVE-2026-3709) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-08 | A weakness has been identified in code-projects Simple Flight Ticket Booking System 1.0. This affects an unknown functio... |
| [CVE-2026-3708](https://nvd.nist.gov/vuln/detail/CVE-2026-3708) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-08 | A security flaw has been discovered in code-projects Simple Flight Ticket Booking System 1.0. The impacted element is an... |
| [CVE-2026-3707](https://nvd.nist.gov/vuln/detail/CVE-2026-3707) | 4.8 | MEDIUM | CWE-189 | No | 0.0% | 3.36 | 2026-03-08 | A vulnerability was identified in MrNanko webp4j up to 1.3.x. The affected element is the function DecodeGifFromMemory o... |
| [CVE-2026-3706](https://nvd.nist.gov/vuln/detail/CVE-2026-3706) | 1.7 | LOW | CWE-345 | No | 0.0% | 1.19 | 2026-03-08 | A vulnerability was determined in mkj Dropbear up to 2025.89. Impacted is the function unpackneg of the file src/curve25... |
| [CVE-2026-3705](https://nvd.nist.gov/vuln/detail/CVE-2026-3705) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-08 | A vulnerability was found in code-projects Simple Flight Ticket Booking System 1.0. This issue affects some unknown proc... |
| [CVE-2026-3703](https://nvd.nist.gov/vuln/detail/CVE-2026-3703) | 8.9 | HIGH | CWE-119 | No | 0.2% | 6.24 | 2026-03-08 | A flaw has been found in Wavlink NU516U1 251208. This affects the function sub_401A10 of the file /cgi-bin/login.cgi. Ex... |
| [CVE-2026-3702](https://nvd.nist.gov/vuln/detail/CVE-2026-3702) | 5.3 | MEDIUM | CWE-79 | No | 0.0% | 3.71 | 2026-03-08 | A vulnerability was detected in SourceCodester Loan Management System 1.0. Affected by this issue is some unknown functi... |
| [CVE-2026-3701](https://nvd.nist.gov/vuln/detail/CVE-2026-3701) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-08 | A security vulnerability has been detected in H3C Magic B1 up to 100R004. Affected by this vulnerability is the function... |
| [CVE-2026-3704](https://nvd.nist.gov/vuln/detail/CVE-2026-3704) | 5.1 | MEDIUM | CWE-74 | No | 0.2% | 3.58 | 2026-03-08 | A vulnerability has been found in Wavlink NU516U1 251208. This vulnerability affects the function sub_405B2C of the file... |
| [CVE-2026-3700](https://nvd.nist.gov/vuln/detail/CVE-2026-3700) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-08 | A weakness has been identified in UTT HiPER 810G up to 1.7.7-171114. Affected is the function strcpy of the file /goform... |
| [CVE-2026-3699](https://nvd.nist.gov/vuln/detail/CVE-2026-3699) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-08 | A security flaw has been discovered in UTT HiPER 810G up to 1.7.7-171114. This impacts the function strcpy of the file /... |
| [CVE-2026-3698](https://nvd.nist.gov/vuln/detail/CVE-2026-3698) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-08 | A vulnerability was identified in UTT HiPER 810G up to 1.7.7-171114. This affects the function strcpy of the file /gofor... |
| [CVE-2026-3697](https://nvd.nist.gov/vuln/detail/CVE-2026-3697) | 5.3 | MEDIUM | CWE-119 | No | 0.1% | 3.71 | 2026-03-08 | A vulnerability was determined in Planet ICG-2510 1.0_20250811. The impacted element is the function sub_40C8E4 of the f... |
| [CVE-2026-3696](https://nvd.nist.gov/vuln/detail/CVE-2026-3696) | 6.9 | MEDIUM | CWE-77 | No | 1.9% | 4.89 | 2026-03-08 | A vulnerability was found in Totolink N300RH 6..1c.1353_B20190305. The affected element is the function setWiFiWpsConfig... |
| [CVE-2026-3695](https://nvd.nist.gov/vuln/detail/CVE-2026-3695) | 6.9 | MEDIUM | CWE-22 | No | 0.0% | 4.83 | 2026-03-08 | A vulnerability has been found in SourceCodester Modern Image Gallery App 1.0. Impacted is an unknown function of the fi... |
| [CVE-2026-3693](https://nvd.nist.gov/vuln/detail/CVE-2026-3693) | 6.9 | MEDIUM | CWE-99 | No | 0.1% | 4.83 | 2026-03-08 | A flaw has been found in Shy2593666979 AgentChat up to 2.3.0. This issue affects the function get_user_info/update_user_... |
| [CVE-2026-3683](https://nvd.nist.gov/vuln/detail/CVE-2026-3683) | 5.3 | MEDIUM | CWE-918 | No | 0.0% | 3.71 | 2026-03-08 | A vulnerability was detected in bufanyun HotGo up to 2.0. This issue affects the function ImageTransferStorage of the fi... |
| [CVE-2026-3682](https://nvd.nist.gov/vuln/detail/CVE-2026-3682) | 5.3 | MEDIUM | CWE-74 | No | 0.1% | 3.71 | 2026-03-08 | A security vulnerability has been detected in welovemedia FFmate up to 2.0.15. This vulnerability affects the function E... |
| [CVE-2026-3681](https://nvd.nist.gov/vuln/detail/CVE-2026-3681) | 5.3 | MEDIUM | CWE-918 | No | 0.0% | 3.71 | 2026-03-07 | A weakness has been identified in welovemedia FFmate up to 2.0.15. This affects the function fireWebhook of the file /in... |
| [CVE-2026-3680](https://nvd.nist.gov/vuln/detail/CVE-2026-3680) | 5.3 | MEDIUM | CWE-74 | No | 1.5% | 3.76 | 2026-03-07 | A security flaw has been discovered in RyuzakiShinji biome-mcp-server up to 1.0.0. Affected by this issue is some unknow... |
| [CVE-2026-3679](https://nvd.nist.gov/vuln/detail/CVE-2026-3679) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-07 | A vulnerability was identified in Tenda FH451 1.0.0.9. Affected by this vulnerability is the function formQuickIndex of... |
| [CVE-2026-3678](https://nvd.nist.gov/vuln/detail/CVE-2026-3678) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-07 | A vulnerability was determined in Tenda FH451 1.0.0.9. Affected is the function sub_3C434 of the file /goform/AdvSetWan.... |
| [CVE-2026-3677](https://nvd.nist.gov/vuln/detail/CVE-2026-3677) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-07 | A vulnerability was found in Tenda FH451 1.0.0.9. This impacts the function fromSetCfm of the file /goform/setcfm. The m... |
| [CVE-2026-3675](https://nvd.nist.gov/vuln/detail/CVE-2026-3675) | 4.8 | MEDIUM | CWE-266 | No | 0.0% | 3.36 | 2026-03-07 | A vulnerability was determined in Freedom Factory dGEN1 up to 20260221. Affected by this issue is the function FakeAppRe... |
| [CVE-2026-3674](https://nvd.nist.gov/vuln/detail/CVE-2026-3674) | 4.8 | MEDIUM | CWE-266 | No | 0.0% | 3.36 | 2026-03-07 | A vulnerability was found in Freedom Factory dGEN1 up to 20260221. Affected by this vulnerability is the function FakeAp... |
| [CVE-2026-3672](https://nvd.nist.gov/vuln/detail/CVE-2026-3672) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-03-07 | A vulnerability has been found in JeecgBoot up to 3.9.1. Affected is the function isExistSqlInjectKeyword of the file /j... |
| [CVE-2026-3671](https://nvd.nist.gov/vuln/detail/CVE-2026-3671) | 1.9 | LOW | CWE-266 | No | 0.0% | 1.33 | 2026-03-07 | A flaw has been found in Freedom Factory dGEN1 up to 20260221. Affected by this vulnerability is the function TokenBalan... |
| [CVE-2026-3670](https://nvd.nist.gov/vuln/detail/CVE-2026-3670) | 4.8 | MEDIUM | CWE-266 | No | 0.0% | 3.36 | 2026-03-07 | A vulnerability was detected in Freedom Factory dGEN1 up to 20260221. Affected is an unknown function of the component c... |
| [CVE-2026-3669](https://nvd.nist.gov/vuln/detail/CVE-2026-3669) | 4.8 | MEDIUM | CWE-266 | No | 0.0% | 3.36 | 2026-03-07 | A security vulnerability has been detected in Freedom Factory dGEN1 up to 20260221. This impacts the function AlarmServi... |
| [CVE-2026-2671](https://nvd.nist.gov/vuln/detail/CVE-2026-2671) | 2.3 | LOW | CWE-310 | No | 0.0% | 1.61 | 2026-03-07 | A vulnerability was detected in Mendi Neurofeedback Headset V4. Affected by this vulnerability is an unknown functionali... |
| [CVE-2026-30863](https://nvd.nist.gov/vuln/detail/CVE-2026-30863) | 9.3 | CRITICAL | CWE-287 | No | 0.0% | 6.51 | 2026-03-07 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version... |
| [CVE-2026-30861](https://nvd.nist.gov/vuln/detail/CVE-2026-30861) | 9.9 | CRITICAL | CWE-78 | No | 0.1% | 6.93 | 2026-03-07 | WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. From version 0.2.5... |
| [CVE-2026-30860](https://nvd.nist.gov/vuln/detail/CVE-2026-30860) | 9.9 | CRITICAL | CWE-89 | No | 0.2% | 6.94 | 2026-03-07 | WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.... |
| [CVE-2026-30859](https://nvd.nist.gov/vuln/detail/CVE-2026-30859) | 5.3 | MEDIUM | CWE-284 | No | 0.0% | 3.71 | 2026-03-07 | WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.... |
| [CVE-2026-30858](https://nvd.nist.gov/vuln/detail/CVE-2026-30858) | 6.5 | MEDIUM | CWE-918 | No | 0.1% | 4.55 | 2026-03-07 | WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.... |
| [CVE-2026-30857](https://nvd.nist.gov/vuln/detail/CVE-2026-30857) | 5.3 | MEDIUM | CWE-639 | No | 0.0% | 3.71 | 2026-03-07 | WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.... |
| [CVE-2026-30856](https://nvd.nist.gov/vuln/detail/CVE-2026-30856) | 5.9 | MEDIUM | CWE-706 | No | 0.0% | 4.13 | 2026-03-07 | WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.... |
| [CVE-2026-30855](https://nvd.nist.gov/vuln/detail/CVE-2026-30855) | 8.8 | HIGH | CWE-284 | No | 0.1% | 6.16 | 2026-03-07 | WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.... |
| [CVE-2026-30854](https://nvd.nist.gov/vuln/detail/CVE-2026-30854) | 6.9 | MEDIUM | CWE-863 | No | 0.0% | 4.83 | 2026-03-07 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. From version 9.3... |
| [CVE-2026-30852](https://nvd.nist.gov/vuln/detail/CVE-2026-30852) | 5.5 | MEDIUM | CWE-74 | No | 0.0% | 3.85 | 2026-03-07 | Caddy is an extensible server platform that uses TLS by default. From version 2.7.5 to before version 2.11.2, the vars_r... |
| [CVE-2026-30851](https://nvd.nist.gov/vuln/detail/CVE-2026-30851) | 8.1 | HIGH | CWE-287 | No | 0.0% | 5.67 | 2026-03-07 | Caddy is an extensible server platform that uses TLS by default. From version 2.10.0 to before version 2.11.2, forward_a... |
| [CVE-2026-30850](https://nvd.nist.gov/vuln/detail/CVE-2026-30850) | 6.3 | MEDIUM | CWE-862 | No | 0.0% | 4.41 | 2026-03-07 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version... |
| [CVE-2026-30848](https://nvd.nist.gov/vuln/detail/CVE-2026-30848) | 6.3 | MEDIUM | CWE-22 | No | 0.0% | 4.41 | 2026-03-07 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version... |
| [CVE-2026-29196](https://nvd.nist.gov/vuln/detail/CVE-2026-29196) | 8.7 | HIGH | CWE-863 | No | 0.0% | 6.09 | 2026-03-07 | Netmaker makes networks with WireGuard. Prior to version 1.5.0, a user assigned the platform-user role can retrieve Wire... |
| [CVE-2026-29195](https://nvd.nist.gov/vuln/detail/CVE-2026-29195) | 6.9 | MEDIUM | CWE-863 | No | 0.0% | 4.83 | 2026-03-07 | Netmaker makes networks with WireGuard. Prior to version 1.5.0, the user update handler (PUT /api/users/{username}) lack... |
| [CVE-2026-3668](https://nvd.nist.gov/vuln/detail/CVE-2026-3668) | 2.3 | LOW | CWE-266 | No | 0.0% | 1.61 | 2026-03-07 | A weakness has been identified in Freedom Factory dGEN1 up to 20260221. This affects the function AndroidEthereum of the... |
| [CVE-2026-3667](https://nvd.nist.gov/vuln/detail/CVE-2026-3667) | 4.8 | MEDIUM | CWE-266 | No | 0.0% | 3.36 | 2026-03-07 | A security flaw has been discovered in Freedom Factory dGEN1 up to 20260221. The impacted element is the function FakeAp... |
| [CVE-2026-3665](https://nvd.nist.gov/vuln/detail/CVE-2026-3665) | 4.8 | MEDIUM | CWE-404 | No | 0.0% | 3.36 | 2026-03-07 | A vulnerability was identified in xlnt-community xlnt up to 1.6.1. The affected element is the function xlnt::detail::xl... |
| [CVE-2026-30838](https://nvd.nist.gov/vuln/detail/CVE-2026-30838) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-03-07 | league/commonmark is a PHP Markdown parser. Prior to version 2.8.1, the DisallowedRawHtml extension can be bypassed by i... |
| [CVE-2026-30834](https://nvd.nist.gov/vuln/detail/CVE-2026-30834) | 7.5 | HIGH | CWE-918 | No | 0.0% | 5.25 | 2026-03-07 | PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. Prior to version 0.7.7,... |
| [CVE-2026-30832](https://nvd.nist.gov/vuln/detail/CVE-2026-30832) | 9.1 | CRITICAL | CWE-918 | No | 0.0% | 6.37 | 2026-03-07 | Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0.11.4, an authentic... |
| [CVE-2026-29787](https://nvd.nist.gov/vuln/detail/CVE-2026-29787) | 5.3 | MEDIUM | CWE-200 | No | 0.0% | 3.71 | 2026-03-07 | mcp-memory-service is an open-source memory backend for multi-agent systems. Prior to version 10.21.0, the /api/health/d... |
| [CVE-2026-29786](https://nvd.nist.gov/vuln/detail/CVE-2026-29786) | 8.2 | HIGH | CWE-22 | No | 0.0% | 5.74 | 2026-03-07 | node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that p... |
| [CVE-2026-29784](https://nvd.nist.gov/vuln/detail/CVE-2026-29784) | 7.5 | HIGH | CWE-352 | No | 0.0% | 5.25 | 2026-03-07 | Ghost is a Node.js content management system. From version 5.101.6 to 6.19.2, incomplete CSRF protections around /sessio... |
| [CVE-2026-29781](https://nvd.nist.gov/vuln/detail/CVE-2026-29781) | 5.3 | MEDIUM | CWE-476 | No | 0.0% | 3.71 | 2026-03-07 | Sliver is a command and control framework that uses a custom Wireguard netstack. In versions from 1.7.3 and prior, a vul... |
| [CVE-2026-29780](https://nvd.nist.gov/vuln/detail/CVE-2026-29780) | 5.5 | MEDIUM | CWE-22 | No | 0.0% | 3.85 | 2026-03-07 | eml_parser serves as a python module for parsing eml files and returning various information found in the e-mail as well... |
| [CVE-2026-29779](https://nvd.nist.gov/vuln/detail/CVE-2026-29779) | 7.5 | HIGH | CWE-200 | No | 0.0% | 5.25 | 2026-03-07 | UptimeFlare is a serverless uptime monitoring & status page solution, powered by Cloudflare Workers. Prior to commit 377... |
| [CVE-2026-29778](https://nvd.nist.gov/vuln/detail/CVE-2026-29778) | 7.1 | HIGH | CWE-23 | No | 0.0% | 4.97 | 2026-03-07 | pyLoad is a free and open-source download manager written in Python. From version 0.5.0b3.dev13 to 0.5.0b3.dev96, the ed... |
| [CVE-2026-29771](https://nvd.nist.gov/vuln/detail/CVE-2026-29771) | 8.7 | HIGH | CWE-404 | No | 0.0% | 6.09 | 2026-03-07 | Netmaker makes networks with WireGuard. Prior to version 1.2.0, the /api/server/shutdown endpoint allows termination of... |
| [CVE-2026-29194](https://nvd.nist.gov/vuln/detail/CVE-2026-29194) | 8.6 | HIGH | CWE-863 | No | 0.0% | 6.02 | 2026-03-07 | Netmaker makes networks with WireGuard. Prior to version 1.5.0, the Authorize middleware in Netmaker incorrectly validat... |
| [CVE-2026-29190](https://nvd.nist.gov/vuln/detail/CVE-2026-29190) | 4.1 | MEDIUM | CWE-22 | No | 0.1% | 2.87 | 2026-03-07 | Karapace is an open-source implementation of Kafka REST and Schema Registry. Prior to version 6.0.0, there is a Path Tra... |
| [CVE-2026-29076](https://nvd.nist.gov/vuln/detail/CVE-2026-29076) | 5.9 | MEDIUM | CWE-674 | No | 0.1% | 4.13 | 2026-03-07 | cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.37.0, cpp-httplib u... |
| [CVE-2026-28678](https://nvd.nist.gov/vuln/detail/CVE-2026-28678) | 8.1 | HIGH | CWE-311 | No | 0.0% | 5.67 | 2026-03-07 | DSA Study Hub is an interactive educational web application. Prior to commit d527fba, the user authentication system in... |
| [CVE-2026-3664](https://nvd.nist.gov/vuln/detail/CVE-2026-3664) | 4.8 | MEDIUM | CWE-119 | No | 0.0% | 3.36 | 2026-03-07 | A vulnerability was determined in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::compound_docum... |
| [CVE-2026-3663](https://nvd.nist.gov/vuln/detail/CVE-2026-3663) | 4.8 | MEDIUM | CWE-119 | No | 0.0% | 3.36 | 2026-03-07 | A vulnerability was found in xlnt-community xlnt up to 1.6.1. This issue affects the function xlnt::detail::compound_doc... |
| [CVE-2026-29193](https://nvd.nist.gov/vuln/detail/CVE-2026-29193) | 8.2 | HIGH | CWE-287 | No | 0.0% | 5.74 | 2026-03-07 | ZITADEL is an open source identity management platform. From version 4.0.0 to 4.12.0, a vulnerability in Zitadel's login... |
| [CVE-2026-29192](https://nvd.nist.gov/vuln/detail/CVE-2026-29192) | 7.7 | HIGH | CWE-79 | No | 0.0% | 5.39 | 2026-03-07 | ZITADEL is an open source identity management platform. From version 4.0.0 to 4.11.1, a vulnerability in Zitadel's login... |
| [CVE-2026-29191](https://nvd.nist.gov/vuln/detail/CVE-2026-29191) | 9.3 | CRITICAL | CWE-79 | No | 0.0% | 6.51 | 2026-03-07 | ZITADEL is an open source identity management platform. From version 4.0.0 to 4.11.1, a vulnerability in Zitadel's login... |
| [CVE-2026-29186](https://nvd.nist.gov/vuln/detail/CVE-2026-29186) | 7.7 | HIGH | CWE-74 | No | 0.0% | 5.39 | 2026-03-07 | Backstage is an open framework for building developer portals. Prior to version 1.14.3, this is a configuration bypass v... |
| [CVE-2026-29185](https://nvd.nist.gov/vuln/detail/CVE-2026-29185) | 2.7 | LOW | CWE-22 | No | 0.0% | 1.89 | 2026-03-07 | Backstage is an open framework for building developer portals. Prior to version 1.20.1, a vulnerability in the SCM URL p... |
| [CVE-2026-29184](https://nvd.nist.gov/vuln/detail/CVE-2026-29184) | 2.0 | LOW | CWE-532 | No | 0.0% | 1.40 | 2026-03-07 | Backstage is an open framework for building developer portals. Prior to version 3.1.4, a malicious scaffolder template c... |
| [CVE-2026-29067](https://nvd.nist.gov/vuln/detail/CVE-2026-29067) | 8.1 | HIGH | CWE-601 | No | 0.0% | 5.67 | 2026-03-07 | ZITADEL is an open source identity management platform. From version 4.0.0-rc.1 to 4.7.0, a potential vulnerability exis... |
| [CVE-2026-3662](https://nvd.nist.gov/vuln/detail/CVE-2026-3662) | 5.1 | MEDIUM | CWE-74 | No | 0.2% | 3.58 | 2026-03-07 | A vulnerability has been found in Wavlink WL-NU516U1 240425. This vulnerability affects the function usb_p910 of the fil... |
| [CVE-2026-3661](https://nvd.nist.gov/vuln/detail/CVE-2026-3661) | 5.1 | MEDIUM | CWE-74 | No | 0.2% | 3.58 | 2026-03-07 | A flaw has been found in Wavlink WL-NU516U1 240425. This affects the function ota_new_upgrade of the file /cgi-bin/adm.c... |
| [CVE-2026-2219](https://nvd.nist.gov/vuln/detail/CVE-2026-2219) | 7.5 | HIGH | CWE-835 | No | 0.0% | 5.25 | 2026-03-07 | It was discovered that dpkg-deb (a component of dpkg, the Debian package management system) does not properly validate t... |
| [CVE-2026-24308](https://nvd.nist.gov/vuln/detail/CVE-2026-24308) | 7.5 | HIGH | CWE-532 | No | 0.0% | 5.25 | 2026-03-07 | Improper handling of configuration values in ZKConfig in Apache ZooKeeper 3.8.5 and 3.9.4 on all platforms allows an att... |
| [CVE-2026-24281](https://nvd.nist.gov/vuln/detail/CVE-2026-24281) | 7.4 | HIGH | CWE-295 | No | 0.0% | 5.18 | 2026-03-07 | Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS (PTR) when IP SAN validation fails, a... |
| [CVE-2026-2433](https://nvd.nist.gov/vuln/detail/CVE-2026-2433) | 6.1 | MEDIUM | CWE-79 | No | 0.1% | 4.27 | 2026-03-07 | The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to DOM-Ba... |
| [CVE-2026-2420](https://nvd.nist.gov/vuln/detail/CVE-2026-2420) | 4.4 | MEDIUM | CWE-79 | No | 0.0% | 3.08 | 2026-03-07 | The LotekMedia Popup Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in a... |
| [CVE-2026-1825](https://nvd.nist.gov/vuln/detail/CVE-2026-1825) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-03-07 | The Show YouTube video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'syv' shortcod... |
| [CVE-2026-1824](https://nvd.nist.gov/vuln/detail/CVE-2026-1824) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-03-07 | The Infomaniak Connect for OpenID plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'endpoint_lo... |
| [CVE-2026-1823](https://nvd.nist.gov/vuln/detail/CVE-2026-1823) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-03-07 | The Consensus Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's consensus shortco... |
| [CVE-2026-1820](https://nvd.nist.gov/vuln/detail/CVE-2026-1820) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-03-07 | The Media Library Alt Text Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bv... |
| [CVE-2026-1805](https://nvd.nist.gov/vuln/detail/CVE-2026-1805) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-03-07 | The DA Media GigList plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's damedia_giglist... |
| [CVE-2026-1574](https://nvd.nist.gov/vuln/detail/CVE-2026-1574) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-03-07 | The MyQtip – easy qTip2 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `myqtip` shor... |
| [CVE-2026-1569](https://nvd.nist.gov/vuln/detail/CVE-2026-1569) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-03-07 | The Wueen plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `wueen-blocket` shortcode i... |
| [CVE-2026-1087](https://nvd.nist.gov/vuln/detail/CVE-2026-1087) | 4.3 | MEDIUM | CWE-352 | No | 0.0% | 3.01 | 2026-03-07 | The Guardian News Feed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and inclu... |
| [CVE-2026-1086](https://nvd.nist.gov/vuln/detail/CVE-2026-1086) | 4.3 | MEDIUM | CWE-352 | No | 0.0% | 3.01 | 2026-03-07 | The Font Pairing Preview For Landing Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versi... |
| [CVE-2026-1085](https://nvd.nist.gov/vuln/detail/CVE-2026-1085) | 4.3 | MEDIUM | CWE-352 | No | 0.0% | 3.01 | 2026-03-07 | The True Ranker plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2... |
| [CVE-2026-1074](https://nvd.nist.gov/vuln/detail/CVE-2026-1074) | 7.2 | HIGH | CWE-79 | No | 0.1% | 5.04 | 2026-03-07 | The WP App Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'app-bar-features' parameter in... |
| [CVE-2026-1073](https://nvd.nist.gov/vuln/detail/CVE-2026-1073) | 4.3 | MEDIUM | CWE-352 | No | 0.0% | 3.01 | 2026-03-07 | The Purchase Button For Affiliate Link plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions... |
| [CVE-2026-1071](https://nvd.nist.gov/vuln/detail/CVE-2026-1071) | 4.4 | MEDIUM | CWE-79 | No | 0.0% | 3.08 | 2026-03-07 | The Carta Online plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up... |
| [CVE-2025-14675](https://nvd.nist.gov/vuln/detail/CVE-2025-14675) | 7.2 | HIGH | CWE-22 | No | 1.0% | 5.07 | 2026-03-07 | The Meta Box plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in t... |
| [CVE-2026-30842](https://nvd.nist.gov/vuln/detail/CVE-2026-30842) | 4.3 | MEDIUM | CWE-862 | No | 0.0% | 3.01 | 2026-03-07 | Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, Wallos allows an authenti... |
| [CVE-2026-30841](https://nvd.nist.gov/vuln/detail/CVE-2026-30841) | 6.9 | MEDIUM | CWE-79 | No | 0.0% | 4.83 | 2026-03-07 | Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, passwordreset.php outputs... |
| [CVE-2026-30840](https://nvd.nist.gov/vuln/detail/CVE-2026-30840) | 8.8 | HIGH | CWE-295 | No | 0.1% | 6.16 | 2026-03-07 | Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, there is a server-side re... |
| [CVE-2026-30839](https://nvd.nist.gov/vuln/detail/CVE-2026-30839) | 5.3 | MEDIUM | CWE-918 | No | 0.0% | 3.71 | 2026-03-07 | Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, testwebhooknotifications.... |
| [CVE-2026-30830](https://nvd.nist.gov/vuln/detail/CVE-2026-30830) | 2.1 | LOW | CWE-79 | No | 0.0% | 1.47 | 2026-03-07 | Defuddle cleans up HTML pages. Prior to version 0.9.0, the _findContentBySchemaText method in src/defuddle.ts interpolat... |
| [CVE-2026-30829](https://nvd.nist.gov/vuln/detail/CVE-2026-30829) | 5.3 | MEDIUM | CWE-200 | No | 0.0% | 3.71 | 2026-03-07 | Checkmate is an open-source, self-hosted tool designed to track and monitor server hardware, uptime, response times, and... |
| [CVE-2026-30828](https://nvd.nist.gov/vuln/detail/CVE-2026-30828) | 8.7 | HIGH | CWE-22 | No | 0.1% | 6.09 | 2026-03-07 | Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, the url parameter can be... |
| [CVE-2026-30827](https://nvd.nist.gov/vuln/detail/CVE-2026-30827) | 7.5 | HIGH | CWE-770 | No | 0.0% | 5.25 | 2026-03-07 | express-rate-limit is a basic rate-limiting middleware for Express. In versions starting from 8.0.0 and prior to version... |
| [CVE-2026-30825](https://nvd.nist.gov/vuln/detail/CVE-2026-30825) | 0.0 | NONE | CWE-639 | No | 0.0% | 0.00 | 2026-03-07 | hoppscotch is an open source API development ecosystem. Prior to version 2026.2.1, the DELETE /v1/access-tokens/revoke e... |
| [CVE-2026-30824](https://nvd.nist.gov/vuln/detail/CVE-2026-30824) | 7.7 | HIGH | CWE-306 | No | 0.0% | 5.39 | 2026-03-07 | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, the NV... |
| [CVE-2026-30823](https://nvd.nist.gov/vuln/detail/CVE-2026-30823) | 8.8 | HIGH | CWE-639 | No | 0.0% | 6.16 | 2026-03-07 | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, there... |
| [CVE-2026-27797](https://nvd.nist.gov/vuln/detail/CVE-2026-27797) | 5.3 | MEDIUM | CWE-918 | No | 0.1% | 3.71 | 2026-03-07 | Homarr is an open-source dashboard. Prior to version 1.54.0, an unauthenticated Server-Side Request Forgery (SSRF) vulne... |
| [CVE-2026-27796](https://nvd.nist.gov/vuln/detail/CVE-2026-27796) | 5.3 | MEDIUM | CWE-200 | No | 0.0% | 3.71 | 2026-03-07 | Homarr is an open-source dashboard. Prior to version 1.54.0, the integration.all tRPC endpoint in Homarr is exposed as a... |
| [CVE-2025-8899](https://nvd.nist.gov/vuln/detail/CVE-2025-8899) | 8.8 | HIGH | CWE-269 | No | 0.0% | 6.16 | 2026-03-07 | The Paid Videochat Turnkey Site – HTML5 PPV Live Webcams plugin for WordPress is vulnerable to Privilege Escalation in a... |
| [CVE-2026-30822](https://nvd.nist.gov/vuln/detail/CVE-2026-30822) | 7.7 | HIGH | CWE-915 | No | 0.2% | 5.40 | 2026-03-07 | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, unauth... |
| [CVE-2026-30821](https://nvd.nist.gov/vuln/detail/CVE-2026-30821) | 8.2 | HIGH | CWE-434 | No | 0.1% | 5.74 | 2026-03-07 | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, the /a... |
| [CVE-2026-30820](https://nvd.nist.gov/vuln/detail/CVE-2026-30820) | 8.7 | HIGH | CWE-863 | No | 0.1% | 6.09 | 2026-03-07 | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, Flowis... |
| [CVE-2026-30247](https://nvd.nist.gov/vuln/detail/CVE-2026-30247) | 5.9 | MEDIUM | CWE-918 | No | 0.0% | 4.13 | 2026-03-07 | WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.... |
| [CVE-2026-3352](https://nvd.nist.gov/vuln/detail/CVE-2026-3352) | 7.2 | HIGH | CWE-94 | No | 0.1% | 5.04 | 2026-03-07 | The Easy PHP Settings plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.0... |
| [CVE-2026-2722](https://nvd.nist.gov/vuln/detail/CVE-2026-2722) | 4.8 | MEDIUM | CWE-79 | No | 0.0% | 3.36 | 2026-03-07 | The Stock Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up... |
| [CVE-2026-2721](https://nvd.nist.gov/vuln/detail/CVE-2026-2721) | 4.8 | MEDIUM | CWE-79 | No | 0.0% | 3.36 | 2026-03-07 | The MailArchiver plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up... |
| [CVE-2026-2494](https://nvd.nist.gov/vuln/detail/CVE-2026-2494) | 4.3 | MEDIUM | CWE-352 | No | 0.0% | 3.01 | 2026-03-07 | The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Cross-Site Request Forgery... |
| [CVE-2026-2488](https://nvd.nist.gov/vuln/detail/CVE-2026-2488) | 4.3 | MEDIUM | CWE-862 | No | 0.0% | 3.01 | 2026-03-07 | The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized message delet... |
| [CVE-2026-2431](https://nvd.nist.gov/vuln/detail/CVE-2026-2431) | 6.1 | MEDIUM | CWE-79 | No | 0.1% | 4.27 | 2026-03-07 | The CM Custom Reports plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'date_from' and 'date... |
| [CVE-2026-2429](https://nvd.nist.gov/vuln/detail/CVE-2026-2429) | 4.9 | MEDIUM | CWE-89 | No | 0.0% | 3.43 | 2026-03-07 | The Community Events plugin for WordPress is vulnerable to SQL Injection via the 'ce_venue_name' CSV field in the `on_sa... |
| [CVE-2026-2020](https://nvd.nist.gov/vuln/detail/CVE-2026-2020) | 7.5 | HIGH | CWE-502 | No | 0.1% | 5.25 | 2026-03-07 | The JS Archive List plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6.1... |
| [CVE-2026-1902](https://nvd.nist.gov/vuln/detail/CVE-2026-1902) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-03-07 | The Hammas Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'apix' parameter in the 'h... |
| [CVE-2026-1650](https://nvd.nist.gov/vuln/detail/CVE-2026-1650) | 5.3 | MEDIUM | CWE-862 | No | 0.1% | 3.71 | 2026-03-07 | The MDJM Event Management plugin for WordPress is vulnerable to unauthorized data modification due to a missing capabili... |
| [CVE-2025-14353](https://nvd.nist.gov/vuln/detail/CVE-2025-14353) | 7.5 | HIGH | CWE-89 | No | 0.1% | 5.25 | 2026-03-07 | The ZIP Code Based Content Protection plugin for WordPress is vulnerable to SQL Injection in all versions up to, and inc... |
| [CVE-2026-25073](https://nvd.nist.gov/vuln/detail/CVE-2026-25073) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-03-07 | XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a stored cross-site scripting vulnerabil... |
| [CVE-2026-25072](https://nvd.nist.gov/vuln/detail/CVE-2026-25072) | 8.6 | HIGH | CWE-330 | No | 0.2% | 6.03 | 2026-03-07 | XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a predictable session identifier vulnera... |
| [CVE-2026-25071](https://nvd.nist.gov/vuln/detail/CVE-2026-25071) | 8.7 | HIGH | CWE-306 | No | 0.1% | 6.09 | 2026-03-07 | XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a missing authentication vulnerability i... |
| [CVE-2026-25070](https://nvd.nist.gov/vuln/detail/CVE-2026-25070) | 9.3 | CRITICAL | CWE-78 | No | 0.3% | 6.52 | 2026-03-07 | XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain an OS command injection vulnerability in... |
| [CVE-2026-2371](https://nvd.nist.gov/vuln/detail/CVE-2026-2371) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-07 | The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Insecure Direct Object Referenc... |
| [CVE-2026-1981](https://nvd.nist.gov/vuln/detail/CVE-2026-1981) | 4.3 | MEDIUM | CWE-862 | No | 0.0% | 3.01 | 2026-03-07 | The HUMN-1 AI Website Scanner & Human Certification by Winston AI plugin for WordPress is vulnerable to unauthorized mod... |
| [CVE-2026-1644](https://nvd.nist.gov/vuln/detail/CVE-2026-1644) | 4.3 | MEDIUM | CWE-352 | No | 0.0% | 3.01 | 2026-03-07 | The WP Frontend Profile plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and incl... |
| [CVE-2026-3233](https://nvd.nist.gov/vuln/detail/CVE-2026-3233) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-03-06 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. |
| [CVE-2026-30244](https://nvd.nist.gov/vuln/detail/CVE-2026-30244) | 7.5 | HIGH | CWE-200 | No | 0.0% | 5.25 | 2026-03-06 | Plane is an an open-source project management tool. Prior to version 1.2.2, unauthenticated attackers can enumerate work... |
| [CVE-2026-30242](https://nvd.nist.gov/vuln/detail/CVE-2026-30242) | 8.5 | HIGH | CWE-918 | No | 0.0% | 5.95 | 2026-03-06 | Plane is an an open-source project management tool. Prior to version 1.2.3, the webhook URL validation in plane/app/seri... |
| [CVE-2026-30241](https://nvd.nist.gov/vuln/detail/CVE-2026-30241) | 2.7 | LOW | CWE-863 | No | 0.0% | 1.89 | 2026-03-06 | Mercurius is a GraphQL adapter for Fastify. Prior to version 16.8.0, Mercurius fails to enforce the configured queryDept... |
| [CVE-2026-30238](https://nvd.nist.gov/vuln/detail/CVE-2026-30238) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-03-06 | Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.155, 25.0.88, a... |
| [CVE-2026-30237](https://nvd.nist.gov/vuln/detail/CVE-2026-30237) | 2.1 | LOW | CWE-79 | No | 0.0% | 1.47 | 2026-03-06 | Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.155, 25.0.88, a... |
| [CVE-2026-27142](https://nvd.nist.gov/vuln/detail/CVE-2026-27142) | 6.1 | MEDIUM | N/A | No | 0.0% | 4.27 | 2026-03-06 | Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta t... |
| [CVE-2026-27139](https://nvd.nist.gov/vuln/detail/CVE-2026-27139) | 2.5 | LOW | N/A | No | 0.0% | 1.75 | 2026-03-06 | On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo cou... |
| [CVE-2026-27138](https://nvd.nist.gov/vuln/detail/CVE-2026-27138) | 5.9 | MEDIUM | N/A | No | 0.0% | 4.13 | 2026-03-06 | Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the... |
| [CVE-2026-27137](https://nvd.nist.gov/vuln/detail/CVE-2026-27137) | 7.5 | HIGH | N/A | No | 0.0% | 5.25 | 2026-03-06 | When verifying a certificate chain which contains a certificate containing multiple email address constraints which shar... |
| [CVE-2026-25679](https://nvd.nist.gov/vuln/detail/CVE-2026-25679) | 7.5 | HIGH | N/A | No | 0.0% | 5.25 | 2026-03-06 | url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. |
| [CVE-2026-30835](https://nvd.nist.gov/vuln/detail/CVE-2026-30835) | 6.9 | MEDIUM | CWE-209 | No | 0.0% | 4.83 | 2026-03-06 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version... |
| [CVE-2026-30233](https://nvd.nist.gov/vuln/detail/CVE-2026-30233) | 6.5 | MEDIUM | CWE-200 | No | 0.0% | 4.55 | 2026-03-06 | OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, an authorization fl... |
| [CVE-2026-30231](https://nvd.nist.gov/vuln/detail/CVE-2026-30231) | 6.0 | MEDIUM | CWE-639 | No | 0.0% | 4.20 | 2026-03-06 | Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.... |
| [CVE-2026-30230](https://nvd.nist.gov/vuln/detail/CVE-2026-30230) | 8.2 | HIGH | CWE-639 | No | 0.0% | 5.74 | 2026-03-06 | Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.... |
| [CVE-2026-30229](https://nvd.nist.gov/vuln/detail/CVE-2026-30229) | 8.5 | HIGH | CWE-863 | No | 0.0% | 5.95 | 2026-03-06 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version... |
| [CVE-2026-30228](https://nvd.nist.gov/vuln/detail/CVE-2026-30228) | 6.9 | MEDIUM | CWE-863 | No | 0.0% | 4.83 | 2026-03-06 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version... |
| [CVE-2026-30227](https://nvd.nist.gov/vuln/detail/CVE-2026-30227) | 6.9 | MEDIUM | CWE-93 | No | 1.1% | 4.86 | 2026-03-06 | MimeKit is a C# library which may be used for the creation and parsing of messages using the Multipurpose Internet Mail... |
| [CVE-2026-30225](https://nvd.nist.gov/vuln/detail/CVE-2026-30225) | 5.3 | MEDIUM | CWE-250 | No | 0.1% | 3.71 | 2026-03-06 | OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, an authentication c... |
| [CVE-2026-30224](https://nvd.nist.gov/vuln/detail/CVE-2026-30224) | 5.4 | MEDIUM | CWE-384 | No | 0.0% | 3.78 | 2026-03-06 | OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, OliveTin does not r... |
| [CVE-2026-30223](https://nvd.nist.gov/vuln/detail/CVE-2026-30223) | 8.8 | HIGH | CWE-287 | No | 0.0% | 6.16 | 2026-03-06 | OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, when JWT authentica... |
