Total CVEs

140,426

Critical Severity

3,747

High Severity

13,550

Last 7 Days

1,486
Quick preset (or use dates below)
Clear Filters
Showing 8,041 - 8,060 of 13,946 CVEs
CVE-2026-2389 MEDIUM - 4.9

The Complianz โ€“ GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 7.4.4.2. This is due to the `revert_divs_to_summary` function replacing `”` HTML entities with literal double-quote characters (`"`) in post...

Published: Mar 26, 2026
Source: NVD
CVE-2026-1032 MEDIUM - 4.3

The Conditional Menus plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.6. This is due to missing nonce validation on the 'save_options' function. This makes it possible for unauthenticated attackers to modify conditional menu assign...

Published: Mar 26, 2026
Source: NVD
CVE-2025-55264 MEDIUM - 5.5

HCL Aftermarket DPC is affected by Failure to Invalidate Session on Password Change will allow attacker to access to a session, then they can maintain control over the account despite the password change leading to account takeover.

Vendor: HCL
Product: Aftermarket DPC
Published: Mar 26, 2026
Source: NVD
CVE-2019-25649 MEDIUM - 5.5

River Past Audio Converter 7.7.16 contains a local buffer overflow vulnerability in the activation code field that allows local attackers to crash the application by supplying an oversized input string. Attackers can paste a large payload of repeated characters into the 'E-Mail and Activation C...

Vendor: riverpast
Product: River Past Audio Converter
Published: Mar 26, 2026
Source: NVD
CVE-2019-25648 MEDIUM - 6.2

MyVideoConverter Pro 3.14 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying an excessively long string to the registration code input field. Attackers can paste a malicious payload containing 10000 bytes into the 'Copy and Paste Registrat...

Vendor: Ivideogo
Product: MyVideoConverter Pro
Published: Mar 26, 2026
Source: NVD
CVE-2018-25216 MEDIUM - 6.2

AnyBurn 4.3 contains a local buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the image file name field. Attackers can paste a 10000-byte payload into the 'Image file name' parameter during the 'Copy disk to ...

Vendor: Anyburn
Product: AnyBurn
Published: Mar 26, 2026
Source: NVD
CVE-2018-25215 MEDIUM - 5.5

Excel Password Recovery Professional 8.2.0.0 contains a local buffer overflow vulnerability that allows attackers to cause a denial of service by supplying an excessively long string to the 'E-Mail and Registrations Code' field. Attackers can paste a crafted payload containing 5000 bytes o...

Vendor: Recoverlostpassword
Product: Excel Password Recovery Professional
Published: Mar 26, 2026
Source: NVD
CVE-2018-25214 MEDIUM - 6.2

MegaPing contains a local buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload to the Destination Address List field in the Finger function. Attackers can paste a crafted buffer exceeding expected input limits into the vulnerable field ...

Vendor: Magnetosoft
Product: MegaPing
Published: Mar 26, 2026
Source: NVD
CVE-2026-4887 MEDIUM - 6.1

A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an off-by-one error. A remote attacker could exploit this by convincing a user to open a specially crafted PCX image. Successful exploitation could lead to out-of-bounds memory disclosure and a possible ap...

Published: Mar 26, 2026
Source: NVD
CVE-2026-4875 MEDIUM - 4.7

A vulnerability was determined in itsourcecode Free Hotel Reservation System 1.0. The affected element is an unknown function of the file /admin/mod_amenities/index.php?view=add. This manipulation of the argument image causes unrestricted upload. The attack is possible to be carried out remotely. Th...

Published: Mar 26, 2026
Source: NVD
CVE-2025-55273 MEDIUM - 4.3

HCL Aftermarket DPC is affected by Cross Domain Script Include vulnerability where an attacker using external scripts can tamper with the DOM, altering the content or behavior of the application. Malicious scripts can steal cookies or session tokens, leading to session hijacking.

Vendor: HCL
Product: Aftermarket DPC
Published: Mar 26, 2026
Source: NVD
CVE-2025-55269 MEDIUM - 4.2

HCL Aftermarket DPC is affected by Weak Password Policy vulnerability, which makes it easier for attackers to guess weak passwords or use brute-force techniques to gain unauthorized access to user accounts.

Vendor: HCL
Product: Aftermarket DPC
Published: Mar 26, 2026
Source: NVD
CVE-2025-55268 MEDIUM - 4.3

HCL Aftermarket DPC is affected by Spamming Vulnerability which can allow the actor to excessive spamming can consume server bandwidth and processing resources which may lead to Denial of Service.

Vendor: HCL
Product: Aftermarket DPC
Published: Mar 26, 2026
Source: NVD
CVE-2025-55267 MEDIUM - 5.7

HCL Aftermarket DPC is affected by Unrestricted File Upload vulnerability, allows attacker to upload and execute malicious scripts, gaining full control over the server.

Vendor: HCL
Product: Aftermarket DPC
Published: Mar 26, 2026
Source: NVD
CVE-2025-55266 MEDIUM - 5.9

HCL Aftermarket DPC is affected by Session Fixation which allows attacker to takeover the user's session and use it carry out unauthorized transaction behalf of the user.

Vendor: HCL
Product: Aftermarket DPC
Published: Mar 26, 2026
Source: NVD
CVE-2025-55265 MEDIUM - 6.5

HCL Aftermarket DPC is affected by File Discovery which allows attacker could exploit this issue to read sensitive files present in the system and may use it to craft further attacks.

Vendor: HCL
Product: Aftermarket DPC
Published: Mar 26, 2026
Source: NVD
CVE-2025-41027 MEDIUM - 6.1

Reflected Cross Site Scripting (XSS) vulnerabilities in GDTaller. These vulnerabilities allows an attacker execute JavaScript code in the victim's browser by sending a malicious URL in 'site' parameter in 'app_recuperarclave.php'.

Vendor: GDTaller
Product: GDTaller
Published: Mar 26, 2026
Source: NVD
CVE-2025-41026 MEDIUM - 6.1

Reflected Cross Site Scripting (XSS) vulnerabilities in GDTaller. These vulnerabilities allows an attacker execute JavaScript code in the victim's browser by sending a malicious URL in 'site' parameter in 'app_login.php'.

Vendor: GDTaller
Product: GDTaller
Published: Mar 26, 2026
Source: NVD
CVE-2026-4274 MEDIUM - 5.4

Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 11.4.0, 11.3.x <= 11.3.1 fail to restrict team-level access when processing membership sync from a remote cluster, which allows a malicious remote cluster to grant a user access to an entire private team instead of only...

Vendor: mattermost
Product: mattermost_server
Published: Mar 26, 2026
Source: NVD
CVE-2026-4849 MEDIUM - 4.3

A vulnerability was identified in code-projects Simple Laundry System 1.0. This impacts an unknown function of the file /modify.php of the component Parameter Handler. The manipulation of the argument firstName leads to cross site scripting. The attack may be initiated remotely. The exploit is publi...

Published: Mar 26, 2026
Source: NVD