Total CVEs

140,426

Critical Severity

3,747

High Severity

13,550

Last 7 Days

1,486
Quick preset (or use dates below)
Clear Filters
Showing 8,021 - 8,040 of 13,946 CVEs
CVE-2026-33014 MEDIUM - 5.2

EVerest is an EV charging software stack. Prior to version 2026.02.0, during RemoteStop processing, a delayed authorization response restores `authorized` back to true, defeating the `stop_transaction()` call condition on PowerOff events. As a result, the transaction can remain open even after a rem...

Vendor: EVerest
Product: everest-core
Published: Mar 26, 2026
Source: NVD
CVE-2026-29905 MEDIUM - 6.5

Kirby CMS through 5.1.4 allows an authenticated user with 'Editor' permissions to cause a persistent Denial of Service (DoS) via a malformed image upload. The application fails to properly validate the return value of the PHP getimagesize() function. When the system attempts to process thi...

Vendor: composer
Product: getkirby/cms
Published: Mar 26, 2026
Source: NVD
CVE-2026-29044 MEDIUM - 5.0

EVerest is an EV charging software stack. Prior to version 2026.02.0, when WithdrawAuthorization is processed before the TransactionStarted event, AuthHandler determines `transaction_active=false` and only calls `withdraw_authorization_callback`. This path ultimately calls `Charger::deauthorize()`, ...

Vendor: EVerest
Product: everest-core
Published: Mar 26, 2026
Source: NVD
CVE-2026-27814 MEDIUM - 4.2

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race (C++ UB) triggered by an A 1-phase โ†” 3-phase switch request (`ac_switch_three_phases_while_charging`) during charging/waiting executes concurrently with the state machine loop. Version 2026.02.0 contains a patch.

Vendor: EVerest
Product: everest-core
Published: Mar 26, 2026
Source: NVD
CVE-2026-27813 MEDIUM - 5.3

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to use-after-free. This is triggered by EV plug-in/unplug and RFID/RemoteStart/OCPP authorization events (or delayed authorization response). Version 2026.2.0 contains a patch.

Vendor: EVerest
Product: everest-core
Published: Mar 26, 2026
Source: NVD
CVE-2026-26073 MEDIUM - 5.9

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to possible `std::queue`/`std::deque` corruption. The trigger is powermeter public key update and EV session/error events (while OCPP not started). This results in a TSAN data race report and an ASAN/UBSAN...

Vendor: EVerest
Product: everest-core
Published: Mar 26, 2026
Source: NVD
CVE-2026-33726 MEDIUM - 5.4

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.14, 1.18.8, and 1.19.2, Ingress Network Policies are not enforced for traffic from pods to L7 Services (Envoy, GAMMA) with a local backend on the same node, when Per-Endpoint Routing is ...

Vendor: go
Product: github.com/cilium/cilium
Published: Mar 26, 2026
Source: GitHub
CVE-2026-4897 MEDIUM - 5.5

A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the `polkit-agent-helper-1` setuid binary via standard input (stdin). This unbounded input can lead to an out-of-memory (OOM) condition, resulting in a Denial of Service (DoS) for th...

Published: Mar 26, 2026
Source: NVD
CVE-2026-30162 MEDIUM - 6.1

Cross Site Scripting (xss) vulnerability in Timo 2.0.3 via crafted links in the title field.

Vendor: auntvt
Product: timo
Published: Mar 26, 2026
Source: NVD
CVE-2026-29976 MEDIUM - 6.2

Buffer Overflow vulnerability in ZerBea hcxpcapngtool v. 7.0.1-43-g2ee308e allows a local attacker to obtain sensitive information via the getradiotapfield() function

Vendor: zerbea
Product: hcxtools
Published: Mar 26, 2026
Source: NVD
CVE-2026-29934 MEDIUM - 6.1

A reflected cross-site scripting (XSS) vulnerability in the /admin/menus component of Lightcms v2.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying the referer value in the request header.

Vendor: lightcms_project
Product: lightcms
Published: Mar 26, 2026
Source: NVD
CVE-2026-29933 MEDIUM - 6.1

A reflected cross-site scripting (XSS) vulnerability in the /index/login.html component of YZMCMS v7.4 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying the referrer value in the request header.

Vendor: yzmcms
Product: yzmcms
Published: Mar 26, 2026
Source: NVD
CVE-2026-28298 MEDIUM - 5.9

SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution.

Vendor: SolarWinds
Product: SolarWinds Observability Self-Hosted
Published: Mar 26, 2026
Source: NVD
CVE-2026-28297 MEDIUM - 6.1

SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution.

Vendor: SolarWinds
Product: SolarWinds Observability Self-Hosted
Published: Mar 26, 2026
Source: NVD
CVE-2026-27663 MEDIUM - 6.5

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.10), RTUM85ย RTU Base (All versions < V26.10). The affected application contains denial-of-service (DoS) vulnerability. The remote operation mode is susceptible to a resource exhaustion condition ...

Vendor: Siemens
Product: CPCI85 Central Processing/Communication, RTUM85ย RTU Base
Published: Mar 26, 2026
Source: NVD
CVE-2026-26072 MEDIUM - 4.2

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to `std::map<std::optional>` concurrent access (container/optional corruption possible). The trigger is EV SoC update with powermeter periodic update and unplugging/SessionFinished status. Version 20...

Vendor: EVerest
Product: everest-core
Published: Mar 26, 2026
Source: NVD
CVE-2026-26071 MEDIUM - 4.2

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to `std::string` concurrent access. with heap-use-after-free possible. This is triggered by EVCCID update (EV/ISO15118) and OCPP session/authorization events. Version 2026.02.0 contains a patch.

Vendor: EVerest
Product: everest-core
Published: Mar 26, 2026
Source: NVD
CVE-2026-26070 MEDIUM - 4.6

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to `std::map<std::optional>` concurrent access (container/optional corruption possible). The trigger is an EV SoC update with powermeter periodic update and unplugging/SessionFinished state. Version ...

Vendor: EVerest
Product: everest-core
Published: Mar 26, 2026
Source: NVD
CVE-2026-4877 MEDIUM - 4.3

A security flaw has been discovered in itsourcecode Payroll Management System up to 1.0. This affects an unknown function of the file /index.php. Performing a manipulation of the argument page results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been relea...

Published: Mar 26, 2026
Source: NVD
CVE-2026-4876 MEDIUM - 6.3

A vulnerability was identified in itsourcecode Free Hotel Reservation System 1.0. The impacted element is an unknown function of the file /admin/mod_amenities/index.php?view=editpic. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit is ...

Published: Mar 26, 2026
Source: NVD