| [CVE-2026-29795](https://nvd.nist.gov/vuln/detail/CVE-2026-29795) | 4.0 | MEDIUM | CWE-770 | No | 0.0% | 2.80 | 2026-03-06 | stellar-xdr is a library and CLI containing types and functionality for working with Stellar XDR. Prior to version 25.0.... |
| [CVE-2026-29791](https://nvd.nist.gov/vuln/detail/CVE-2026-29791) | 4.9 | MEDIUM | CWE-20 | No | 0.1% | 3.43 | 2026-03-06 | Agentgateway is an open source data plane for agentic AI connectivity within or across any agent framework or environmen... |
| [CVE-2026-29790](https://nvd.nist.gov/vuln/detail/CVE-2026-29790) | 2.0 | LOW | CWE-22 | No | 0.1% | 1.40 | 2026-03-06 | dbt-common is the shared common utilities for dbt-core and adapter implementations use. Prior to versions 1.34.2 and 1.3... |
| [CVE-2026-29789](https://nvd.nist.gov/vuln/detail/CVE-2026-29789) | 9.9 | CRITICAL | CWE-862 | No | 0.1% | 6.93 | 2026-03-06 | Vito is a self-hosted web application that helps manage servers and deploy PHP applications into production servers. Pri... |
| [CVE-2026-29788](https://nvd.nist.gov/vuln/detail/CVE-2026-29788) | 8.4 | HIGH | CWE-283 | No | 0.0% | 5.88 | 2026-03-06 | TSPortal is the WikiTide Foundation’s in-house platform used by the Trust and Safety team to manage reports, investigati... |
| [CVE-2026-29182](https://nvd.nist.gov/vuln/detail/CVE-2026-29182) | 8.6 | HIGH | CWE-863 | No | 0.0% | 6.02 | 2026-03-06 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version... |
| [CVE-2026-30847](https://nvd.nist.gov/vuln/detail/CVE-2026-30847) | 9.3 | CRITICAL | CWE-200 | No | 0.0% | 6.51 | 2026-03-06 | Wekan is an open source kanban tool built with Meteor. In versions 8.31.0 through 8.33, the notificationUsers publicatio... |
| [CVE-2026-30846](https://nvd.nist.gov/vuln/detail/CVE-2026-30846) | 8.7 | HIGH | CWE-200 | No | 0.2% | 6.09 | 2026-03-06 | Wekan is an open source kanban tool built with Meteor. In versions 8.31.0 through 8.33, the globalwebhooks publication e... |
| [CVE-2026-30845](https://nvd.nist.gov/vuln/detail/CVE-2026-30845) | 6.9 | MEDIUM | CWE-200 | No | 0.1% | 4.83 | 2026-03-06 | Wekan is an open source kanban tool built with Meteor. In versions 8.31.0 through 8.33, the board composite publication... |
| [CVE-2026-30844](https://nvd.nist.gov/vuln/detail/CVE-2026-30844) | 9.3 | CRITICAL | CWE-918 | No | 0.0% | 6.51 | 2026-03-06 | Wekan is an open source kanban tool built with Meteor. Versions 8.32 and 8.33 are vulnerable to Server-Side Request Forg... |
| [CVE-2026-30843](https://nvd.nist.gov/vuln/detail/CVE-2026-30843) | 9.3 | CRITICAL | CWE-639 | No | 0.0% | 6.51 | 2026-03-06 | Wekan is an open source kanban tool built with Meteor. Versions 8.32 and 8.33 have a critical Insecure Direct Object Ref... |
| [CVE-2025-69654](https://nvd.nist.gov/vuln/detail/CVE-2025-69654) | 7.5 | HIGH | CWE-400 | No | 0.1% | 5.25 | 2026-03-06 | A crafted JavaScript input executed with the QuickJS release 2025-09-13, fixed in commit fcd33c1afa7b3028531f53cd1190a38... |
| [CVE-2026-3653](https://nvd.nist.gov/vuln/detail/CVE-2026-3653) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-03-06 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All r... |
| [CVE-2026-29063](https://nvd.nist.gov/vuln/detail/CVE-2026-29063) | 8.7 | HIGH | CWE-1321 | No | 0.1% | 6.09 | 2026-03-06 | Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1.5, Prototype Po... |
| [CVE-2025-69653](https://nvd.nist.gov/vuln/detail/CVE-2025-69653) | 6.5 | MEDIUM | CWE-617 | No | 0.0% | 4.55 | 2026-03-06 | A crafted JavaScript input can trigger an internal assertion failure in QuickJS release 2025-09-13, fixed in commit 1dbb... |
| [CVE-2025-69652](https://nvd.nist.gov/vuln/detail/CVE-2025-69652) | 6.2 | MEDIUM | CWE-460 | No | 0.0% | 4.34 | 2026-03-06 | GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort (SIGABRT) when processing a crafted ELF b... |
| [CVE-2025-69650](https://nvd.nist.gov/vuln/detail/CVE-2025-69650) | 7.5 | HIGH | CWE-415 | No | 0.1% | 5.25 | 2026-03-06 | GNU Binutils thru 2.46 readelf contains a double free vulnerability when processing a crafted ELF binary with malformed... |
| [CVE-2025-69649](https://nvd.nist.gov/vuln/detail/CVE-2025-69649) | 7.5 | HIGH | CWE-476 | No | 0.0% | 5.25 | 2026-03-06 | GNU Binutils thru 2.46 readelf contains a null pointer dereference vulnerability when processing a crafted ELF binary wi... |
| [CVE-2026-30833](https://nvd.nist.gov/vuln/detail/CVE-2026-30833) | 6.9 | MEDIUM | CWE-943 | No | 0.0% | 4.83 | 2026-03-06 | Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to versions 7.10.8, 7.11.5, 7.1... |
| [CVE-2026-30831](https://nvd.nist.gov/vuln/detail/CVE-2026-30831) | 8.0 | HIGH | CWE-287 | No | 0.1% | 5.60 | 2026-03-06 | Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to versions 7.10.8, 7.11.5, 7.1... |
| [CVE-2026-29178](https://nvd.nist.gov/vuln/detail/CVE-2026-29178) | 7.7 | HIGH | CWE-918 | No | 0.1% | 5.39 | 2026-03-06 | Lemmy, a link aggregator and forum for the fediverse, is vulnerable to server-side request forgery via a dependency on a... |
| [CVE-2026-29110](https://nvd.nist.gov/vuln/detail/CVE-2026-29110) | 2.2 | LOW | CWE-209 | No | 0.0% | 1.54 | 2026-03-06 | Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.0, in non-debug mode Cryptomator m... |
| [CVE-2026-29091](https://nvd.nist.gov/vuln/detail/CVE-2026-29091) | 8.1 | HIGH | CWE-95 | No | 0.4% | 5.68 | 2026-03-06 | Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior to version 3.0.0, a... |
| [CVE-2026-29089](https://nvd.nist.gov/vuln/detail/CVE-2026-29089) | 8.8 | HIGH | CWE-426 | No | 0.0% | 6.16 | 2026-03-06 | TimescaleDB is a time-series database for high-performance real-time analytics packaged as a Postgres extension. From ve... |
| [CVE-2026-29087](https://nvd.nist.gov/vuln/detail/CVE-2026-29087) | 7.5 | HIGH | CWE-863 | No | 0.0% | 5.25 | 2026-03-06 | @hono/node-server allows running the Hono application on Node.js. Prior to version 1.19.10, when using @hono/node-server... |
| [CVE-2026-28514](https://nvd.nist.gov/vuln/detail/CVE-2026-28514) | 9.3 | CRITICAL | CWE-287 | No | 0.0% | 6.51 | 2026-03-06 | Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to versions 7.8.6, 7.9.8, 7.10.... |
| [CVE-2025-69651](https://nvd.nist.gov/vuln/detail/CVE-2025-69651) | 5.5 | MEDIUM | NVD-CWE-noinfo | No | 0.0% | 3.85 | 2026-03-06 | GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an invalid pointer free when processing a crafted... |
| [CVE-2025-69646](https://nvd.nist.gov/vuln/detail/CVE-2025-69646) | 5.5 | MEDIUM | CWE-400 | No | 0.0% | 3.85 | 2026-03-06 | Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug_... |
| [CVE-2025-69645](https://nvd.nist.gov/vuln/detail/CVE-2025-69645) | 5.5 | MEDIUM | CWE-400 | No | 0.0% | 3.85 | 2026-03-06 | Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug... |
| [CVE-2025-69644](https://nvd.nist.gov/vuln/detail/CVE-2025-69644) | 5.0 | MEDIUM | CWE-400 | No | 0.0% | 3.50 | 2026-03-06 | An issue was discovered in Binutils before 2.46. The objdump contains a denial-of-service vulnerability when processing... |
| [CVE-2026-29082](https://nvd.nist.gov/vuln/detail/CVE-2026-29082) | 7.3 | HIGH | CWE-79 | No | 0.0% | 5.11 | 2026-03-06 | Kestra is an event-driven orchestration platform. In versions from 1.1.10 and prior, Kestra’s execution-file preview ren... |
| [CVE-2026-29075](https://nvd.nist.gov/vuln/detail/CVE-2026-29075) | 8.3 | HIGH | CWE-94 | No | 0.1% | 5.81 | 2026-03-06 | Mesa is an open-source Python library for agent-based modeling, simulating complex systems and exploring emergent behavi... |
| [CVE-2026-29064](https://nvd.nist.gov/vuln/detail/CVE-2026-29064) | 8.2 | HIGH | CWE-22 | No | 0.0% | 5.74 | 2026-03-06 | Zarf is an Airgap Native Packager Manager for Kubernetes. From version 0.54.0 to before version 0.73.1, a path traversal... |
| [CVE-2025-70363](https://nvd.nist.gov/vuln/detail/CVE-2025-70363) | 7.5 | HIGH | CWE-284 | No | 0.1% | 5.25 | 2026-03-06 | Incorrect access control in the REST API of Ibexa & Ciril GROUP eZ Platform / Ciril Platform 2.x allows unauthenticated... |
| [CVE-2025-15602](https://nvd.nist.gov/vuln/detail/CVE-2025-15602) | 8.7 | HIGH | CWE-915 | No | 0.0% | 6.09 | 2026-03-06 | Snipe-IT versions prior to 8.3.7 contain sensitive user attributes related to account privileges that are insufficiently... |
| [CVE-2026-27777](https://nvd.nist.gov/vuln/detail/CVE-2026-27777) | 6.9 | MEDIUM | CWE-522 | No | 0.1% | 4.83 | 2026-03-06 | Charging station authentication identifiers are publicly accessible via web-based mapping platforms. |
| [CVE-2026-27764](https://nvd.nist.gov/vuln/detail/CVE-2026-27764) | 6.9 | MEDIUM | CWE-613 | No | 0.1% | 4.83 | 2026-03-06 | The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to... |
| [CVE-2026-27123](https://nvd.nist.gov/vuln/detail/CVE-2026-27123) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-03-06 | Rejected reason: Reason: This candidate was issued in error. |
| [CVE-2026-27027](https://nvd.nist.gov/vuln/detail/CVE-2026-27027) | 6.9 | MEDIUM | CWE-522 | No | 0.1% | 4.83 | 2026-03-06 | Charging station authentication identifiers are publicly accessible via web-based mapping platforms. |
| [CVE-2026-26288](https://nvd.nist.gov/vuln/detail/CVE-2026-26288) | 9.3 | CRITICAL | CWE-306 | No | 0.2% | 6.52 | 2026-03-06 | WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonat... |
| [CVE-2026-26018](https://nvd.nist.gov/vuln/detail/CVE-2026-26018) | 7.5 | HIGH | CWE-337 | No | 0.1% | 5.25 | 2026-03-06 | CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a denial of service vulnerability exists in CoreDN... |
| [CVE-2026-26017](https://nvd.nist.gov/vuln/detail/CVE-2026-26017) | 7.7 | HIGH | CWE-367 | No | 0.1% | 5.39 | 2026-03-06 | CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a logical vulnerability in CoreDNS allows DNS acce... |
| [CVE-2026-24696](https://nvd.nist.gov/vuln/detail/CVE-2026-24696) | 8.7 | HIGH | CWE-307 | No | 0.1% | 6.09 | 2026-03-06 | The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absenc... |
| [CVE-2026-20882](https://nvd.nist.gov/vuln/detail/CVE-2026-20882) | 8.7 | HIGH | CWE-307 | No | 0.1% | 6.09 | 2026-03-06 | The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absenc... |
| [CVE-2026-20748](https://nvd.nist.gov/vuln/detail/CVE-2026-20748) | 6.9 | MEDIUM | CWE-613 | No | 0.1% | 4.83 | 2026-03-06 | The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to... |
| [CVE-2026-2754](https://nvd.nist.gov/vuln/detail/CVE-2026-2754) | 7.5 | HIGH | CWE-306 | No | 0.0% | 5.25 | 2026-03-06 | Navtor NavBox exposes sensitive configuration and operational data due to missing authentication on HTTP API endpoints.... |
| [CVE-2026-2753](https://nvd.nist.gov/vuln/detail/CVE-2026-2753) | 7.5 | HIGH | CWE-36 | No | 0.1% | 5.25 | 2026-03-06 | An Absolute Path Traversal vulnerability exists in Navtor NavBox. The application exposes an HTTP service that fails to... |
| [CVE-2026-2752](https://nvd.nist.gov/vuln/detail/CVE-2026-2752) | 5.3 | MEDIUM | CWE-209 | No | 0.0% | 3.71 | 2026-03-06 | Navtor NavBox allows information disclosure via the /api/ais-data endpoint. A remote, unauthenticated attacker can send... |
| [CVE-2026-26051](https://nvd.nist.gov/vuln/detail/CVE-2026-26051) | 9.3 | CRITICAL | CWE-306 | No | 0.3% | 6.52 | 2026-03-06 | WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonat... |
| [CVE-2026-1799](https://nvd.nist.gov/vuln/detail/CVE-2026-1799) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-03-06 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate has been determined not to be a v... |
| [CVE-2022-4947](https://nvd.nist.gov/vuln/detail/CVE-2022-4947) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-03-06 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-32111. Reason: This candidate is a... |
| [CVE-2018-25200](https://nvd.nist.gov/vuln/detail/CVE-2018-25200) | 6.9 | MEDIUM | CWE-352 | No | 0.1% | 4.83 | 2026-03-06 | OOP CMS BLOG 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create adm... |
| [CVE-2018-25199](https://nvd.nist.gov/vuln/detail/CVE-2018-25199) | 8.8 | HIGH | CWE-89 | No | 0.2% | 6.17 | 2026-03-06 | OOP CMS BLOG 1.0 contains SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL qu... |
| [CVE-2018-25198](https://nvd.nist.gov/vuln/detail/CVE-2018-25198) | 6.9 | MEDIUM | CWE-787 | No | 0.0% | 4.83 | 2026-03-06 | eToolz 3.4.8.0 contains a denial of service vulnerability that allows local attackers to crash the application by supply... |
| [CVE-2018-25197](https://nvd.nist.gov/vuln/detail/CVE-2018-25197) | 8.8 | HIGH | CWE-89 | No | 0.1% | 6.16 | 2026-03-06 | PlayJoom 0.10.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL q... |
| [CVE-2018-25196](https://nvd.nist.gov/vuln/detail/CVE-2018-25196) | 8.8 | HIGH | CWE-89 | No | 0.3% | 6.17 | 2026-03-06 | ServerZilla 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database que... |
| [CVE-2018-25194](https://nvd.nist.gov/vuln/detail/CVE-2018-25194) | 8.8 | HIGH | CWE-22 | No | 0.2% | 6.17 | 2026-03-06 | Nominas 0.27 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL quer... |
| [CVE-2018-25193](https://nvd.nist.gov/vuln/detail/CVE-2018-25193) | 8.7 | HIGH | CWE-1188 | No | 0.1% | 6.09 | 2026-03-06 | Mongoose Web Server 6.9 contains a denial of service vulnerability that allows remote attackers to crash the service by... |
| [CVE-2018-25192](https://nvd.nist.gov/vuln/detail/CVE-2018-25192) | 8.8 | HIGH | CWE-89 | No | 0.3% | 6.17 | 2026-03-06 | GPS Tracking System 2.12 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authent... |
| [CVE-2018-25191](https://nvd.nist.gov/vuln/detail/CVE-2018-25191) | 7.1 | HIGH | CWE-89 | No | 0.0% | 4.97 | 2026-03-06 | Facturation System 1.0 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary... |
| [CVE-2018-25190](https://nvd.nist.gov/vuln/detail/CVE-2018-25190) | 6.9 | MEDIUM | CWE-352 | No | 0.0% | 4.83 | 2026-03-06 | Easyndexer 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create admin... |
| [CVE-2018-25189](https://nvd.nist.gov/vuln/detail/CVE-2018-25189) | 8.8 | HIGH | CWE-89 | No | 0.1% | 6.16 | 2026-03-06 | Data Center Audit 2.6.2 contains an SQL injection vulnerability in the username parameter of dca_login.php that allows u... |
| [CVE-2018-25188](https://nvd.nist.gov/vuln/detail/CVE-2018-25188) | 8.8 | HIGH | CWE-89 | No | 0.1% | 6.16 | 2026-03-06 | Webiness Inventory 2.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrar... |
| [CVE-2018-25187](https://nvd.nist.gov/vuln/detail/CVE-2018-25187) | 8.8 | HIGH | CWE-89 | No | 0.1% | 6.16 | 2026-03-06 | Tina4 Stack 1.0.3 contains multiple vulnerabilities allowing unauthenticated attackers to access sensitive database file... |
| [CVE-2018-25186](https://nvd.nist.gov/vuln/detail/CVE-2018-25186) | 6.9 | MEDIUM | CWE-352 | No | 0.0% | 4.83 | 2026-03-06 | Tina4 Stack 1.0.3 contains a cross-site request forgery vulnerability that allows attackers to modify admin user credent... |
| [CVE-2018-25184](https://nvd.nist.gov/vuln/detail/CVE-2018-25184) | 6.9 | MEDIUM | CWE-22 | No | 0.1% | 4.83 | 2026-03-06 | Surreal ToDo 0.6.1.2 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitra... |
| [CVE-2018-25182](https://nvd.nist.gov/vuln/detail/CVE-2018-25182) | 8.8 | HIGH | CWE-89 | No | 0.1% | 6.16 | 2026-03-06 | Silurus Classifieds Script 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute... |
| [CVE-2018-25181](https://nvd.nist.gov/vuln/detail/CVE-2018-25181) | 8.7 | HIGH | CWE-22 | No | 0.8% | 6.11 | 2026-03-06 | Musicco 2.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary direct... |
| [CVE-2018-25180](https://nvd.nist.gov/vuln/detail/CVE-2018-25180) | 7.1 | HIGH | CWE-89 | No | 0.0% | 4.97 | 2026-03-06 | Maitra 1.7.2 contains an sql injection vulnerability that allows authenticated attackers to execute arbitrary SQL querie... |
| [CVE-2018-25179](https://nvd.nist.gov/vuln/detail/CVE-2018-25179) | 8.8 | HIGH | CWE-89 | No | 0.1% | 6.16 | 2026-03-06 | Gumbo CMS 0.99 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL qu... |
| [CVE-2018-25178](https://nvd.nist.gov/vuln/detail/CVE-2018-25178) | 8.7 | HIGH | CWE-22 | No | 0.4% | 6.10 | 2026-03-06 | Easyndexer 1.0 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensi... |
| [CVE-2018-25177](https://nvd.nist.gov/vuln/detail/CVE-2018-25177) | 6.9 | MEDIUM | CWE-352 | No | 0.0% | 4.83 | 2026-03-06 | Data Center Audit 2.6.2 contains a cross-site request forgery vulnerability that allows attackers to reset administrator... |
| [CVE-2018-25176](https://nvd.nist.gov/vuln/detail/CVE-2018-25176) | 8.8 | HIGH | CWE-352 | No | 0.1% | 6.16 | 2026-03-06 | Alive Parish 2.0.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQ... |
| [CVE-2018-25175](https://nvd.nist.gov/vuln/detail/CVE-2018-25175) | 8.8 | HIGH | CWE-89 | No | 0.1% | 6.16 | 2026-03-06 | Alienor Web Libre 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary... |
| [CVE-2018-25174](https://nvd.nist.gov/vuln/detail/CVE-2018-25174) | 6.9 | MEDIUM | CWE-352 | No | 0.0% | 4.83 | 2026-03-06 | ABC ERP 0.6.4 contains a cross-site request forgery vulnerability that allows attackers to modify administrator credenti... |
| [CVE-2018-25173](https://nvd.nist.gov/vuln/detail/CVE-2018-25173) | 8.8 | HIGH | CWE-89 | No | 0.1% | 6.16 | 2026-03-06 | Rmedia SMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database informa... |
| [CVE-2018-25172](https://nvd.nist.gov/vuln/detail/CVE-2018-25172) | 8.8 | HIGH | CWE-89 | No | 0.1% | 6.16 | 2026-03-06 | Pedidos 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queri... |
| [CVE-2018-25171](https://nvd.nist.gov/vuln/detail/CVE-2018-25171) | 8.8 | HIGH | CWE-434 | No | 0.1% | 6.16 | 2026-03-06 | EdTv 2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by... |
| [CVE-2018-25170](https://nvd.nist.gov/vuln/detail/CVE-2018-25170) | 8.8 | HIGH | CWE-352 | No | 0.0% | 6.16 | 2026-03-06 | DoceboLMS 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queri... |
| [CVE-2018-25169](https://nvd.nist.gov/vuln/detail/CVE-2018-25169) | 8.7 | HIGH | CWE-1188 | No | 0.2% | 6.09 | 2026-03-06 | AMPPS 2.7 contains a denial of service vulnerability that allows remote attackers to crash the service by sending malfor... |
| [CVE-2018-25168](https://nvd.nist.gov/vuln/detail/CVE-2018-25168) | 5.3 | MEDIUM | CWE-434 | No | 0.1% | 3.71 | 2026-03-06 | Precurio Intranet Portal 2.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers t... |
| [CVE-2018-25167](https://nvd.nist.gov/vuln/detail/CVE-2018-25167) | 8.8 | HIGH | CWE-89 | No | 0.1% | 6.16 | 2026-03-06 | Net-Billetterie 2.9 contains an SQL injection vulnerability in the login parameter of login.inc.php that allows unauthen... |
| [CVE-2018-25166](https://nvd.nist.gov/vuln/detail/CVE-2018-25166) | 8.8 | HIGH | CWE-89 | No | 0.1% | 6.16 | 2026-03-06 | Meneame English Pligg 5.8 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbit... |
| [CVE-2018-25165](https://nvd.nist.gov/vuln/detail/CVE-2018-25165) | 7.1 | HIGH | CWE-89 | No | 0.0% | 4.97 | 2026-03-06 | Galaxy Forces MMORPG 0.5.8 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitr... |
| [CVE-2018-25164](https://nvd.nist.gov/vuln/detail/CVE-2018-25164) | 8.7 | HIGH | CWE-552 | No | 0.1% | 6.09 | 2026-03-06 | EverSync 0.5 contains an arbitrary file download vulnerability that allows unauthenticated attackers to access sensitive... |
| [CVE-2018-25163](https://nvd.nist.gov/vuln/detail/CVE-2018-25163) | 8.8 | HIGH | CWE-89 | No | 0.1% | 6.16 | 2026-03-06 | BitZoom 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queri... |
| [CVE-2018-25162](https://nvd.nist.gov/vuln/detail/CVE-2018-25162) | 7.1 | HIGH | CWE-434 | No | 0.1% | 4.97 | 2026-03-06 | 2-Plan Team 1.0.4 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload executab... |
| [CVE-2018-25161](https://nvd.nist.gov/vuln/detail/CVE-2018-25161) | 8.8 | HIGH | CWE-89 | No | 0.1% | 6.16 | 2026-03-06 | Warranty Tracking System 11.06.3 contains an SQL injection vulnerability that allows attackers to execute arbitrary SQL... |
| [CVE-2026-28106](https://nvd.nist.gov/vuln/detail/CVE-2026-28106) | 4.7 | MEDIUM | CWE-601 | No | 0.0% | 3.29 | 2026-03-06 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Kings Plugins B2BKing Premium allows Phishing.This... |
| [CVE-2026-28080](https://nvd.nist.gov/vuln/detail/CVE-2026-28080) | 4.3 | MEDIUM | CWE-862 | No | 0.0% | 3.01 | 2026-03-06 | Missing Authorization vulnerability in Rank Math Rank Math SEO PRO allows Exploiting Incorrectly Configured Access Contr... |
| [CVE-2024-35644](https://nvd.nist.gov/vuln/detail/CVE-2024-35644) | 5.9 | MEDIUM | CWE-79 | No | 0.1% | 4.13 | 2026-03-06 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pascal Birc... |
| [CVE-2026-3589](https://nvd.nist.gov/vuln/detail/CVE-2026-3589) | 7.5 | HIGH | CWE-352 | No | 0.0% | 5.25 | 2026-03-06 | The WooCommerce WordPress plugin from versions 5.4.0 to 10.5.2 does not properly handle batch requests, which could allo... |
| [CVE-2026-23925](https://nvd.nist.gov/vuln/detail/CVE-2026-23925) | 5.1 | MEDIUM | CWE-863 | No | 0.0% | 3.57 | 2026-03-06 | An authenticated Zabbix user (User role) with template/host write permissions is able to create objects via the configur... |
| [CVE-2026-2830](https://nvd.nist.gov/vuln/detail/CVE-2026-2830) | 6.1 | MEDIUM | CWE-94 | No | 0.1% | 4.27 | 2026-03-06 | The WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets plugin for WordPress is vulnerable to Reflect... |
| [CVE-2026-2331](https://nvd.nist.gov/vuln/detail/CVE-2026-2331) | 9.8 | CRITICAL | CWE-552 | No | 0.1% | 6.86 | 2026-03-06 | An attacker may perform unauthenticated read and write operations on sensitive filesystem areas via the AppEngine Fileac... |
| [CVE-2026-2330](https://nvd.nist.gov/vuln/detail/CVE-2026-2330) | 9.4 | CRITICAL | CWE-552 | No | 0.1% | 6.58 | 2026-03-06 | An attacker may access restricted filesystem areas on the device via the CROWN REST interface due to incomplete whitelis... |
| [CVE-2026-29183](https://nvd.nist.gov/vuln/detail/CVE-2026-29183) | 9.3 | CRITICAL | CWE-79 | No | 0.2% | 6.52 | 2026-03-06 | SiYuan is a personal knowledge management system. Prior to version 3.5.9, an unauthenticated reflected XSS vulnerability... |
| [CVE-2026-29074](https://nvd.nist.gov/vuln/detail/CVE-2026-29074) | 7.5 | HIGH | CWE-776 | No | 0.1% | 5.25 | 2026-03-06 | SVGO, short for SVG Optimizer, is a Node.js library and command-line application for optimizing SVG files. From version... |
| [CVE-2026-29073](https://nvd.nist.gov/vuln/detail/CVE-2026-29073) | 5.7 | MEDIUM | CWE-89 | No | 0.1% | 3.99 | 2026-03-06 | SiYuan is a personal knowledge management system. Prior to version 3.6.0, the /api/query/sql lets a user run sql directl... |
| [CVE-2026-29062](https://nvd.nist.gov/vuln/detail/CVE-2026-29062) | 8.7 | HIGH | CWE-770 | No | 0.0% | 6.09 | 2026-03-06 | jackson-core contains core low-level incremental ("streaming") parser and generator abstractions used by Jackson Data Pr... |
| [CVE-2026-29059](https://nvd.nist.gov/vuln/detail/CVE-2026-29059) | 6.9 | MEDIUM | CWE-22 | No | 0.0% | 4.83 | 2026-03-06 | Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Prior to vers... |
| [CVE-2026-29068](https://nvd.nist.gov/vuln/detail/CVE-2026-29068) | 8.7 | HIGH | CWE-121 | No | 0.1% | 6.09 | 2026-03-06 | PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, there is a stack b... |
| [CVE-2026-29065](https://nvd.nist.gov/vuln/detail/CVE-2026-29065) | 8.8 | HIGH | CWE-22 | No | 0.1% | 6.16 | 2026-03-06 | changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, a Zip Slip vulnerabili... |
| [CVE-2026-29058](https://nvd.nist.gov/vuln/detail/CVE-2026-29058) | 9.8 | CRITICAL | CWE-78 | No | 50.9% | 8.39 | 2026-03-06 | AVideo is a video-sharing Platform software. Prior to version 7.0, an unauthenticated attacker can execute arbitrary OS... |
| [CVE-2026-29049](https://nvd.nist.gov/vuln/detail/CVE-2026-29049) | 4.3 | MEDIUM | CWE-400 | No | 0.0% | 3.01 | 2026-03-06 | melange allows users to build apk packages using declarative pipelines. In version 0.40.5 and prior, melange update-cach... |
| [CVE-2026-29048](https://nvd.nist.gov/vuln/detail/CVE-2026-29048) | 6.9 | MEDIUM | CWE-79 | No | 0.0% | 4.83 | 2026-03-06 | HumHub is an Open Source Enterprise Social Network. In version 1.18.0, a cross-site scripting vulnerability was identifi... |
| [CVE-2026-29042](https://nvd.nist.gov/vuln/detail/CVE-2026-29042) | 8.9 | HIGH | CWE-75 | No | 0.7% | 6.25 | 2026-03-06 | Nuclio is a "Serverless" framework for Real-Time Events and Data Processing. Prior to version 1.15.20, the Nuclio Shell... |
| [CVE-2026-29039](https://nvd.nist.gov/vuln/detail/CVE-2026-29039) | 8.8 | HIGH | CWE-94 | No | 0.0% | 6.16 | 2026-03-06 | changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, the changedetection.io... |
| [CVE-2026-29038](https://nvd.nist.gov/vuln/detail/CVE-2026-29038) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-03-06 | changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, there is a reflected c... |
| [CVE-2026-28804](https://nvd.nist.gov/vuln/detail/CVE-2026-28804) | 6.9 | MEDIUM | CWE-407 | No | 0.0% | 4.83 | 2026-03-06 | pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.5, an attacker who uses this vulnerability... |
| [CVE-2026-28802](https://nvd.nist.gov/vuln/detail/CVE-2026-28802) | 7.7 | HIGH | CWE-347 | No | 0.0% | 5.39 | 2026-03-06 | Authlib is a Python library which builds OAuth and OpenID Connect servers. From version 1.6.5 to before version 1.6.7, p... |
| [CVE-2026-28801](https://nvd.nist.gov/vuln/detail/CVE-2026-28801) | 6.6 | MEDIUM | CWE-94 | No | 0.0% | 4.62 | 2026-03-06 | Natro Macro is an open-source Bee Swarm Simulator macro written in AutoHotkey. Prior to version 1.1.0, any ahk code cont... |
| [CVE-2026-28800](https://nvd.nist.gov/vuln/detail/CVE-2026-28800) | 6.4 | MEDIUM | CWE-22 | No | 0.0% | 4.48 | 2026-03-06 | Natro Macro is an open-source Bee Swarm Simulator macro written in AutoHotkey. Prior to version 1.1.0, anyone with Disco... |
| [CVE-2026-28799](https://nvd.nist.gov/vuln/detail/CVE-2026-28799) | 8.7 | HIGH | CWE-416 | No | 0.1% | 6.09 | 2026-03-06 | PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, a heap use-after-f... |
| [CVE-2026-28795](https://nvd.nist.gov/vuln/detail/CVE-2026-28795) | 8.7 | HIGH | CWE-22 | No | 0.1% | 6.09 | 2026-03-06 | OpenChatBI is an intelligent chat-based BI tool powered by large language models, designed to help users query, analyze,... |
| [CVE-2026-28438](https://nvd.nist.gov/vuln/detail/CVE-2026-28438) | 6.9 | MEDIUM | CWE-89 | No | 0.0% | 4.83 | 2026-03-06 | CocoIndex is a data transformation framework for AI. Prior to version 0.3.34, the Doris target connector didn't verify t... |
| [CVE-2026-2446](https://nvd.nist.gov/vuln/detail/CVE-2026-2446) | 9.8 | CRITICAL | CWE-862 | No | 0.1% | 6.86 | 2026-03-06 | The PowerPack for LearnDash WordPress plugin before 1.3.0 does not have authorization and CRSF checks in an AJAX action,... |
| [CVE-2026-1128](https://nvd.nist.gov/vuln/detail/CVE-2026-1128) | 4.3 | MEDIUM | CWE-352 | No | 0.0% | 3.01 | 2026-03-06 | The WP eCommerce WordPress plugin through 3.15.1 does not have CSRF check in place when deleting coupons, which could al... |
| [CVE-2026-29084](https://nvd.nist.gov/vuln/detail/CVE-2026-29084) | 4.6 | MEDIUM | CWE-352 | No | 0.0% | 3.22 | 2026-03-06 | Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, th... |
| [CVE-2026-29061](https://nvd.nist.gov/vuln/detail/CVE-2026-29061) | 5.4 | MEDIUM | CWE-284 | No | 0.0% | 3.78 | 2026-03-06 | Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, a... |
| [CVE-2026-29060](https://nvd.nist.gov/vuln/detail/CVE-2026-29060) | 5.0 | MEDIUM | CWE-284 | No | 0.0% | 3.50 | 2026-03-06 | Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, a... |
| [CVE-2026-28794](https://nvd.nist.gov/vuln/detail/CVE-2026-28794) | 9.3 | CRITICAL | CWE-1321 | No | 0.8% | 6.53 | 2026-03-06 | oRPC is an tool that helps build APIs that are end-to-end type-safe and adhere to OpenAPI standards. Prior to version 1.... |
| [CVE-2026-28787](https://nvd.nist.gov/vuln/detail/CVE-2026-28787) | 8.2 | HIGH | CWE-287 | No | 0.0% | 5.74 | 2026-03-06 | OneUptime is a solution for monitoring and managing online services. In version 10.0.11 and prior, the WebAuthn authenti... |
| [CVE-2026-28785](https://nvd.nist.gov/vuln/detail/CVE-2026-28785) | 9.3 | CRITICAL | CWE-89 | No | 0.1% | 6.51 | 2026-03-06 | Ghostfolio is an open source wealth management software. Prior to version 2.244.0, by bypassing symbol validation, an at... |
| [CVE-2026-28685](https://nvd.nist.gov/vuln/detail/CVE-2026-28685) | 6.5 | MEDIUM | CWE-285 | No | 0.0% | 4.55 | 2026-03-06 | Kimai is a web-based multi-user time-tracking application. Prior to version 2.51.0, "GET /api/invoices/{id}" only checks... |
| [CVE-2026-28683](https://nvd.nist.gov/vuln/detail/CVE-2026-28683) | 8.7 | HIGH | CWE-79 | No | 0.0% | 6.09 | 2026-03-06 | Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, if... |
| [CVE-2026-28682](https://nvd.nist.gov/vuln/detail/CVE-2026-28682) | 6.4 | MEDIUM | CWE-200 | No | 0.0% | 4.48 | 2026-03-06 | Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, th... |
| [CVE-2026-28681](https://nvd.nist.gov/vuln/detail/CVE-2026-28681) | 8.1 | HIGH | CWE-601 | No | 0.1% | 5.67 | 2026-03-06 | Internet Routing Registry daemon version 4 is an IRR database server, processing IRR objects in the RPSL format. From ve... |
| [CVE-2026-28680](https://nvd.nist.gov/vuln/detail/CVE-2026-28680) | 9.3 | CRITICAL | CWE-918 | No | 0.1% | 6.51 | 2026-03-06 | Ghostfolio is an open source wealth management software. Prior to version 2.245.0, an attacker can exploit the manual as... |
| [CVE-2026-28679](https://nvd.nist.gov/vuln/detail/CVE-2026-28679) | 8.6 | HIGH | CWE-22 | No | 0.1% | 6.02 | 2026-03-06 | Home-Gallery.org is a self-hosted open-source web gallery to browse personal photos and videos. Prior to version 1.21.0,... |
| [CVE-2026-28677](https://nvd.nist.gov/vuln/detail/CVE-2026-28677) | 8.2 | HIGH | CWE-918 | No | 0.1% | 5.74 | 2026-03-06 | OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version... |
| [CVE-2026-28676](https://nvd.nist.gov/vuln/detail/CVE-2026-28676) | 8.8 | HIGH | CWE-22 | No | 0.1% | 6.16 | 2026-03-06 | OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version... |
| [CVE-2026-28675](https://nvd.nist.gov/vuln/detail/CVE-2026-28675) | 5.3 | MEDIUM | CWE-200 | No | 0.0% | 3.71 | 2026-03-06 | OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version... |
| [CVE-2026-28509](https://nvd.nist.gov/vuln/detail/CVE-2026-28509) | 6.3 | MEDIUM | CWE-79 | No | 0.0% | 4.41 | 2026-03-06 | LangBot is a global IM bot platform designed for LLMs. Prior to version 4.8.7, LangBot’s web UI renders user-supplied ra... |
| [CVE-2026-28508](https://nvd.nist.gov/vuln/detail/CVE-2026-28508) | 9.2 | CRITICAL | CWE-918 | No | 0.1% | 6.44 | 2026-03-06 | Idno is a social publishing platform. Prior to version 1.6.4, a logic error in the API authentication flow causes the CS... |
| [CVE-2026-28507](https://nvd.nist.gov/vuln/detail/CVE-2026-28507) | 8.6 | HIGH | CWE-78 | No | 0.5% | 6.03 | 2026-03-06 | Idno is a social publishing platform. Prior to version 1.6.4, there is a remote code execution vulnerability via chained... |
| [CVE-2026-28429](https://nvd.nist.gov/vuln/detail/CVE-2026-28429) | 7.5 | HIGH | CWE-22 | No | 0.5% | 5.27 | 2026-03-06 | Talishar is a fan-made Flesh and Blood project. Prior to commit 6be3871, a Path Traversal vulnerability was identified i... |
| [CVE-2026-28428](https://nvd.nist.gov/vuln/detail/CVE-2026-28428) | 5.3 | MEDIUM | CWE-287 | No | 0.2% | 3.72 | 2026-03-06 | Talishar is a fan-made Flesh and Blood project. Prior to commit a9c218e, an authentication bypass vulnerability in Talis... |
| [CVE-2026-27605](https://nvd.nist.gov/vuln/detail/CVE-2026-27605) | 6.3 | MEDIUM | CWE-79 | No | 0.1% | 4.41 | 2026-03-06 | Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create c... |
| [CVE-2026-27603](https://nvd.nist.gov/vuln/detail/CVE-2026-27603) | 8.7 | HIGH | CWE-306 | No | 0.1% | 6.09 | 2026-03-06 | Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create c... |
| [CVE-2026-27005](https://nvd.nist.gov/vuln/detail/CVE-2026-27005) | 8.8 | HIGH | CWE-89 | No | 0.2% | 6.17 | 2026-03-06 | Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create c... |
| [CVE-2026-25888](https://nvd.nist.gov/vuln/detail/CVE-2026-25888) | 8.8 | HIGH | CWE-94 | No | 0.4% | 6.17 | 2026-03-06 | Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create c... |
| [CVE-2026-25887](https://nvd.nist.gov/vuln/detail/CVE-2026-25887) | 7.2 | HIGH | CWE-94 | No | 0.1% | 5.04 | 2026-03-06 | Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create c... |
| [CVE-2026-25877](https://nvd.nist.gov/vuln/detail/CVE-2026-25877) | 6.5 | MEDIUM | CWE-284 | No | 0.0% | 4.55 | 2026-03-06 | Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create c... |
| [CVE-2026-29093](https://nvd.nist.gov/vuln/detail/CVE-2026-29093) | 8.1 | HIGH | CWE-287 | No | 0.1% | 5.67 | 2026-03-06 | WWBN AVideo is an open source video platform. Prior to version 24.0, the official docker-compose.yml publishes the memca... |
| [CVE-2026-29046](https://nvd.nist.gov/vuln/detail/CVE-2026-29046) | 9.2 | CRITICAL | CWE-20 | No | 0.2% | 6.45 | 2026-03-06 | TinyWeb is a web server (HTTP, HTTPS) written in Delphi for Win32. Prior to version 2.04, TinyWeb accepts request header... |
| [CVE-2026-29041](https://nvd.nist.gov/vuln/detail/CVE-2026-29041) | 8.8 | HIGH | CWE-434 | No | 0.2% | 6.16 | 2026-03-06 | Chamilo is a learning management system. Prior to version 1.11.34, Chamilo LMS is affected by an authenticated remote co... |
| [CVE-2026-28502](https://nvd.nist.gov/vuln/detail/CVE-2026-28502) | 9.3 | CRITICAL | CWE-434 | No | 0.3% | 6.52 | 2026-03-06 | WWBN AVideo is an open source video platform. Prior to version 24.0, an authenticated Remote Code Execution (RCE) vulner... |
| [CVE-2026-28501](https://nvd.nist.gov/vuln/detail/CVE-2026-28501) | 9.8 | CRITICAL | CWE-89 | No | 20.9% | 7.49 | 2026-03-06 | WWBN AVideo is an open source video platform. Prior to version 24.0, an unauthenticated SQL Injection vulnerability exis... |
