Total CVEs

140,426

Critical Severity

3,747

High Severity

13,550

Last 7 Days

1,486
Quick preset (or use dates below)
Clear Filters
Showing 8,081 - 8,100 of 13,946 CVEs
CVE-2026-4826 MEDIUM - 6.3

A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /update_stock.php of the component HTTP GET Parameter Handler. This manipulation of the argument sid causes sql injection. Remote exploitation of the attack is possibl...

Published: Mar 26, 2026
Source: NVD
CVE-2026-34051 MEDIUM - 5.4

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 have an improper access control on the Import/Export functionality, allowing unauthorized users to perform import and export actions through direct request manipulation ...

Vendor: openemr
Product: openemr
Published: Mar 26, 2026
Source: NVD
CVE-2026-33934 MEDIUM - 4.3

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 have a missing authorization check in `portal/sign/lib/show-signature.php` that allows any authenticated patient portal user to retrieve the drawn signature image of any...

Vendor: openemr
Product: openemr
Published: Mar 26, 2026
Source: NVD
CVE-2026-33933 MEDIUM - 6.1

OpenEMR is a free and open source electronic health records and medical practice management application. Starting in version 7.0.2.1 and prior to version 8.0.0.3, a reflected cross-site scripting (XSS) vulnerability in the custom template editor allows an attacker to execute arbitrary JavaScript in ...

Vendor: openemr
Product: openemr
Published: Mar 26, 2026
Source: NVD
CVE-2026-33931 MEDIUM - 6.5

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct Object Reference (IDOR) vulnerability in the patient portal payment page allows any authenticated portal patient to access other patients' paymen...

Vendor: openemr
Product: openemr
Published: Mar 26, 2026
Source: NVD
CVE-2026-33915 MEDIUM - 5.4

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, five insurance company REST API routes are missing the `RestConfig::request_authorization_check()` call that every other data-modifying route in the standard API uses. T...

Vendor: openemr
Product: openemr
Published: Mar 26, 2026
Source: NVD
CVE-2026-4825 MEDIUM - 6.3

A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file /update_sales.php of the component HTTP GET Parameter Handler. The manipulation of the argument sid results in sql injection. The attack may be launched remotely. The exploit has been...

Published: Mar 25, 2026
Source: NVD
CVE-2026-33912 MEDIUM - 5.4

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an authenticated attacker could craft a malicious form that, when submitted by a victim, executes arbitrary JavaScript in the victim's browser session. Version 8.0....

Vendor: openemr
Product: openemr
Published: Mar 25, 2026
Source: NVD
CVE-2026-33911 MEDIUM - 5.4

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the POST parameter `title` is reflected back in a JSON response built with `json_encode()`. Because the response is served with a `text/html` Content-Type, the browser i...

Vendor: openemr
Product: openemr
Published: Mar 25, 2026
Source: NVD
CVE-2026-33909 MEDIUM - 5.9

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, several variables in the MedEx recall/reminder processing code are concatenated directly into SQL queries without parameterization or type casting, enabling SQL injectio...

Vendor: openemr
Product: openemr
Published: Mar 25, 2026
Source: NVD
CVE-2026-32120 MEDIUM - 6.5

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct Object Reference (IDOR) vulnerability in the fee sheet product save logic (`library/FeeSheet.class.php`) allows any authenticated user with fee sheet ...

Vendor: openemr
Product: openemr
Published: Mar 25, 2026
Source: NVD
CVE-2025-36187 MEDIUM - 4.4

IBM Knowledge Catalog Standard Cartridge 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.1, 5.1.1, 5,1.2, 5.1.3, 5.2.0, 5.2.1 stores potentially sensitive information in log files that could be read by a local privileged user.

Vendor: IBM
Product: Knowledge Catalog Standard Cartridge
Published: Mar 25, 2026
Source: NVD
CVE-2025-14684 MEDIUM - 4.0

IBM Maximo Application Suite - Monitor Component 9.1, 9.0, 8.11, and 8.10 could allow an unauthorized user to inject data into log messages due to improper neutralization of special elements when written to log files.

Vendor: IBM
Product: Maximo Application Suite - Monitor Component
Published: Mar 25, 2026
Source: NVD
CVE-2026-33183 MEDIUM - 9.1

Saloon is a PHP library that gives users tools to build API integrations and SDKs. Prior to version 4.0.0, fixture names were used to build file paths under the configured fixture directory without validation. A name containing path segments (e.g. ../traversal or ../../etc/passwd) resulted in a path...

Vendor: composer
Product: saloonphp/saloon
Published: Mar 25, 2026
Source: GitHub
CVE-2026-33182 MEDIUM - 7.5

Saloon is a PHP library that gives users tools to build API integrations and SDKs. Prior to version 4.0.0, when building the request URL, Saloon combined the connector's base URL with the request endpoint. If the endpoint was a valid absolute URL, the code used that URL as-is and ignored the ba...

Vendor: composer
Product: saloonphp/saloon
Published: Mar 25, 2026
Source: GitHub
CVE-2026-33682 MEDIUM - 4.7

Streamlit is a data oriented application development framework for python. Streamlit Open Source versions prior to 1.54.0 running on Windows hosts have an unauthenticated Server-Side Request Forgery (SSRF) vulnerability. The vulnerability arises from improper validation of attacker-supplied filesyst...

Vendor: pip
Product: Streamlit
Published: Mar 25, 2026
Source: GitHub
CVE-2026-2485 MEDIUM - 4.8

IBM Infosphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trust...

Vendor: ibm
Product: infosphere_information_server
Published: Mar 25, 2026
Source: NVD
CVE-2026-2484 MEDIUM - 4.3

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information exposure vulnerability caused by overly verbose error messages

Vendor: ibm
Product: infosphere_information_server
Published: Mar 25, 2026
Source: NVD
CVE-2026-2483 MEDIUM - 5.4

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session

Vendor: ibm
Product: infosphere_information_server
Published: Mar 25, 2026
Source: NVD
CVE-2026-1561 MEDIUM - 5.4

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery (SSRF). This may allow remote attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating ...

Vendor: ibm
Product: websphere_application_server
Published: Mar 25, 2026
Source: NVD