Total CVEs

141,249

Critical Severity

3,795

High Severity

13,708

Last 7 Days

2,216
Quick preset (or use dates below)
Clear Filters
Showing 8,121 - 8,140 of 13,708 CVEs
CVE-2016-20045 HIGH - 8.4

HNB Organizer 1.9.18-10 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -rc command-line parameter. Attackers can craft a malicious input string exceeding 108 bytes containing shellcode and a return addres...

Vendor: hnb
Product: HNB
Published: Mar 28, 2026
Source: NVD
CVE-2016-20044 HIGH - 8.4

PInfo 0.6.9-5.1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -m parameter. Attackers can craft a malicious input string with 564 bytes of padding followed by a return address to overwrite the instructio...

Vendor: pinfo
Product: PInfo
Published: Mar 28, 2026
Source: NVD
CVE-2016-20043 HIGH - 8.4

NRSS RSS Reader 0.3.9-1 contains a stack buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -F parameter. Attackers can craft a malicious input with 256 bytes of padding followed by a controlled EIP value to overwrite the ret...

Vendor: nrss
Product: NRSS Reader
Published: Mar 28, 2026
Source: NVD
CVE-2016-20042 HIGH - 8.4

TRN 3.6-23 contains a stack buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the application. Attackers can craft a malicious command-line argument with 156 bytes of padding followed by a return address to overwrite the instruc...

Vendor: trn
Product: Threaded USENET News Reader
Published: Mar 28, 2026
Source: NVD
CVE-2016-20041 HIGH - 8.4

Yasr 0.6.9-5 contains a buffer overflow vulnerability that allows local attackers to crash the application or execute arbitrary code by supplying an oversized argument to the -p parameter. Attackers can invoke yasr with a crafted payload containing junk data, shellcode, and a return address to overw...

Vendor: yasr
Product: Yasr Screen Reader
Published: Mar 28, 2026
Source: NVD
CVE-2016-20040 HIGH - 8.4

TiEmu 3.03-nogdb+dfsg-3 contains a buffer overflow vulnerability in the ROM parameter handling that allows local attackers to crash the application or execute arbitrary code. Attackers can supply an oversized ROM parameter to the tiemu command-line interface to overflow the stack buffer and overwrit...

Vendor: ticalc
Product: Texas Instrument Emulator
Published: Mar 28, 2026
Source: NVD
CVE-2016-20039 HIGH - 8.4

Multi Emulator Super System 0.154-3.1 contains a buffer overflow vulnerability in the gamma parameter handling that allows local attackers to crash the application or execute arbitrary code. Attackers can supply an oversized gamma parameter value to overflow the stack buffer and overwrite the instru...

Vendor: mamedev
Product: Mess Emulator
Published: Mar 28, 2026
Source: NVD
CVE-2016-20038 HIGH - 8.4

yTree 1.94-1.1 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an excessively long argument to the application. Attackers can craft a malicious command-line argument containing shellcode and a return address to overwrite the sta...

Vendor: werner
Product: yTree
Published: Mar 28, 2026
Source: NVD
CVE-2016-20037 HIGH - 8.4

xwpe 1.5.30a-2.1 and prior contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying overly long input strings that exceed buffer boundaries. Attackers can craft malicious command-line arguments with 262 bytes of junk data followed by she...

Vendor: Identicalsoftware
Product: xWPE
Published: Mar 28, 2026
Source: NVD
CVE-2025-12886 HIGH - 7.2

The Oxygen Theme theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.0.8 via the laborator_calc_route AJAX action. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web applicatio...

Vendor: Laborator
Product: Oxygen - WooCommerce WordPress Theme
Published: Mar 28, 2026
Source: NVD
CVE-2026-4987 HIGH - 7.5

The SureForms โ€“ Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amount Bypass in all versions up to, and including, 2.5.2. This is due to the create_payment_intent() function performing a payment validation solely based on the value of a user-...

Published: Mar 28, 2026
Source: NVD
CVE-2026-1679 HIGH - 7.3

The eswifi socket offload driver copies user-provided payloads into a fixed buffer without checking available space; oversized sends overflow `eswifi->buf`, corrupting kernel memory (CWE-120). Exploit requires local code that can call the socket send API; no remote attacker can reach it directly.

Vendor: zephyrproject
Product: zephyr
Published: Mar 28, 2026
Source: NVD
CVE-2026-4248 HIGH - 8.0

The Ultimate Member plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11.2. This is due to the '{usermeta:password_reset_link}' template tag being processed within post content via the '[um_loggedin]' shortcode, which gen...

Published: Mar 27, 2026
Source: NVD
CVE-2026-33991 HIGH - 8.8

WeGIA is a web manager for charitable institutions. Prior to version 3.6.7, the file `html/socio/sistema/deletar_tag.php` uses `extract($_REQUEST)` on line 14 and directly concatenates the `$id_tag` variable into SQL queries on lines 16-17 without prepared statements or sanitization. Version 3.6.7 p...

Vendor: LabRedesCefetRJ
Product: WeGIA
Published: Mar 27, 2026
Source: NVD
CVE-2026-34204 HIGH - 7.1

MinIO is a high-performance object storage system. Prior to version RELEASE.2026-03-26T21-24-40Z, a flaw in extractMetadataFromMime() allows any authenticated user with s3:PutObject permission to inject internal server-side encryption metadata into objects by sending crafted X-Minio-Replication-* he...

Vendor: go
Product: github.com/minio/minio
Published: Mar 27, 2026
Source: GitHub
CVE-2026-34172 HIGH - 8.8

Giskard is an open-source Python library for testing and evaluating agentic systems. Prior to versions 0.3.4 and 1.0.2b1, ChatWorkflow.chat(message) passes its string argument directly as a Jinja2 template source to a non-sandboxed Environment. A developer who passes user input to this method enable...

Vendor: pip
Product: giskard-agents
Published: Mar 27, 2026
Source: GitHub
CVE-2026-4990 HIGH - 7.3

A security vulnerability has been detected in chatwoot up to 4.11.1. The affected element is an unknown function of the file /app/login of the component Signup Endpoint. Such manipulation of the argument signupEnabled with the input true leads to improper authorization. The attack can be executed re...

Published: Mar 27, 2026
Source: NVD
CVE-2026-34226 HIGH - 7.5

Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. Versions prior to 20.8.9 may attach cookies from the current page origin (`window.location`) instead of the request target URL when `fetch(..., { credentials: "include" })` is used. This can lea...

Vendor: capricorn86
Product: happy-dom
Published: Mar 27, 2026
Source: NVD
CVE-2026-33955 HIGH - 8.6

Notesnook is a note-taking app. Prior to version 3.3.11 on Web/Desktop, a cross-site scripting vulnerability stored in the note history comparison viewer can escalate to remote code execution in a desktop application. The issue is triggered when an attacker-controlled note header is displayed using ...

Vendor: streetwriters
Product: Notesnook Web/Desktop
Published: Mar 27, 2026
Source: NVD
CVE-2026-33953 HIGH - 8.5

LinkAce is a self-hosted archive to collect website links. Versions prior to 2.5.3 block direct requests to private IP literals, but still performs server-side requests to internal-only resources when those resources are referenced through an internal hostname. This allows an authenticated user to t...

Vendor: Kovah
Product: LinkAce
Published: Mar 27, 2026
Source: NVD