| [CVE-2026-28497](https://nvd.nist.gov/vuln/detail/CVE-2026-28497) | 9.3 | CRITICAL | CWE-190 | No | 0.2% | 6.52 | 2026-03-06 | TinyWeb is a web server (HTTP, HTTPS) written in Delphi for Win32. Prior to version 2.03, an integer overflow vulnerabil... |
| [CVE-2026-27807](https://nvd.nist.gov/vuln/detail/CVE-2026-27807) | 4.9 | MEDIUM | CWE-776 | No | 0.1% | 3.43 | 2026-03-06 | MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.4, MarkUs allows... |
| [CVE-2026-25962](https://nvd.nist.gov/vuln/detail/CVE-2026-25962) | 6.5 | MEDIUM | CWE-409 | No | 0.1% | 4.55 | 2026-03-06 | MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.4, MarkUs curren... |
| [CVE-2025-59544](https://nvd.nist.gov/vuln/detail/CVE-2025-59544) | 6.9 | MEDIUM | CWE-862 | No | 0.0% | 4.83 | 2026-03-06 | Chamilo is a learning management system. Prior to version 1.11.34, the functionality for the user to update the category... |
| [CVE-2025-59543](https://nvd.nist.gov/vuln/detail/CVE-2025-59543) | 9.0 | CRITICAL | CWE-79 | No | 0.1% | 6.30 | 2026-03-06 | Chamilo is a learning management system. Prior to version 1.11.34, there is a stored cross-site scripting (XSS) vulnerab... |
| [CVE-2025-59542](https://nvd.nist.gov/vuln/detail/CVE-2025-59542) | 9.0 | CRITICAL | CWE-79 | No | 0.1% | 6.30 | 2026-03-06 | Chamilo is a learning management system. Prior to version 1.11.34, there is a stored cross-site scripting (XSS) vulnerab... |
| [CVE-2025-59541](https://nvd.nist.gov/vuln/detail/CVE-2025-59541) | 8.1 | HIGH | CWE-352 | No | 0.0% | 5.67 | 2026-03-06 | Chamilo is a learning management system. Prior to version 1.11.34, a Cross-Site Request Forgery (CSRF) vulnerability all... |
| [CVE-2025-59540](https://nvd.nist.gov/vuln/detail/CVE-2025-59540) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-03-06 | Chamilo is a learning management system. Prior to version 1.11.34, a stored XSS vulnerability exists in Chamilo LMS that... |
| [CVE-2025-55289](https://nvd.nist.gov/vuln/detail/CVE-2025-55289) | 8.8 | HIGH | CWE-79 | No | 0.1% | 6.16 | 2026-03-06 | Chamilo is a learning management system. Prior to version 1.11.34, there is a stored XSS vulnerability in Chamilo LMS (V... |
| [CVE-2026-3616](https://nvd.nist.gov/vuln/detail/CVE-2026-3616) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-03-06 | A vulnerability was detected in DefaultFuction Jeson Customer Relationship Management System 1.0.0. Impacted is an unkno... |
| [CVE-2026-3613](https://nvd.nist.gov/vuln/detail/CVE-2026-3613) | 7.3 | HIGH | CWE-119 | No | 0.1% | 5.11 | 2026-03-06 | A vulnerability was identified in Wavlink WL-NU516U1 V240425. This vulnerability affects the function sub_401A0C of the... |
| [CVE-2026-3612](https://nvd.nist.gov/vuln/detail/CVE-2026-3612) | 7.3 | HIGH | CWE-74 | No | 0.4% | 5.12 | 2026-03-06 | A vulnerability was determined in Wavlink WL-NU516U1 V240425. This affects the function sub_405AF4 of the file /cgi-bin/... |
| [CVE-2026-3610](https://nvd.nist.gov/vuln/detail/CVE-2026-3610) | 5.3 | MEDIUM | CWE-79 | No | 0.0% | 3.71 | 2026-03-06 | A vulnerability was found in HSC Cybersecurity Mailinspector up to 5.3.2-3. Affected by this issue is some unknown funct... |
| [CVE-2026-2589](https://nvd.nist.gov/vuln/detail/CVE-2026-2589) | 5.3 | MEDIUM | CWE-200 | No | 0.0% | 3.71 | 2026-03-06 | The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Sensitive Information Exposure... |
| [CVE-2026-28727](https://nvd.nist.gov/vuln/detail/CVE-2026-28727) | 7.8 | HIGH | CWE-276 | No | 0.0% | 5.46 | 2026-03-06 | Local privilege escalation due to insecure Unix socket permissions. The following products are affected: Acronis Cyber P... |
| [CVE-2026-28726](https://nvd.nist.gov/vuln/detail/CVE-2026-28726) | 4.3 | MEDIUM | CWE-863 | No | 0.0% | 3.01 | 2026-03-06 | Sensitive information disclosure due to improper access control. The following products are affected: Acronis Cyber Prot... |
| [CVE-2026-28725](https://nvd.nist.gov/vuln/detail/CVE-2026-28725) | 5.5 | MEDIUM | CWE-732 | No | 0.0% | 3.85 | 2026-03-06 | Sensitive information disclosure due to improper configuration of a headless browser. The following products are affecte... |
| [CVE-2026-28724](https://nvd.nist.gov/vuln/detail/CVE-2026-28724) | 4.3 | MEDIUM | CWE-863 | No | 0.0% | 3.01 | 2026-03-06 | Unauthorized data access due to insufficient access control validation. The following products are affected: Acronis Cyb... |
| [CVE-2026-28723](https://nvd.nist.gov/vuln/detail/CVE-2026-28723) | 4.3 | MEDIUM | CWE-863 | No | 0.0% | 3.01 | 2026-03-06 | Unauthorized report deletion due to insufficient access control. The following products are affected: Acronis Cyber Prot... |
| [CVE-2026-28722](https://nvd.nist.gov/vuln/detail/CVE-2026-28722) | 7.3 | HIGH | CWE-610 | No | 0.0% | 5.11 | 2026-03-06 | Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protec... |
| [CVE-2026-28721](https://nvd.nist.gov/vuln/detail/CVE-2026-28721) | 7.3 | HIGH | CWE-610 | No | 0.0% | 5.11 | 2026-03-06 | Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protec... |
| [CVE-2026-28720](https://nvd.nist.gov/vuln/detail/CVE-2026-28720) | 4.3 | MEDIUM | CWE-863 | No | 0.0% | 3.01 | 2026-03-06 | Unauthorized modification of settings due to insufficient authorization checks. The following products are affected: Acr... |
| [CVE-2026-28719](https://nvd.nist.gov/vuln/detail/CVE-2026-28719) | 4.3 | MEDIUM | CWE-863 | No | 0.0% | 3.01 | 2026-03-06 | Unauthorized resource manipulation due to improper authorization checks. The following products are affected: Acronis Cy... |
| [CVE-2026-28718](https://nvd.nist.gov/vuln/detail/CVE-2026-28718) | 7.5 | HIGH | CWE-779 | No | 0.1% | 5.25 | 2026-03-06 | Denial of service due to insufficient input validation in authentication logging. The following products are affected: A... |
| [CVE-2026-28717](https://nvd.nist.gov/vuln/detail/CVE-2026-28717) | 5.0 | MEDIUM | CWE-276 | No | 0.0% | 3.50 | 2026-03-06 | Local privilege escalation due to improper directory permissions. The following products are affected: Acronis Cyber Pro... |
| [CVE-2026-28716](https://nvd.nist.gov/vuln/detail/CVE-2026-28716) | 4.4 | MEDIUM | CWE-863 | No | 0.0% | 3.08 | 2026-03-06 | Information disclosure and manipulation due to improper authorization checks. The following products are affected: Acron... |
| [CVE-2026-28715](https://nvd.nist.gov/vuln/detail/CVE-2026-28715) | 6.5 | MEDIUM | CWE-863 | No | 0.0% | 4.55 | 2026-03-06 | Sensitive information disclosure due to improper authorization checks. The following products are affected: Acronis Cybe... |
| [CVE-2026-28714](https://nvd.nist.gov/vuln/detail/CVE-2026-28714) | 4.8 | MEDIUM | CWE-522 | No | 0.0% | 3.36 | 2026-03-06 | Unnecessary transmission of sensitive cryptographic material. The following products are affected: Acronis Cyber Protect... |
| [CVE-2026-28713](https://nvd.nist.gov/vuln/detail/CVE-2026-28713) | 7.1 | HIGH | CWE-1392 | No | 0.1% | 4.97 | 2026-03-06 | Default credentials set for local privileged user in Virtual Appliance. The following products are affected: Acronis Cyb... |
| [CVE-2026-28712](https://nvd.nist.gov/vuln/detail/CVE-2026-28712) | 6.3 | MEDIUM | CWE-427 | No | 0.0% | 4.41 | 2026-03-06 | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protec... |
| [CVE-2026-28711](https://nvd.nist.gov/vuln/detail/CVE-2026-28711) | 6.3 | MEDIUM | CWE-427 | No | 0.0% | 4.41 | 2026-03-06 | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protec... |
| [CVE-2026-28710](https://nvd.nist.gov/vuln/detail/CVE-2026-28710) | 9.8 | CRITICAL | CWE-1390 | No | 0.1% | 6.86 | 2026-03-06 | Sensitive information disclosure and manipulation due to improper authentication. The following products are affected: A... |
| [CVE-2026-28709](https://nvd.nist.gov/vuln/detail/CVE-2026-28709) | 4.3 | MEDIUM | CWE-863 | No | 0.0% | 3.01 | 2026-03-06 | Unauthorized resource manipulation due to improper authorization checks. The following products are affected: Acronis Cy... |
| [CVE-2026-27778](https://nvd.nist.gov/vuln/detail/CVE-2026-27778) | 8.7 | HIGH | CWE-307 | No | 0.1% | 6.09 | 2026-03-06 | The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absenc... |
| [CVE-2026-27770](https://nvd.nist.gov/vuln/detail/CVE-2026-27770) | 6.9 | MEDIUM | CWE-522 | No | 0.1% | 4.83 | 2026-03-06 | Charging station authentication identifiers are publicly accessible via web-based mapping platforms. |
| [CVE-2026-22552](https://nvd.nist.gov/vuln/detail/CVE-2026-22552) | 9.3 | CRITICAL | CWE-306 | No | 0.2% | 6.52 | 2026-03-06 | WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonat... |
| [CVE-2025-30413](https://nvd.nist.gov/vuln/detail/CVE-2025-30413) | 4.4 | MEDIUM | CWE-732 | No | 0.0% | 3.08 | 2026-03-06 | Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber... |
| [CVE-2025-11792](https://nvd.nist.gov/vuln/detail/CVE-2025-11792) | 7.3 | HIGH | CWE-427 | No | 0.0% | 5.11 | 2026-03-06 | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protec... |
| [CVE-2025-11791](https://nvd.nist.gov/vuln/detail/CVE-2025-11791) | 7.1 | HIGH | CWE-862 | No | 0.0% | 4.97 | 2026-03-06 | Sensitive information disclosure and manipulation due to insufficient authorization checks. The following products are a... |
| [CVE-2025-11790](https://nvd.nist.gov/vuln/detail/CVE-2025-11790) | 4.4 | MEDIUM | CWE-732 | No | 0.0% | 3.08 | 2026-03-06 | Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber... |
| [CVE-2026-26125](https://nvd.nist.gov/vuln/detail/CVE-2026-26125) | 8.6 | HIGH | CWE-306 | No | 0.1% | 6.02 | 2026-03-05 | Payment Orchestrator Service Elevation of Privilege Vulnerability |
| [CVE-2026-26124](https://nvd.nist.gov/vuln/detail/CVE-2026-26124) | 6.7 | MEDIUM | CWE-35 | No | 0.1% | 4.69 | 2026-03-05 | '.../...//' in Azure Compute Gallery allows an authorized attacker to elevate privileges locally. |
| [CVE-2026-26122](https://nvd.nist.gov/vuln/detail/CVE-2026-26122) | 6.5 | MEDIUM | CWE-1188 | No | 0.5% | 4.57 | 2026-03-05 | Initialization of a resource with an insecure default in Azure Compute Gallery allows an authorized attacker to disclose... |
| [CVE-2026-23651](https://nvd.nist.gov/vuln/detail/CVE-2026-23651) | 6.7 | MEDIUM | CWE-625 | No | 0.1% | 4.69 | 2026-03-05 | Permissive regular expression in Azure Compute Gallery allows an authorized attacker to elevate privileges locally. |
| [CVE-2026-21536](https://nvd.nist.gov/vuln/detail/CVE-2026-21536) | 9.8 | CRITICAL | CWE-434 | No | 0.4% | 6.87 | 2026-03-05 | Microsoft Devices Pricing Program Remote Code Execution Vulnerability |
| [CVE-2026-3606](https://nvd.nist.gov/vuln/detail/CVE-2026-3606) | 4.8 | MEDIUM | CWE-119 | No | 0.0% | 3.36 | 2026-03-05 | A vulnerability has been found in Ettercap 0.8.4-Garofalo. Affected by this vulnerability is the function add_data_segme... |
| [CVE-2026-2593](https://nvd.nist.gov/vuln/detail/CVE-2026-2593) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-03-05 | The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... |
| [CVE-2026-29613](https://nvd.nist.gov/vuln/detail/CVE-2026-29613) | 8.2 | HIGH | CWE-306 | No | 0.0% | 5.74 | 2026-03-05 | OpenClaw versions prior to 2026.2.12 contain a vulnerability in the BlueBubbles (optional plugin) webhook handler in whi... |
| [CVE-2026-29612](https://nvd.nist.gov/vuln/detail/CVE-2026-29612) | 6.8 | MEDIUM | CWE-770 | No | 0.1% | 4.76 | 2026-03-05 | OpenClaw versions prior to 2026.2.14 decode base64-backed media inputs into buffers before enforcing decoded-size budget... |
| [CVE-2026-29611](https://nvd.nist.gov/vuln/detail/CVE-2026-29611) | 8.2 | HIGH | CWE-73 | No | 0.0% | 5.74 | 2026-03-05 | OpenClaw versions prior to 2026.2.14 contain a local file inclusion vulnerability in BlueBubbles extension (must be inst... |
| [CVE-2026-29610](https://nvd.nist.gov/vuln/detail/CVE-2026-29610) | 7.7 | HIGH | CWE-427 | No | 0.1% | 5.39 | 2026-03-05 | OpenClaw versions prior to 2026.2.14 contain a command hijacking vulnerability that allows attackers to execute unintend... |
| [CVE-2026-29609](https://nvd.nist.gov/vuln/detail/CVE-2026-29609) | 8.7 | HIGH | CWE-770 | No | 0.2% | 6.10 | 2026-03-05 | OpenClaw versions prior to 2026.2.14 contain a denial of service vulnerability in the fetchWithGuard function that alloc... |
| [CVE-2026-29606](https://nvd.nist.gov/vuln/detail/CVE-2026-29606) | 6.3 | MEDIUM | CWE-306 | No | 0.1% | 4.41 | 2026-03-05 | OpenClaw versions prior to 2026.2.14 contain a webhook signature-verification bypass in the voice-call extension that al... |
| [CVE-2026-28486](https://nvd.nist.gov/vuln/detail/CVE-2026-28486) | 6.8 | MEDIUM | CWE-22 | No | 0.0% | 4.76 | 2026-03-05 | OpenClaw versions 2026.1.16-2 prior to 2026.2.14 contain a path traversal vulnerability in archive extraction during ins... |
| [CVE-2026-28485](https://nvd.nist.gov/vuln/detail/CVE-2026-28485) | 7.5 | HIGH | CWE-306 | No | 0.1% | 5.25 | 2026-03-05 | OpenClaw versions 2026.1.5 prior to 2026.2.12 fail to enforce mandatory authentication on the /agent/act browser-control... |
| [CVE-2026-28484](https://nvd.nist.gov/vuln/detail/CVE-2026-28484) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-03-05 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. |
| [CVE-2026-28482](https://nvd.nist.gov/vuln/detail/CVE-2026-28482) | 8.4 | HIGH | CWE-22 | No | 0.0% | 5.88 | 2026-03-05 | OpenClaw versions prior to 2026.2.12 construct transcript file paths using unsanitized sessionId parameters and sessionF... |
| [CVE-2026-28481](https://nvd.nist.gov/vuln/detail/CVE-2026-28481) | 5.9 | MEDIUM | CWE-201 | No | 0.0% | 4.13 | 2026-03-05 | OpenClaw versions 2026.1.30 and earlier, contain an information disclosure vulnerability, patched in 2026.2.1, in the MS... |
| [CVE-2026-28480](https://nvd.nist.gov/vuln/detail/CVE-2026-28480) | 6.9 | MEDIUM | CWE-290 | No | 0.0% | 4.83 | 2026-03-05 | OpenClaw versions prior to 2026.2.14 contain an authorization bypass vulnerability where Telegram allowlist matching acc... |
| [CVE-2026-28479](https://nvd.nist.gov/vuln/detail/CVE-2026-28479) | 8.7 | HIGH | CWE-327 | No | 0.0% | 6.09 | 2026-03-05 | OpenClaw versions prior to 2026.2.15 use SHA-1 to hash sandbox identifier cache keys for Docker and browser sandbox conf... |
| [CVE-2026-28478](https://nvd.nist.gov/vuln/detail/CVE-2026-28478) | 8.7 | HIGH | CWE-770 | No | 0.1% | 6.09 | 2026-03-05 | OpenClaw versions prior to 2026.2.13 contain a denial of service vulnerability in webhook handlers that buffer request b... |
| [CVE-2026-28477](https://nvd.nist.gov/vuln/detail/CVE-2026-28477) | 5.9 | MEDIUM | CWE-352 | No | 0.0% | 4.13 | 2026-03-05 | OpenClaw versions prior to 2026.2.14 contain an oauth state validation bypass vulnerability in the manual Chutes login f... |
| [CVE-2026-28476](https://nvd.nist.gov/vuln/detail/CVE-2026-28476) | 6.3 | MEDIUM | CWE-918 | No | 0.1% | 4.41 | 2026-03-05 | OpenClaw versions prior to 2026.2.14 contain a server-side request forgery vulnerability in the optional Tlon Urbit exte... |
| [CVE-2026-28475](https://nvd.nist.gov/vuln/detail/CVE-2026-28475) | 6.3 | MEDIUM | CWE-208 | No | 0.1% | 4.41 | 2026-03-05 | OpenClaw versions prior to 2026.2.13 use non-constant-time string comparison for hook token validation, allowing attacke... |
| [CVE-2026-28474](https://nvd.nist.gov/vuln/detail/CVE-2026-28474) | 9.3 | CRITICAL | CWE-863 | No | 0.1% | 6.51 | 2026-03-05 | OpenClaw's Nextcloud Talk plugin versions prior to 2026.2.6 accept equality matching on the mutable actor.name display n... |
| [CVE-2026-28473](https://nvd.nist.gov/vuln/detail/CVE-2026-28473) | 7.2 | HIGH | CWE-863 | No | 0.0% | 5.04 | 2026-03-05 | OpenClaw versions prior to 2026.2.2 contain an authorization bypass vulnerability where clients with operator.write scop... |
| [CVE-2026-28472](https://nvd.nist.gov/vuln/detail/CVE-2026-28472) | 9.2 | CRITICAL | CWE-306 | No | 0.1% | 6.44 | 2026-03-05 | OpenClaw versions prior to 2026.2.2 contain a vulnerability in the gateway WebSocket connect handshake in which it allow... |
| [CVE-2026-28471](https://nvd.nist.gov/vuln/detail/CVE-2026-28471) | 6.3 | MEDIUM | CWE-287 | No | 0.0% | 4.41 | 2026-03-05 | OpenClaw version 2026.1.14-1 prior to 2026.2.2, with the Matrix plugin installed and enabled, contain a vulnerability in... |
| [CVE-2026-28470](https://nvd.nist.gov/vuln/detail/CVE-2026-28470) | 9.2 | CRITICAL | CWE-78 | No | 0.1% | 6.44 | 2026-03-05 | OpenClaw versions prior to 2026.2.2 contain an exec approvals (must be enabled) allowlist bypass vulnerability that allo... |
| [CVE-2026-28469](https://nvd.nist.gov/vuln/detail/CVE-2026-28469) | 8.2 | HIGH | CWE-639 | No | 0.0% | 5.74 | 2026-03-05 | OpenClaw versions prior to 2026.2.14 contain a webhook routing vulnerability in the Google Chat monitor component that a... |
| [CVE-2026-28468](https://nvd.nist.gov/vuln/detail/CVE-2026-28468) | 8.5 | HIGH | CWE-306 | No | 0.0% | 5.95 | 2026-03-05 | OpenClaw versions 2026.1.29-beta.1 prior to 2026.2.14 contain a vulnerability in the sandbox browser bridge server in wh... |
| [CVE-2026-28467](https://nvd.nist.gov/vuln/detail/CVE-2026-28467) | 6.3 | MEDIUM | CWE-918 | No | 0.1% | 4.41 | 2026-03-05 | OpenClaw versions prior to 2026.2.2 contain a server-side request forgery vulnerability in attachment and media URL hydr... |
| [CVE-2026-28466](https://nvd.nist.gov/vuln/detail/CVE-2026-28466) | 9.4 | CRITICAL | CWE-863 | No | 0.1% | 6.58 | 2026-03-05 | OpenClaw versions prior to 2026.2.14 contain a vulnerability in the gateway in which it fails to sanitize internal appro... |
| [CVE-2026-28465](https://nvd.nist.gov/vuln/detail/CVE-2026-28465) | 8.2 | HIGH | CWE-290 | No | 0.2% | 5.75 | 2026-03-05 | OpenClaw's voice-call plugin versions before 2026.2.3 contain an improper authentication vulnerability in webhook verifi... |
| [CVE-2026-28464](https://nvd.nist.gov/vuln/detail/CVE-2026-28464) | 8.2 | HIGH | CWE-208 | No | 0.2% | 5.75 | 2026-03-05 | OpenClaw versions prior to 2026.2.12 use non-constant-time string comparison for hook token validation, allowing attacke... |
| [CVE-2026-28463](https://nvd.nist.gov/vuln/detail/CVE-2026-28463) | 8.6 | HIGH | CWE-78 | No | 0.0% | 6.02 | 2026-03-05 | OpenClaw versions prior to 2026.2.14 contain an arbitrary file read vulnerability in the exec-approvals allowlist valida... |
| [CVE-2026-28462](https://nvd.nist.gov/vuln/detail/CVE-2026-28462) | 8.7 | HIGH | CWE-22 | No | 0.1% | 6.09 | 2026-03-05 | OpenClaw versions prior to 2026.2.13 contain a vulnerability in the browser control API in which it accepts user-supplie... |
| [CVE-2026-28459](https://nvd.nist.gov/vuln/detail/CVE-2026-28459) | 7.1 | HIGH | CWE-73 | No | 0.1% | 4.97 | 2026-03-05 | OpenClaw versions prior to 2026.2.12 fail to validate the sessionFile path parameter, allowing authenticated gateway cli... |
| [CVE-2026-28458](https://nvd.nist.gov/vuln/detail/CVE-2026-28458) | 7.4 | HIGH | CWE-306 | No | 0.1% | 5.18 | 2026-03-05 | OpenClaw version 2026.1.20 prior to 2026.2.1 contains a vulnerability in the Browser Relay (extension must be installed... |
| [CVE-2026-28457](https://nvd.nist.gov/vuln/detail/CVE-2026-28457) | 5.6 | MEDIUM | CWE-22 | No | 0.0% | 3.92 | 2026-03-05 | OpenClaw versions prior to 2026.2.14 contain a path traversal vulnerability in sandbox skill mirroring (must be enabled)... |
| [CVE-2026-28456](https://nvd.nist.gov/vuln/detail/CVE-2026-28456) | 8.6 | HIGH | CWE-427 | No | 0.1% | 6.02 | 2026-03-05 | OpenClaw versions 2026.1.5 prior to 2026.2.14 contain a vulnerability in the Gateway in which it does not sufficiently c... |
| [CVE-2026-28454](https://nvd.nist.gov/vuln/detail/CVE-2026-28454) | 8.2 | HIGH | CWE-345 | No | 0.0% | 5.74 | 2026-03-05 | OpenClaw versions prior to 2026.2.2 fail to validate webhook secrets in Telegram webhook mode (must be enabled), allowin... |
| [CVE-2026-28453](https://nvd.nist.gov/vuln/detail/CVE-2026-28453) | 8.3 | HIGH | CWE-22 | No | 0.1% | 5.81 | 2026-03-05 | OpenClaw versions prior to 2026.2.14 fail to validate TAR archive entry paths during extraction, allowing path traversal... |
| [CVE-2026-28452](https://nvd.nist.gov/vuln/detail/CVE-2026-28452) | 6.7 | MEDIUM | CWE-770 | No | 0.2% | 4.70 | 2026-03-05 | OpenClaw versions prior to 2026.2.14 contain a denial of service vulnerability in the extractArchive function within src... |
| [CVE-2026-28451](https://nvd.nist.gov/vuln/detail/CVE-2026-28451) | 6.3 | MEDIUM | CWE-918 | No | 0.0% | 4.41 | 2026-03-05 | OpenClaw versions prior to 2026.2.14 contain server-side request forgery vulnerabilities in the Feishu extension that al... |
| [CVE-2026-28450](https://nvd.nist.gov/vuln/detail/CVE-2026-28450) | 8.3 | HIGH | CWE-306 | No | 0.1% | 5.81 | 2026-03-05 | OpenClaw versions prior to 2026.2.12 with the optional Nostr plugin enabled expose unauthenticated HTTP endpoints at /ap... |
| [CVE-2026-28448](https://nvd.nist.gov/vuln/detail/CVE-2026-28448) | 6.3 | MEDIUM | CWE-285 | No | 0.1% | 4.41 | 2026-03-05 | OpenClaw versions 2026.1.29 prior to 2026.2.1 contain a vulnerability in the Twitch plugin (must be installed and enable... |
| [CVE-2026-28447](https://nvd.nist.gov/vuln/detail/CVE-2026-28447) | 7.0 | HIGH | CWE-22 | No | 0.0% | 4.90 | 2026-03-05 | OpenClaw versions 2026.1.29-beta.1 prior to 2026.2.1 contain a path traversal vulnerability in plugin installation that... |
| [CVE-2026-28446](https://nvd.nist.gov/vuln/detail/CVE-2026-28446) | 9.2 | CRITICAL | NVD-CWE-noinfo | No | 1.0% | 6.47 | 2026-03-05 | OpenClaw versions prior to 2026.2.1 with the voice-call extension installed and enabled contain an authentication bypass... |
| [CVE-2026-28395](https://nvd.nist.gov/vuln/detail/CVE-2026-28395) | 6.3 | MEDIUM | CWE-1327 | No | 0.2% | 4.42 | 2026-03-05 | OpenClaw version 2026.1.14-1 prior to 2026.2.12 contain an improper network binding vulnerability in the Chrome extensio... |
| [CVE-2026-28394](https://nvd.nist.gov/vuln/detail/CVE-2026-28394) | 6.9 | MEDIUM | CWE-770 | No | 0.2% | 4.84 | 2026-03-05 | OpenClaw versions prior to 2026.2.15 contain a denial of service vulnerability in the web_fetch tool that allows attacke... |
| [CVE-2026-28393](https://nvd.nist.gov/vuln/detail/CVE-2026-28393) | 8.3 | HIGH | CWE-22 | No | 0.1% | 5.81 | 2026-03-05 | OpenClaw versions 2.0.0-beta3 prior to 2026.2.14 contain a path traversal vulnerability in hook transform module loading... |
| [CVE-2026-28392](https://nvd.nist.gov/vuln/detail/CVE-2026-28392) | 8.2 | HIGH | CWE-863 | No | 0.0% | 5.74 | 2026-03-05 | OpenClaw versions prior to 2026.2.14 contain a privilege escalation vulnerability in the Slack slash-command handler tha... |
| [CVE-2026-28391](https://nvd.nist.gov/vuln/detail/CVE-2026-28391) | 9.2 | CRITICAL | CWE-78 | No | 0.1% | 6.44 | 2026-03-05 | OpenClaw versions prior to 2026.2.2 fail to properly validate Windows cmd.exe metacharacters in allowlist-gated exec req... |
| [CVE-2026-29188](https://nvd.nist.gov/vuln/detail/CVE-2026-29188) | 9.1 | CRITICAL | CWE-284 | No | 0.0% | 6.37 | 2026-03-05 | File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, previ... |
| [CVE-2026-29081](https://nvd.nist.gov/vuln/detail/CVE-2026-29081) | 6.5 | MEDIUM | CWE-89 | No | 0.0% | 4.55 | 2026-03-05 | Frappe is a full-stack web application framework. Prior to versions 14.100.1 and 15.100.0, an endpoint was vulnerable to... |
| [CVE-2026-29077](https://nvd.nist.gov/vuln/detail/CVE-2026-29077) | 7.1 | HIGH | CWE-284 | No | 0.1% | 4.97 | 2026-03-05 | Frappe is a full-stack web application framework. Prior to versions 15.98.0 and 14.100.0, due to a lack of validation wh... |
| [CVE-2026-28492](https://nvd.nist.gov/vuln/detail/CVE-2026-28492) | 7.1 | HIGH | CWE-200 | No | 0.0% | 4.97 | 2026-03-05 | File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, previ... |
| [CVE-2026-28443](https://nvd.nist.gov/vuln/detail/CVE-2026-28443) | 6.9 | MEDIUM | CWE-89 | No | 0.0% | 4.83 | 2026-03-05 | OpenReplay is a self-hosted session replay suite. Prior to version 1.20.0, the POST /{projectId}/cards/search endpoint h... |
| [CVE-2026-28442](https://nvd.nist.gov/vuln/detail/CVE-2026-28442) | 8.5 | HIGH | CWE-73 | No | 0.1% | 5.95 | 2026-03-05 | ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.2-beta3, u... |
| [CVE-2026-28436](https://nvd.nist.gov/vuln/detail/CVE-2026-28436) | 5.3 | MEDIUM | CWE-79 | No | 0.0% | 3.71 | 2026-03-05 | Frappe is a full-stack web application framework. Prior to versions 16.11.0 and 15.102.0, an attacker can set a crafted... |
| [CVE-2026-28413](https://nvd.nist.gov/vuln/detail/CVE-2026-28413) | 5.3 | MEDIUM | CWE-601 | No | 0.0% | 3.71 | 2026-03-05 | Products.isurlinportal is a replacement for isURLInPortal method in Plone. Prior to versions 2.1.0, 3.1.0, and 4.0.0, a... |
| [CVE-2026-28410](https://nvd.nist.gov/vuln/detail/CVE-2026-28410) | 5.3 | MEDIUM | CWE-284 | No | 0.0% | 3.71 | 2026-03-05 | The Graph is an indexing protocol for querying networks like Ethereum, IPFS, Polygon, and other blockchains. Prior to ve... |
| [CVE-2026-28405](https://nvd.nist.gov/vuln/detail/CVE-2026-28405) | 8.0 | HIGH | CWE-79 | No | 0.0% | 5.60 | 2026-03-05 | MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.1, the courses/<... |
| [CVE-2026-22723](https://nvd.nist.gov/vuln/detail/CVE-2026-22723) | 6.5 | MEDIUM | NVD-CWE-noinfo | No | 0.1% | 4.55 | 2026-03-05 | Inappropriate user token revocation due to a logic error in the token revocation endpoint implementation in Cloudfoundry... |
| [CVE-2026-0848](https://nvd.nist.gov/vuln/detail/CVE-2026-0848) | 10.0 | CRITICAL | CWE-20 | No | 0.5% | 7.02 | 2026-03-05 | NLTK versions <=3.9.2 are vulnerable to arbitrary code execution due to improper input validation in the StanfordSegment... |
| [CVE-2025-70995](https://nvd.nist.gov/vuln/detail/CVE-2025-70995) | 8.8 | HIGH | CWE-94 | No | 0.4% | 6.17 | 2026-03-05 | An issue in Aranda Service Desk Web Edition (ASDK API 8.6) allows authenticated attackers to achieve remote code executi... |
| [CVE-2025-70949](https://nvd.nist.gov/vuln/detail/CVE-2025-70949) | 7.5 | HIGH | CWE-208 | No | 0.0% | 5.25 | 2026-03-05 | An observable timing discrepancy in @perfood/couch-auth v0.26.0 allows attackers to access sensitive information via a t... |
| [CVE-2025-70948](https://nvd.nist.gov/vuln/detail/CVE-2025-70948) | 9.3 | CRITICAL | CWE-644 | No | 0.0% | 6.51 | 2026-03-05 | A host header injection vulnerability in the mailer component of @perfood/couch-auth v0.26.0 allows attackers to obtain... |
| [CVE-2025-70614](https://nvd.nist.gov/vuln/detail/CVE-2025-70614) | 8.1 | HIGH | CWE-284 | No | 0.0% | 5.67 | 2026-03-05 | OpenCode Systems OC Messaging / USSD Gateway OC Release 6.32.2 contains a broken access control vulnerability in the web... |
| [CVE-2025-55208](https://nvd.nist.gov/vuln/detail/CVE-2025-55208) | 9.0 | CRITICAL | CWE-79 | No | 0.1% | 6.30 | 2026-03-05 | Chamilo is a learning management system. Versions prior to 1.11.34 have a Stored XSS through insecure file uploads in `S... |
| [CVE-2026-28790](https://nvd.nist.gov/vuln/detail/CVE-2026-28790) | 7.5 | HIGH | CWE-284 | No | 0.1% | 5.25 | 2026-03-05 | OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.0, OliveTin allows an... |
| [CVE-2026-28789](https://nvd.nist.gov/vuln/detail/CVE-2026-28789) | 7.5 | HIGH | CWE-362 | No | 0.1% | 5.25 | 2026-03-05 | OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.10.3, an unauthenticated... |
| [CVE-2026-28353](https://nvd.nist.gov/vuln/detail/CVE-2026-28353) | 10.0 | CRITICAL | CWE-506 | No | 0.1% | 7.00 | 2026-03-05 | Trivy Vulnerability Scanner is a VS Code extension that helps find vulnerabilities. In Trivy VSCode Extension version 1.... |
| [CVE-2026-28350](https://nvd.nist.gov/vuln/detail/CVE-2026-28350) | 6.1 | MEDIUM | CWE-116 | No | 0.0% | 4.27 | 2026-03-05 | lxml_html_clean is a project for HTML cleaning functionalities copied from `lxml.html.clean`. Prior to version 0.4.4, th... |
| [CVE-2026-28348](https://nvd.nist.gov/vuln/detail/CVE-2026-28348) | 6.1 | MEDIUM | CWE-116 | No | 0.0% | 4.27 | 2026-03-05 | lxml_html_clean is a project for HTML cleaning functionalities copied from `lxml.html.clean`. Prior to version 0.4.4, th... |
| [CVE-2026-28343](https://nvd.nist.gov/vuln/detail/CVE-2026-28343) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-03-05 | CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. Starting in version 29.0.0 and prior to ver... |
| [CVE-2026-28342](https://nvd.nist.gov/vuln/detail/CVE-2026-28342) | 7.5 | HIGH | CWE-400 | No | 0.4% | 5.26 | 2026-03-05 | OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.10.2, the PasswordHash AP... |
| [CVE-2026-28277](https://nvd.nist.gov/vuln/detail/CVE-2026-28277) | 6.8 | MEDIUM | CWE-502 | No | 0.0% | 4.76 | 2026-03-05 | LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async,... |
| [CVE-2026-28223](https://nvd.nist.gov/vuln/detail/CVE-2026-28223) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-03-05 | Wagtail is an open source content management system built on Django. Prior to versions 6.3.8, 7.0.6, 7.2.3, and 7.3.1, a... |
| [CVE-2026-28222](https://nvd.nist.gov/vuln/detail/CVE-2026-28222) | 6.1 | MEDIUM | CWE-79 | No | 0.1% | 4.27 | 2026-03-05 | Wagtail is an open source content management system built on Django. Prior to versions 6.3.8, 7.0.6, 7.2.3, and 7.3.1, a... |
| [CVE-2025-29165](https://nvd.nist.gov/vuln/detail/CVE-2025-29165) | 9.8 | CRITICAL | CWE-269 | No | 0.0% | 6.86 | 2026-03-05 | An issue in D-Link DIR-1253 MESH V1.6.1684 allows an attacker to escalate privileges via the etc/shadow.sample component |
| [CVE-2025-13350](https://nvd.nist.gov/vuln/detail/CVE-2025-13350) | 7.1 | HIGH | CWE-416 | No | 0.0% | 4.97 | 2026-03-05 | Ubuntu Linux 6.8 GA retains the legacy AF_UNIX garbage collector but backports upstream commit 8594d9b85c07 ("af_unix: D... |
| [CVE-2024-43035](https://nvd.nist.gov/vuln/detail/CVE-2024-43035) | 5.8 | MEDIUM | CWE-24 | No | 0.3% | 4.07 | 2026-03-05 | Fonoster 0.5.5 before 0.6.1 allows ../ directory traversal to read arbitrary files via the /sounds/:file or /tts/:file V... |
| [CVE-2026-3459](https://nvd.nist.gov/vuln/detail/CVE-2026-3459) | 8.1 | HIGH | CWE-434 | No | 0.2% | 5.68 | 2026-03-05 | The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due... |
| [CVE-2026-3047](https://nvd.nist.gov/vuln/detail/CVE-2026-3047) | 8.8 | HIGH | CWE-305 | No | 0.5% | 6.18 | 2026-03-05 | A flaw was found in org.keycloak.broker.saml. When a disabled Security Assertion Markup Language (SAML) client is config... |
| [CVE-2026-3009](https://nvd.nist.gov/vuln/detail/CVE-2026-3009) | 8.1 | HIGH | CWE-863 | No | 0.0% | 5.67 | 2026-03-05 | A security flaw in the IdentityBrokerService.performLogin endpoint of Keycloak allows authentication to proceed using an... |
| [CVE-2026-29054](https://nvd.nist.gov/vuln/detail/CVE-2026-29054) | 7.5 | HIGH | CWE-178 | No | 0.0% | 5.25 | 2026-03-05 | Traefik is an HTTP reverse proxy and load balancer. From version 2.11.9 to 2.11.37 and from version 3.1.3 to 3.6.8, ther... |
| [CVE-2026-28287](https://nvd.nist.gov/vuln/detail/CVE-2026-28287) | 8.6 | HIGH | CWE-78 | No | 0.1% | 6.02 | 2026-03-05 | FreePBX is an open source IP PBX. From versions 16.0.17.2 to before 16.0.20 and from version 17.0.2.4 to before 17.0.5,... |
| [CVE-2026-28284](https://nvd.nist.gov/vuln/detail/CVE-2026-28284) | 8.6 | HIGH | CWE-89 | No | 0.0% | 6.02 | 2026-03-05 | FreePBX is an open source IP PBX. Prior to versions 16.0.10 and 17.0.5, the FreePBX logfiles module contains several aut... |
| [CVE-2026-28210](https://nvd.nist.gov/vuln/detail/CVE-2026-28210) | 8.6 | HIGH | CWE-89 | No | 0.1% | 6.02 | 2026-03-05 | FreePBX is an open source IP PBX. Prior to versions 16.0.49 and 17.0.7, FreePBX module cdr (Call Data Record) is vulnera... |
| [CVE-2026-28209](https://nvd.nist.gov/vuln/detail/CVE-2026-28209) | 7.5 | HIGH | CWE-78 | No | 0.2% | 5.25 | 2026-03-05 | FreePBX is an open source IP PBX. From versions 16.0.17.2 to before 16.0.20 and from version 17.0.2.4 to before 17.0.5,... |
| [CVE-2026-27944](https://nvd.nist.gov/vuln/detail/CVE-2026-27944) | 9.8 | CRITICAL | CWE-306 | No | 3.6% | 6.97 | 2026-03-05 | Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.3, the /api/backup endpoint is accessibl... |
| [CVE-2026-27723](https://nvd.nist.gov/vuln/detail/CVE-2026-27723) | 4.3 | MEDIUM | CWE-284 | No | 0.0% | 3.01 | 2026-03-05 | OpenProject is an open-source, web-based project management software. Prior to versions 17.0.5 and 17.1.2, an attacker c... |
| [CVE-2026-27023](https://nvd.nist.gov/vuln/detail/CVE-2026-27023) | 5.0 | MEDIUM | CWE-918 | No | 0.0% | 3.50 | 2026-03-05 | Twenty is an open source CRM. Prior to version 1.18, the SSRF protection in SecureHttpClientService validated request UR... |
| [CVE-2026-26999](https://nvd.nist.gov/vuln/detail/CVE-2026-26999) | 7.5 | HIGH | CWE-400 | No | 0.0% | 5.25 | 2026-03-05 | Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.38 and 3.6.9, there is a potential vulnerabil... |
| [CVE-2026-26998](https://nvd.nist.gov/vuln/detail/CVE-2026-26998) | 4.4 | MEDIUM | CWE-770 | No | 0.0% | 3.08 | 2026-03-05 | Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.38 and 3.6.9, there is a potential vulnerabil... |
| [CVE-2026-26418](https://nvd.nist.gov/vuln/detail/CVE-2026-26418) | 7.5 | HIGH | CWE-284 | No | 0.1% | 5.25 | 2026-03-05 | Missing authentication and authorization in the web API of Tata Consultancy Services Cognix Recon Client v3.0 allows rem... |
| [CVE-2026-26417](https://nvd.nist.gov/vuln/detail/CVE-2026-26417) | 8.1 | HIGH | CWE-284 | No | 0.0% | 5.67 | 2026-03-05 | A broken access control vulnerability in the password reset functionality of Tata Consultancy Services Cognix Recon Clie... |
| [CVE-2026-26416](https://nvd.nist.gov/vuln/detail/CVE-2026-26416) | 8.8 | HIGH | CWE-269 | No | 0.0% | 6.16 | 2026-03-05 | An authorization bypass vulnerability in Tata Consultancy Services Cognix Recon Client v3.0 allows authenticated users t... |
| [CVE-2026-26276](https://nvd.nist.gov/vuln/detail/CVE-2026-26276) | 7.3 | HIGH | CWE-79 | No | 0.0% | 5.11 | 2026-03-05 | Gogs is an open source self-hosted Git service. Prior to version 0.14.2, an attacker can store an HTML/JavaScript payloa... |
| [CVE-2026-26196](https://nvd.nist.gov/vuln/detail/CVE-2026-26196) | 6.9 | MEDIUM | CWE-598 | No | 0.0% | 4.83 | 2026-03-05 | Gogs is an open source self-hosted Git service. Prior to version 0.14.2, gogs api still accepts tokens in url params lik... |
| [CVE-2026-26195](https://nvd.nist.gov/vuln/detail/CVE-2026-26195) | 6.9 | MEDIUM | CWE-79 | No | 0.0% | 4.83 | 2026-03-05 | Gogs is an open source self-hosted Git service. Prior to version 0.14.2, stored xss is still possible through unsafe tem... |
| [CVE-2026-26194](https://nvd.nist.gov/vuln/detail/CVE-2026-26194) | 8.8 | HIGH | CWE-88 | No | 0.0% | 6.16 | 2026-03-05 | Gogs is an open source self-hosted Git service. Prior to version 0.14.2, there's a security issue in gogs where deleting... |
| [CVE-2026-26022](https://nvd.nist.gov/vuln/detail/CVE-2026-26022) | 8.7 | HIGH | CWE-79 | No | 0.0% | 6.09 | 2026-03-05 | Gogs is an open source self-hosted Git service. Prior to version 0.14.2, a stored cross-site scripting (XSS) vulnerabili... |
| [CVE-2026-25921](https://nvd.nist.gov/vuln/detail/CVE-2026-25921) | 9.3 | CRITICAL | CWE-345 | No | 0.0% | 6.51 | 2026-03-05 | Gogs is an open source self-hosted Git service. Prior to version 0.14.2, overwritable LFS object across different repos... |
| [CVE-2026-24457](https://nvd.nist.gov/vuln/detail/CVE-2026-24457) | 9.1 | CRITICAL | CWE-22 | No | 0.3% | 6.38 | 2026-03-05 | An unsafe parsing of OpenMQ's configuration, allows a remote attacker to read arbitrary files from a MQ Broker's server.... |
| [CVE-2025-70616](https://nvd.nist.gov/vuln/detail/CVE-2025-70616) | 7.8 | HIGH | CWE-121 | No | 0.0% | 5.46 | 2026-03-05 | A stack buffer overflow vulnerability exists in the Wincor Nixdorf wnBios64.sys kernel driver (version 1.2.0.0) in the I... |
| [CVE-2025-70233](https://nvd.nist.gov/vuln/detail/CVE-2025-70233) | 9.8 | CRITICAL | CWE-121 | No | 0.1% | 6.86 | 2026-03-05 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetEnableWizard. |
| [CVE-2025-70232](https://nvd.nist.gov/vuln/detail/CVE-2025-70232) | 9.8 | CRITICAL | CWE-121 | No | 0.1% | 6.86 | 2026-03-05 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetMACFilter. |
| [CVE-2025-70231](https://nvd.nist.gov/vuln/detail/CVE-2025-70231) | 9.8 | CRITICAL | CWE-22 | No | 0.1% | 6.86 | 2026-03-05 | D-Link DIR-513 version 1.10 contains a critical-level vulnerability. When processing POST requests related to verificati... |
| [CVE-2025-70230](https://nvd.nist.gov/vuln/detail/CVE-2025-70230) | 9.8 | CRITICAL | CWE-121 | No | 0.1% | 6.86 | 2026-03-05 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetDDNS. |
| [CVE-2025-70229](https://nvd.nist.gov/vuln/detail/CVE-2025-70229) | 9.8 | CRITICAL | CWE-121 | No | 0.1% | 6.86 | 2026-03-05 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSchedule. |
| [CVE-2025-45691](https://nvd.nist.gov/vuln/detail/CVE-2025-45691) | 7.5 | HIGH | CWE-22 | No | 0.1% | 5.25 | 2026-03-05 | An Arbitrary File Read vulnerability exists in the ImageTextPromptValue class in Exploding Gradients RAGAS v0.2.3 to v0.... |
| [CVE-2025-13476](https://nvd.nist.gov/vuln/detail/CVE-2025-13476) | 9.8 | CRITICAL | CWE-327 | No | 0.0% | 6.86 | 2026-03-05 | Rakuten Viber Cloak mode in Android v25.7.2.0g and Windows v25.6.0.0–v25.8.1.0 uses a static and predictable TLS ClientH... |
| [CVE-2026-26377](https://nvd.nist.gov/vuln/detail/CVE-2026-26377) | 5.4 | MEDIUM | CWE-79 | No | 0.1% | 3.78 | 2026-03-05 | Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via the N... |
| [CVE-2026-25048](https://nvd.nist.gov/vuln/detail/CVE-2026-25048) | 8.7 | HIGH | CWE-674 | No | 0.1% | 6.09 | 2026-03-05 | xgrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to version 0.1.32,... |
| [CVE-2025-64166](https://nvd.nist.gov/vuln/detail/CVE-2025-64166) | 5.4 | MEDIUM | CWE-352 | No | 0.0% | 3.78 | 2026-03-05 | Mercurius is a GraphQL adapter for Fastify. Prior to version 16.4.0, a cross-site request forgery (CSRF) vulnerability w... |
| [CVE-2026-27750](https://nvd.nist.gov/vuln/detail/CVE-2026-27750) | 7.8 | HIGH | CWE-367 | No | 0.0% | 5.46 | 2026-03-05 | Avira Internet Security contains a time-of-check time-of-use (TOCTOU) vulnerability in the Optimizer component. A privil... |
| [CVE-2026-27749](https://nvd.nist.gov/vuln/detail/CVE-2026-27749) | 7.8 | HIGH | CWE-502 | No | 0.1% | 5.46 | 2026-03-05 | Avira Internet Security contains a deserialization of untrusted data vulnerability in the System Speedup component. The... |
| [CVE-2026-27748](https://nvd.nist.gov/vuln/detail/CVE-2026-27748) | 7.8 | HIGH | CWE-59 | No | 0.0% | 5.46 | 2026-03-05 | Avira Internet Security contains an improper link resolution vulnerability in the Software Updater component. During the... |
| [CVE-2025-69534](https://nvd.nist.gov/vuln/detail/CVE-2025-69534) | 7.5 | HIGH | CWE-400 | No | 0.3% | 5.26 | 2026-03-05 | Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser... |
| [CVE-2026-1720](https://nvd.nist.gov/vuln/detail/CVE-2026-1720) | 8.8 | HIGH | CWE-862 | No | 0.0% | 6.16 | 2026-03-05 | The WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation plugin for WordPress is vulne... |
| [CVE-2026-2599](https://nvd.nist.gov/vuln/detail/CVE-2026-2599) | 9.8 | CRITICAL | CWE-502 | No | 0.2% | 6.87 | 2026-03-05 | The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in... |
| [CVE-2026-3236](https://nvd.nist.gov/vuln/detail/CVE-2026-3236) | 2.3 | LOW | CWE-863 | No | 0.0% | 1.61 | 2026-03-05 | In affected versions of Octopus Server it was possible to create a new API key from an existing access token resulting i... |
| [CVE-2026-21628](https://nvd.nist.gov/vuln/detail/CVE-2026-21628) | 10.0 | CRITICAL | CWE-434 | No | 0.3% | 7.01 | 2026-03-05 | A improperly secured file management feature allows uploads of dangerous data types for unauthenticated users, leading t... |
| [CVE-2025-11143](https://nvd.nist.gov/vuln/detail/CVE-2025-11143) | 3.7 | LOW | CWE-20 | No | 0.1% | 2.59 | 2026-03-05 | The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Different... |
| [CVE-2026-28551](https://nvd.nist.gov/vuln/detail/CVE-2026-28551) | 4.7 | MEDIUM | CWE-362 | No | 0.0% | 3.29 | 2026-03-05 | Race condition vulnerability in the device security management module. Impact: Successful exploitation of this vulnerabi... |
| [CVE-2026-28549](https://nvd.nist.gov/vuln/detail/CVE-2026-28549) | 6.6 | MEDIUM | CWE-362 | No | 0.0% | 4.62 | 2026-03-05 | Race condition vulnerability in the permission management service. Impact: Successful exploitation of this vulnerability... |
| [CVE-2026-28548](https://nvd.nist.gov/vuln/detail/CVE-2026-28548) | 7.1 | HIGH | CWE-269 | No | 0.0% | 4.97 | 2026-03-05 | Vulnerability of improper verification in the email application. Impact: Successful exploitation of this vulnerability m... |
| [CVE-2026-28547](https://nvd.nist.gov/vuln/detail/CVE-2026-28547) | 6.8 | MEDIUM | CWE-824 | No | 0.0% | 4.76 | 2026-03-05 | Vulnerability of uninitialized pointer access in the scanning module. Impact: Successful exploitation of this vulnerabil... |
| [CVE-2026-28546](https://nvd.nist.gov/vuln/detail/CVE-2026-28546) | 5.9 | MEDIUM | CWE-122 | No | 0.0% | 4.13 | 2026-03-05 | Buffer overflow vulnerability in the scanning module. Impact: Successful exploitation of this vulnerability may affect a... |
| [CVE-2026-28542](https://nvd.nist.gov/vuln/detail/CVE-2026-28542) | 7.3 | HIGH | CWE-755 | No | 0.0% | 5.11 | 2026-03-05 | Permission bypass vulnerability in the system service framework. Impact: Successful exploitation of this vulnerability m... |
| [CVE-2026-2893](https://nvd.nist.gov/vuln/detail/CVE-2026-2893) | 6.5 | MEDIUM | CWE-89 | No | 0.0% | 4.55 | 2026-03-05 | The Page and Post Clone plugin for WordPress is vulnerable to SQL Injection via the 'meta_key' parameter in the content_... |
| [CVE-2026-28552](https://nvd.nist.gov/vuln/detail/CVE-2026-28552) | 6.5 | MEDIUM | CWE-19 | No | 0.0% | 4.55 | 2026-03-05 | Out-of-bounds write vulnerability in the IMS module. Impact: Successful exploitation of this vulnerability may affect av... |
| [CVE-2026-28550](https://nvd.nist.gov/vuln/detail/CVE-2026-28550) | 4.0 | MEDIUM | CWE-840 | No | 0.0% | 2.80 | 2026-03-05 | Race condition vulnerability in the security control module. Impact: Successful exploitation of this vulnerability may a... |
| [CVE-2026-28545](https://nvd.nist.gov/vuln/detail/CVE-2026-28545) | 5.9 | MEDIUM | CWE-362 | No | 0.0% | 4.13 | 2026-03-05 | Race condition vulnerability in the printing module. Impact: Successful exploitation of this vulnerability may affect av... |
| [CVE-2026-28544](https://nvd.nist.gov/vuln/detail/CVE-2026-28544) | 6.2 | MEDIUM | CWE-362 | No | 0.0% | 4.34 | 2026-03-05 | Race condition vulnerability in the printing module. Impact: Successful exploitation of this vulnerability may affect av... |
| [CVE-2026-28543](https://nvd.nist.gov/vuln/detail/CVE-2026-28543) | 4.4 | MEDIUM | CWE-362 | No | 0.0% | 3.08 | 2026-03-05 | Race condition vulnerability in the maintenance and diagnostics module. Impact: Successful exploitation of this vulnerab... |
| [CVE-2026-28541](https://nvd.nist.gov/vuln/detail/CVE-2026-28541) | 4.0 | MEDIUM | CWE-264 | No | 0.0% | 2.80 | 2026-03-05 | Permission control vulnerability in the cellular_data module. Impact: Successful exploitation of this vulnerability may... |
| [CVE-2026-28540](https://nvd.nist.gov/vuln/detail/CVE-2026-28540) | 4.0 | MEDIUM | CWE-158 | No | 0.0% | 2.80 | 2026-03-05 | Out-of-bounds character read vulnerability in Bluetooth. Impact: Successful exploitation of this vulnerability may affec... |
| [CVE-2026-28539](https://nvd.nist.gov/vuln/detail/CVE-2026-28539) | 6.2 | MEDIUM | CWE-19 | No | 0.0% | 4.34 | 2026-03-05 | Data processing vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerabilit... |
| [CVE-2026-28538](https://nvd.nist.gov/vuln/detail/CVE-2026-28538) | 5.9 | MEDIUM | CWE-24 | No | 0.0% | 4.13 | 2026-03-05 | Path traversal vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability... |
| [CVE-2026-28537](https://nvd.nist.gov/vuln/detail/CVE-2026-28537) | 5.1 | MEDIUM | CWE-415 | No | 0.0% | 3.57 | 2026-03-05 | Double free vulnerability in the window module. Impact: Successful exploitation of this vulnerability may affect availab... |
| [CVE-2026-21786](https://nvd.nist.gov/vuln/detail/CVE-2026-21786) | 3.3 | LOW | CWE-532 | No | 0.0% | 2.31 | 2026-03-05 | HCL Sametime for iOS is impacted by a sensitive information disclosure.  Hostnames information is written in application... |
| [CVE-2026-1321](https://nvd.nist.gov/vuln/detail/CVE-2026-1321) | 8.1 | HIGH | CWE-862 | No | 0.1% | 5.67 | 2026-03-05 | The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Privilege Escalation in all versions up t... |
| [CVE-2025-66319](https://nvd.nist.gov/vuln/detail/CVE-2025-66319) | 3.3 | LOW | CWE-264 | No | 0.0% | 2.31 | 2026-03-05 | Permission control vulnerability in the resource scheduling module. Impact: Successful exploitation of this vulnerabilit... |
| [CVE-2026-2743](https://nvd.nist.gov/vuln/detail/CVE-2026-2743) | 10.0 | CRITICAL | CWE-22 | No | 0.6% | 7.02 | 2026-03-05 | Arbitrary File Write via Path Traversal upload to Remote Code Execution in SeppMail User Web Interface. The affected fea... |
| [CVE-2026-28536](https://nvd.nist.gov/vuln/detail/CVE-2026-28536) | 9.6 | CRITICAL | CWE-305 | No | 0.0% | 6.72 | 2026-03-05 | Authentication bypass vulnerability in the device authentication module. Impact: Successful exploitation of this vulnera... |
| [CVE-2026-25702](https://nvd.nist.gov/vuln/detail/CVE-2026-25702) | 7.3 | HIGH | CWE-284 | No | 0.1% | 5.11 | 2026-03-05 | A Improper Access Control vulnerability in the kernel of SUSE SUSE Linux Enterprise Server 12 SP5 breaks nftables, causi... |
| [CVE-2026-1678](https://nvd.nist.gov/vuln/detail/CVE-2026-1678) | 9.4 | CRITICAL | CWE-787 | No | 0.1% | 6.58 | 2026-03-05 | dns_unpack_name() caches the buffer tailroom once and reuses it while appending DNS labels. As the buffer grows, the cac... |
| [CVE-2026-3072](https://nvd.nist.gov/vuln/detail/CVE-2026-3072) | 4.3 | MEDIUM | CWE-862 | No | 0.0% | 3.01 | 2026-03-05 | The Media Library Assistant plugin for WordPress is vulnerable to unauthorized modification of data due to a missing cap... |
| [CVE-2026-30777](https://nvd.nist.gov/vuln/detail/CVE-2026-30777) | 6.9 | MEDIUM | CWE-288 | No | 0.1% | 4.83 | 2026-03-05 | EC-CUBE provided by EC-CUBE CO.,LTD. contains a multi-factor authentication (MFA) bypass vulnerability. An attacker who... |
| [CVE-2026-2418](https://nvd.nist.gov/vuln/detail/CVE-2026-2418) | 9.1 | CRITICAL | N/A | No | 0.1% | 6.37 | 2026-03-05 | The Login with Salesforce WordPress plugin through 1.0.2 does not validate that users are allowed to login through Sales... |
| [CVE-2026-29128](https://nvd.nist.gov/vuln/detail/CVE-2026-29128) | 8.6 | HIGH | CWE-522 | No | 0.0% | 6.02 | 2026-03-05 | IDC SFX2100 Satellite Receiver firmware ships with multiple daemon configuration files for routing components (e.g., zeb... |
| [CVE-2026-29053](https://nvd.nist.gov/vuln/detail/CVE-2026-29053) | 7.6 | HIGH | CWE-74 | No | 0.1% | 5.32 | 2026-03-05 | Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can ex... |
| [CVE-2026-29052](https://nvd.nist.gov/vuln/detail/CVE-2026-29052) | 6.9 | MEDIUM | CWE-79 | No | 0.0% | 4.83 | 2026-03-05 | The Calendar module for HumHub enables users to create one-time or recurring events, manage attendee invitations, and ef... |
| [CVE-2026-28137](https://nvd.nist.gov/vuln/detail/CVE-2026-28137) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-05 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuanticaLabs MediC... |
| [CVE-2026-28135](https://nvd.nist.gov/vuln/detail/CVE-2026-28135) | 8.2 | HIGH | CWE-829 | No | 0.1% | 5.74 | 2026-03-05 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in WP Royal Royal Elementor Addons royal-elemento... |
| [CVE-2026-28134](https://nvd.nist.gov/vuln/detail/CVE-2026-28134) | 8.5 | HIGH | CWE-94 | No | 0.1% | 5.95 | 2026-03-05 | Improper Control of Generation of Code ('Code Injection') vulnerability in Crocoblock JetEngine jet-engine allows Remote... |
| [CVE-2026-28133](https://nvd.nist.gov/vuln/detail/CVE-2026-28133) | 8.1 | HIGH | CWE-434 | No | 0.0% | 5.67 | 2026-03-05 | Unrestricted Upload of File with Dangerous Type vulnerability in WP Chill Filr filr-protection allows Upload a Web Shell... |
| [CVE-2026-28130](https://nvd.nist.gov/vuln/detail/CVE-2026-28130) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-05 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AndonDesign UDesig... |
| [CVE-2026-28129](https://nvd.nist.gov/vuln/detail/CVE-2026-28129) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28128](https://nvd.nist.gov/vuln/detail/CVE-2026-28128) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28127](https://nvd.nist.gov/vuln/detail/CVE-2026-28127) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-05 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e-plugins Lawyer D... |
| [CVE-2026-28126](https://nvd.nist.gov/vuln/detail/CVE-2026-28126) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-05 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sizam RH Frontend... |
| [CVE-2026-28125](https://nvd.nist.gov/vuln/detail/CVE-2026-28125) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28124](https://nvd.nist.gov/vuln/detail/CVE-2026-28124) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28123](https://nvd.nist.gov/vuln/detail/CVE-2026-28123) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28122](https://nvd.nist.gov/vuln/detail/CVE-2026-28122) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-05 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CridioStudio Listi... |
| [CVE-2026-28121](https://nvd.nist.gov/vuln/detail/CVE-2026-28121) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28120](https://nvd.nist.gov/vuln/detail/CVE-2026-28120) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28119](https://nvd.nist.gov/vuln/detail/CVE-2026-28119) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28118](https://nvd.nist.gov/vuln/detail/CVE-2026-28118) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28117](https://nvd.nist.gov/vuln/detail/CVE-2026-28117) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28115](https://nvd.nist.gov/vuln/detail/CVE-2026-28115) | 9.3 | CRITICAL | CWE-89 | No | 0.0% | 6.51 | 2026-03-05 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in loopus WP Attracti... |
| [CVE-2026-28114](https://nvd.nist.gov/vuln/detail/CVE-2026-28114) | 9.1 | CRITICAL | CWE-434 | No | 0.1% | 6.37 | 2026-03-05 | Unrestricted Upload of File with Dangerous Type vulnerability in firassaidi WooCommerce License Manager fs-license-manag... |
| [CVE-2026-28113](https://nvd.nist.gov/vuln/detail/CVE-2026-28113) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-05 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in azzaroco Ultimate... |
| [CVE-2026-28112](https://nvd.nist.gov/vuln/detail/CVE-2026-28112) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-05 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup AllIn... |
| [CVE-2026-28110](https://nvd.nist.gov/vuln/detail/CVE-2026-28110) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-05 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Lambe... |
| [CVE-2026-28109](https://nvd.nist.gov/vuln/detail/CVE-2026-28109) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-05 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Lambe... |
| [CVE-2026-28108](https://nvd.nist.gov/vuln/detail/CVE-2026-28108) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-05 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Lambe... |
| [CVE-2026-28107](https://nvd.nist.gov/vuln/detail/CVE-2026-28107) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28105](https://nvd.nist.gov/vuln/detail/CVE-2026-28105) | 9.8 | CRITICAL | CWE-502 | No | 0.1% | 6.86 | 2026-03-05 | Deserialization of Untrusted Data vulnerability in ThemeREX Good Energy goodenergy allows Object Injection.This issue af... |
| [CVE-2026-28104](https://nvd.nist.gov/vuln/detail/CVE-2026-28104) | 6.5 | MEDIUM | CWE-862 | No | 0.1% | 4.55 | 2026-03-05 | Missing Authorization vulnerability in Aryan Shirani Bid Abadi Site Suggest site-suggest allows Accessing Functionality... |
| [CVE-2026-28103](https://nvd.nist.gov/vuln/detail/CVE-2026-28103) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-05 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup LBG Z... |
| [CVE-2026-28102](https://nvd.nist.gov/vuln/detail/CVE-2026-28102) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-05 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup UberS... |
| [CVE-2026-28101](https://nvd.nist.gov/vuln/detail/CVE-2026-28101) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-05 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup UberS... |
| [CVE-2026-28100](https://nvd.nist.gov/vuln/detail/CVE-2026-28100) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-05 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup UberS... |
| [CVE-2026-28099](https://nvd.nist.gov/vuln/detail/CVE-2026-28099) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-05 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup UberS... |
| [CVE-2026-28098](https://nvd.nist.gov/vuln/detail/CVE-2026-28098) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28097](https://nvd.nist.gov/vuln/detail/CVE-2026-28097) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28096](https://nvd.nist.gov/vuln/detail/CVE-2026-28096) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28095](https://nvd.nist.gov/vuln/detail/CVE-2026-28095) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28094](https://nvd.nist.gov/vuln/detail/CVE-2026-28094) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28093](https://nvd.nist.gov/vuln/detail/CVE-2026-28093) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28092](https://nvd.nist.gov/vuln/detail/CVE-2026-28092) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28091](https://nvd.nist.gov/vuln/detail/CVE-2026-28091) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28090](https://nvd.nist.gov/vuln/detail/CVE-2026-28090) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28089](https://nvd.nist.gov/vuln/detail/CVE-2026-28089) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28088](https://nvd.nist.gov/vuln/detail/CVE-2026-28088) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28087](https://nvd.nist.gov/vuln/detail/CVE-2026-28087) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28086](https://nvd.nist.gov/vuln/detail/CVE-2026-28086) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28085](https://nvd.nist.gov/vuln/detail/CVE-2026-28085) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28084](https://nvd.nist.gov/vuln/detail/CVE-2026-28084) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28081](https://nvd.nist.gov/vuln/detail/CVE-2026-28081) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28079](https://nvd.nist.gov/vuln/detail/CVE-2026-28079) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28078](https://nvd.nist.gov/vuln/detail/CVE-2026-28078) | 4.9 | MEDIUM | CWE-22 | No | 0.1% | 3.43 | 2026-03-05 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Stylemix uListing ulisti... |
| [CVE-2026-28077](https://nvd.nist.gov/vuln/detail/CVE-2026-28077) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28076](https://nvd.nist.gov/vuln/detail/CVE-2026-28076) | 7.5 | HIGH | CWE-862 | No | 0.0% | 5.25 | 2026-03-05 | Missing Authorization vulnerability in Frenify Guff guff allows Exploiting Incorrectly Configured Access Control Securit... |
| [CVE-2026-28075](https://nvd.nist.gov/vuln/detail/CVE-2026-28075) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-05 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in p-themes Porto por... |
| [CVE-2026-28074](https://nvd.nist.gov/vuln/detail/CVE-2026-28074) | 9.8 | CRITICAL | CWE-502 | No | 0.1% | 6.86 | 2026-03-05 | Deserialization of Untrusted Data vulnerability in ThemeREX Pizza House pizzahouse allows Object Injection.This issue af... |
| [CVE-2026-28072](https://nvd.nist.gov/vuln/detail/CVE-2026-28072) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-05 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PixFort pixfort Co... |
| [CVE-2026-28071](https://nvd.nist.gov/vuln/detail/CVE-2026-28071) | 6.3 | MEDIUM | CWE-862 | No | 0.0% | 4.41 | 2026-03-05 | Missing Authorization vulnerability in PixFort pixfort Core pixfort-core allows Exploiting Incorrectly Configured Access... |
| [CVE-2026-28069](https://nvd.nist.gov/vuln/detail/CVE-2026-28069) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28068](https://nvd.nist.gov/vuln/detail/CVE-2026-28068) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28067](https://nvd.nist.gov/vuln/detail/CVE-2026-28067) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28066](https://nvd.nist.gov/vuln/detail/CVE-2026-28066) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28065](https://nvd.nist.gov/vuln/detail/CVE-2026-28065) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28064](https://nvd.nist.gov/vuln/detail/CVE-2026-28064) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28063](https://nvd.nist.gov/vuln/detail/CVE-2026-28063) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28062](https://nvd.nist.gov/vuln/detail/CVE-2026-28062) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28061](https://nvd.nist.gov/vuln/detail/CVE-2026-28061) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28060](https://nvd.nist.gov/vuln/detail/CVE-2026-28060) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28059](https://nvd.nist.gov/vuln/detail/CVE-2026-28059) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28058](https://nvd.nist.gov/vuln/detail/CVE-2026-28058) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28057](https://nvd.nist.gov/vuln/detail/CVE-2026-28057) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28056](https://nvd.nist.gov/vuln/detail/CVE-2026-28056) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28055](https://nvd.nist.gov/vuln/detail/CVE-2026-28055) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28054](https://nvd.nist.gov/vuln/detail/CVE-2026-28054) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28053](https://nvd.nist.gov/vuln/detail/CVE-2026-28053) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28052](https://nvd.nist.gov/vuln/detail/CVE-2026-28052) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28051](https://nvd.nist.gov/vuln/detail/CVE-2026-28051) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28050](https://nvd.nist.gov/vuln/detail/CVE-2026-28050) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28049](https://nvd.nist.gov/vuln/detail/CVE-2026-28049) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28048](https://nvd.nist.gov/vuln/detail/CVE-2026-28048) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28047](https://nvd.nist.gov/vuln/detail/CVE-2026-28047) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28046](https://nvd.nist.gov/vuln/detail/CVE-2026-28046) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28045](https://nvd.nist.gov/vuln/detail/CVE-2026-28045) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28043](https://nvd.nist.gov/vuln/detail/CVE-2026-28043) | 9.8 | CRITICAL | CWE-98 | No | 0.2% | 6.86 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28042](https://nvd.nist.gov/vuln/detail/CVE-2026-28042) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-05 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Astoundify Listify... |
| [CVE-2026-28041](https://nvd.nist.gov/vuln/detail/CVE-2026-28041) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28039](https://nvd.nist.gov/vuln/detail/CVE-2026-28039) | 7.5 | HIGH | CWE-98 | No | 0.1% | 5.25 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28038](https://nvd.nist.gov/vuln/detail/CVE-2026-28038) | 6.5 | MEDIUM | CWE-862 | No | 0.0% | 4.55 | 2026-03-05 | Missing Authorization vulnerability in Brainstorm Force Ultimate Addons for WPBakery Page Builder allows Exploiting Inco... |
| [CVE-2026-28037](https://nvd.nist.gov/vuln/detail/CVE-2026-28037) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-05 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ashanjay EventON e... |
| [CVE-2026-28036](https://nvd.nist.gov/vuln/detail/CVE-2026-28036) | 6.4 | MEDIUM | CWE-918 | No | 0.0% | 4.48 | 2026-03-05 | Server-Side Request Forgery (SSRF) vulnerability in SkatDesign Ratatouille ratatouille allows Server Side Request Forger... |
| [CVE-2026-28035](https://nvd.nist.gov/vuln/detail/CVE-2026-28035) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28034](https://nvd.nist.gov/vuln/detail/CVE-2026-28034) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28033](https://nvd.nist.gov/vuln/detail/CVE-2026-28033) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28032](https://nvd.nist.gov/vuln/detail/CVE-2026-28032) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28031](https://nvd.nist.gov/vuln/detail/CVE-2026-28031) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28030](https://nvd.nist.gov/vuln/detail/CVE-2026-28030) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28029](https://nvd.nist.gov/vuln/detail/CVE-2026-28029) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28028](https://nvd.nist.gov/vuln/detail/CVE-2026-28028) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28027](https://nvd.nist.gov/vuln/detail/CVE-2026-28027) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28026](https://nvd.nist.gov/vuln/detail/CVE-2026-28026) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28025](https://nvd.nist.gov/vuln/detail/CVE-2026-28025) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28024](https://nvd.nist.gov/vuln/detail/CVE-2026-28024) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28023](https://nvd.nist.gov/vuln/detail/CVE-2026-28023) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28022](https://nvd.nist.gov/vuln/detail/CVE-2026-28022) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28021](https://nvd.nist.gov/vuln/detail/CVE-2026-28021) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28020](https://nvd.nist.gov/vuln/detail/CVE-2026-28020) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28019](https://nvd.nist.gov/vuln/detail/CVE-2026-28019) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28018](https://nvd.nist.gov/vuln/detail/CVE-2026-28018) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28017](https://nvd.nist.gov/vuln/detail/CVE-2026-28017) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28016](https://nvd.nist.gov/vuln/detail/CVE-2026-28016) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28015](https://nvd.nist.gov/vuln/detail/CVE-2026-28015) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28014](https://nvd.nist.gov/vuln/detail/CVE-2026-28014) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28013](https://nvd.nist.gov/vuln/detail/CVE-2026-28013) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28012](https://nvd.nist.gov/vuln/detail/CVE-2026-28012) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28011](https://nvd.nist.gov/vuln/detail/CVE-2026-28011) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28010](https://nvd.nist.gov/vuln/detail/CVE-2026-28010) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28009](https://nvd.nist.gov/vuln/detail/CVE-2026-28009) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28007](https://nvd.nist.gov/vuln/detail/CVE-2026-28007) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-28006](https://nvd.nist.gov/vuln/detail/CVE-2026-28006) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-27998](https://nvd.nist.gov/vuln/detail/CVE-2026-27998) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-27997](https://nvd.nist.gov/vuln/detail/CVE-2026-27997) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-27996](https://nvd.nist.gov/vuln/detail/CVE-2026-27996) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-27995](https://nvd.nist.gov/vuln/detail/CVE-2026-27995) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-27994](https://nvd.nist.gov/vuln/detail/CVE-2026-27994) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-27993](https://nvd.nist.gov/vuln/detail/CVE-2026-27993) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-27992](https://nvd.nist.gov/vuln/detail/CVE-2026-27992) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-27991](https://nvd.nist.gov/vuln/detail/CVE-2026-27991) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-27990](https://nvd.nist.gov/vuln/detail/CVE-2026-27990) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-27989](https://nvd.nist.gov/vuln/detail/CVE-2026-27989) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-27988](https://nvd.nist.gov/vuln/detail/CVE-2026-27988) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-27987](https://nvd.nist.gov/vuln/detail/CVE-2026-27987) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-27986](https://nvd.nist.gov/vuln/detail/CVE-2026-27986) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-27985](https://nvd.nist.gov/vuln/detail/CVE-2026-27985) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-27984](https://nvd.nist.gov/vuln/detail/CVE-2026-27984) | 9.0 | CRITICAL | CWE-94 | No | 0.0% | 6.30 | 2026-03-05 | Improper Control of Generation of Code ('Code Injection') vulnerability in Marketing Fire Widget Options widget-options... |
| [CVE-2026-27983](https://nvd.nist.gov/vuln/detail/CVE-2026-27983) | 9.8 | CRITICAL | CWE-266 | No | 0.1% | 6.86 | 2026-03-05 | Incorrect Privilege Assignment vulnerability in designthemes LMS Elementor Pro lms-elementor-pro allows Privilege Escala... |
| [CVE-2026-27982](https://nvd.nist.gov/vuln/detail/CVE-2026-27982) | 5.1 | MEDIUM | CWE-601 | No | 0.0% | 3.57 | 2026-03-05 | An open redirect vulnerability exists in django-allauth versions prior to 65.14.1 when SAML IdP initiated SSO is enabled... |
| [CVE-2026-27541](https://nvd.nist.gov/vuln/detail/CVE-2026-27541) | 7.1 | HIGH | CWE-266 | No | 0.0% | 4.97 | 2026-03-05 | Incorrect Privilege Assignment vulnerability in Josh Kohlbach Wholesale Suite woocommerce-wholesale-prices allows Privil... |
| [CVE-2026-27439](https://nvd.nist.gov/vuln/detail/CVE-2026-27439) | 9.8 | CRITICAL | CWE-502 | No | 0.1% | 6.86 | 2026-03-05 | Deserialization of Untrusted Data vulnerability in ThemeREX Dentario dentario allows Object Injection.This issue affects... |
| [CVE-2026-27438](https://nvd.nist.gov/vuln/detail/CVE-2026-27438) | 9.8 | CRITICAL | CWE-502 | No | 0.1% | 6.86 | 2026-03-05 | Deserialization of Untrusted Data vulnerability in ThemeREX Kingler kingler allows Object Injection.This issue affects K... |
| [CVE-2026-27437](https://nvd.nist.gov/vuln/detail/CVE-2026-27437) | 9.8 | CRITICAL | CWE-502 | No | 0.1% | 6.86 | 2026-03-05 | Deserialization of Untrusted Data vulnerability in ThemeREX Tennis Club tennis-sportclub allows Object Injection.This is... |
| [CVE-2026-27428](https://nvd.nist.gov/vuln/detail/CVE-2026-27428) | 8.5 | HIGH | CWE-89 | No | 0.0% | 5.95 | 2026-03-05 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eagle-Themes Eagle... |
| [CVE-2026-27417](https://nvd.nist.gov/vuln/detail/CVE-2026-27417) | 9.8 | CRITICAL | CWE-502 | No | 0.1% | 6.86 | 2026-03-05 | Deserialization of Untrusted Data vulnerability in SeventhQueen Sweet Date sweetdate allows Object Injection.This issue... |
| [CVE-2026-27411](https://nvd.nist.gov/vuln/detail/CVE-2026-27411) | 5.3 | MEDIUM | CWE-804 | No | 0.0% | 3.71 | 2026-03-05 | Guessable CAPTCHA vulnerability in jp-secure SiteGuard WP Plugin siteguard allows Functionality Bypass.This issue affect... |
| [CVE-2026-27406](https://nvd.nist.gov/vuln/detail/CVE-2026-27406) | 7.5 | HIGH | CWE-201 | No | 0.0% | 5.25 | 2026-03-05 | Insertion of Sensitive Information Into Sent Data vulnerability in Joe Dolson My Tickets my-tickets allows Retrieve Embe... |
| [CVE-2026-27396](https://nvd.nist.gov/vuln/detail/CVE-2026-27396) | 7.3 | HIGH | CWE-862 | No | 0.1% | 5.11 | 2026-03-05 | Missing Authorization vulnerability in e-plugins Directory Pro directory-pro allows Exploiting Incorrectly Configured Ac... |
| [CVE-2026-27390](https://nvd.nist.gov/vuln/detail/CVE-2026-27390) | 8.8 | HIGH | CWE-288 | No | 0.0% | 6.16 | 2026-03-05 | Authentication Bypass Using an Alternate Path or Channel vulnerability in designthemes WeDesignTech Ultimate Booking Add... |
| [CVE-2026-27389](https://nvd.nist.gov/vuln/detail/CVE-2026-27389) | 9.8 | CRITICAL | CWE-288 | No | 0.1% | 6.86 | 2026-03-05 | Authentication Bypass Using an Alternate Path or Channel vulnerability in designthemes WeDesignTech Ultimate Booking Add... |
| [CVE-2026-27388](https://nvd.nist.gov/vuln/detail/CVE-2026-27388) | 7.5 | HIGH | CWE-862 | No | 0.0% | 5.25 | 2026-03-05 | Missing Authorization vulnerability in designthemes DesignThemes Booking Manager designthemes-booking-manager allows Exp... |
| [CVE-2026-27386](https://nvd.nist.gov/vuln/detail/CVE-2026-27386) | 7.5 | HIGH | CWE-862 | No | 0.0% | 5.25 | 2026-03-05 | Missing Authorization vulnerability in designthemes DesignThemes Directory Addon designthemes-directory-addon allows Exp... |
| [CVE-2026-27385](https://nvd.nist.gov/vuln/detail/CVE-2026-27385) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-05 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes Desig... |
| [CVE-2026-27384](https://nvd.nist.gov/vuln/detail/CVE-2026-27384) | 9.0 | CRITICAL | CWE-1284 | No | 0.1% | 6.30 | 2026-03-05 | Improper Validation of Specified Quantity in Input vulnerability in BoldGrid W3 Total Cache w3-total-cache allows Access... |
| [CVE-2026-27383](https://nvd.nist.gov/vuln/detail/CVE-2026-27383) | 8.1 | HIGH | CWE-98 | No | 0.1% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-27382](https://nvd.nist.gov/vuln/detail/CVE-2026-27382) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-05 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RadiusTheme Metro... |
| [CVE-2026-27381](https://nvd.nist.gov/vuln/detail/CVE-2026-27381) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-27379](https://nvd.nist.gov/vuln/detail/CVE-2026-27379) | 8.8 | HIGH | CWE-502 | No | 0.1% | 6.16 | 2026-03-05 | Deserialization of Untrusted Data vulnerability in NextScripts NextScripts social-networks-auto-poster-facebook-twitter-... |
| [CVE-2026-27376](https://nvd.nist.gov/vuln/detail/CVE-2026-27376) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-05 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JanStudio Claue -... |
| [CVE-2026-27375](https://nvd.nist.gov/vuln/detail/CVE-2026-27375) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-05 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JanStudio Gecko ge... |
| [CVE-2026-27374](https://nvd.nist.gov/vuln/detail/CVE-2026-27374) | 7.5 | HIGH | CWE-862 | No | 0.0% | 5.25 | 2026-03-05 | Missing Authorization vulnerability in vanquish WooCommerce Order Details woocommerce-order-details allows Exploiting In... |
| [CVE-2026-27373](https://nvd.nist.gov/vuln/detail/CVE-2026-27373) | 8.5 | HIGH | CWE-89 | No | 0.0% | 5.95 | 2026-03-05 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Essekia Tablesome... |
| [CVE-2026-27370](https://nvd.nist.gov/vuln/detail/CVE-2026-27370) | 7.5 | HIGH | CWE-201 | No | 0.0% | 5.25 | 2026-03-05 | Insertion of Sensitive Information Into Sent Data vulnerability in Premio Chaty chaty allows Retrieve Embedded Sensitive... |
| [CVE-2026-27369](https://nvd.nist.gov/vuln/detail/CVE-2026-27369) | 8.1 | HIGH | CWE-502 | No | 0.1% | 5.67 | 2026-03-05 | Deserialization of Untrusted Data vulnerability in BoldThemes Celeste celeste allows Object Injection.This issue affects... |
| [CVE-2026-27367](https://nvd.nist.gov/vuln/detail/CVE-2026-27367) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-05 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Musico... |
| [CVE-2026-27363](https://nvd.nist.gov/vuln/detail/CVE-2026-27363) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-05 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kamleshyadav WP Ba... |
| [CVE-2026-27362](https://nvd.nist.gov/vuln/detail/CVE-2026-27362) | 6.5 | MEDIUM | CWE-862 | No | 0.0% | 4.55 | 2026-03-05 | Missing Authorization vulnerability in kamleshyadav WP Bakery Autoresponder Addon vc-autoresponder-addon allows Exploiti... |
| [CVE-2026-27361](https://nvd.nist.gov/vuln/detail/CVE-2026-27361) | 7.5 | HIGH | CWE-862 | No | 0.0% | 5.25 | 2026-03-05 | Missing Authorization vulnerability in WebCodingPlace Responsive Posts Carousel Pro responsive-posts-carousel-pro allows... |
| [CVE-2026-27359](https://nvd.nist.gov/vuln/detail/CVE-2026-27359) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-05 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fox-themes Awa Plu... |
| [CVE-2026-27358](https://nvd.nist.gov/vuln/detail/CVE-2026-27358) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-05 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Archite... |
| [CVE-2026-27354](https://nvd.nist.gov/vuln/detail/CVE-2026-27354) | 6.5 | MEDIUM | CWE-79 | No | 0.0% | 4.55 | 2026-03-05 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebCodingPlace Woo... |
| [CVE-2026-27353](https://nvd.nist.gov/vuln/detail/CVE-2026-27353) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-05 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand N... |
| [CVE-2026-27352](https://nvd.nist.gov/vuln/detail/CVE-2026-27352) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-05 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Starto... |
| [CVE-2026-27348](https://nvd.nist.gov/vuln/detail/CVE-2026-27348) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-05 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Photogr... |
| [CVE-2026-27344](https://nvd.nist.gov/vuln/detail/CVE-2026-27344) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-03-05 | Missing Authorization vulnerability in inseriswiss inseri core inseri-core allows Exploiting Incorrectly Configured Acce... |
| [CVE-2026-27342](https://nvd.nist.gov/vuln/detail/CVE-2026-27342) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-27341](https://nvd.nist.gov/vuln/detail/CVE-2026-27341) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-27340](https://nvd.nist.gov/vuln/detail/CVE-2026-27340) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-27339](https://nvd.nist.gov/vuln/detail/CVE-2026-27339) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-27338](https://nvd.nist.gov/vuln/detail/CVE-2026-27338) | 8.8 | HIGH | CWE-502 | No | 0.1% | 6.16 | 2026-03-05 | Deserialization of Untrusted Data vulnerability in AivahThemes Car Zone carzone allows Object Injection.This issue affec... |
| [CVE-2026-27337](https://nvd.nist.gov/vuln/detail/CVE-2026-27337) | 8.1 | HIGH | CWE-98 | No | 0.1% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-27336](https://nvd.nist.gov/vuln/detail/CVE-2026-27336) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-27335](https://nvd.nist.gov/vuln/detail/CVE-2026-27335) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-27334](https://nvd.nist.gov/vuln/detail/CVE-2026-27334) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-27332](https://nvd.nist.gov/vuln/detail/CVE-2026-27332) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-05 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Agrofood... |
| [CVE-2026-27326](https://nvd.nist.gov/vuln/detail/CVE-2026-27326) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-27098](https://nvd.nist.gov/vuln/detail/CVE-2026-27098) | 8.1 | HIGH | CWE-502 | No | 0.1% | 5.67 | 2026-03-05 | Deserialization of Untrusted Data vulnerability in axiomthemes Au Pair Agency - Babysitting & Nanny Theme au-pair-agency... |
| [CVE-2026-27097](https://nvd.nist.gov/vuln/detail/CVE-2026-27097) | 8.1 | HIGH | CWE-98 | No | 0.1% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-24963](https://nvd.nist.gov/vuln/detail/CVE-2026-24963) | 7.2 | HIGH | CWE-266 | No | 0.1% | 5.04 | 2026-03-05 | Incorrect Privilege Assignment vulnerability in ameliabooking Amelia ameliabooking allows Privilege Escalation.This issu... |
| [CVE-2026-24960](https://nvd.nist.gov/vuln/detail/CVE-2026-24960) | 9.9 | CRITICAL | CWE-434 | No | 0.1% | 6.93 | 2026-03-05 | Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Charety charety allows Using Malicious Files... |
| [CVE-2026-24385](https://nvd.nist.gov/vuln/detail/CVE-2026-24385) | 7.5 | HIGH | CWE-502 | No | 0.1% | 5.25 | 2026-03-05 | Deserialization of Untrusted Data vulnerability in gerritvanaaken Podlove Web Player podlove-web-player allows Object In... |
| [CVE-2026-23802](https://nvd.nist.gov/vuln/detail/CVE-2026-23802) | 9.1 | CRITICAL | CWE-434 | No | 0.1% | 6.37 | 2026-03-05 | Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine ai-engine allows Using Malicious F... |
| [CVE-2026-23801](https://nvd.nist.gov/vuln/detail/CVE-2026-23801) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-23799](https://nvd.nist.gov/vuln/detail/CVE-2026-23799) | 6.5 | MEDIUM | CWE-862 | No | 0.0% | 4.55 | 2026-03-05 | Missing Authorization vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control S... |
| [CVE-2026-23798](https://nvd.nist.gov/vuln/detail/CVE-2026-23798) | 8.8 | HIGH | CWE-502 | No | 0.1% | 6.16 | 2026-03-05 | Deserialization of Untrusted Data vulnerability in blubrry PowerPress Podcasting powerpress allows Object Injection.This... |
| [CVE-2026-23767](https://nvd.nist.gov/vuln/detail/CVE-2026-23767) | 9.8 | CRITICAL | CWE-306 | No | 0.1% | 6.86 | 2026-03-05 | ESC/POS, a printer control language designed by Seiko Epson Corporation, lacks mechanisms for user authentication and co... |
| [CVE-2026-23546](https://nvd.nist.gov/vuln/detail/CVE-2026-23546) | 6.5 | MEDIUM | CWE-201 | No | 0.0% | 4.55 | 2026-03-05 | Insertion of Sensitive Information Into Sent Data vulnerability in RadiusTheme Classified Listing classified-listing all... |
| [CVE-2026-22501](https://nvd.nist.gov/vuln/detail/CVE-2026-22501) | 9.8 | CRITICAL | CWE-502 | No | 0.1% | 6.86 | 2026-03-05 | Deserialization of Untrusted Data vulnerability in axiomthemes Mounthood mounthood allows Object Injection.This issue af... |
| [CVE-2026-22497](https://nvd.nist.gov/vuln/detail/CVE-2026-22497) | 9.8 | CRITICAL | CWE-502 | No | 0.1% | 6.86 | 2026-03-05 | Deserialization of Untrusted Data vulnerability in AncoraThemes Jardi jardi allows Object Injection.This issue affects J... |
| [CVE-2026-22479](https://nvd.nist.gov/vuln/detail/CVE-2026-22479) | 7.5 | HIGH | CWE-862 | No | 0.0% | 5.25 | 2026-03-05 | Missing Authorization vulnerability in ThemeRuby Easy Post Submission easy-post-submission allows Exploiting Incorrectly... |
| [CVE-2026-22478](https://nvd.nist.gov/vuln/detail/CVE-2026-22478) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-22477](https://nvd.nist.gov/vuln/detail/CVE-2026-22477) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-22476](https://nvd.nist.gov/vuln/detail/CVE-2026-22476) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-22475](https://nvd.nist.gov/vuln/detail/CVE-2026-22475) | 9.8 | CRITICAL | CWE-502 | No | 0.1% | 6.86 | 2026-03-05 | Deserialization of Untrusted Data vulnerability in axiomthemes Estate estate allows Object Injection.This issue affects... |
| [CVE-2026-22474](https://nvd.nist.gov/vuln/detail/CVE-2026-22474) | 9.8 | CRITICAL | CWE-502 | No | 0.1% | 6.86 | 2026-03-05 | Deserialization of Untrusted Data vulnerability in ThemeREX Equestrian Centre equestrian-centre allows Object Injection.... |
| [CVE-2026-22473](https://nvd.nist.gov/vuln/detail/CVE-2026-22473) | 8.8 | HIGH | CWE-502 | No | 0.1% | 6.16 | 2026-03-05 | Deserialization of Untrusted Data vulnerability in designthemes Dental Clinic dental allows Object Injection.This issue... |
| [CVE-2026-22471](https://nvd.nist.gov/vuln/detail/CVE-2026-22471) | 8.6 | HIGH | CWE-502 | No | 0.1% | 6.02 | 2026-03-05 | Deserialization of Untrusted Data vulnerability in maximsecudeal Secudeal Payments for Ecommerce secudeal-payments-for-e... |
| [CVE-2026-22467](https://nvd.nist.gov/vuln/detail/CVE-2026-22467) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-05 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mwtemplates DeepDi... |
| [CVE-2026-22465](https://nvd.nist.gov/vuln/detail/CVE-2026-22465) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-05 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SeventhQueen Buddy... |
| [CVE-2026-22460](https://nvd.nist.gov/vuln/detail/CVE-2026-22460) | 8.6 | HIGH | CWE-22 | No | 0.1% | 6.02 | 2026-03-05 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpWax FormGent formgent... |
| [CVE-2026-22459](https://nvd.nist.gov/vuln/detail/CVE-2026-22459) | 6.5 | MEDIUM | CWE-862 | No | 0.1% | 4.55 | 2026-03-05 | Missing Authorization vulnerability in Blend Media WordPress CTA easy-sticky-sidebar allows Exploiting Incorrectly Confi... |
| [CVE-2026-22457](https://nvd.nist.gov/vuln/detail/CVE-2026-22457) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-22456](https://nvd.nist.gov/vuln/detail/CVE-2026-22456) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-22455](https://nvd.nist.gov/vuln/detail/CVE-2026-22455) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-05 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in foreverpinetree Th... |
| [CVE-2026-22454](https://nvd.nist.gov/vuln/detail/CVE-2026-22454) | 9.8 | CRITICAL | CWE-502 | No | 0.1% | 6.86 | 2026-03-05 | Deserialization of Untrusted Data vulnerability in ThemeREX Solaris solaris allows Object Injection.This issue affects S... |
| [CVE-2026-22453](https://nvd.nist.gov/vuln/detail/CVE-2026-22453) | 9.8 | CRITICAL | CWE-502 | No | 0.1% | 6.86 | 2026-03-05 | Deserialization of Untrusted Data vulnerability in ThemeREX Pets Club petclub allows Object Injection.This issue affects... |
| [CVE-2026-22452](https://nvd.nist.gov/vuln/detail/CVE-2026-22452) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-22451](https://nvd.nist.gov/vuln/detail/CVE-2026-22451) | 9.8 | CRITICAL | CWE-502 | No | 0.1% | 6.86 | 2026-03-05 | Deserialization of Untrusted Data vulnerability in AncoraThemes Handyman handyman-services allows Object Injection.This... |
| [CVE-2026-22449](https://nvd.nist.gov/vuln/detail/CVE-2026-22449) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-22446](https://nvd.nist.gov/vuln/detail/CVE-2026-22446) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-22443](https://nvd.nist.gov/vuln/detail/CVE-2026-22443) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-22442](https://nvd.nist.gov/vuln/detail/CVE-2026-22442) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-22441](https://nvd.nist.gov/vuln/detail/CVE-2026-22441) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-22440](https://nvd.nist.gov/vuln/detail/CVE-2026-22440) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-05 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in foreverpinetree Th... |
| [CVE-2026-22439](https://nvd.nist.gov/vuln/detail/CVE-2026-22439) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-22438](https://nvd.nist.gov/vuln/detail/CVE-2026-22438) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-03-05 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in foreverpinetree Th... |
| [CVE-2026-22437](https://nvd.nist.gov/vuln/detail/CVE-2026-22437) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-22436](https://nvd.nist.gov/vuln/detail/CVE-2026-22436) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-22435](https://nvd.nist.gov/vuln/detail/CVE-2026-22435) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-22434](https://nvd.nist.gov/vuln/detail/CVE-2026-22434) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-22433](https://nvd.nist.gov/vuln/detail/CVE-2026-22433) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-22432](https://nvd.nist.gov/vuln/detail/CVE-2026-22432) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-22431](https://nvd.nist.gov/vuln/detail/CVE-2026-22431) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-22429](https://nvd.nist.gov/vuln/detail/CVE-2026-22429) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-22428](https://nvd.nist.gov/vuln/detail/CVE-2026-22428) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-22427](https://nvd.nist.gov/vuln/detail/CVE-2026-22427) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-22425](https://nvd.nist.gov/vuln/detail/CVE-2026-22425) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-22424](https://nvd.nist.gov/vuln/detail/CVE-2026-22424) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-22423](https://nvd.nist.gov/vuln/detail/CVE-2026-22423) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-22421](https://nvd.nist.gov/vuln/detail/CVE-2026-22421) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-22420](https://nvd.nist.gov/vuln/detail/CVE-2026-22420) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-22419](https://nvd.nist.gov/vuln/detail/CVE-2026-22419) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-22418](https://nvd.nist.gov/vuln/detail/CVE-2026-22418) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-22417](https://nvd.nist.gov/vuln/detail/CVE-2026-22417) | 8.1 | HIGH | CWE-502 | No | 0.1% | 5.67 | 2026-03-05 | Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Wedding grandwedding allows Object Injection.This is... |
| [CVE-2026-22416](https://nvd.nist.gov/vuln/detail/CVE-2026-22416) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-22415](https://nvd.nist.gov/vuln/detail/CVE-2026-22415) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-22414](https://nvd.nist.gov/vuln/detail/CVE-2026-22414) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-22413](https://nvd.nist.gov/vuln/detail/CVE-2026-22413) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-22412](https://nvd.nist.gov/vuln/detail/CVE-2026-22412) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-22410](https://nvd.nist.gov/vuln/detail/CVE-2026-22410) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-22408](https://nvd.nist.gov/vuln/detail/CVE-2026-22408) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-22405](https://nvd.nist.gov/vuln/detail/CVE-2026-22405) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-22403](https://nvd.nist.gov/vuln/detail/CVE-2026-22403) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-22399](https://nvd.nist.gov/vuln/detail/CVE-2026-22399) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-22397](https://nvd.nist.gov/vuln/detail/CVE-2026-22397) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-22395](https://nvd.nist.gov/vuln/detail/CVE-2026-22395) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-22394](https://nvd.nist.gov/vuln/detail/CVE-2026-22394) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-22392](https://nvd.nist.gov/vuln/detail/CVE-2026-22392) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-22390](https://nvd.nist.gov/vuln/detail/CVE-2026-22390) | 9.9 | CRITICAL | CWE-94 | No | 0.1% | 6.93 | 2026-03-05 | Improper Control of Generation of Code ('Code Injection') vulnerability in Builderall Builderall Builder for WordPress b... |
| [CVE-2026-22389](https://nvd.nist.gov/vuln/detail/CVE-2026-22389) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-22387](https://nvd.nist.gov/vuln/detail/CVE-2026-22387) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-22385](https://nvd.nist.gov/vuln/detail/CVE-2026-22385) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2025-69411](https://nvd.nist.gov/vuln/detail/CVE-2025-69411) | 7.5 | HIGH | CWE-22 | No | 0.1% | 5.25 | 2026-03-05 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Robert Seyfriedsberger i... |
| [CVE-2025-69343](https://nvd.nist.gov/vuln/detail/CVE-2025-69343) | 6.5 | MEDIUM | CWE-79 | No | 0.0% | 4.55 | 2026-03-05 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeroen Schmit Thea... |
| [CVE-2025-69340](https://nvd.nist.gov/vuln/detail/CVE-2025-69340) | 7.5 | HIGH | CWE-862 | No | 0.0% | 5.25 | 2026-03-05 | Missing Authorization vulnerability in BuddhaThemes WeDesignTech Ultimate Booking Addon wedesigntech-ultimate-booking-ad... |
| [CVE-2025-69339](https://nvd.nist.gov/vuln/detail/CVE-2025-69339) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2025-69338](https://nvd.nist.gov/vuln/detail/CVE-2025-69338) | 9.3 | CRITICAL | CWE-89 | No | 0.0% | 6.51 | 2026-03-05 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in don-themes Riode C... |
| [CVE-2025-69090](https://nvd.nist.gov/vuln/detail/CVE-2025-69090) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2025-68555](https://nvd.nist.gov/vuln/detail/CVE-2025-68555) | 9.9 | CRITICAL | CWE-434 | No | 0.1% | 6.93 | 2026-03-05 | Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Nutrie nutrie allows Upload a Web Shell to a... |
| [CVE-2025-68554](https://nvd.nist.gov/vuln/detail/CVE-2025-68554) | 9.9 | CRITICAL | CWE-434 | No | 0.1% | 6.93 | 2026-03-05 | Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Keenarch keenarch allows Using Malicious Fil... |
| [CVE-2025-68553](https://nvd.nist.gov/vuln/detail/CVE-2025-68553) | 9.9 | CRITICAL | CWE-434 | No | 0.1% | 6.93 | 2026-03-05 | Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Lendiz lendiz allows Upload a Web Shell to a... |
| [CVE-2025-68515](https://nvd.nist.gov/vuln/detail/CVE-2025-68515) | 5.8 | MEDIUM | CWE-201 | No | 0.0% | 4.06 | 2026-03-05 | Insertion of Sensitive Information Into Sent Data vulnerability in Roland Murg WP Booking System wp-booking-system allow... |
| [CVE-2025-54001](https://nvd.nist.gov/vuln/detail/CVE-2025-54001) | 9.8 | CRITICAL | CWE-502 | No | 0.1% | 6.86 | 2026-03-05 | Deserialization of Untrusted Data vulnerability in ThemeREX Classter classter allows Object Injection.This issue affects... |
| [CVE-2025-53335](https://nvd.nist.gov/vuln/detail/CVE-2025-53335) | 8.1 | HIGH | CWE-98 | No | 0.2% | 5.67 | 2026-03-05 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-3523](https://nvd.nist.gov/vuln/detail/CVE-2026-3523) | 4.9 | MEDIUM | CWE-89 | No | 0.1% | 3.43 | 2026-03-05 | The Apocalypse Meow plugin for WordPress is vulnerable to SQL Injection via the 'type' parameter in all versions up to,... |
| [CVE-2026-3034](https://nvd.nist.gov/vuln/detail/CVE-2026-3034) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-03-05 | The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _ob_spacera... |
| [CVE-2026-2365](https://nvd.nist.gov/vuln/detail/CVE-2026-2365) | 7.2 | HIGH | CWE-79 | No | 0.3% | 5.05 | 2026-03-05 | The Fluent Forms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `fluentform_step_form_sav... |
| [CVE-2026-29127](https://nvd.nist.gov/vuln/detail/CVE-2026-29127) | 9.2 | CRITICAL | CWE-269 | No | 0.0% | 6.44 | 2026-03-05 | The IDC SFX2100 Satellite Receiver sets overly permissive file system permissions on the monitor user's home directory.... |
| [CVE-2026-26034](https://nvd.nist.gov/vuln/detail/CVE-2026-26034) | 8.5 | HIGH | CWE-276 | No | 0.0% | 5.95 | 2026-03-05 | UPS Multi-UPS Management Console (MUMC) version 01.06.0001 (A03) contains an Incorrect Default Permissions (CWE-276) vul... |
| [CVE-2026-26033](https://nvd.nist.gov/vuln/detail/CVE-2026-26033) | 8.4 | HIGH | CWE-428 | No | 0.0% | 5.88 | 2026-03-05 | UPS Multi-UPS Management Console (MUMC) version 01.06.0001 (A03) contains an Unquoted Search Path or Element (CWE-428) v... |
| [CVE-2026-29126](https://nvd.nist.gov/vuln/detail/CVE-2026-29126) | 8.5 | HIGH | CWE-732 | No | 0.0% | 5.95 | 2026-03-05 | Incorrect permission assignment (world-writable file) in /etc/udhcpc/default.script in International Data Casting (IDC)... |
| [CVE-2026-29125](https://nvd.nist.gov/vuln/detail/CVE-2026-29125) | 7.1 | HIGH | CWE-732 | No | 0.0% | 4.97 | 2026-03-05 | IDC SFX2100 Satalite Recievers set the `/etc/resolv.conf` file to be world-writable by any local user, allowing DNS reso... |
| [CVE-2026-29124](https://nvd.nist.gov/vuln/detail/CVE-2026-29124) | 8.6 | HIGH | CWE-269 | No | 0.0% | 6.02 | 2026-03-05 | Multiple SUID root-owned binaries are found in /home/monitor/terminal, /home/monitor/kore-terminal, /home/monitor/IDE-DP... |
| [CVE-2026-29123](https://nvd.nist.gov/vuln/detail/CVE-2026-29123) | 8.6 | HIGH | CWE-269 | No | 0.0% | 6.02 | 2026-03-05 | A SUID root-owned binary in /home/xd/terminal/XDTerminal in International Data Casting (IDC) SFX2100 on Linux allows a l... |
| [CVE-2026-29122](https://nvd.nist.gov/vuln/detail/CVE-2026-29122) | 8.3 | HIGH | CWE-269 | No | 0.0% | 5.81 | 2026-03-05 | International Data Casting (IDC) SFX2100 satellite receiver comes with the `/bin/date` utility installed with the setuid... |
| [CVE-2026-29121](https://nvd.nist.gov/vuln/detail/CVE-2026-29121) | 8.3 | HIGH | CWE-269 | No | 0.0% | 5.81 | 2026-03-05 | International Data Casting (IDC) SFX2100 satellite receiver comes with the `/sbin/ip` utility installed with the setuid... |
| [CVE-2026-22052](https://nvd.nist.gov/vuln/detail/CVE-2026-22052) | 5.3 | MEDIUM | CWE-209 | No | 0.0% | 3.71 | 2026-03-05 | ONTAP versions 9.12.1 and higher with S3 NAS buckets are susceptible to an information disclosure vulnerability. Success... |
| [CVE-2026-2297](https://nvd.nist.gov/vuln/detail/CVE-2026-2297) | 5.7 | MEDIUM | CWE-668 | No | 0.0% | 3.99 | 2026-03-04 | The import hook in CPython that handles legacy *.pyc files (SourcelessFileLoader) is incorrectly handled in FileLoader (... |
| [CVE-2026-29086](https://nvd.nist.gov/vuln/detail/CVE-2026-29086) | 5.4 | MEDIUM | CWE-1113 | No | 0.0% | 3.78 | 2026-03-04 | Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, the setCo... |
| [CVE-2026-29085](https://nvd.nist.gov/vuln/detail/CVE-2026-29085) | 6.5 | MEDIUM | CWE-74 | No | 0.1% | 4.55 | 2026-03-04 | Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, when usin... |
| [CVE-2026-29045](https://nvd.nist.gov/vuln/detail/CVE-2026-29045) | 7.5 | HIGH | CWE-177 | No | 0.0% | 5.25 | 2026-03-04 | Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, when usin... |
| [CVE-2026-26002](https://nvd.nist.gov/vuln/detail/CVE-2026-26002) | 6.3 | MEDIUM | CWE-74 | No | 0.1% | 4.41 | 2026-03-04 | Open OnDemand is an open-source high-performance computing portal. The Files application in OnDemand versions prior to 4... |
| [CVE-2025-41257](https://nvd.nist.gov/vuln/detail/CVE-2025-41257) | 4.8 | MEDIUM | CWE-20 | No | 0.0% | 3.36 | 2026-03-04 | Suprema’s BioStar 2 in version 2.9.11.6 allows users to set new password without providing the current one. Exploiting t... |
| [CVE-2026-29000](https://nvd.nist.gov/vuln/detail/CVE-2026-29000) | 9.3 | CRITICAL | CWE-347 | No | 0.1% | 6.51 | 2026-03-04 | pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3 contain an authentication bypass vulnerability in JwtAuthenticator w... |
| [CVE-2026-27898](https://nvd.nist.gov/vuln/detail/CVE-2026-27898) | 5.4 | MEDIUM | CWE-639 | No | 0.0% | 3.78 | 2026-03-04 | Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Prior to versi... |
| [CVE-2026-27803](https://nvd.nist.gov/vuln/detail/CVE-2026-27803) | 8.3 | HIGH | CWE-269 | No | 0.1% | 5.81 | 2026-03-04 | Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Prior to versi... |
| [CVE-2026-27802](https://nvd.nist.gov/vuln/detail/CVE-2026-27802) | 8.3 | HIGH | CWE-269 | No | 0.1% | 5.81 | 2026-03-04 | Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Prior to versi... |
| [CVE-2026-27801](https://nvd.nist.gov/vuln/detail/CVE-2026-27801) | 6.0 | MEDIUM | CWE-307 | No | 0.0% | 4.20 | 2026-03-04 | Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Vaultwarden ve... |
| [CVE-2026-25750](https://nvd.nist.gov/vuln/detail/CVE-2026-25750) | 8.5 | HIGH | CWE-74 | No | 0.0% | 5.95 | 2026-03-04 | Langchain Helm Charts are Helm charts for deploying Langchain applications on Kubernetes. Prior to langchain-ai/helm ver... |
| [CVE-2026-22040](https://nvd.nist.gov/vuln/detail/CVE-2026-22040) | 5.3 | MEDIUM | CWE-416 | No | 0.1% | 3.71 | 2026-03-04 | NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In version 0.24.6, by generating a combined traffi... |
| [CVE-2025-70222](https://nvd.nist.gov/vuln/detail/CVE-2025-70222) | 9.8 | CRITICAL | CWE-121 | No | 0.1% | 6.86 | 2026-03-04 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formLogin,goform/getAuth... |
| [CVE-2025-68467](https://nvd.nist.gov/vuln/detail/CVE-2025-68467) | 3.4 | LOW | CWE-200 | No | 0.0% | 2.38 | 2026-03-04 | Dark Reader is an accessibility browser extension that makes web pages colors dark. The dynamic dark mode feature of the... |
| [CVE-2025-66024](https://nvd.nist.gov/vuln/detail/CVE-2025-66024) | 8.6 | HIGH | CWE-79 | No | 0.0% | 6.02 | 2026-03-04 | The XWiki blog application allows users of the XWiki platform to create and manage blog posts. Versions prior to 9.15.7... |
| [CVE-2025-70225](https://nvd.nist.gov/vuln/detail/CVE-2025-70225) | 9.8 | CRITICAL | CWE-121 | No | 0.1% | 6.86 | 2026-03-04 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curtime parameter to the goform/formEasySetupWWConfi... |
| [CVE-2025-70221](https://nvd.nist.gov/vuln/detail/CVE-2025-70221) | 9.8 | CRITICAL | CWE-121 | No | 0.1% | 6.86 | 2026-03-04 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formLogin. |
| [CVE-2025-46108](https://nvd.nist.gov/vuln/detail/CVE-2025-46108) | 9.8 | CRITICAL | CWE-120 | No | 0.1% | 6.86 | 2026-03-04 | D-link Dir-513 A1FW110 is vulnerable to Buffer Overflow in the function formTcpipSetup. |
| [CVE-2026-3545](https://nvd.nist.gov/vuln/detail/CVE-2026-3545) | 9.6 | CRITICAL | CWE-20 | No | 0.1% | 6.72 | 2026-03-04 | Insufficient data validation in Navigation in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potenti... |
| [CVE-2026-3544](https://nvd.nist.gov/vuln/detail/CVE-2026-3544) | 8.8 | HIGH | CWE-122 | No | 0.1% | 6.16 | 2026-03-04 | Heap buffer overflow in WebCodecs in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform an out o... |
| [CVE-2026-3543](https://nvd.nist.gov/vuln/detail/CVE-2026-3543) | 8.8 | HIGH | CWE-284 | No | 0.1% | 6.16 | 2026-03-04 | Inappropriate implementation in V8 in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially per... |
| [CVE-2026-3542](https://nvd.nist.gov/vuln/detail/CVE-2026-3542) | 8.8 | HIGH | CWE-284 | No | 0.1% | 6.16 | 2026-03-04 | Inappropriate implementation in WebAssembly in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perfor... |
| [CVE-2026-3541](https://nvd.nist.gov/vuln/detail/CVE-2026-3541) | 8.8 | HIGH | CWE-284 | No | 0.1% | 6.16 | 2026-03-04 | Inappropriate implementation in CSS in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform an out... |
| [CVE-2026-3540](https://nvd.nist.gov/vuln/detail/CVE-2026-3540) | 8.8 | HIGH | CWE-125 | No | 0.1% | 6.16 | 2026-03-04 | Inappropriate implementation in WebAudio in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform o... |
| [CVE-2026-3539](https://nvd.nist.gov/vuln/detail/CVE-2026-3539) | 8.8 | HIGH | CWE-1091 | No | 0.0% | 6.16 | 2026-03-04 | Object lifecycle issue in DevTools in Google Chrome prior to 145.0.7632.159 allowed an attacker who convinced a user to... |
| [CVE-2026-3538](https://nvd.nist.gov/vuln/detail/CVE-2026-3538) | 8.8 | HIGH | CWE-472 | No | 0.1% | 6.16 | 2026-03-04 | Integer overflow in Skia in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform out o... |
| [CVE-2026-3537](https://nvd.nist.gov/vuln/detail/CVE-2026-3537) | 8.8 | HIGH | CWE-787 | No | 0.1% | 6.16 | 2026-03-04 | Object lifecycle issue in PowerVR in Google Chrome on Android prior to 145.0.7632.159 allowed a remote attacker to poten... |
| [CVE-2026-3536](https://nvd.nist.gov/vuln/detail/CVE-2026-3536) | 8.8 | HIGH | CWE-472 | No | 0.1% | 6.16 | 2026-03-04 | Integer overflow in ANGLE in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform out... |
| [CVE-2026-28435](https://nvd.nist.gov/vuln/detail/CVE-2026-28435) | 7.5 | HIGH | CWE-400 | No | 0.1% | 5.25 | 2026-03-04 | cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.35.0, cpp-httplib (httplib.... |
| [CVE-2026-28434](https://nvd.nist.gov/vuln/detail/CVE-2026-28434) | 5.3 | MEDIUM | CWE-200 | No | 0.1% | 3.71 | 2026-03-04 | cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.35.0, when a request handle... |
| [CVE-2026-28427](https://nvd.nist.gov/vuln/detail/CVE-2026-28427) | 5.9 | MEDIUM | CWE-22 | No | 0.1% | 4.13 | 2026-03-04 | OpenDeck is Linux software for your Elgato Stream Deck. Prior to 2.8.1, the service listening on port 57118 serves stati... |
| [CVE-2025-70219](https://nvd.nist.gov/vuln/detail/CVE-2025-70219) | 9.8 | CRITICAL | CWE-121 | No | 0.1% | 6.86 | 2026-03-04 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the goform/formDeviceReboot. |
| [CVE-2026-0847](https://nvd.nist.gov/vuln/detail/CVE-2026-0847) | 8.6 | HIGH | CWE-22 | No | 0.3% | 6.03 | 2026-03-04 | A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path traversal in multiple Cor... |
| [CVE-2025-70226](https://nvd.nist.gov/vuln/detail/CVE-2025-70226) | 9.8 | CRITICAL | CWE-121 | No | 0.1% | 6.86 | 2026-03-04 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formEasySetupWizard. |
| [CVE-2025-70223](https://nvd.nist.gov/vuln/detail/CVE-2025-70223) | 9.8 | CRITICAL | CWE-121 | No | 0.1% | 6.86 | 2026-03-04 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAdvNetwork. |
| [CVE-2026-26949](https://nvd.nist.gov/vuln/detail/CVE-2026-26949) | 5.5 | MEDIUM | CWE-863 | No | 0.0% | 3.85 | 2026-03-04 | Dell Device Management Agent (DDMA), versions prior to 26.02, contain an Incorrect Authorization vulnerability. A low pr... |
| [CVE-2025-70220](https://nvd.nist.gov/vuln/detail/CVE-2025-70220) | 9.8 | CRITICAL | CWE-121 | No | 0.1% | 6.86 | 2026-03-04 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAutoDetecWAN_wizard4... |
| [CVE-2025-70218](https://nvd.nist.gov/vuln/detail/CVE-2025-70218) | 9.8 | CRITICAL | CWE-121 | No | 0.1% | 6.86 | 2026-03-04 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via POST to the goform/formAdvFirewall component. |
| [CVE-2019-25507](https://nvd.nist.gov/vuln/detail/CVE-2019-25507) | 8.8 | HIGH | CWE-89 | No | 0.1% | 6.16 | 2026-03-04 | Ashop Shopping Cart Software contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate... |
| [CVE-2019-25506](https://nvd.nist.gov/vuln/detail/CVE-2019-25506) | 8.8 | HIGH | CWE-89 | No | 0.3% | 6.17 | 2026-03-04 | FreeSMS 2.1.2 contains a boolean-based blind SQL injection vulnerability in the password parameter that allows unauthent... |
| [CVE-2019-25505](https://nvd.nist.gov/vuln/detail/CVE-2019-25505) | 7.1 | HIGH | CWE-89 | No | 0.0% | 4.97 | 2026-03-04 | Tradebox 5.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries... |
| [CVE-2019-25504](https://nvd.nist.gov/vuln/detail/CVE-2019-25504) | 8.8 | HIGH | CWE-89 | No | 0.1% | 6.16 | 2026-03-04 | NCrypted Jobgator contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database q... |
| [CVE-2019-25503](https://nvd.nist.gov/vuln/detail/CVE-2019-25503) | 7.1 | HIGH | CWE-89 | No | 0.1% | 4.97 | 2026-03-04 | PHPads 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL querie... |
| [CVE-2019-25502](https://nvd.nist.gov/vuln/detail/CVE-2019-25502) | 5.1 | MEDIUM | CWE-79 | No | 0.1% | 3.57 | 2026-03-04 | Simple Job Script contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject maliciou... |
| [CVE-2019-25501](https://nvd.nist.gov/vuln/detail/CVE-2019-25501) | 8.8 | HIGH | CWE-89 | No | 0.1% | 6.16 | 2026-03-04 | Simple Job Script contains an SQL injection vulnerability that allows attackers to manipulate database queries by inject... |
| [CVE-2019-25500](https://nvd.nist.gov/vuln/detail/CVE-2019-25500) | 8.8 | HIGH | CWE-89 | No | 0.1% | 6.16 | 2026-03-04 | Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database q... |
| [CVE-2019-25499](https://nvd.nist.gov/vuln/detail/CVE-2019-25499) | 8.8 | HIGH | CWE-89 | No | 0.3% | 6.17 | 2026-03-04 | Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database q... |
| [CVE-2019-25498](https://nvd.nist.gov/vuln/detail/CVE-2019-25498) | 8.8 | HIGH | CWE-89 | No | 0.2% | 6.17 | 2026-03-04 | Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database q... |
| [CVE-2026-3520](https://nvd.nist.gov/vuln/detail/CVE-2026-3520) | 8.7 | HIGH | CWE-674 | No | 0.1% | 6.09 | 2026-03-04 | Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.1 allo... |
| [CVE-2026-29069](https://nvd.nist.gov/vuln/detail/CVE-2026-29069) | 6.9 | MEDIUM | CWE-639 | No | 0.1% | 4.83 | 2026-03-04 | Craft is a content management system (CMS). Prior to 5.9.0-beta.2 and 4.17.0-beta.2, the actionSendActivationEmail() end... |
| [CVE-2026-28784](https://nvd.nist.gov/vuln/detail/CVE-2026-28784) | 8.6 | HIGH | CWE-1336 | No | 0.1% | 6.02 | 2026-03-04 | Craft is a content management system (CMS). Prior to 5.8.22 and 4.16.18, it is possible to craft a malicious payload usi... |
| [CVE-2026-28783](https://nvd.nist.gov/vuln/detail/CVE-2026-28783) | 9.4 | CRITICAL | CWE-94 | No | 0.1% | 6.58 | 2026-03-04 | Craft is a content management system (CMS). Prior to 5.9.0-beta.1 and 4.17.0-beta.1, Craft CMS implements a blocklist to... |
| [CVE-2026-28782](https://nvd.nist.gov/vuln/detail/CVE-2026-28782) | 5.3 | MEDIUM | CWE-639 | No | 0.0% | 3.71 | 2026-03-04 | Craft is a content management system (CMS). Prior to 5.9.0-beta.1 and 4.17.0-beta.1, the "Duplicate" entry action does n... |
| [CVE-2026-28781](https://nvd.nist.gov/vuln/detail/CVE-2026-28781) | 7.1 | HIGH | CWE-639 | No | 0.0% | 4.97 | 2026-03-04 | Craft is a content management system (CMS). Prior to 4.17.0-beta.1 and 5.9.0-beta.1, the entry creation process allows f... |
| [CVE-2026-28697](https://nvd.nist.gov/vuln/detail/CVE-2026-28697) | 9.4 | CRITICAL | CWE-1336 | No | 0.2% | 6.59 | 2026-03-04 | Craft is a content management system (CMS). Prior to 4.17.0-beta.1 and 5.9.0-beta.1, an authenticated administrator can... |
| [CVE-2026-28696](https://nvd.nist.gov/vuln/detail/CVE-2026-28696) | 8.7 | HIGH | CWE-639 | No | 0.0% | 6.09 | 2026-03-04 | Craft is a content management system (CMS). Prior to 4.17.0-beta.1 and 5.9.0-beta.1, the GraphQL directive @parseRefs, i... |
| [CVE-2026-28695](https://nvd.nist.gov/vuln/detail/CVE-2026-28695) | 7.5 | HIGH | CWE-1336 | No | 0.1% | 5.25 | 2026-03-04 | Craft is a content management system (CMS). There is an authenticated admin RCE in Craft CMS 5.8.21 via Server-Side Temp... |
| [CVE-2026-23812](https://nvd.nist.gov/vuln/detail/CVE-2026-23812) | 4.3 | MEDIUM | CWE-300 | No | 0.0% | 3.01 | 2026-03-04 | A vulnerability has been identified where an attacker connecting to an access point as a standard wired or wireless clie... |
| [CVE-2026-23811](https://nvd.nist.gov/vuln/detail/CVE-2026-23811) | 4.3 | MEDIUM | CWE-300 | No | 0.0% | 3.01 | 2026-03-04 | A vulnerability in the client isolation mechanism may allow an attacker to bypass Layer 2 (L2) communication restriction... |
| [CVE-2026-23810](https://nvd.nist.gov/vuln/detail/CVE-2026-23810) | 4.3 | MEDIUM | CWE-300 | No | 0.0% | 3.01 | 2026-03-04 | A vulnerability in the packet processing logic may allow an authenticated attacker to craft and transmit a malicious Wi-... |
| [CVE-2026-23809](https://nvd.nist.gov/vuln/detail/CVE-2026-23809) | 5.4 | MEDIUM | CWE-400 | No | 0.0% | 3.78 | 2026-03-04 | A technique has been identified that adapts a known port-stealing method to Wi-Fi environments that use multiple BSSIDs.... |
| [CVE-2026-23808](https://nvd.nist.gov/vuln/detail/CVE-2026-23808) | 5.4 | MEDIUM | CWE-94 | No | 0.1% | 3.78 | 2026-03-04 | A vulnerability has been identified in a standardized wireless roaming protocol that could enable a malicious actor to i... |
| [CVE-2026-23601](https://nvd.nist.gov/vuln/detail/CVE-2026-23601) | 5.4 | MEDIUM | CWE-327 | No | 0.0% | 3.78 | 2026-03-04 | A vulnerability has been identified in the wireless encryption handling of Wi-Fi transmissions. A malicious actor can ge... |
| [CVE-2026-22760](https://nvd.nist.gov/vuln/detail/CVE-2026-22760) | 3.3 | LOW | CWE-754 | No | 0.0% | 2.31 | 2026-03-04 | Dell Device Management Agent (DDMA), versions prior to 26.02, contain an Improper Check for Unusual or Exceptional Condi... |
| [CVE-2025-69969](https://nvd.nist.gov/vuln/detail/CVE-2025-69969) | 9.6 | CRITICAL | CWE-311 | No | 0.1% | 6.72 | 2026-03-04 | A lack of authentication and authorization mechanisms in the Bluetooth Low Energy (BLE) communication protocol of SRK Po... |
| [CVE-2025-66944](https://nvd.nist.gov/vuln/detail/CVE-2025-66944) | 9.8 | CRITICAL | CWE-89 | No | 0.3% | 6.87 | 2026-03-04 | SQL Injection vulnerability in vran-dev databaseir v.1.0.7 and before allows a remote attacker to execute arbitrary code... |
| [CVE-2025-66678](https://nvd.nist.gov/vuln/detail/CVE-2025-66678) | 9.8 | CRITICAL | NVD-CWE-noinfo | No | 0.1% | 6.86 | 2026-03-04 | An issue in the HwRwDrv.sys component of Nil Hardware Editor Hardware Read & Write Utility v1.25.11.26 and earlier allow... |
| [CVE-2026-26673](https://nvd.nist.gov/vuln/detail/CVE-2026-26673) | 7.5 | HIGH | CWE-400 | No | 0.2% | 5.26 | 2026-03-04 | An issue in DJI Mavic Mini, Spark, Mavic Air, Mini, Mini SE 0.1.00.0500 and below allows a remote attacker to cause a de... |
| [CVE-2026-26514](https://nvd.nist.gov/vuln/detail/CVE-2026-26514) | 7.5 | HIGH | CWE-88 | No | 0.2% | 5.26 | 2026-03-04 | An Argument Injection vulnerability exists in bird-lg-go before commit 6187a4e. The traceroute module uses shlex.Split t... |
| [CVE-2026-26478](https://nvd.nist.gov/vuln/detail/CVE-2026-26478) | 9.8 | CRITICAL | CWE-78 | No | 1.3% | 6.90 | 2026-03-04 | A shell command injection vulnerability in Mobvoi Tichome Mini smart speaker 012-18853 and 027-58389 allows remote attac... |
| [CVE-2026-22285](https://nvd.nist.gov/vuln/detail/CVE-2026-22285) | 4.4 | MEDIUM | CWE-256 | No | 0.0% | 3.08 | 2026-03-04 | Dell Device Management Agent (DDMA), versions prior to 26.02, contain a Plaintext Storage of Password vulnerability. A h... |
| [CVE-2025-62879](https://nvd.nist.gov/vuln/detail/CVE-2025-62879) | 6.8 | MEDIUM | CWE-532 | No | 0.0% | 4.76 | 2026-03-04 | A vulnerability has been identified within the Rancher Backup Operator, resulting in the leakage of S3 tokens (both acce... |
| [CVE-2025-59787](https://nvd.nist.gov/vuln/detail/CVE-2025-59787) | 5.3 | MEDIUM | CWE-703 | No | 0.1% | 3.71 | 2026-03-04 | 2N Access Commander application version 3.4.2 and prior returns HTTP 500 Internal Server Error responses when receiving... |
| [CVE-2025-59786](https://nvd.nist.gov/vuln/detail/CVE-2025-59786) | 6.0 | MEDIUM | CWE-613 | No | 0.1% | 4.20 | 2026-03-04 | 2N Access Commander version 3.4.2 and prior improperly invalidates session tokens, allowing multiple session cookies to... |
| [CVE-2025-70342](https://nvd.nist.gov/vuln/detail/CVE-2025-70342) | 6.6 | MEDIUM | CWE-732 | No | 0.0% | 4.62 | 2026-03-04 | erase-install prior to v40.4 commit 2c31239 writes swiftDialog credential output to a hardcoded path /var/tmp/dialog.jso... |
| [CVE-2025-70341](https://nvd.nist.gov/vuln/detail/CVE-2025-70341) | 7.8 | HIGH | CWE-94 | No | 0.0% | 5.46 | 2026-03-04 | Insecure permissions in App-Auto-Patch v3.4.2 create a race condition which allows attackers to write arbitrary files. |
| [CVE-2026-3103](https://nvd.nist.gov/vuln/detail/CVE-2026-3103) | 5.3 | MEDIUM | CWE-863 | No | 0.1% | 3.71 | 2026-03-04 | A logic error in the remove_password() function in Checkmk GmbH's Checkmk versions <2.4.0p23, <2.3.0p43, and 2.2.0 (EOL)... |
| [CVE-2026-25907](https://nvd.nist.gov/vuln/detail/CVE-2026-25907) | 5.3 | MEDIUM | CWE-645 | No | 0.1% | 3.71 | 2026-03-04 | Dell PowerScale OneFS, version 9.13.0.0, contains an overly restrictive account lockout mechanism vulnerability. An unau... |
| [CVE-2026-22270](https://nvd.nist.gov/vuln/detail/CVE-2026-22270) | 6.7 | MEDIUM | CWE-427 | No | 0.0% | 4.69 | 2026-03-04 | Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an uncontrolled searc... |
| [CVE-2026-21426](https://nvd.nist.gov/vuln/detail/CVE-2026-21426) | 6.7 | MEDIUM | CWE-250 | No | 0.0% | 4.69 | 2026-03-04 | Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an execution with unn... |
| [CVE-2026-21425](https://nvd.nist.gov/vuln/detail/CVE-2026-21425) | 6.7 | MEDIUM | CWE-266 | No | 0.0% | 4.69 | 2026-03-04 | Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an incorrect privileg... |
| [CVE-2026-21424](https://nvd.nist.gov/vuln/detail/CVE-2026-21424) | 6.7 | MEDIUM | CWE-250 | No | 0.0% | 4.69 | 2026-03-04 | Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an execution with unn... |
| [CVE-2026-21423](https://nvd.nist.gov/vuln/detail/CVE-2026-21423) | 6.7 | MEDIUM | CWE-276 | No | 0.0% | 4.69 | 2026-03-04 | Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an incorrect default... |
| [CVE-2026-21422](https://nvd.nist.gov/vuln/detail/CVE-2026-21422) | 3.4 | LOW | CWE-15 | No | 0.0% | 2.38 | 2026-03-04 | Dell PowerScale OneFS, versions 9.10.0.0 through 9.10.1.5 and versions 9.11.0.0 through 9.12.0.1, contains an external c... |
| [CVE-2026-21421](https://nvd.nist.gov/vuln/detail/CVE-2026-21421) | 6.7 | MEDIUM | CWE-250 | No | 0.0% | 4.69 | 2026-03-04 | Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an execution with unn... |
| [CVE-2026-3058](https://nvd.nist.gov/vuln/detail/CVE-2026-3058) | 4.3 | MEDIUM | CWE-200 | No | 0.0% | 3.01 | 2026-03-04 | The Seraphinite Accelerator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to,... |
| [CVE-2026-3056](https://nvd.nist.gov/vuln/detail/CVE-2026-3056) | 4.3 | MEDIUM | CWE-862 | No | 0.0% | 3.01 | 2026-03-04 | The Seraphinite Accelerator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing cap... |
| [CVE-2026-2355](https://nvd.nist.gov/vuln/detail/CVE-2026-2355) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-03-04 | The My Calendar – Accessible Event Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `te... |
| [CVE-2026-1674](https://nvd.nist.gov/vuln/detail/CVE-2026-1674) | 6.5 | MEDIUM | CWE-862 | No | 0.0% | 4.55 | 2026-03-04 | The Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder plugin for WordPress... |
| [CVE-2026-3439](https://nvd.nist.gov/vuln/detail/CVE-2026-3439) | 4.9 | MEDIUM | CWE-121 | No | 0.1% | 3.43 | 2026-03-04 | A post-authentication Stack-based Buffer Overflow vulnerability in SonicOS certificate handling allows a remote attacker... |
| [CVE-2026-1706](https://nvd.nist.gov/vuln/detail/CVE-2026-1706) | 6.1 | MEDIUM | CWE-79 | No | 0.1% | 4.27 | 2026-03-04 | The All-in-One Video Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'vi' parameter... |
| [CVE-2023-7337](https://nvd.nist.gov/vuln/detail/CVE-2023-7337) | 7.5 | HIGH | CWE-89 | No | 29.1% | 6.12 | 2026-03-04 | The JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress is vulnerable to SQL Injection via the 'js... |
| [CVE-2026-3094](https://nvd.nist.gov/vuln/detail/CVE-2026-3094) | 7.8 | HIGH | CWE-787 | No | 0.0% | 5.46 | 2026-03-04 | Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an att... |
| [CVE-2026-2748](https://nvd.nist.gov/vuln/detail/CVE-2026-2748) | 7.8 | HIGH | CWE-295 | No | 0.0% | 5.46 | 2026-03-04 | SEPPmail Secure Email Gateway before version 15.0.1 improperly validates S/MIME certificates issued for email addresses... |
| [CVE-2026-2747](https://nvd.nist.gov/vuln/detail/CVE-2026-2747) | 6.9 | MEDIUM | CWE-200 | No | 0.0% | 4.83 | 2026-03-04 | SEPPmail Secure Email Gateway before version 15.0.1 decrypts inline PGP messages without isolating them from surrounding... |
| [CVE-2026-2746](https://nvd.nist.gov/vuln/detail/CVE-2026-2746) | 6.9 | MEDIUM | CWE-347 | No | 0.0% | 4.83 | 2026-03-04 | SEPPmail Secure Email Gateway before version 15.0.1 does not properly communicate PGP signature verification results, le... |
| [CVE-2026-27445](https://nvd.nist.gov/vuln/detail/CVE-2026-27445) | 6.9 | MEDIUM | CWE-347 | No | 0.0% | 4.83 | 2026-03-04 | SEPPmail Secure Email Gateway before version 15.0.1 does not properly verify that a PGP signature was generated by the e... |
| [CVE-2026-27444](https://nvd.nist.gov/vuln/detail/CVE-2026-27444) | 7.8 | HIGH | CWE-436 | No | 0.0% | 5.46 | 2026-03-04 | SEPPmail Secure Email Gateway before version 15.0.1 incorrectly interprets email addresses in the email headers, causing... |
| [CVE-2026-27443](https://nvd.nist.gov/vuln/detail/CVE-2026-27443) | 8.2 | HIGH | CWE-20 | No | 0.1% | 5.74 | 2026-03-04 | SEPPmail Secure Email Gateway before version 15.0.1 does not properly sanitize the headers from S/MIME protected MIME en... |
| [CVE-2026-27442](https://nvd.nist.gov/vuln/detail/CVE-2026-27442) | 9.3 | CRITICAL | CWE-22 | No | 0.0% | 6.51 | 2026-03-04 | The GINA web interface in SEPPmail Secure Email Gateway before version 15.0.1 does not properly check attachment filenam... |
| [CVE-2026-27441](https://nvd.nist.gov/vuln/detail/CVE-2026-27441) | 9.5 | CRITICAL | CWE-78 | No | 0.1% | 6.65 | 2026-03-04 | SEPPmail Secure Email Gateway before version 15.0.1 insufficiently neutralizes the PDF encryption password, allowing OS... |
| [CVE-2026-1236](https://nvd.nist.gov/vuln/detail/CVE-2026-1236) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-03-04 | The Envira Gallery for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'justified_ga... |
| [CVE-2026-29120](https://nvd.nist.gov/vuln/detail/CVE-2026-29120) | 9.2 | CRITICAL | CWE-798 | No | 0.0% | 6.44 | 2026-03-04 | The /root/anaconda-ks.cfg installation configuration file in International Datacasting Corporation (IDC) SFX Series(SFX2... |
| [CVE-2026-29119](https://nvd.nist.gov/vuln/detail/CVE-2026-29119) | 8.8 | HIGH | CWE-798 | No | 0.4% | 6.17 | 2026-03-04 | International Datacasting Corporation (IDC) SFX Series SuperFlex(SFX2100) SatelliteReceiver contains hardcoded and insec... |
| [CVE-2026-28778](https://nvd.nist.gov/vuln/detail/CVE-2026-28778) | 7.9 | HIGH | CWE-798 | No | 0.6% | 5.55 | 2026-03-04 | International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver contains undocumented, hardcoded/ins... |
| [CVE-2026-28776](https://nvd.nist.gov/vuln/detail/CVE-2026-28776) | 7.8 | HIGH | CWE-798 | No | 0.4% | 5.47 | 2026-03-04 | International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver contains hardcoded credentials for th... |
| [CVE-2026-28775](https://nvd.nist.gov/vuln/detail/CVE-2026-28775) | 10.0 | CRITICAL | CWE-1188 | No | 0.9% | 7.03 | 2026-03-04 | An unauthenticated Remote Code Execution (RCE) vulnerability exists in the SNMP service of International Datacasting Cor... |
| [CVE-2026-28774](https://nvd.nist.gov/vuln/detail/CVE-2026-28774) | 9.3 | CRITICAL | CWE-78 | No | 0.2% | 6.52 | 2026-03-04 | An OS Command Injection vulnerability exists in the web-based Traceroute diagnostic utility of International Datacasting... |
| [CVE-2026-28773](https://nvd.nist.gov/vuln/detail/CVE-2026-28773) | 9.3 | CRITICAL | CWE-78 | No | 0.7% | 6.53 | 2026-03-04 | The web-based Ping diagnostic utility (/IDC_Ping/main.cgi) in International Datacasting Corporation (IDC) SFX Series Sup... |
| [CVE-2026-28772](https://nvd.nist.gov/vuln/detail/CVE-2026-28772) | 5.1 | MEDIUM | CWE-79 | No | 0.1% | 3.57 | 2026-03-04 | A Reflected Cross-Site Scripting (XSS) vulnerability in the /IDC_Logging/index.cgi endpoint of International Datacasting... |
| [CVE-2026-28771](https://nvd.nist.gov/vuln/detail/CVE-2026-28771) | 5.1 | MEDIUM | CWE-79 | No | 0.1% | 3.57 | 2026-03-04 | A Reflected Cross-Site Scripting (XSS) vulnerability exists in the /index.cgi endpoint of International Datacasting Corp... |
| [CVE-2026-2732](https://nvd.nist.gov/vuln/detail/CVE-2026-2732) | 5.4 | MEDIUM | CWE-862 | No | 0.0% | 3.78 | 2026-03-04 | The Enable Media Replace plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capa... |
| [CVE-2026-2363](https://nvd.nist.gov/vuln/detail/CVE-2026-2363) | 6.5 | MEDIUM | CWE-89 | No | 0.0% | 4.55 | 2026-03-04 | The WP-Members Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the 'order_by' attribute of the... |
| [CVE-2026-28770](https://nvd.nist.gov/vuln/detail/CVE-2026-28770) | 5.3 | MEDIUM | CWE-91 | No | 0.1% | 3.71 | 2026-03-04 | Improper neutralization of special elements in the /IDC_Logging/checkifdone.cgi script in International Datacasting Corp... |
| [CVE-2026-28769](https://nvd.nist.gov/vuln/detail/CVE-2026-28769) | 5.3 | MEDIUM | CWE-22 | No | 0.5% | 3.72 | 2026-03-04 | A path traversal vulnerability exists in the /IDC_Logging/checkifdone.cgi script in International Datacasting Corporatio... |
| [CVE-2026-2025](https://nvd.nist.gov/vuln/detail/CVE-2026-2025) | 7.5 | HIGH | CWE-200 | No | 34.0% | 6.27 | 2026-03-04 | The Mail Mint  WordPress plugin before 1.19.5 does not have authorization in one of its REST API endpoint, allowing unau... |
| [CVE-2026-3242](https://nvd.nist.gov/vuln/detail/CVE-2026-3242) | 4.8 | MEDIUM | CWE-79 | No | 0.0% | 3.36 | 2026-03-04 | In Concrete CMS below version 9.4.8, a rogue administrator can add stored XSS via the Switch Language block.  The Concre... |
| [CVE-2026-3241](https://nvd.nist.gov/vuln/detail/CVE-2026-3241) | 4.8 | MEDIUM | CWE-79 | No | 0.0% | 3.36 | 2026-03-04 | In Concrete CMS below version 9.4.8, a stored cross-site scripting (XSS) vulnerability exists in the "Legacy Form" block... |
| [CVE-2026-3240](https://nvd.nist.gov/vuln/detail/CVE-2026-3240) | 4.8 | MEDIUM | CWE-79 | No | 0.0% | 3.36 | 2026-03-04 | In Concrete CMS below version 9.4.8, a user with permission to edit a page with element Legacy form can perform a stored... |
| [CVE-2026-2994](https://nvd.nist.gov/vuln/detail/CVE-2026-2994) | 2.3 | LOW | CWE-352 | No | 0.0% | 1.61 | 2026-03-04 | Concrete CMS below version 9.4.8 is subject to CSRF by a Rogue Administrator using the Anti-Spam Allowlist Group Configu... |
| [CVE-2026-3452](https://nvd.nist.gov/vuln/detail/CVE-2026-3452) | 8.9 | HIGH | CWE-502 | No | 0.8% | 6.25 | 2026-03-04 | Concrete CMS below version 9.4.8 is vulnerable to Remote Code Execution by stored PHP object injection into the Express... |
| [CVE-2026-3244](https://nvd.nist.gov/vuln/detail/CVE-2026-3244) | 4.8 | MEDIUM | CWE-79 | No | 0.0% | 3.36 | 2026-03-04 | In Concrete CMS below version 9.4.8, A stored cross-site scripting (XSS) vulnerability exists in the search block where... |
| [CVE-2026-2292](https://nvd.nist.gov/vuln/detail/CVE-2026-2292) | 4.4 | MEDIUM | CWE-79 | No | 0.0% | 3.08 | 2026-03-04 | The Morkva UA Shipping plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versi... |
| [CVE-2026-2289](https://nvd.nist.gov/vuln/detail/CVE-2026-2289) | 4.4 | MEDIUM | CWE-79 | No | 0.0% | 3.08 | 2026-03-04 | The Taskbuilder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up... |
| [CVE-2026-1980](https://nvd.nist.gov/vuln/detail/CVE-2026-1980) | 5.3 | MEDIUM | CWE-200 | No | 0.1% | 3.71 | 2026-03-04 | The WPBookit plugin for WordPress is vulnerable to unauthorized data disclosure due to a missing authorization check on... |
| [CVE-2026-1945](https://nvd.nist.gov/vuln/detail/CVE-2026-1945) | 7.2 | HIGH | CWE-79 | No | 0.1% | 5.04 | 2026-03-04 | The WPBookit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpb_user_name' and 'wpb_user_ema... |
| [CVE-2026-1651](https://nvd.nist.gov/vuln/detail/CVE-2026-1651) | 6.5 | MEDIUM | CWE-89 | No | 0.0% | 4.55 | 2026-03-04 | The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to SQL Injection via the 'workflow_ids' para... |
| [CVE-2026-1273](https://nvd.nist.gov/vuln/detail/CVE-2026-1273) | 7.2 | HIGH | CWE-918 | No | 0.0% | 5.04 | 2026-03-04 | The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to Server-S... |
| [CVE-2026-3076](https://nvd.nist.gov/vuln/detail/CVE-2026-3076) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-03-03 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-2363. Reason: This candidate is a r... |
| [CVE-2026-28289](https://nvd.nist.gov/vuln/detail/CVE-2026-28289) | 10.0 | CRITICAL | CWE-434 | No | 22.3% | 7.67 | 2026-03-03 | FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. A patch bypass vulnerability for CVE-... |
| [CVE-2026-27981](https://nvd.nist.gov/vuln/detail/CVE-2026-27981) | 7.4 | HIGH | CWE-307 | No | 0.1% | 5.18 | 2026-03-03 | HomeBox is a home inventory and organization system. Prior to 0.24.0, the authentication rate limiter (authRateLimiter)... |
| [CVE-2026-27971](https://nvd.nist.gov/vuln/detail/CVE-2026-27971) | 9.2 | CRITICAL | CWE-502 | No | 30.0% | 7.34 | 2026-03-03 | Qwik is a performance focused javascript framework. qwik <=1.19.0 is vulnerable to RCE due to an unsafe deserialization... |
| [CVE-2026-27932](https://nvd.nist.gov/vuln/detail/CVE-2026-27932) | 7.5 | HIGH | CWE-770 | No | 0.2% | 5.25 | 2026-03-03 | joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption (JOSE) standar... |
| [CVE-2026-27905](https://nvd.nist.gov/vuln/detail/CVE-2026-27905) | 8.6 | HIGH | CWE-59 | No | 0.0% | 6.02 | 2026-03-03 | BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.... |
| [CVE-2026-27622](https://nvd.nist.gov/vuln/detail/CVE-2026-27622) | 8.4 | HIGH | CWE-787 | No | 0.0% | 5.88 | 2026-03-03 | OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the... |
| [CVE-2026-27601](https://nvd.nist.gov/vuln/detail/CVE-2026-27601) | 8.2 | HIGH | CWE-770 | No | 0.0% | 5.74 | 2026-03-03 | Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the _.flatten and _.isEqual functions use recur... |
| [CVE-2026-27600](https://nvd.nist.gov/vuln/detail/CVE-2026-27600) | 5.0 | MEDIUM | CWE-918 | No | 0.0% | 3.50 | 2026-03-03 | HomeBox is a home inventory and organization system. Prior to 0.24.0-rc.1, the notifier functionality allows authenticat... |
| [CVE-2026-26279](https://nvd.nist.gov/vuln/detail/CVE-2026-26279) | 9.1 | CRITICAL | CWE-78 | No | 0.9% | 6.40 | 2026-03-03 | Froxlor is open source server administration software. Prior to 2.3.4, a typo in Froxlor's input validation code (== ins... |
| [CVE-2026-26272](https://nvd.nist.gov/vuln/detail/CVE-2026-26272) | 4.6 | MEDIUM | CWE-79 | No | 0.0% | 3.22 | 2026-03-03 | HomeBox is a home inventory and organization system. Prior to 0.24.0-rc.1, a stored cross-site scripting (XSS) vulnerabi... |
| [CVE-2026-26266](https://nvd.nist.gov/vuln/detail/CVE-2026-26266) | 9.3 | CRITICAL | CWE-79 | No | 0.0% | 6.51 | 2026-03-03 | AliasVault is a privacy-first password manager with built-in email aliasing. A stored cross-site scripting (XSS) vulnera... |
| [CVE-2026-25590](https://nvd.nist.gov/vuln/detail/CVE-2026-25590) | 4.5 | MEDIUM | CWE-79 | No | 0.0% | 3.15 | 2026-03-03 | The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents... |
| [CVE-2026-3487](https://nvd.nist.gov/vuln/detail/CVE-2026-3487) | 5.1 | MEDIUM | CWE-74 | No | 0.0% | 3.57 | 2026-03-03 | A vulnerability was found in itsourcecode College Management System 1.0. This issue affects some unknown processing of t... |
| [CVE-2026-3224](https://nvd.nist.gov/vuln/detail/CVE-2026-3224) | 9.8 | CRITICAL | CWE-287 | No | 0.1% | 6.86 | 2026-03-03 | Authentication bypass in the Microsoft Entra ID (Azure AD) authentication mode in Devolutions Server 2025.3.15.0 and ear... |
| [CVE-2026-3130](https://nvd.nist.gov/vuln/detail/CVE-2026-3130) | 9.8 | CRITICAL | CWE-841 | No | 0.0% | 6.86 | 2026-03-03 | Improper Enforcement of Behavioral Controls in Devolutions Server 2025.3.15 and earlier allows an authenticated attacker... |
| [CVE-2026-27012](https://nvd.nist.gov/vuln/detail/CVE-2026-27012) | 9.8 | CRITICAL | CWE-306 | No | 0.0% | 6.86 | 2026-03-03 | OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, a pri... |
| [CVE-2026-25146](https://nvd.nist.gov/vuln/detail/CVE-2026-25146) | 9.6 | CRITICAL | CWE-200 | No | 0.1% | 6.72 | 2026-03-03 | OpenEMR is a free and open source electronic health records and medical practice management application. From 5.0.2 to b... |
| [CVE-2026-24898](https://nvd.nist.gov/vuln/detail/CVE-2026-24898) | 10.0 | CRITICAL | CWE-287 | No | 0.3% | 7.01 | 2026-03-03 | OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0,... |
| [CVE-2026-24848](https://nvd.nist.gov/vuln/detail/CVE-2026-24848) | 8.7 | HIGH | CWE-22 | No | 0.3% | 6.10 | 2026-03-03 | OpenEMR is a free and open source electronic health records and medical practice management application. In 7.0.4 and ea... |
| [CVE-2026-24415](https://nvd.nist.gov/vuln/detail/CVE-2026-24415) | 5.1 | MEDIUM | CWE-79 | No | 0.1% | 3.57 | 2026-03-03 | OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and e... |
| [CVE-2026-21866](https://nvd.nist.gov/vuln/detail/CVE-2026-21866) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-03-03 | Dify is an open-source LLM app development platform. Prior to 1.11.2, Dify is vulnerable to a stored XSS issue when rend... |
| [CVE-2026-1775](https://nvd.nist.gov/vuln/detail/CVE-2026-1775) | 8.8 | HIGH | CWE-306 | No | 0.0% | 6.16 | 2026-03-03 | The Labkotec LID-3300IP has an existing vulnerability in the ice detector software that enables an unauthenticated attac... |
| [CVE-2026-3486](https://nvd.nist.gov/vuln/detail/CVE-2026-3486) | 5.1 | MEDIUM | CWE-74 | No | 0.0% | 3.57 | 2026-03-03 | A vulnerability has been found in itsourcecode College Management System 1.0. This vulnerability affects unknown code of... |
| [CVE-2026-3485](https://nvd.nist.gov/vuln/detail/CVE-2026-3485) | 8.9 | HIGH | CWE-77 | No | 0.5% | 6.24 | 2026-03-03 | A flaw has been found in D-Link DIR-868L 110b03. This affects the function sub_1BF84 of the component SSDP Service. This... |
| [CVE-2026-25906](https://nvd.nist.gov/vuln/detail/CVE-2026-25906) | 7.3 | HIGH | CWE-59 | No | 0.0% | 5.11 | 2026-03-03 | Dell Optimizer, versions prior to 6.3.1, contain an Improper Link Resolution Before File Access ('Link Following') vulne... |
| [CVE-2026-24502](https://nvd.nist.gov/vuln/detail/CVE-2026-24502) | 8.8 | HIGH | CWE-427 | No | 0.0% | 6.16 | 2026-03-03 | Dell Command \| Intel vPro Out of Band, versions prior to 4.7.0, contain an Uncontrolled Search Path Element vulnerabili... |
| [CVE-2026-1713](https://nvd.nist.gov/vuln/detail/CVE-2026-1713) | 5.0 | MEDIUM | CWE-305 | No | 0.0% | 3.50 | 2026-03-03 | IBM MQ 9.1.0.0 through 9.1.0.33 LTS, 9.2.0.0 through 9.2.0.40 LTS, 9.3.0.0 through 9.3.0.36 LTS, 9.30.0 through 9.3.5.1... |
| [CVE-2026-1567](https://nvd.nist.gov/vuln/detail/CVE-2026-1567) | 7.1 | HIGH | CWE-611 | No | 0.0% | 4.97 | 2026-03-03 | IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 An XML External Entity (XXE) vulnerability in IBM InfoSphere... |
| [CVE-2025-70240](https://nvd.nist.gov/vuln/detail/CVE-2025-70240) | 9.8 | CRITICAL | CWE-787 | No | 0.1% | 6.86 | 2026-03-03 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard51. |
| [CVE-2025-70239](https://nvd.nist.gov/vuln/detail/CVE-2025-70239) | 9.8 | CRITICAL | CWE-787 | No | 0.1% | 6.86 | 2026-03-03 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard55. |
| [CVE-2025-70234](https://nvd.nist.gov/vuln/detail/CVE-2025-70234) | 9.8 | CRITICAL | CWE-787 | No | 0.1% | 6.86 | 2026-03-03 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetQoS. |
| [CVE-2025-14480](https://nvd.nist.gov/vuln/detail/CVE-2025-14480) | 5.1 | MEDIUM | CWE-327 | No | 0.0% | 3.57 | 2026-03-03 | IBM Aspera faspio Gateway 1.3.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decry... |
| [CVE-2025-14456](https://nvd.nist.gov/vuln/detail/CVE-2025-14456) | 5.9 | MEDIUM | CWE-327 | No | 0.0% | 4.13 | 2026-03-03 | IBM MQ Appliance 9.4 CD through 9.4.4.0 to 9.4.4.1 |
| [CVE-2025-13688](https://nvd.nist.gov/vuln/detail/CVE-2025-13688) | 6.3 | MEDIUM | CWE-78 | No | 0.0% | 4.41 | 2026-03-03 | IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands... |
| [CVE-2025-13687](https://nvd.nist.gov/vuln/detail/CVE-2025-13687) | 6.3 | MEDIUM | CWE-78 | No | 0.0% | 4.41 | 2026-03-03 | IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands... |
| [CVE-2025-13686](https://nvd.nist.gov/vuln/detail/CVE-2025-13686) | 6.3 | MEDIUM | CWE-78 | No | 0.0% | 4.41 | 2026-03-03 | IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands... |
| [CVE-2026-3494](https://nvd.nist.gov/vuln/detail/CVE-2026-3494) | 5.3 | MEDIUM | CWE-778 | No | 0.0% | 3.71 | 2026-03-03 | In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_events variable configur... |
| [CVE-2026-3484](https://nvd.nist.gov/vuln/detail/CVE-2026-3484) | 5.3 | MEDIUM | CWE-74 | No | 0.4% | 3.72 | 2026-03-03 | A vulnerability was detected in PhialsBasement nmap-mcp-server up to bee6d23547d57ae02460022f7c78ac0893092e38. Affected... |
| [CVE-2026-2606](https://nvd.nist.gov/vuln/detail/CVE-2026-2606) | 6.5 | MEDIUM | CWE-22 | No | 0.1% | 4.55 | 2026-03-03 | IBM webMethods API Gateway (on-prem) 10.11 through 10.11_Fix3210.15 to 10.15_Fix2711.1 to 11.1_Fix7 IBM webMethods API M... |
| [CVE-2026-29022](https://nvd.nist.gov/vuln/detail/CVE-2026-29022) | 6.8 | MEDIUM | CWE-122 | No | 0.1% | 4.76 | 2026-03-03 | dr_libs dr_wav.h version 0.14.4 and earlier (fixed in commit 8a7258c) contain a heap buffer overflow vulnerability in th... |
| [CVE-2026-26892](https://nvd.nist.gov/vuln/detail/CVE-2026-26892) | 7.2 | HIGH | CWE-89 | No | 0.0% | 5.04 | 2026-03-03 | Sourcecodester Logistic Hub Parcel's Management System v1.0 is vulnerable to SQL Injection in /manage_carrier.php. |
| [CVE-2026-26891](https://nvd.nist.gov/vuln/detail/CVE-2026-26891) | 2.7 | LOW | CWE-89 | No | 0.0% | 1.89 | 2026-03-03 | Sourcecodester Logistic Hub Parcel's Management System v1.0 is vulnerable to SQL Injection in /manage_parcel_type.php. |
| [CVE-2026-26889](https://nvd.nist.gov/vuln/detail/CVE-2026-26889) | 2.7 | LOW | CWE-89 | No | 0.0% | 1.89 | 2026-03-03 | Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_category.php. |
| [CVE-2026-26888](https://nvd.nist.gov/vuln/detail/CVE-2026-26888) | 2.7 | LOW | CWE-89 | No | 0.0% | 1.89 | 2026-03-03 | Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_stock.php. |
| [CVE-2026-26887](https://nvd.nist.gov/vuln/detail/CVE-2026-26887) | 2.7 | LOW | CWE-89 | No | 0.0% | 1.89 | 2026-03-03 | Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_supplier.php. |
| [CVE-2026-1265](https://nvd.nist.gov/vuln/detail/CVE-2026-1265) | 4.3 | MEDIUM | CWE-532 | No | 0.0% | 3.01 | 2026-03-03 | IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to writing of sensitive Information in a log f... |
| [CVE-2026-0869](https://nvd.nist.gov/vuln/detail/CVE-2026-0869) | 8.3 | HIGH | CWE-305 | No | 0.1% | 5.81 | 2026-03-03 | Authentication bypass in Brocade ASCG 3.4.0 Could allow an unauthorized user to perform ASCG operations related to Broca... |
| [CVE-2025-70241](https://nvd.nist.gov/vuln/detail/CVE-2025-70241) | 9.8 | CRITICAL | CWE-787 | No | 0.1% | 6.86 | 2026-03-03 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWANType_Wizard5. |
| [CVE-2025-70237](https://nvd.nist.gov/vuln/detail/CVE-2025-70237) | 9.8 | CRITICAL | CWE-787 | No | 0.1% | 6.86 | 2026-03-03 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetPortTr. |
| [CVE-2025-70236](https://nvd.nist.gov/vuln/detail/CVE-2025-70236) | 9.8 | CRITICAL | CWE-787 | No | 0.0% | 6.86 | 2026-03-03 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetDomainFilter. |
| [CVE-2025-66945](https://nvd.nist.gov/vuln/detail/CVE-2025-66945) | 9.1 | CRITICAL | CWE-787 | No | 0.2% | 6.38 | 2026-03-03 | A path traversal vulnerability exists in the ZIP extraction API of Zdir Pro 4.x. When a crafted ZIP archive is processed... |
| [CVE-2025-36364](https://nvd.nist.gov/vuln/detail/CVE-2025-36364) | 6.2 | MEDIUM | CWE-525 | No | 0.0% | 4.34 | 2026-03-03 | IBM DevOps Plan 3.0.0 through 3.0.5 allows web page cache to be stored locally which can be read by another user on the... |
| [CVE-2025-36363](https://nvd.nist.gov/vuln/detail/CVE-2025-36363) | 5.9 | MEDIUM | CWE-307 | No | 0.1% | 4.13 | 2026-03-03 | IBM DevOps Plan 3.0.0 through 3.0.5 uses an inadequate account lockout setting that could allow a remote attacker to bru... |
| [CVE-2025-14923](https://nvd.nist.gov/vuln/detail/CVE-2025-14923) | 4.7 | MEDIUM | CWE-321 | No | 0.0% | 3.29 | 2026-03-03 | IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.2 IBM WebSphere Application Server Liberty could prov... |
| [CVE-2025-14604](https://nvd.nist.gov/vuln/detail/CVE-2025-14604) | 6.6 | MEDIUM | CWE-732 | No | 0.0% | 4.62 | 2026-03-03 | IBM Storage Scale IBM S through rage Scale 5.2.3.0 - 5.2.3.5, and IBM S through rage Scale 6.0.0.0 - 6.0.0.1 could allow... |
| [CVE-2025-13734](https://nvd.nist.gov/vuln/detail/CVE-2025-13734) | 5.4 | MEDIUM | CWE-862 | No | 0.0% | 3.78 | 2026-03-03 | IBM Engineering Requirements Management DOORS Next 7.1, and 7.2 could allow an authenticated user to view and edit data... |
| [CVE-2025-13616](https://nvd.nist.gov/vuln/detail/CVE-2025-13616) | 6.5 | MEDIUM | CWE-497 | No | 0.0% | 4.55 | 2026-03-03 | IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be... |
| [CVE-2025-13490](https://nvd.nist.gov/vuln/detail/CVE-2025-13490) | 5.9 | MEDIUM | CWE-319 | No | 0.0% | 4.13 | 2026-03-03 | IBM App Connect Operator versions CD 11.3.0 through 11.6.0 and 12.1.0 through 12.20.0, LTS versions 12.0.0 through 12.0.... |
| [CVE-2024-55027](https://nvd.nist.gov/vuln/detail/CVE-2024-55027) | 7.5 | HIGH | CWE-312 | No | 0.0% | 5.25 | 2026-03-03 | Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to stroe credentials in plaintext in the component uac_... |
| [CVE-2024-55026](https://nvd.nist.gov/vuln/detail/CVE-2024-55026) | 9.8 | CRITICAL | CWE-256 | No | 0.1% | 6.86 | 2026-03-03 | An issue in the reset_pj.cgi endpoint of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers... |
| [CVE-2024-55025](https://nvd.nist.gov/vuln/detail/CVE-2024-55025) | 6.5 | MEDIUM | CWE-284 | No | 0.1% | 4.55 | 2026-03-03 | Incorrect access control in the VNC component of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized a... |
| [CVE-2024-55024](https://nvd.nist.gov/vuln/detail/CVE-2024-55024) | 9.8 | CRITICAL | CWE-693 | No | 0.1% | 6.86 | 2026-03-03 | An authentication bypass vulnerability in the authorization mechanism of Weintek cMT-3072XH2 easyweb v2.1.53, OS v202310... |
| [CVE-2024-55023](https://nvd.nist.gov/vuln/detail/CVE-2024-55023) | 5.3 | MEDIUM | CWE-798 | No | 0.0% | 3.71 | 2026-03-03 | Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded encryption key which could allow... |
| [CVE-2024-55022](https://nvd.nist.gov/vuln/detail/CVE-2024-55022) | 8.8 | HIGH | CWE-94 | No | 0.3% | 6.17 | 2026-03-03 | Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain an authenticated command injection vulnerabi... |
| [CVE-2024-55021](https://nvd.nist.gov/vuln/detail/CVE-2024-55021) | 7.5 | HIGH | CWE-798 | No | 0.0% | 5.25 | 2026-03-03 | Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded password in the FTP protocol. |
| [CVE-2024-55020](https://nvd.nist.gov/vuln/detail/CVE-2024-55020) | 9.8 | CRITICAL | CWE-20 | No | 0.3% | 6.87 | 2026-03-03 | A command injection vulnerability in the DHCP activation feature of Weintek cMT-3072XH2 easyweb Web Version v2.1.53, OS... |
| [CVE-2024-55019](https://nvd.nist.gov/vuln/detail/CVE-2024-55019) | 7.5 | HIGH | CWE-284 | No | 0.0% | 5.25 | 2026-03-03 | Incorrect access control in the component download_wb.cgi of Weintek cMT-3072XH2 easyweb Web Version v2.1.53, OS v202310... |
| [CVE-2026-3437](https://nvd.nist.gov/vuln/detail/CVE-2026-3437) | 9.3 | CRITICAL | CWE-119 | No | 0.0% | 6.51 | 2026-03-03 | An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Portwell Engineering Toolkit... |
| [CVE-2026-26890](https://nvd.nist.gov/vuln/detail/CVE-2026-26890) | 2.7 | LOW | CWE-89 | No | 0.0% | 1.89 | 2026-03-03 | Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_product.php. |
| [CVE-2026-0540](https://nvd.nist.gov/vuln/detail/CVE-2026-0540) | 5.3 | MEDIUM | CWE-79 | No | 0.0% | 3.71 | 2026-03-03 | DOMPurify 3.1.3 through 3.3.1 and 2.5.3 through 2.5.8, fixed in commit 2726c74, contain a cross-site scripting vulnerabi... |
| [CVE-2025-69765](https://nvd.nist.gov/vuln/detail/CVE-2025-69765) | 7.5 | HIGH | CWE-121 | No | 0.4% | 5.26 | 2026-03-03 | Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formGetIptv function and the list parameter, which can caus... |
| [CVE-2025-67840](https://nvd.nist.gov/vuln/detail/CVE-2025-67840) | 7.2 | HIGH | CWE-78 | No | 0.2% | 5.04 | 2026-03-03 | Multiple authenticated OS command injection vulnerabilities exist in the Cohesity (formerly Stone Ram) TranZman 4.0 Buil... |
| [CVE-2025-63912](https://nvd.nist.gov/vuln/detail/CVE-2025-63912) | 7.5 | HIGH | CWE-327 | No | 0.0% | 5.25 | 2026-03-03 | Cohesity TranZman Migration Appliance Release 4.0 Build 14614 was discovered to use a weak cryptography algorithm for da... |
| [CVE-2025-63911](https://nvd.nist.gov/vuln/detail/CVE-2025-63911) | 7.2 | HIGH | CWE-78 | No | 0.7% | 5.06 | 2026-03-03 | Cohesity TranZman Migration Appliance Release 4.0 Build 14614 was discovered to contain an authenticated command injecti... |
| [CVE-2025-63910](https://nvd.nist.gov/vuln/detail/CVE-2025-63910) | 7.2 | HIGH | CWE-345 | No | 0.0% | 5.04 | 2026-03-03 | An authenticated arbitrary file upload vulnerability in Cohesity TranZman Migration Appliance Release 4.0 Build 14614 al... |
| [CVE-2025-63909](https://nvd.nist.gov/vuln/detail/CVE-2025-63909) | 7.2 | HIGH | CWE-269 | No | 0.0% | 5.04 | 2026-03-03 | Incorrect access control in the component /opt/SRLtzm/bin/TapeDumper of Cohesity TranZman Migration Appliance Release 4.... |
| [CVE-2025-15599](https://nvd.nist.gov/vuln/detail/CVE-2025-15599) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-03-03 | DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain a cross-site scripting vulnerability that allows attackers... |
| [CVE-2023-31044](https://nvd.nist.gov/vuln/detail/CVE-2023-31044) | 2.0 | LOW | CWE-94 | No | 0.0% | 1.40 | 2026-03-03 | An issue was discovered in Nokia Impact before Mobile 23_FP1. In Impact DM 19.11 onwards, a remote authenticated user, u... |
| [CVE-2021-35486](https://nvd.nist.gov/vuln/detail/CVE-2021-35486) | 8.1 | HIGH | CWE-352 | No | 0.0% | 5.67 | 2026-03-03 | A Cross-Site Request Forgery (CSRF) vulnerability in Nokia IMPACT through 19.11.2.10-20210118042150283 allows a remote a... |
| [CVE-2021-35485](https://nvd.nist.gov/vuln/detail/CVE-2021-35485) | 8.0 | HIGH | CWE-434 | No | 0.1% | 5.60 | 2026-03-03 | The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to... |
| [CVE-2021-35484](https://nvd.nist.gov/vuln/detail/CVE-2021-35484) | 8.2 | HIGH | CWE-89 | No | 0.0% | 5.74 | 2026-03-03 | Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authenticated user to perform a Time-based Boolean Blind SQL... |
| [CVE-2021-35483](https://nvd.nist.gov/vuln/detail/CVE-2021-35483) | 4.1 | MEDIUM | CWE-79 | No | 0.0% | 2.87 | 2026-03-03 | The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to... |
| [CVE-2026-26886](https://nvd.nist.gov/vuln/detail/CVE-2026-26886) | 2.7 | LOW | CWE-89 | No | 0.0% | 1.89 | 2026-03-03 | Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /admin/services/manage_servic... |
| [CVE-2026-26885](https://nvd.nist.gov/vuln/detail/CVE-2026-26885) | 2.7 | LOW | CWE-89 | No | 0.0% | 1.89 | 2026-03-03 | Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /classes/Master.php?f=delete_... |
| [CVE-2026-26884](https://nvd.nist.gov/vuln/detail/CVE-2026-26884) | 2.7 | LOW | CWE-89 | No | 0.0% | 1.89 | 2026-03-03 | Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /msms/admin/appointments/view... |
| [CVE-2026-26883](https://nvd.nist.gov/vuln/detail/CVE-2026-26883) | 2.7 | LOW | CWE-89 | No | 0.0% | 1.89 | 2026-03-03 | Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /msms/classes/Master.php?f=de... |
| [CVE-2025-62817](https://nvd.nist.gov/vuln/detail/CVE-2025-62817) | 7.5 | HIGH | CWE-476 | No | 0.1% | 5.25 | 2026-03-03 | An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400, 1580, and 2500. A NULL pointer... |
| [CVE-2025-62816](https://nvd.nist.gov/vuln/detail/CVE-2025-62816) | 5.5 | MEDIUM | CWE-20 | No | 0.0% | 3.85 | 2026-03-03 | An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400, 1580, and 2500. Unvalidated VS4... |
| [CVE-2025-66680](https://nvd.nist.gov/vuln/detail/CVE-2025-66680) | 7.1 | HIGH | CWE-59 | No | 0.0% | 4.97 | 2026-03-03 | An issue in the WiseDelfile64.sys component of WiseCleaner Wise Force Deleter 7.3.2 and earlier allows attackers to dele... |
| [CVE-2025-66363](https://nvd.nist.gov/vuln/detail/CVE-2025-66363) | 7.5 | HIGH | CWE-665 | No | 0.1% | 5.25 | 2026-03-03 | An issue was discovered in LBS in Samsung Mobile Processor Exynos 2200. There was no check for memory initialization wit... |
| [CVE-2025-62815](https://nvd.nist.gov/vuln/detail/CVE-2025-62815) | 5.5 | MEDIUM | CWE-476 | No | 0.0% | 3.85 | 2026-03-03 | An issue was discovered in Samsung Mobile Processor Exynos 1380, 1480, 2400, 1580, and 2500. A NULL pointer dereference... |
| [CVE-2025-62814](https://nvd.nist.gov/vuln/detail/CVE-2025-62814) | 7.5 | HIGH | CWE-476 | No | 0.1% | 5.25 | 2026-03-03 | An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, and 2400. A NULL pointer dereference... |
| [CVE-2026-3465](https://nvd.nist.gov/vuln/detail/CVE-2026-3465) | 2.3 | LOW | CWE-404 | No | 0.1% | 1.61 | 2026-03-03 | A vulnerability was determined in Tuya App and SDK 24.07.11 on Android. Affected by this vulnerability is an unknown fun... |
| [CVE-2026-28518](https://nvd.nist.gov/vuln/detail/CVE-2026-28518) | 8.4 | HIGH | CWE-22 | No | 0.0% | 5.88 | 2026-03-03 | OpenViking versions 0.2.1 and prior, fixed in commit 46b3e76, contain a path traversal vulnerability in the .ovpack impo... |
| [CVE-2026-24103](https://nvd.nist.gov/vuln/detail/CVE-2026-24103) | 9.8 | CRITICAL | CWE-120 | No | 0.1% | 6.86 | 2026-03-03 | A buffer overflow vulnerability was discovered in goform/formSetMacFilterCfg in Tenda AC15V1.0 V15.03.05.18_multi. |
| [CVE-2026-22891](https://nvd.nist.gov/vuln/detail/CVE-2026-22891) | 9.8 | CRITICAL | CWE-122 | No | 0.2% | 6.87 | 2026-03-03 | A heap-based buffer overflow vulnerability exists in the Intan CLP parsing functionality of The Biosig Project libbiosig... |
| [CVE-2026-20777](https://nvd.nist.gov/vuln/detail/CVE-2026-20777) | 8.1 | HIGH | CWE-122 | No | 0.2% | 5.68 | 2026-03-03 | A heap-based buffer overflow vulnerability exists in the Nicolet WFT parsing functionality of The Biosig Project libbios... |
| [CVE-2025-70821](https://nvd.nist.gov/vuln/detail/CVE-2025-70821) | 9.8 | CRITICAL | CWE-89 | No | 0.0% | 6.86 | 2026-03-03 | renren-secuity before v5.5.0 is vulnerable to SQL Injection in the BaseServiceImpl.java component |
| [CVE-2025-64736](https://nvd.nist.gov/vuln/detail/CVE-2025-64736) | 6.1 | MEDIUM | CWE-125 | No | 0.0% | 4.27 | 2026-03-03 | An out-of-bounds read vulnerability exists in the ABF parsing functionality of The Biosig Project libbiosig 3.9.2 and Ma... |
| [CVE-2025-57622](https://nvd.nist.gov/vuln/detail/CVE-2025-57622) | 9.8 | CRITICAL | CWE-502 | No | 0.5% | 6.87 | 2026-03-03 | An issue in Step-Video-T2V allows a remote attacker to execute arbitrary code via the /vae-api , /caption-api , feature... |
| [CVE-2025-52365](https://nvd.nist.gov/vuln/detail/CVE-2025-52365) | 7.8 | HIGH | CWE-77 | No | 0.2% | 5.46 | 2026-03-03 | A command injection vulnerability in the szc script of the ccurtsinger/stabilizer repository allows remote attackers to... |
| [CVE-2026-3344](https://nvd.nist.gov/vuln/detail/CVE-2026-3344) | 6.9 | MEDIUM | CWE-440 | No | 0.0% | 4.83 | 2026-03-03 | A vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS filesystem integrity check and... |
| [CVE-2026-3351](https://nvd.nist.gov/vuln/detail/CVE-2026-3351) | 2.1 | LOW | CWE-862 | No | 0.0% | 1.47 | 2026-03-03 | Improper authorization in the API endpoint GET /1.0/certificates in Canonical LXD 6.6 on Linux allows an authenticated,... |
| [CVE-2026-3463](https://nvd.nist.gov/vuln/detail/CVE-2026-3463) | 4.8 | MEDIUM | CWE-119 | No | 0.0% | 3.36 | 2026-03-03 | A weakness has been identified in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::binary_writer:... |
| [CVE-2026-2568](https://nvd.nist.gov/vuln/detail/CVE-2026-2568) | 7.2 | HIGH | CWE-79 | No | 0.1% | 5.04 | 2026-03-03 | The WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin for WordPress is vulnerable to... |
| [CVE-2025-15598](https://nvd.nist.gov/vuln/detail/CVE-2025-15598) | 6.3 | MEDIUM | CWE-345 | No | 0.0% | 4.41 | 2026-03-03 | A vulnerability was found in Dataease SQLBot up to 1.5.1. This impacts the function validateEmbedded of the file backend... |
| [CVE-2026-1876](https://nvd.nist.gov/vuln/detail/CVE-2026-1876) | 8.7 | HIGH | CWE-404 | No | 0.2% | 6.10 | 2026-03-03 | Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET/IP Et... |
| [CVE-2026-1875](https://nvd.nist.gov/vuln/detail/CVE-2026-1875) | 8.7 | HIGH | CWE-404 | No | 0.2% | 6.10 | 2026-03-03 | Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-EIP EtherN... |
| [CVE-2026-1874](https://nvd.nist.gov/vuln/detail/CVE-2026-1874) | 8.7 | HIGH | CWE-670 | No | 0.2% | 6.10 | 2026-03-03 | Always-Incorrect Control Flow Implementation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENE... |
| [CVE-2025-15595](https://nvd.nist.gov/vuln/detail/CVE-2025-15595) | 5.7 | MEDIUM | CWE-1390 | No | 0.0% | 3.99 | 2026-03-03 | Privilege escalation via dll hijacking in Inno Setup 6.2.1 and ealier versions. |
| [CVE-2025-12345](https://nvd.nist.gov/vuln/detail/CVE-2025-12345) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-03 | A security vulnerability has been detected in LLM-Claw 0.1.0/0.1.1/0.1.1a/0.1.1a-p1. The affected element is the functio... |
| [CVE-2026-3455](https://nvd.nist.gov/vuln/detail/CVE-2026-3455) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-03-03 | Versions of the package mailparser before 3.9.3 are vulnerable to Cross-site Scripting (XSS) via the textToHtml() functi... |
| [CVE-2026-3449](https://nvd.nist.gov/vuln/detail/CVE-2026-3449) | 4.8 | MEDIUM | CWE-705 | No | 0.0% | 3.36 | 2026-03-03 | Versions of the package @tootallnate/once before 3.0.1 are vulnerable to Incorrect Control Flow Scoping in promise resol... |
| [CVE-2026-1492](https://nvd.nist.gov/vuln/detail/CVE-2026-1492) | 9.8 | CRITICAL | CWE-269 | No | 39.0% | 8.03 | 2026-03-03 | The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restrict... |
| [CVE-2026-2628](https://nvd.nist.gov/vuln/detail/CVE-2026-2628) | 9.8 | CRITICAL | CWE-288 | No | 0.4% | 6.87 | 2026-03-03 | The All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login plugin for WordPress is vulnerable to authentication bypass... |
| [CVE-2026-2448](https://nvd.nist.gov/vuln/detail/CVE-2026-2448) | 8.8 | HIGH | CWE-22 | No | 0.2% | 6.16 | 2026-03-03 | The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and inc... |
| [CVE-2026-2269](https://nvd.nist.gov/vuln/detail/CVE-2026-2269) | 7.2 | HIGH | CWE-434 | No | 0.3% | 5.05 | 2026-03-03 | The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnera... |
| [CVE-2026-1487](https://nvd.nist.gov/vuln/detail/CVE-2026-1487) | 6.5 | MEDIUM | CWE-89 | No | 0.0% | 4.55 | 2026-03-03 | The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to SQL Injection... |
| [CVE-2026-0754](https://nvd.nist.gov/vuln/detail/CVE-2026-0754) | 8.2 | HIGH | CWE-321 | No | 0.0% | 5.74 | 2026-03-03 | An embedded test key and certificate could be extracted from a Poly Voice device using specialized reverse engineering t... |
| [CVE-2026-1566](https://nvd.nist.gov/vuln/detail/CVE-2026-1566) | 8.8 | HIGH | CWE-269 | No | 0.1% | 6.16 | 2026-03-03 | The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to privilege esca... |
| [CVE-2026-2583](https://nvd.nist.gov/vuln/detail/CVE-2026-2583) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-03-02 | The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the `blocksy_meta` metadata fields in a... |
| [CVE-2026-2256](https://nvd.nist.gov/vuln/detail/CVE-2026-2256) | 6.5 | MEDIUM | CWE-77 | No | 2.3% | 4.62 | 2026-03-02 | A command injection vulnerability in ModelScope's ms-agent versions v1.6.0rc1 and earlier exists, allowing an attacker t... |
| [CVE-2026-27631](https://nvd.nist.gov/vuln/detail/CVE-2026-27631) | 2.7 | LOW | CWE-248 | No | 0.0% | 1.89 | 2026-03-02 | Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metada... |
| [CVE-2026-27596](https://nvd.nist.gov/vuln/detail/CVE-2026-27596) | 2.7 | LOW | CWE-125 | No | 0.1% | 1.89 | 2026-03-02 | Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metada... |
| [CVE-2026-26713](https://nvd.nist.gov/vuln/detail/CVE-2026-26713) | 9.8 | CRITICAL | CWE-89 | No | 0.0% | 6.86 | 2026-03-02 | code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/routers/cancel-order.php. |
| [CVE-2026-26712](https://nvd.nist.gov/vuln/detail/CVE-2026-26712) | 9.8 | CRITICAL | CWE-89 | No | 0.0% | 6.86 | 2026-03-02 | code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/view-ticket-admin.php. |
| [CVE-2026-25884](https://nvd.nist.gov/vuln/detail/CVE-2026-25884) | 2.7 | LOW | CWE-125 | No | 0.1% | 1.89 | 2026-03-02 | Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metada... |
| [CVE-2026-25477](https://nvd.nist.gov/vuln/detail/CVE-2026-25477) | 6.9 | MEDIUM | CWE-601 | No | 0.0% | 4.83 | 2026-03-02 | AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.26.0, there is an Open Redire... |
| [CVE-2026-21882](https://nvd.nist.gov/vuln/detail/CVE-2026-21882) | 8.4 | HIGH | CWE-250 | No | 0.0% | 5.88 | 2026-03-02 | theshit is a command-line utility that automatically detects and fixes common mistakes in shell commands. Prior to versi... |
| [CVE-2026-26711](https://nvd.nist.gov/vuln/detail/CVE-2026-26711) | 9.8 | CRITICAL | CWE-89 | No | 0.0% | 6.86 | 2026-03-02 | code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/view-ticket.php. |
| [CVE-2026-26710](https://nvd.nist.gov/vuln/detail/CVE-2026-26710) | 9.8 | CRITICAL | CWE-89 | No | 0.0% | 6.86 | 2026-03-02 | code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/routers/edit-orders.php. |
| [CVE-2026-26709](https://nvd.nist.gov/vuln/detail/CVE-2026-26709) | 9.8 | CRITICAL | CWE-89 | No | 0.0% | 6.86 | 2026-03-02 | code-projects Simple Gym Management System v1.0 is vulnerable to SQL Injection in /gym/trainer_search.php. |
| [CVE-2026-21853](https://nvd.nist.gov/vuln/detail/CVE-2026-21853) | 8.8 | HIGH | CWE-94 | No | 0.2% | 6.17 | 2026-03-02 | AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.25.4, there is a one-click re... |
| [CVE-2026-0047](https://nvd.nist.gov/vuln/detail/CVE-2026-0047) | 8.4 | HIGH | CWE-280 | No | 0.0% | 5.88 | 2026-03-02 | In dumpBitmapsProto of ActivityManagerService.java, there is a possible way for an app to access private information due... |
| [CVE-2026-0038](https://nvd.nist.gov/vuln/detail/CVE-2026-0038) | 8.4 | HIGH | NVD-CWE-noinfo | No | 0.0% | 5.88 | 2026-03-02 | In multiple functions of mem_protect.c, there is a possible way to execute arbitrary code due to a logic error in the co... |
| [CVE-2026-0037](https://nvd.nist.gov/vuln/detail/CVE-2026-0037) | 8.4 | HIGH | CWE-787 | No | 0.0% | 5.88 | 2026-03-02 | In multiple functions of ffa.c, there is a possible memory corruption due to a logic error in the code. This could lead... |
| [CVE-2026-0035](https://nvd.nist.gov/vuln/detail/CVE-2026-0035) | 8.4 | HIGH | CWE-125 | No | 0.0% | 5.88 | 2026-03-02 | In createRequest of MediaProvider.java, there is a possible way for an app to gain read/write access to non-existing fil... |
| [CVE-2026-0034](https://nvd.nist.gov/vuln/detail/CVE-2026-0034) | 8.4 | HIGH | CWE-20 | No | 0.0% | 5.88 | 2026-03-02 | In setPackageOrComponentEnabled of ManagedServices.java, there is a possible notification policy desync due to improper... |
| [CVE-2026-0032](https://nvd.nist.gov/vuln/detail/CVE-2026-0032) | 7.8 | HIGH | CWE-787 | No | 0.0% | 5.46 | 2026-03-02 | In multiple functions of mem_protect.c, there is a possible out-of-bounds write due to a logic error in the code. This c... |
| [CVE-2026-0031](https://nvd.nist.gov/vuln/detail/CVE-2026-0031) | 8.4 | HIGH | CWE-190 | No | 0.0% | 5.88 | 2026-03-02 | In multiple functions of mem_protect.c, there is a possible out of bounds write due to an integer overflow. This could l... |
| [CVE-2026-0030](https://nvd.nist.gov/vuln/detail/CVE-2026-0030) | 8.4 | HIGH | CWE-787 | No | 0.0% | 5.88 | 2026-03-02 | In __host_check_page_state_range of mem_protect.c, there is a possible out of bounds write due to an incorrect bounds ch... |
| [CVE-2026-0029](https://nvd.nist.gov/vuln/detail/CVE-2026-0029) | 8.4 | HIGH | CWE-269 | No | 0.0% | 5.88 | 2026-03-02 | In __pkvm_init_vm of pkvm.c, there is a possible memory corruption due to a logic error in the code. This could lead to... |
| [CVE-2026-0028](https://nvd.nist.gov/vuln/detail/CVE-2026-0028) | 8.4 | HIGH | CWE-190 | No | 0.0% | 5.88 | 2026-03-02 | In __pkvm_host_share_guest of mem_protect.c, there is a possible out of bounds write due to an integer overflow. This co... |
| [CVE-2026-0027](https://nvd.nist.gov/vuln/detail/CVE-2026-0027) | 6.7 | MEDIUM | CWE-416 | No | 0.0% | 4.69 | 2026-03-02 | In smmu_detach_dev of arm-smmu-v3.c, there is a possible out of bounds write due to a use after free. This could lead to... |
| [CVE-2026-0026](https://nvd.nist.gov/vuln/detail/CVE-2026-0026) | 7.8 | HIGH | NVD-CWE-noinfo | No | 0.0% | 5.46 | 2026-03-02 | In removePermission of PermissionManagerServiceImpl.java, there is a possible way to override any system permission  due... |
| [CVE-2026-0025](https://nvd.nist.gov/vuln/detail/CVE-2026-0025) | 8.4 | HIGH | CWE-200 | No | 0.0% | 5.88 | 2026-03-02 | In hasImage of Notification.java, there is a possible way to reveal information across users due to a permissions bypass... |
| [CVE-2026-0024](https://nvd.nist.gov/vuln/detail/CVE-2026-0024) | 4.0 | MEDIUM | CWE-862 | No | 0.0% | 2.80 | 2026-03-02 | In isRedactionNeededForOpenViaContentResolver of MediaProvider.java, there is a possible way to reveal the location of m... |
| [CVE-2026-0023](https://nvd.nist.gov/vuln/detail/CVE-2026-0023) | 7.8 | HIGH | CWE-269 | No | 0.0% | 5.46 | 2026-03-02 | In createSessionInternal of PackageInstallerService.java, there is a possible way for an app to update its ownership due... |
| [CVE-2026-0021](https://nvd.nist.gov/vuln/detail/CVE-2026-0021) | 8.4 | HIGH | CWE-441 | No | 0.0% | 5.88 | 2026-03-02 | In hasInteractAcrossUsersFullPermission of AppInfoBase.java, there is a possible cross-user permission bypass due to a c... |
| [CVE-2026-0020](https://nvd.nist.gov/vuln/detail/CVE-2026-0020) | 8.4 | HIGH | CWE-639 | No | 0.0% | 5.88 | 2026-03-02 | In parsePermissionGroup of ParsedPermissionUtils.java, there is a possible way to bypass a consent dialog to obtain perm... |
| [CVE-2026-0017](https://nvd.nist.gov/vuln/detail/CVE-2026-0017) | 7.7 | HIGH | CWE-285 | No | 0.0% | 5.39 | 2026-03-02 | In onChange of BiometricService.java, there is a possible way to enable fingerprint unlock due to a logic error in the c... |
| [CVE-2026-0015](https://nvd.nist.gov/vuln/detail/CVE-2026-0015) | 6.2 | MEDIUM | CWE-20 | No | 0.0% | 4.34 | 2026-03-02 | In multiple locations of AppOpsService.java, there is a possible persistent denial of service due to improper input vali... |
| [CVE-2026-0014](https://nvd.nist.gov/vuln/detail/CVE-2026-0014) | 6.2 | MEDIUM | CWE-20 | No | 0.0% | 4.34 | 2026-03-02 | In isPackageNullOrSystem of AppOpsService.java, there is a possible persistent denial of service due to improper input v... |
| [CVE-2026-0013](https://nvd.nist.gov/vuln/detail/CVE-2026-0013) | 8.4 | HIGH | CWE-441 | No | 0.0% | 5.88 | 2026-03-02 | In setupLayout of PickActivity.java, there is a possible way to start any activity as a DocumentsUI app due to a confuse... |
| [CVE-2026-0012](https://nvd.nist.gov/vuln/detail/CVE-2026-0012) | 6.2 | MEDIUM | NVD-CWE-noinfo | No | 0.0% | 4.34 | 2026-03-02 | In setHideSensitive of ExpandableNotificationRow.java, there is a possible contact name leak due due to a logic error in... |
| [CVE-2026-0011](https://nvd.nist.gov/vuln/detail/CVE-2026-0011) | 8.4 | HIGH | CWE-693 | No | 0.0% | 5.88 | 2026-03-02 | In enableSystemPackageLPw of Settings.java, there is a possible way to prevent location access from working due to a log... |
| [CVE-2026-0010](https://nvd.nist.gov/vuln/detail/CVE-2026-0010) | 8.4 | HIGH | CWE-787 | No | 0.0% | 5.88 | 2026-03-02 | In onTransact of IDrmManagerService.cpp, there is a possible out of bounds write due to a missing bounds check. This cou... |
| [CVE-2026-0008](https://nvd.nist.gov/vuln/detail/CVE-2026-0008) | 8.4 | HIGH | CWE-441 | No | 0.0% | 5.88 | 2026-03-02 | In  multiple locations, there is a possible privilege escalation due to a confused deputy. This could lead to local esca... |
| [CVE-2026-0007](https://nvd.nist.gov/vuln/detail/CVE-2026-0007) | 8.6 | HIGH | CWE-1021 | No | 0.0% | 6.02 | 2026-03-02 | In writeToParcel of WindowInfo.cpp, there is a possible way to trick a user into accepting a permission due to a tapjack... |
| [CVE-2026-0006](https://nvd.nist.gov/vuln/detail/CVE-2026-0006) | 9.8 | CRITICAL | CWE-122 | No | 0.0% | 6.86 | 2026-03-02 | In multiple locations, there is a possible out of bounds read and write due to a heap buffer overflow. This could lead t... |
| [CVE-2026-0005](https://nvd.nist.gov/vuln/detail/CVE-2026-0005) | 6.2 | MEDIUM | NVD-CWE-noinfo | No | 0.0% | 4.34 | 2026-03-02 | In onServiceDisconnected of KeyguardServiceDelegate.java, there is a possible partial bypass of app pinning allowing lim... |
| [CVE-2025-48654](https://nvd.nist.gov/vuln/detail/CVE-2025-48654) | 7.8 | HIGH | NVD-CWE-noinfo | No | 0.0% | 5.46 | 2026-03-02 | In onStart of CompanionDeviceManagerService.java, there is a possible confused deputy due to a logic error in the code.... |
| [CVE-2025-48653](https://nvd.nist.gov/vuln/detail/CVE-2025-48653) | 7.8 | HIGH | NVD-CWE-noinfo | No | 0.0% | 5.46 | 2026-03-02 | In loadDataAndPostValue of multiple files, there is a possible way to obscure permission usage due to a logic error in t... |
| [CVE-2025-48650](https://nvd.nist.gov/vuln/detail/CVE-2025-48650) | 8.4 | HIGH | CWE-89 | No | 0.0% | 5.88 | 2026-03-02 | In multiple locations, there is a possible information disclosure due to SQL injection. This could lead to local escalat... |
| [CVE-2025-48646](https://nvd.nist.gov/vuln/detail/CVE-2025-48646) | 7.8 | HIGH | CWE-441 | No | 0.0% | 5.46 | 2026-03-02 | In executeRequest of ActivityStarter.java, there is a possible launch anywhere due to a confused deputy. This could lead... |
| [CVE-2025-48645](https://nvd.nist.gov/vuln/detail/CVE-2025-48645) | 7.8 | HIGH | NVD-CWE-noinfo | No | 0.0% | 5.46 | 2026-03-02 | In loadDescription of DeviceAdminInfo.java, there is a possible persistent package due to improper input validation. Thi... |
| [CVE-2025-48644](https://nvd.nist.gov/vuln/detail/CVE-2025-48644) | 5.5 | MEDIUM | NVD-CWE-noinfo | No | 0.0% | 3.85 | 2026-03-02 | In multiple locations, there is a possible persistent denial of service due to improper input validation. This could lea... |
| [CVE-2025-48642](https://nvd.nist.gov/vuln/detail/CVE-2025-48642) | 5.5 | MEDIUM | NVD-CWE-noinfo | No | 0.0% | 3.85 | 2026-03-02 | In jump_to_payload of payload.rs, there is a possible information disclosure due to a logic error in the code. This coul... |
| [CVE-2025-48641](https://nvd.nist.gov/vuln/detail/CVE-2025-48641) | 7.0 | HIGH | CWE-362 | No | 0.0% | 4.90 | 2026-03-02 | In multiple functions of Nfc.h, there is a possible use after free due to a race condition. This could lead to local esc... |
| [CVE-2025-48636](https://nvd.nist.gov/vuln/detail/CVE-2025-48636) | 8.4 | HIGH | CWE-22 | No | 0.0% | 5.88 | 2026-03-02 | In openFile of BugreportContentProvider.java, there is a possible way to read and write unauthorized files due to a path... |
| [CVE-2025-48635](https://nvd.nist.gov/vuln/detail/CVE-2025-48635) | 7.7 | HIGH | CWE-200 | No | 0.0% | 5.39 | 2026-03-02 | In multiple functions of TaskFragmentOrganizerController.java, there is a possible activity token leak due to a logic er... |
| [CVE-2025-48634](https://nvd.nist.gov/vuln/detail/CVE-2025-48634) | 7.3 | HIGH | CWE-862 | No | 0.0% | 5.11 | 2026-03-02 | In relayoutWindow of WindowManagerService.java, there is a possible tapjack attack due to a missing permission check. Th... |
| [CVE-2025-48630](https://nvd.nist.gov/vuln/detail/CVE-2025-48630) | 7.4 | HIGH | CWE-208 | No | 0.0% | 5.18 | 2026-03-02 | In drawLayersInternal of SkiaRenderEngine.cpp, there is a possible way to access the GPU cache due to side channel infor... |
| [CVE-2025-48619](https://nvd.nist.gov/vuln/detail/CVE-2025-48619) | 8.4 | HIGH | CWE-284 | No | 0.0% | 5.88 | 2026-03-02 | In multiple functions of ContentProvider.java, there is a possible way for an app with read-only access to truncate file... |
| [CVE-2025-48613](https://nvd.nist.gov/vuln/detail/CVE-2025-48613) | 7.8 | HIGH | CWE-269 | No | 0.0% | 5.46 | 2026-03-02 | In VBMeta, there is a possible way to modify and resign VBMeta using a test key, assuming the original image was previou... |
| [CVE-2025-48609](https://nvd.nist.gov/vuln/detail/CVE-2025-48609) | 9.1 | CRITICAL | CWE-400 | No | 0.0% | 6.37 | 2026-03-02 | In multiple functions of MmsProvider.java, there is a possible way to arbitrarily delete files which affect telephony, S... |
| [CVE-2025-48605](https://nvd.nist.gov/vuln/detail/CVE-2025-48605) | 8.4 | HIGH | CWE-693 | No | 0.0% | 5.88 | 2026-03-02 | In multiple functions of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a logic error in the co... |
| [CVE-2025-48602](https://nvd.nist.gov/vuln/detail/CVE-2025-48602) | 8.4 | HIGH | CWE-693 | No | 0.0% | 5.88 | 2026-03-02 | In exitKeyguardAndFinishSurfaceBehindRemoteAnimation of KeyguardViewMediator.java, there is a possible lockscreen bypass... |
| [CVE-2025-48587](https://nvd.nist.gov/vuln/detail/CVE-2025-48587) | 6.2 | MEDIUM | CWE-20 | No | 0.0% | 4.34 | 2026-03-02 | In multiple functions of ProfilingService.java, there is a possible persistent denial of service due to improper input v... |
| [CVE-2025-48585](https://nvd.nist.gov/vuln/detail/CVE-2025-48585) | 6.2 | MEDIUM | CWE-20 | No | 0.0% | 4.34 | 2026-03-02 | In multiple functions of ProfilingService.java, there is a possible persistent denial of service due to improper input v... |
| [CVE-2025-48582](https://nvd.nist.gov/vuln/detail/CVE-2025-48582) | 8.4 | HIGH | CWE-59 | No | 0.0% | 5.88 | 2026-03-02 | In multiple locations, there is a possible way to delete media without the MANAGE_EXTERNAL_STORAGE permission due to an... |
| [CVE-2025-48579](https://nvd.nist.gov/vuln/detail/CVE-2025-48579) | 8.4 | HIGH | CWE-441 | No | 0.0% | 5.88 | 2026-03-02 | In multiple functions of MediaProvider.java, there is a possible external storage write permission bypass due to a confu... |
| [CVE-2025-48578](https://nvd.nist.gov/vuln/detail/CVE-2025-48578) | 7.8 | HIGH | CWE-862 | No | 0.0% | 5.46 | 2026-03-02 | In multiple functions of MediaProvider.java, there is a possible way to bypass the WRITE_EXTERNAL_STORAGE permission due... |
| [CVE-2025-48577](https://nvd.nist.gov/vuln/detail/CVE-2025-48577) | 7.4 | HIGH | CWE-362 | No | 0.0% | 5.18 | 2026-03-02 | In multiple functions of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a race condition. This... |
| [CVE-2025-48574](https://nvd.nist.gov/vuln/detail/CVE-2025-48574) | 8.4 | HIGH | CWE-862 | No | 0.0% | 5.88 | 2026-03-02 | In validateAddingWindowLw of DisplayPolicy.java, there is a possible way for an app to intercept drag-and-drop events du... |
| [CVE-2025-48568](https://nvd.nist.gov/vuln/detail/CVE-2025-48568) | 7.4 | HIGH | CWE-362 | No | 0.0% | 5.18 | 2026-03-02 | In multiple locations, there is a possible lockscreen bypass due to a race condition. This could lead to local escalatio... |
| [CVE-2025-48567](https://nvd.nist.gov/vuln/detail/CVE-2025-48567) | 7.8 | HIGH | CWE-22 | No | 0.0% | 5.46 | 2026-03-02 | In multiple locations, there is a possible bypass of a file path filter designed to prevent access to sensitive director... |
| [CVE-2025-32313](https://nvd.nist.gov/vuln/detail/CVE-2025-32313) | 8.4 | HIGH | CWE-787 | No | 0.0% | 5.88 | 2026-03-02 | In UsageEvents of UsageEvents.java, there is a possible out of bounds write due to an incorrect bounds check. This could... |
| [CVE-2024-43766](https://nvd.nist.gov/vuln/detail/CVE-2024-43766) | 6.5 | MEDIUM | CWE-319 | No | 0.0% | 4.55 | 2026-03-02 | In multiple functions of btm_ble_sec.cc, there is a possible unencrypted communication due to Invalid error handling. Th... |
| [CVE-2024-31328](https://nvd.nist.gov/vuln/detail/CVE-2024-31328) | 8.8 | HIGH | CWE-693 | No | 0.1% | 6.16 | 2026-03-02 | In broadcastIntentLockedTraced of BroadcastController.java, there is a possible way to launch arbitrary activities from... |
| [CVE-2026-3180](https://nvd.nist.gov/vuln/detail/CVE-2026-3180) | 7.5 | HIGH | CWE-89 | No | 0.1% | 5.25 | 2026-03-02 | The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress is vulnerable to blind... |
| [CVE-2026-3132](https://nvd.nist.gov/vuln/detail/CVE-2026-3132) | 8.8 | HIGH | CWE-94 | No | 0.3% | 6.17 | 2026-03-02 | The Master Addons for Elementor Premium plugin for WordPress is vulnerable to Remote Code Execution in all versions up t... |
| [CVE-2026-26707](https://nvd.nist.gov/vuln/detail/CVE-2026-26707) | 9.8 | CRITICAL | CWE-89 | No | 0.0% | 6.86 | 2026-03-02 | sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/view_supplier.php. |
| [CVE-2026-26706](https://nvd.nist.gov/vuln/detail/CVE-2026-26706) | 9.8 | CRITICAL | CWE-89 | No | 0.0% | 6.86 | 2026-03-02 | sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/view_receipt.php. |
| [CVE-2026-26705](https://nvd.nist.gov/vuln/detail/CVE-2026-26705) | 9.8 | CRITICAL | CWE-89 | No | 0.0% | 6.86 | 2026-03-02 | sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/view_product.php. |
| [CVE-2026-26704](https://nvd.nist.gov/vuln/detail/CVE-2026-26704) | 9.8 | CRITICAL | CWE-89 | No | 0.0% | 6.86 | 2026-03-02 | sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/view_category.php. |
| [CVE-2026-0655](https://nvd.nist.gov/vuln/detail/CVE-2026-0655) | 6.9 | MEDIUM | CWE-22 | No | 0.0% | 4.83 | 2026-03-02 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in TP-Link Deco BE25 v1.0 (... |
| [CVE-2026-28401](https://nvd.nist.gov/vuln/detail/CVE-2026-28401) | 5.3 | MEDIUM | CWE-79 | No | 0.0% | 3.71 | 2026-03-02 | NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, rich text cell content rendered via... |
| [CVE-2026-28399](https://nvd.nist.gov/vuln/detail/CVE-2026-28399) | 6.2 | MEDIUM | CWE-89 | No | 0.1% | 4.34 | 2026-03-02 | NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, an authenticated user with Creator... |
| [CVE-2026-28398](https://nvd.nist.gov/vuln/detail/CVE-2026-28398) | 5.3 | MEDIUM | CWE-79 | No | 0.0% | 3.71 | 2026-03-02 | NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, user-controlled content in comments... |
| [CVE-2026-28397](https://nvd.nist.gov/vuln/detail/CVE-2026-28397) | 5.3 | MEDIUM | CWE-79 | No | 0.0% | 3.71 | 2026-03-02 | NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, comments rendered via v-html withou... |
| [CVE-2026-28396](https://nvd.nist.gov/vuln/detail/CVE-2026-28396) | 4.9 | MEDIUM | CWE-613 | No | 0.0% | 3.43 | 2026-03-02 | NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the password reset flow did not rev... |
| [CVE-2026-28361](https://nvd.nist.gov/vuln/detail/CVE-2026-28361) | 4.9 | MEDIUM | CWE-639 | No | 0.0% | 3.43 | 2026-03-02 | NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the MCP token service did not valid... |
| [CVE-2026-28360](https://nvd.nist.gov/vuln/detail/CVE-2026-28360) | 2.7 | LOW | CWE-256 | No | 0.0% | 1.89 | 2026-03-02 | NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, shared view passwords were stored i... |
| [CVE-2026-28359](https://nvd.nist.gov/vuln/detail/CVE-2026-28359) | 5.3 | MEDIUM | CWE-79 | No | 0.0% | 3.71 | 2026-03-02 | NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, an authenticated user with Editor r... |
| [CVE-2026-28358](https://nvd.nist.gov/vuln/detail/CVE-2026-28358) | 2.7 | LOW | CWE-204 | No | 0.9% | 1.92 | 2026-03-02 | NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the password forgot endpoint return... |
| [CVE-2026-28357](https://nvd.nist.gov/vuln/detail/CVE-2026-28357) | 5.3 | MEDIUM | CWE-79 | No | 0.0% | 3.71 | 2026-03-02 | NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, a stored XSS vulnerability exists i... |
| [CVE-2026-28286](https://nvd.nist.gov/vuln/detail/CVE-2026-28286) | 8.5 | HIGH | CWE-73 | No | 0.1% | 5.95 | 2026-03-02 | ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.2-beta3, t... |
| [CVE-2026-26708](https://nvd.nist.gov/vuln/detail/CVE-2026-26708) | 9.8 | CRITICAL | CWE-89 | No | 0.0% | 6.86 | 2026-03-02 | sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_user.php. |
| [CVE-2026-26700](https://nvd.nist.gov/vuln/detail/CVE-2026-26700) | 9.8 | CRITICAL | CWE-89 | No | 0.0% | 6.86 | 2026-03-02 | sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/edit_employee.php. |
| [CVE-2026-24105](https://nvd.nist.gov/vuln/detail/CVE-2026-24105) | 9.8 | CRITICAL | CWE-94 | No | 1.9% | 6.92 | 2026-03-02 | An issue was discovered in goform/formsetUsbUnload in Tenda AC15V1.0 V15.03.05.18_multi. The value of `v1` was not check... |
| [CVE-2026-23865](https://nvd.nist.gov/vuln/detail/CVE-2026-23865) | 5.3 | MEDIUM | CWE-125 | No | 0.0% | 3.71 | 2026-03-02 | An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13... |
| [CVE-2026-21385](https://nvd.nist.gov/vuln/detail/CVE-2026-21385) | 7.8 | HIGH | CWE-190 | Yes | 0.2% | 5.47 | 2026-03-02 | Memory corruption while using alignments for memory allocation. |
| [CVE-2025-70252](https://nvd.nist.gov/vuln/detail/CVE-2025-70252) | 7.5 | HIGH | CWE-121 | No | 0.1% | 5.25 | 2026-03-02 | An issue was discovered in /goform/WifiWpsStart in Tenda AC6V2.0 V15.03.06.23_multi. The index and mode are controllable... |
| [CVE-2025-64427](https://nvd.nist.gov/vuln/detail/CVE-2025-64427) | 7.1 | HIGH | CWE-200 | No | 0.0% | 4.97 | 2026-03-02 | ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.0 and prio... |
| [CVE-2025-59603](https://nvd.nist.gov/vuln/detail/CVE-2025-59603) | 7.8 | HIGH | CWE-787 | No | 0.0% | 5.46 | 2026-03-02 | Memory Corruption when processing invalid user address with nonstandard buffer address. |
| [CVE-2025-59600](https://nvd.nist.gov/vuln/detail/CVE-2025-59600) | 7.8 | HIGH | CWE-126 | No | 0.0% | 5.46 | 2026-03-02 | Memory Corruption when adding user-supplied data without checking available buffer space. |
| [CVE-2025-47386](https://nvd.nist.gov/vuln/detail/CVE-2025-47386) | 7.8 | HIGH | CWE-416 | No | 0.0% | 5.46 | 2026-03-02 | Memory Corruption while invoking IOCTL calls when concurrent access to shared buffer occurs. |
| [CVE-2025-47385](https://nvd.nist.gov/vuln/detail/CVE-2025-47385) | 7.8 | HIGH | CWE-1262 | No | 0.0% | 5.46 | 2026-03-02 | Memory Corruption when accessing trusted execution environment without proper privilege check. |
| [CVE-2025-47384](https://nvd.nist.gov/vuln/detail/CVE-2025-47384) | 6.5 | MEDIUM | CWE-617 | No | 0.0% | 4.55 | 2026-03-02 | Transient DOS when MAC configures config id greater than supported maximum value. |
| [CVE-2025-47383](https://nvd.nist.gov/vuln/detail/CVE-2025-47383) | 7.2 | HIGH | CWE-325 | No | 0.0% | 5.04 | 2026-03-02 | Weak configuration may lead to cryptographic issue when a VoWiFi call is triggered from UE. |
| [CVE-2025-47381](https://nvd.nist.gov/vuln/detail/CVE-2025-47381) | 7.8 | HIGH | CWE-416 | No | 0.0% | 5.46 | 2026-03-02 | Memory Corruption while processing IOCTL calls when concurrent access to shared buffer occurs. |
| [CVE-2025-47379](https://nvd.nist.gov/vuln/detail/CVE-2025-47379) | 7.8 | HIGH | CWE-416 | No | 0.0% | 5.46 | 2026-03-02 | Memory Corruption when concurrent access to shared buffer occurs due to improper synchronization between assignment and... |
| [CVE-2025-47378](https://nvd.nist.gov/vuln/detail/CVE-2025-47378) | 7.1 | HIGH | CWE-497 | No | 0.0% | 4.97 | 2026-03-02 | Cryptographic Issue when a shared VM reference allows HLOS to boot loader and access cert chain. |
| [CVE-2025-47377](https://nvd.nist.gov/vuln/detail/CVE-2025-47377) | 7.8 | HIGH | CWE-416 | No | 0.0% | 5.46 | 2026-03-02 | Memory Corruption when accessing a buffer after it has been freed while processing IOCTL calls. |
| [CVE-2025-47376](https://nvd.nist.gov/vuln/detail/CVE-2025-47376) | 7.8 | HIGH | CWE-416 | No | 0.0% | 5.46 | 2026-03-02 | Memory Corruption when concurrent access to shared buffer occurs during IOCTL calls. |
| [CVE-2025-47375](https://nvd.nist.gov/vuln/detail/CVE-2025-47375) | 7.8 | HIGH | CWE-416 | No | 0.0% | 5.46 | 2026-03-02 | Memory corruption while handling different IOCTL calls from the user-space simultaneously. |
| [CVE-2025-47373](https://nvd.nist.gov/vuln/detail/CVE-2025-47373) | 7.8 | HIGH | CWE-787 | No | 0.0% | 5.46 | 2026-03-02 | Memory Corruption when accessing buffers with invalid length during TA invocation. |
| [CVE-2025-47371](https://nvd.nist.gov/vuln/detail/CVE-2025-47371) | 6.5 | MEDIUM | CWE-617 | No | 0.0% | 4.55 | 2026-03-02 | Transient DOS when an LTE RLC packet with invalid TB is received by UE. |
| [CVE-2026-28412](https://nvd.nist.gov/vuln/detail/CVE-2026-28412) | 6.5 | MEDIUM | CWE-400 | No | 0.1% | 4.55 | 2026-03-02 | Textream is a free macOS teleprompter app. Prior to version 1.5.1, the `DirectorServer` WebSocket server imposes no limi... |
| [CVE-2026-28403](https://nvd.nist.gov/vuln/detail/CVE-2026-28403) | 7.6 | HIGH | CWE-346 | No | 0.0% | 5.32 | 2026-03-02 | Textream is a free macOS teleprompter app. Prior to version 1.5.1, the `DirectorServer` WebSocket server (`ws://127.0.0.... |
| [CVE-2026-26720](https://nvd.nist.gov/vuln/detail/CVE-2026-26720) | 9.8 | CRITICAL | CWE-94 | No | 0.5% | 6.88 | 2026-03-02 | An issue in Twenty CRM v1.15.0 and before allows a remote attacker to execute arbitrary code via the local.driver.ts mod... |
| [CVE-2026-26701](https://nvd.nist.gov/vuln/detail/CVE-2026-26701) | 9.8 | CRITICAL | CWE-89 | No | 0.0% | 6.86 | 2026-03-02 | sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/edit_tecnical_user... |
| [CVE-2026-26699](https://nvd.nist.gov/vuln/detail/CVE-2026-26699) | 7.2 | HIGH | CWE-94 | No | 0.1% | 5.04 | 2026-03-02 | sourcecodester Personnel Property Equipment System v1.0 is vulnerable to arbitrary code execution in ip/ppes/admin/admin... |
| [CVE-2026-24112](https://nvd.nist.gov/vuln/detail/CVE-2026-24112) | 9.8 | CRITICAL | CWE-120 | No | 0.1% | 6.86 | 2026-03-02 | An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by specifying the value... |
| [CVE-2026-24110](https://nvd.nist.gov/vuln/detail/CVE-2026-24110) | 9.8 | CRITICAL | CWE-120 | No | 0.1% | 6.86 | 2026-03-02 | An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may send overly long `addDhcpRules` data. When these... |
| [CVE-2026-24101](https://nvd.nist.gov/vuln/detail/CVE-2026-24101) | 9.8 | CRITICAL | CWE-78 | No | 1.3% | 6.90 | 2026-03-02 | An issue was discovered in goform/formSetIptv in Tenda AC15V1.0 V15.03.05.18_multi. When the condition is met, `s1_1` wi... |
| [CVE-2025-66880](https://nvd.nist.gov/vuln/detail/CVE-2025-66880) | 6.1 | MEDIUM | CWE-79 | No | 0.1% | 4.27 | 2026-03-02 | Cross Site Scripting vulnerability in Wethink Technology Inc 720yun pano-sdk 0.5.877 allows a remote attacker to execute... |
| [CVE-2025-52998](https://nvd.nist.gov/vuln/detail/CVE-2025-52998) | 7.0 | HIGH | CWE-502 | No | 0.2% | 4.91 | 2026-03-02 | Chamilo is a learning management system. Prior to version 1.11.30, in the application, deserialization of data is perfor... |
| [CVE-2025-52564](https://nvd.nist.gov/vuln/detail/CVE-2025-52564) | 6.9 | MEDIUM | CWE-80 | No | 0.0% | 4.83 | 2026-03-02 | Chamilo is a learning management system. Prior to version 1.11.30, the open parameter of help.php fails to properly sani... |
| [CVE-2025-52563](https://nvd.nist.gov/vuln/detail/CVE-2025-52563) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-03-02 | Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulne... |
| [CVE-2025-52476](https://nvd.nist.gov/vuln/detail/CVE-2025-52476) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-03-02 | Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulne... |
| [CVE-2025-52475](https://nvd.nist.gov/vuln/detail/CVE-2025-52475) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-03-02 | Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulne... |
| [CVE-2025-52470](https://nvd.nist.gov/vuln/detail/CVE-2025-52470) | 4.8 | MEDIUM | CWE-79 | No | 0.1% | 3.36 | 2026-03-02 | Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting (XSS) vulnerability exi... |
| [CVE-2025-52469](https://nvd.nist.gov/vuln/detail/CVE-2025-52469) | 7.1 | HIGH | CWE-841 | No | 0.0% | 4.97 | 2026-03-02 | Chamilo is a learning management system. Prior to version 1.11.30, a logic vulnerability in the friend request workflow... |
| [CVE-2025-52468](https://nvd.nist.gov/vuln/detail/CVE-2025-52468) | 8.8 | HIGH | CWE-79 | No | 0.1% | 6.16 | 2026-03-02 | Chamilo is a learning management system. Prior to version 1.11.30, an input validation vulnerability exists when importi... |
| [CVE-2025-50199](https://nvd.nist.gov/vuln/detail/CVE-2025-50199) | 7.7 | HIGH | CWE-918 | No | 0.1% | 5.39 | 2026-03-02 | Chamilo is a learning management system. Prior to version 1.11.30, there is a blind SSRF vulnerability in /index.php via... |
| [CVE-2025-50198](https://nvd.nist.gov/vuln/detail/CVE-2025-50198) | 8.8 | HIGH | CWE-502 | No | 0.1% | 6.16 | 2026-03-02 | Chamilo is a learning management system. Prior to version 1.11.30, Chamilo is vulnerable to deserialization of untrusted... |
| [CVE-2025-50197](https://nvd.nist.gov/vuln/detail/CVE-2025-50197) | 7.1 | HIGH | CWE-78 | No | 0.7% | 4.99 | 2026-03-02 | Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /ma... |
| [CVE-2025-50196](https://nvd.nist.gov/vuln/detail/CVE-2025-50196) | 7.1 | HIGH | CWE-78 | No | 0.6% | 4.99 | 2026-03-02 | Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /pl... |
| [CVE-2025-50195](https://nvd.nist.gov/vuln/detail/CVE-2025-50195) | 7.1 | HIGH | CWE-78 | No | 0.7% | 4.99 | 2026-03-02 | Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /pl... |
| [CVE-2025-50194](https://nvd.nist.gov/vuln/detail/CVE-2025-50194) | 7.1 | HIGH | CWE-78 | No | 0.7% | 4.99 | 2026-03-02 | Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /ma... |
| [CVE-2025-50193](https://nvd.nist.gov/vuln/detail/CVE-2025-50193) | 7.1 | HIGH | CWE-78 | No | 0.7% | 4.99 | 2026-03-02 | Chamilo is a learning management system. Prior to version 1.11.30, there is an OS command Injection vulnerability in /pl... |
| [CVE-2026-26703](https://nvd.nist.gov/vuln/detail/CVE-2026-26703) | 9.8 | CRITICAL | CWE-89 | No | 0.0% | 6.86 | 2026-03-02 | sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/advance_search.php... |
| [CVE-2026-26702](https://nvd.nist.gov/vuln/detail/CVE-2026-26702) | 9.8 | CRITICAL | CWE-89 | No | 0.0% | 6.86 | 2026-03-02 | sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/myitem_reuse.php. |
| [CVE-2026-26696](https://nvd.nist.gov/vuln/detail/CVE-2026-26696) | 9.8 | CRITICAL | CWE-89 | No | 0.0% | 6.86 | 2026-03-02 | code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/recordteacher_edit.php. |
| [CVE-2026-26695](https://nvd.nist.gov/vuln/detail/CVE-2026-26695) | 9.8 | CRITICAL | CWE-89 | No | 0.0% | 6.86 | 2026-03-02 | code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/recordstudent_edit.php. |
| [CVE-2026-26694](https://nvd.nist.gov/vuln/detail/CVE-2026-26694) | 9.8 | CRITICAL | CWE-89 | No | 0.0% | 6.86 | 2026-03-02 | code-projects Simple Student Alumni System v1.0 is vulnerale to SQL Injection in /TracerStudy/modal_view.php. |
| [CVE-2026-24115](https://nvd.nist.gov/vuln/detail/CVE-2026-24115) | 9.8 | CRITICAL | CWE-120 | No | 0.1% | 6.86 | 2026-03-02 | An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate the sizes of `gstup` and `gstdwn` before co... |
| [CVE-2026-24114](https://nvd.nist.gov/vuln/detail/CVE-2026-24114) | 9.8 | CRITICAL | CWE-120 | No | 0.1% | 6.86 | 2026-03-02 | An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate `pPortMapIndex` may lead to buffer overflow... |
| [CVE-2026-24113](https://nvd.nist.gov/vuln/detail/CVE-2026-24113) | 9.8 | CRITICAL | CWE-120 | No | 0.1% | 6.86 | 2026-03-02 | An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the valu... |
| [CVE-2026-24111](https://nvd.nist.gov/vuln/detail/CVE-2026-24111) | 9.8 | CRITICAL | CWE-120 | No | 0.1% | 6.86 | 2026-03-02 | An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by specifying the value... |
| [CVE-2026-24109](https://nvd.nist.gov/vuln/detail/CVE-2026-24109) | 9.8 | CRITICAL | CWE-120 | No | 0.1% | 6.86 | 2026-03-02 | An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the valu... |
| [CVE-2026-24108](https://nvd.nist.gov/vuln/detail/CVE-2026-24108) | 9.8 | CRITICAL | CWE-120 | No | 0.1% | 6.86 | 2026-03-02 | An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the valu... |
| [CVE-2026-24107](https://nvd.nist.gov/vuln/detail/CVE-2026-24107) | 9.8 | CRITICAL | CWE-94 | No | 1.3% | 6.90 | 2026-03-02 | An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate the value of `usbPartitionName`, which is d... |
| [CVE-2026-0995](https://nvd.nist.gov/vuln/detail/CVE-2026-0995) | 3.6 | LOW | CWE-362 | No | 0.0% | 2.52 | 2026-03-02 | An issue has been identified in Arm C1-Pro before r1p2-50eac0, where, under certain conditions, a TLBI+DSB might fail to... |
| [CVE-2025-65465](https://nvd.nist.gov/vuln/detail/CVE-2025-65465) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-03-02 | A reflected Cross-Site Scripting (XSS) vulnerability in the RaiseError function of Skrol29 TbsZip version 2.17 and earli... |
| [CVE-2025-58107](https://nvd.nist.gov/vuln/detail/CVE-2025-58107) | 7.5 | HIGH | CWE-319 | No | 0.0% | 5.25 | 2026-03-02 | In Microsoft Exchange through 2019, Exchange ActiveSync (EAS) configurations on on-premises servers may transmit sensiti... |
| [CVE-2025-52482](https://nvd.nist.gov/vuln/detail/CVE-2025-52482) | 8.3 | HIGH | CWE-79 | No | 0.1% | 5.81 | 2026-03-02 | Chamilo is a learning management system. Prior to version 1.11.30, a Stored XSS vulnerability exists in the glossary fun... |
| [CVE-2025-50192](https://nvd.nist.gov/vuln/detail/CVE-2025-50192) | 8.8 | HIGH | CWE-89 | No | 0.0% | 6.16 | 2026-03-02 | Chamilo is a learning management system. Prior to version 1.11.30, there is a time-based SQL Injection in found in /main... |
| [CVE-2025-50191](https://nvd.nist.gov/vuln/detail/CVE-2025-50191) | 7.0 | HIGH | CWE-89 | No | 0.1% | 4.90 | 2026-03-02 | Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via POST userFi... |
| [CVE-2025-50190](https://nvd.nist.gov/vuln/detail/CVE-2025-50190) | 8.8 | HIGH | CWE-89 | No | 0.0% | 6.16 | 2026-03-02 | Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via the GET ope... |
| [CVE-2025-50189](https://nvd.nist.gov/vuln/detail/CVE-2025-50189) | 7.2 | HIGH | CWE-89 | No | 0.1% | 5.04 | 2026-03-02 | Chamilo is a learning management system. Prior to version 1.11.30, the application performs insufficient validation of d... |
| [CVE-2025-50188](https://nvd.nist.gov/vuln/detail/CVE-2025-50188) | 7.0 | HIGH | CWE-89 | No | 0.1% | 4.90 | 2026-03-02 | Chamilo is a learning management system. Prior to version 1.11.30, the application performs insufficient validation of d... |
| [CVE-2025-50187](https://nvd.nist.gov/vuln/detail/CVE-2025-50187) | 9.8 | CRITICAL | CWE-95 | No | 0.6% | 6.88 | 2026-03-02 | Chamilo is a learning management system. Prior to version 1.11.28, parameter from SOAP request is evaluated without filt... |
| [CVE-2025-50186](https://nvd.nist.gov/vuln/detail/CVE-2025-50186) | 4.8 | MEDIUM | CWE-79 | No | 0.1% | 3.36 | 2026-03-02 | Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting (XSS) vulnerability exi... |
| [CVE-2024-50337](https://nvd.nist.gov/vuln/detail/CVE-2024-50337) | 5.3 | MEDIUM | CWE-918 | No | 0.1% | 3.71 | 2026-03-02 | Chamilo is a learning management system. Prior to version 1.11.28, the OpenId function allows anyone to send requests to... |
| [CVE-2024-47886](https://nvd.nist.gov/vuln/detail/CVE-2024-47886) | 8.7 | HIGH | CWE-502 | No | 1.2% | 6.12 | 2026-03-02 | Chamilo is a learning management system. Chamillo is affected by a post-authentication phar unserialize which leads to a... |
| [CVE-2026-26698](https://nvd.nist.gov/vuln/detail/CVE-2026-26698) | 4.9 | MEDIUM | CWE-89 | No | 0.0% | 3.43 | 2026-03-02 | code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/modal_edit.php. |
| [CVE-2026-26697](https://nvd.nist.gov/vuln/detail/CVE-2026-26697) | 4.9 | MEDIUM | CWE-89 | No | 0.0% | 3.43 | 2026-03-02 | code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/recordteacher_view.php?te... |
| [CVE-2026-1628](https://nvd.nist.gov/vuln/detail/CVE-2026-1628) | 4.6 | MEDIUM | CWE-829 | No | 0.0% | 3.22 | 2026-03-02 | Mattermost Desktop App versions <=5.13.3 fail to attach listeners restricting navigation to external sites within the Ma... |
| [CVE-2026-3432](https://nvd.nist.gov/vuln/detail/CVE-2026-3432) | 9.3 | CRITICAL | CWE-862 | No | 0.1% | 6.51 | 2026-03-02 | On SimStudio version below to 0.5.74, the `/api/auth/oauth/token` endpoint contains a code path that bypasses all author... |
| [CVE-2026-3431](https://nvd.nist.gov/vuln/detail/CVE-2026-3431) | 9.8 | CRITICAL | CWE-862 | No | 0.1% | 6.86 | 2026-03-02 | On SimStudio version below to 0.5.74, the MongoDB tool endpoints accept arbitrary connection parameters from the caller... |
| [CVE-2025-58406](https://nvd.nist.gov/vuln/detail/CVE-2025-58406) | 5.3 | MEDIUM | CWE-693 | No | 0.0% | 3.71 | 2026-03-02 | The CGM CLININET application respond without essential security HTTP headers, exposing users to client‑side attacks such... |
| [CVE-2025-58405](https://nvd.nist.gov/vuln/detail/CVE-2025-58405) | 5.3 | MEDIUM | CWE-1021 | No | 0.0% | 3.71 | 2026-03-02 | The CGM CLININET application does not implement any mechanisms that prevent clickjacking attacks, neither HTTP security... |
| [CVE-2025-58402](https://nvd.nist.gov/vuln/detail/CVE-2025-58402) | 7.1 | HIGH | CWE-639 | No | 0.0% | 4.97 | 2026-03-02 | The CGM CLININET application uses direct, sequential object identifiers "MessageID" without proper authorization checks.... |
| [CVE-2025-30062](https://nvd.nist.gov/vuln/detail/CVE-2025-30062) | 6.9 | MEDIUM | CWE-89 | No | 0.0% | 4.83 | 2026-03-02 | In the "CheckUnitCodeAndKey.pl" service, the "validateOrgUnit" function is vulnerable to SQL injection. |
| [CVE-2025-30044](https://nvd.nist.gov/vuln/detail/CVE-2025-30044) | 9.4 | CRITICAL | CWE-78 | No | 0.0% | 6.58 | 2026-03-02 | In the endpoints "/cgi-bin/CliniNET.prd/utils/usrlogstat_simple.pl", "/cgi-bin/CliniNET.prd/utils/usrlogstat.pl", "/cgi-... |
| [CVE-2025-30042](https://nvd.nist.gov/vuln/detail/CVE-2025-30042) | 9.0 | CRITICAL | CWE-603 | No | 0.0% | 6.30 | 2026-03-02 | The CGM CLININET system provides smart card authentication; however, authentication is conducted locally on the client d... |
| [CVE-2025-30035](https://nvd.nist.gov/vuln/detail/CVE-2025-30035) | 9.0 | CRITICAL | CWE-306 | No | 0.0% | 6.30 | 2026-03-02 | The vulnerability enables an attacker to fully bypass authentication in CGM CLININET and gain access to any active user... |
| [CVE-2025-10350](https://nvd.nist.gov/vuln/detail/CVE-2025-10350) | 8.8 | HIGH | CWE-89 | No | 0.0% | 6.16 | 2026-03-02 | SQL Injection vulnerability in "imageserver" module when processing C-FIND queries in CGM NETRAAD software allows attack... |
| [CVE-2026-2584](https://nvd.nist.gov/vuln/detail/CVE-2026-2584) | 9.3 | CRITICAL | CWE-89 | No | 0.3% | 6.52 | 2026-03-02 | A critical SQL Injection (SQLi) vulnerability has been identified in the authentication module of the system. An unauthe... |
| [CVE-2026-20445](https://nvd.nist.gov/vuln/detail/CVE-2026-20445) | 4.4 | MEDIUM | CWE-367 | No | 0.0% | 3.08 | 2026-03-02 | In MDDP, there is a possible system crash due to a race condition. This could lead to local denial of service if a malic... |
| [CVE-2026-20444](https://nvd.nist.gov/vuln/detail/CVE-2026-20444) | 6.7 | MEDIUM | CWE-787 | No | 0.0% | 4.69 | 2026-03-02 | In display, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of... |
| [CVE-2026-20443](https://nvd.nist.gov/vuln/detail/CVE-2026-20443) | 6.7 | MEDIUM | CWE-416 | No | 0.0% | 4.69 | 2026-03-02 | In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privileg... |
| [CVE-2026-20442](https://nvd.nist.gov/vuln/detail/CVE-2026-20442) | 4.4 | MEDIUM | CWE-416 | No | 0.0% | 3.08 | 2026-03-02 | In display, there is a possible system crash due to use after free. This could lead to local denial of service if a mali... |
| [CVE-2026-20441](https://nvd.nist.gov/vuln/detail/CVE-2026-20441) | 6.7 | MEDIUM | CWE-787 | No | 0.0% | 4.69 | 2026-03-02 | In MAE, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of pr... |
| [CVE-2026-20440](https://nvd.nist.gov/vuln/detail/CVE-2026-20440) | 6.7 | MEDIUM | CWE-1285 | No | 0.0% | 4.69 | 2026-03-02 | In MAE, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of pr... |
| [CVE-2026-20439](https://nvd.nist.gov/vuln/detail/CVE-2026-20439) | 4.4 | MEDIUM | CWE-416 | No | 0.0% | 3.08 | 2026-03-02 | In imgsys, there is a possible system crash due to use after free. This could lead to local denial of service if a malic... |
| [CVE-2026-20438](https://nvd.nist.gov/vuln/detail/CVE-2026-20438) | 6.4 | MEDIUM | CWE-367 | No | 0.0% | 4.48 | 2026-03-02 | In MAE, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privileg... |
| [CVE-2026-20437](https://nvd.nist.gov/vuln/detail/CVE-2026-20437) | 4.4 | MEDIUM | CWE-416 | No | 0.0% | 3.08 | 2026-03-02 | In MAE, there is a possible system crash due to use after free. This could lead to local denial of service if a maliciou... |
| [CVE-2026-20436](https://nvd.nist.gov/vuln/detail/CVE-2026-20436) | 6.7 | MEDIUM | CWE-120 | No | 0.0% | 4.69 | 2026-03-02 | In wlan STA driver, there is a possible escalation of privilege due to a missing bounds check. This could lead to local... |
| [CVE-2026-20435](https://nvd.nist.gov/vuln/detail/CVE-2026-20435) | 4.6 | MEDIUM | CWE-522 | No | 0.0% | 3.22 | 2026-03-02 | In preloader, there is a possible read of device unique identifiers due to a logic error. This could lead to local infor... |
| [CVE-2026-20434](https://nvd.nist.gov/vuln/detail/CVE-2026-20434) | 7.5 | HIGH | CWE-787 | No | 0.1% | 5.25 | 2026-03-02 | In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of... |
| [CVE-2026-20430](https://nvd.nist.gov/vuln/detail/CVE-2026-20430) | 8.8 | HIGH | CWE-787 | No | 0.0% | 6.16 | 2026-03-02 | In wlan AP FW, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (prox... |
| [CVE-2026-20429](https://nvd.nist.gov/vuln/detail/CVE-2026-20429) | 4.4 | MEDIUM | CWE-125 | No | 0.0% | 3.08 | 2026-03-02 | In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local information d... |
| [CVE-2026-20428](https://nvd.nist.gov/vuln/detail/CVE-2026-20428) | 6.7 | MEDIUM | CWE-787 | No | 0.0% | 4.69 | 2026-03-02 | In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation o... |
| [CVE-2026-20427](https://nvd.nist.gov/vuln/detail/CVE-2026-20427) | 6.7 | MEDIUM | CWE-787 | No | 0.0% | 4.69 | 2026-03-02 | In display, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalati... |
| [CVE-2026-20426](https://nvd.nist.gov/vuln/detail/CVE-2026-20426) | 6.7 | MEDIUM | CWE-787 | No | 0.0% | 4.69 | 2026-03-02 | In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation o... |
| [CVE-2026-20425](https://nvd.nist.gov/vuln/detail/CVE-2026-20425) | 6.7 | MEDIUM | CWE-787 | No | 0.0% | 4.69 | 2026-03-02 | In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation o... |
| [CVE-2026-20424](https://nvd.nist.gov/vuln/detail/CVE-2026-20424) | 4.4 | MEDIUM | CWE-125 | No | 0.0% | 3.08 | 2026-03-02 | In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local information d... |
| [CVE-2026-20423](https://nvd.nist.gov/vuln/detail/CVE-2026-20423) | 7.8 | HIGH | CWE-749 | No | 0.0% | 5.46 | 2026-03-02 | In wlan STA driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local esca... |
| [CVE-2026-20416](https://nvd.nist.gov/vuln/detail/CVE-2026-20416) | 7.2 | HIGH | CWE-787 | No | 0.0% | 5.04 | 2026-03-02 | In pcie, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of p... |
| [CVE-2026-3422](https://nvd.nist.gov/vuln/detail/CVE-2026-3422) | 9.3 | CRITICAL | CWE-502 | No | 0.6% | 6.53 | 2026-03-02 | U-Office Force developed by e-Excellence has a Insecure Deserialization vulnerability, allowing unauthenticated remote a... |
| [CVE-2026-3413](https://nvd.nist.gov/vuln/detail/CVE-2026-3413) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-02 | A flaw has been found in itsourcecode University Management System 1.0. This vulnerability affects unknown code of the f... |
| [CVE-2026-3000](https://nvd.nist.gov/vuln/detail/CVE-2026-3000) | 9.3 | CRITICAL | CWE-494 | No | 0.2% | 6.52 | 2026-03-02 | IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability, allowing unauthenticated r... |
| [CVE-2026-2999](https://nvd.nist.gov/vuln/detail/CVE-2026-2999) | 9.3 | CRITICAL | CWE-494 | No | 0.2% | 6.52 | 2026-03-02 | IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability, allowing unauthenticated r... |
| [CVE-2025-15597](https://nvd.nist.gov/vuln/detail/CVE-2025-15597) | 5.3 | MEDIUM | CWE-266 | No | 0.1% | 3.71 | 2026-03-02 | A vulnerability has been found in Dataease SQLBot up to 1.4.0. This affects an unknown function of the file backend/apps... |
| [CVE-2026-3412](https://nvd.nist.gov/vuln/detail/CVE-2026-3412) | 5.3 | MEDIUM | CWE-79 | No | 0.0% | 3.71 | 2026-03-02 | A vulnerability was detected in itsourcecode University Management System 1.0. This affects an unknown part of the file... |
| [CVE-2026-3411](https://nvd.nist.gov/vuln/detail/CVE-2026-3411) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-02 | A security vulnerability has been detected in itsourcecode University Management System 1.0. Affected by this issue is s... |
| [CVE-2026-3410](https://nvd.nist.gov/vuln/detail/CVE-2026-3410) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-02 | A weakness has been identified in itsourcecode Society Management System 1.0. Affected by this vulnerability is an unkno... |
| [CVE-2026-3409](https://nvd.nist.gov/vuln/detail/CVE-2026-3409) | 6.9 | MEDIUM | CWE-74 | No | 0.1% | 4.83 | 2026-03-02 | A security flaw has been discovered in eosphoros-ai db-gpt 0.7.5. Affected is the function importlib.machinery.SourceFil... |
| [CVE-2026-3408](https://nvd.nist.gov/vuln/detail/CVE-2026-3408) | 5.3 | MEDIUM | CWE-404 | No | 0.1% | 3.71 | 2026-03-02 | A vulnerability was identified in Open Babel up to 3.1.1. This impacts the function OBAtom::GetExplicitValence of the fi... |
| [CVE-2026-3407](https://nvd.nist.gov/vuln/detail/CVE-2026-3407) | 4.8 | MEDIUM | CWE-119 | No | 0.0% | 3.36 | 2026-03-02 | A vulnerability was determined in YosysHQ yosys up to 0.62. This affects the function Yosys::RTLIL::Const::set of the fi... |
| [CVE-2026-3406](https://nvd.nist.gov/vuln/detail/CVE-2026-3406) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-03-02 | A vulnerability was found in projectworlds Online Art Gallery Shop 1.0. The impacted element is an unknown function of t... |
| [CVE-2026-3405](https://nvd.nist.gov/vuln/detail/CVE-2026-3405) | 2.3 | LOW | CWE-22 | No | 0.2% | 1.61 | 2026-03-02 | A vulnerability has been found in thinkgem JeeSite up to 5.15.1. The affected element is an unknown function of the comp... |
| [CVE-2026-3404](https://nvd.nist.gov/vuln/detail/CVE-2026-3404) | 2.3 | LOW | CWE-610 | No | 0.0% | 1.61 | 2026-03-02 | A flaw has been found in thinkgem JeeSite up to 5.15.1. Impacted is an unknown function of the file /com/jeesite/common/... |
| [CVE-2026-3403](https://nvd.nist.gov/vuln/detail/CVE-2026-3403) | 4.8 | MEDIUM | CWE-79 | No | 0.0% | 3.36 | 2026-03-02 | A vulnerability was detected in PHPGurukul Student Record Management System 1.0. This issue affects some unknown process... |
| [CVE-2026-3402](https://nvd.nist.gov/vuln/detail/CVE-2026-3402) | 4.8 | MEDIUM | CWE-79 | No | 0.0% | 3.36 | 2026-03-02 | A security vulnerability has been detected in PHPGurukul Student Record Management System up to 1.0. This vulnerability... |
| [CVE-2026-3401](https://nvd.nist.gov/vuln/detail/CVE-2026-3401) | 2.3 | LOW | CWE-613 | No | 0.1% | 1.61 | 2026-03-02 | A weakness has been identified in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unkno... |
| [CVE-2026-3400](https://nvd.nist.gov/vuln/detail/CVE-2026-3400) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-02 | A security flaw has been discovered in Tenda AC15 up to 15.13.07.13. Affected by this issue is some unknown functionalit... |
| [CVE-2026-3399](https://nvd.nist.gov/vuln/detail/CVE-2026-3399) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-01 | A vulnerability was identified in Tenda F453 1.0.0.3. Affected by this vulnerability is the function fromGstDhcpSetSer o... |
| [CVE-2026-3398](https://nvd.nist.gov/vuln/detail/CVE-2026-3398) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-01 | A vulnerability was determined in Tenda F453 1.0.0.3. Affected is the function fromAdvSetWan of the file /goform/AdvSetW... |
| [CVE-2026-3395](https://nvd.nist.gov/vuln/detail/CVE-2026-3395) | 6.9 | MEDIUM | CWE-74 | No | 0.1% | 4.83 | 2026-03-01 | A flaw has been found in MaxSite CMS up to 109.1. This impacts the function eval of the file application/maxsite/admin/p... |
| [CVE-2026-3394](https://nvd.nist.gov/vuln/detail/CVE-2026-3394) | 4.8 | MEDIUM | CWE-119 | No | 0.0% | 3.36 | 2026-03-01 | A vulnerability was detected in jarikomppa soloud up to 20200207. This affects the function SoLoud::Wav::loadwav of the... |
| [CVE-2026-3393](https://nvd.nist.gov/vuln/detail/CVE-2026-3393) | 4.8 | MEDIUM | CWE-119 | No | 0.0% | 3.36 | 2026-03-01 | A security vulnerability has been detected in jarikomppa soloud up to 20200207. The impacted element is the function SoL... |
| [CVE-2026-3392](https://nvd.nist.gov/vuln/detail/CVE-2026-3392) | 4.8 | MEDIUM | CWE-404 | No | 0.0% | 3.36 | 2026-03-01 | A weakness has been identified in FascinatedBox lily up to 2.3. The affected element is the function eval_tree of the fi... |
| [CVE-2026-3391](https://nvd.nist.gov/vuln/detail/CVE-2026-3391) | 4.8 | MEDIUM | CWE-119 | No | 0.0% | 3.36 | 2026-03-01 | A security flaw has been discovered in FascinatedBox lily up to 2.3. Impacted is the function clear_storages of the file... |
| [CVE-2026-3390](https://nvd.nist.gov/vuln/detail/CVE-2026-3390) | 4.8 | MEDIUM | CWE-119 | No | 0.0% | 3.36 | 2026-03-01 | A vulnerability was identified in FascinatedBox lily up to 2.3. This issue affects the function patch_line_end of the fi... |
| [CVE-2026-3389](https://nvd.nist.gov/vuln/detail/CVE-2026-3389) | 4.8 | MEDIUM | CWE-404 | No | 0.0% | 3.36 | 2026-03-01 | A vulnerability was determined in Squirrel up to 3.2. This vulnerability affects the function sqstd_rex_newnode in the l... |
| [CVE-2026-3388](https://nvd.nist.gov/vuln/detail/CVE-2026-3388) | 4.8 | MEDIUM | CWE-404 | No | 0.0% | 3.36 | 2026-03-01 | A vulnerability was found in Squirrel up to 3.2. This affects the function SQCompiler::Factor/SQCompiler::UnaryOP of the... |
| [CVE-2026-3387](https://nvd.nist.gov/vuln/detail/CVE-2026-3387) | 4.8 | MEDIUM | CWE-404 | No | 0.0% | 3.36 | 2026-03-01 | A vulnerability has been found in wren-lang wren up to 0.4.0. Affected by this issue is the function getByteCountForArgu... |
| [CVE-2026-3386](https://nvd.nist.gov/vuln/detail/CVE-2026-3386) | 4.8 | MEDIUM | CWE-119 | No | 0.0% | 3.36 | 2026-03-01 | A flaw has been found in wren-lang wren up to 0.4.0. Affected by this vulnerability is the function emitOp of the file s... |
| [CVE-2026-3385](https://nvd.nist.gov/vuln/detail/CVE-2026-3385) | 4.8 | MEDIUM | CWE-404 | No | 0.0% | 3.36 | 2026-03-01 | A vulnerability was detected in wren-lang wren up to 0.4.0. Affected is the function resolveLocal of the file src/vm/wre... |
| [CVE-2026-3384](https://nvd.nist.gov/vuln/detail/CVE-2026-3384) | 4.8 | MEDIUM | CWE-404 | No | 0.0% | 3.36 | 2026-03-01 | A security vulnerability has been detected in ChaiScript up to 6.1.0. This impacts the function chaiscript::eval::AST_No... |
| [CVE-2026-3383](https://nvd.nist.gov/vuln/detail/CVE-2026-3383) | 4.8 | MEDIUM | CWE-369 | No | 0.0% | 3.36 | 2026-03-01 | A weakness has been identified in ChaiScript up to 6.1.0. This affects the function chaiscript::Boxed_Number::go of the... |
| [CVE-2026-3382](https://nvd.nist.gov/vuln/detail/CVE-2026-3382) | 4.8 | MEDIUM | CWE-119 | No | 0.0% | 3.36 | 2026-03-01 | A security flaw has been discovered in ChaiScript up to 6.1.0. The impacted element is the function chaiscript::Boxed_Nu... |
| [CVE-2026-3380](https://nvd.nist.gov/vuln/detail/CVE-2026-3380) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-01 | A vulnerability was found in Tenda F453 1.0.0.3. This issue affects the function frmL7ImForm of the file /goform/L7Im. T... |
| [CVE-2026-3379](https://nvd.nist.gov/vuln/detail/CVE-2026-3379) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-01 | A vulnerability has been found in Tenda F453 1.0.0.3. This vulnerability affects the function fromSetIpBind of the file... |
| [CVE-2026-3378](https://nvd.nist.gov/vuln/detail/CVE-2026-3378) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-01 | A flaw has been found in Tenda F453 1.0.0.3. This affects the function fromqossetting of the file /goform/qossetting. Ex... |
| [CVE-2026-3377](https://nvd.nist.gov/vuln/detail/CVE-2026-3377) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-03-01 | A vulnerability was detected in Tenda F453 1.0.0.3. Affected by this issue is the function fromSafeUrlFilter of the file... |