Total CVEs

141,249

Critical Severity

3,795

High Severity

13,708

Last 7 Days

2,297
Quick preset (or use dates below)
Clear Filters
Showing 8,181 - 8,200 of 14,200 CVEs
CVE-2025-69988 MEDIUM - 6.5

BS Producten Petcam 33.1.0.0818 is vulnerable to Incorrect Access Control. An unauthenticated attacker in physical proximity can associate with this open network. Once connected, the attacker gains access to the camera's private network interface and can retrieve sensitive information, includin...

Published: Mar 27, 2026
Source: NVD
CVE-2025-61190 MEDIUM - 6.1

A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in DSpace JSPUI 6.5 within the search/discover filtering functionality. The vulnerability exists due to improper sanitization of user-supplied input via the filter_type_1 parameter.

Vendor: lyrasis
Product: dspace
Published: Mar 27, 2026
Source: NVD
CVE-2026-32859 MEDIUM - 5.4

ByteDance Deer-Flow versions prior to commit 5dbb362 contain a stored cross-site scripting vulnerability in the artifacts API that allows attackers to execute arbitrary scripts by uploading malicious HTML or script content as artifacts. Attackers can store malicious content that executes in the brow...

Vendor: Bytedance Inc.
Product: DeerFlow
Published: Mar 27, 2026
Source: NVD
CVE-2026-32695 MEDIUM - 7.7

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 3.6.11 and 3.7.0-ea.2, Traefik's Knative provider builds router rules by interpolating user-controlled values into backtick-delimited rule expressions without escaping. In live cluster validation, Knative `rules[].hosts[]` wa...

Vendor: traefik
Product: traefik
Published: Mar 27, 2026
Source: NVD
CVE-2026-25100 MEDIUM - 5.4

Bludit is vulnerable to Stored Cross-Site Scripting (XSS) in its image upload functionality. An authenticated attacker with content upload privileges (such as Author, Editor, or Administrator) can upload an SVG file containing a malicious payload, which is executed when a victim visits the URL of th...

Vendor: Bludit
Product: Bludit
Published: Mar 27, 2026
Source: NVD
CVE-2023-7339 MEDIUM - 6.5

Stack-based buffer overflow vulnerability in Softing Industrial Automation GmbH gateways allows overflow buffers. This issue affects pnGate: through 1.30 epGate: through 1.30 mbGate: through 1.30 smartLink HW-DP: through 1.30 smartLink HW-PN: through 1.01.

Published: Mar 27, 2026
Source: NVD
CVE-2026-27859 MEDIUM - 5.3

A mail message containing excessive amount of RFC 2231 MIME parameters causes LMTP to use too much CPU. A suitably formatted mail message causes mail delivery process to consume large amounts of CPU time. Use MTA capabilities to limit RFC 2231 MIME parameters in mail messages, or upgrade to fixed ve...

Vendor: Open-Xchange GmbH
Product: OX Dovecot Pro
Published: Mar 27, 2026
Source: NVD
CVE-2026-27857 MEDIUM - 4.3

Sending "NOOP (((...)))" command with 4000 parenthesis open+close results in ~1MB extra memory usage. Longer commands will result in client disconnection. This 1 MB can be left allocated for longer time periods by not sending the command ending LF. So attacker could connect possibly from e...

Vendor: Open-Xchange GmbH
Product: OX Dovecot Pro
Published: Mar 27, 2026
Source: NVD
CVE-2026-27855 MEDIUM - 6.8

Dovecot OTP authentication is vulnerable to replay attack under specific conditions. If auth cache is enabled, and username is altered in passdb, then OTP credentials can be cached so that same OTP reply is valid. An attacker able to observe an OTP exchange is able to log in as the user. If authenti...

Vendor: Open-Xchange GmbH
Product: OX Dovecot Pro
Published: Mar 27, 2026
Source: NVD
CVE-2026-0394 MEDIUM - 5.3

When dovecot has been configured to use per-domain passwd files, and they are placed one path component above /etc, or slash has been added to allowed characters, path traversal can happen if the domain component is directory partial. This allows inadvertently reading /etc/passwd (or some other path...

Published: Mar 27, 2026
Source: NVD
CVE-2025-59031 MEDIUM - 4.3

Dovecot has provided a script to use for attachment to text conversion. This script unsafely handles zip-style attachments. Attacker can use specially crafted OOXML documents to cause unintended files on the system to be indexed and subsequently ending up in FTS indexes. Do not use the provided scri...

Vendor: Open-Xchange GmbH
Product: OX Dovecot Pro
Published: Mar 27, 2026
Source: NVD
CVE-2025-59028 MEDIUM - 5.3

When sending invalid base64 SASL data, login process is disconnected from the auth server, causing all active authentication sessions to fail. Invalid BASE64 data can be used to DoS a vulnerable server to break concurrent logins. Install fixed version or disable concurrency in login processes (heavy...

Vendor: Open-Xchange GmbH
Product: OX Dovecot Pro
Published: Mar 27, 2026
Source: NVD
CVE-2026-4948 MEDIUM - 5.5

A flaw was found in firewalld. A local unprivileged user can exploit this vulnerability by mis-authorizing two runtime D-Bus (Desktop Bus) setters, setZoneSettings2 and setPolicySettings. This mis-authorization allows the user to modify the runtime firewall state without proper authentication, leadi...

Published: Mar 27, 2026
Source: NVD
CVE-2026-34353 MEDIUM - 5.9

In OCaml through 4.14.3, Bigarray.reshape allows an integer overflow, and resultant reading of arbitrary memory, when untrusted data is processed.

Vendor: OCaml
Product: OCaml
Published: Mar 27, 2026
Source: NVD
CVE-2026-33559 MEDIUM - 5.4

WordPress Plugin "OpenStreetMap" provided by MiKa contains a cross-site scripting vulnerability. On the site with the affected version of the plugin enabled, a logged-in user with a page-creating/editing privilege can embed some malicious script with a crafted HTTP request. When a victim u...

Vendor: MiKa
Product: OpenStreetMap
Published: Mar 27, 2026
Source: NVD
CVE-2026-33366 MEDIUM - 5.3

Missing authentication for critical function vulnerability in BUFFALO Wi-Fi router products may allow an attacker to forcibly reboot the product without authentication.

Vendor: BUFFALO INC.
Product: BUFFALO Wi-Fi router products
Published: Mar 27, 2026
Source: NVD
CVE-2024-14028 MEDIUM - 6.5

Use after free vulnerability in Softing smartLink HW-DP or smartLink HW-PN webserver allows HTTP DoS. This issue affects: smartLink HW-DP: through 1.31 smartLink HW-PN: before 1.02.

Vendor: Softing
Product: smartLink HW-DP, smartLink HW-PN
Published: Mar 27, 2026
Source: NVD
CVE-2026-3098 MEDIUM - 6.5

The Smart Slider 3 plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.5.1.33 via the 'actionExportAll' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary file...

Published: Mar 27, 2026
Source: NVD
CVE-2026-4907 MEDIUM - 6.3

A vulnerability was identified in Page-Replica Page Replica up to e4a7f52e75093ee318b4d5a9a9db6751050d2ad0. The impacted element is the function sitemap.fetch of the file /sitemap of the component Endpoint. The manipulation of the argument url leads to server-side request forgery. The attack is poss...

Published: Mar 27, 2026
Source: NVD
CVE-2026-33730 MEDIUM - 6.5

Open Source Point of Sale (opensourcepos) is a web based point of sale application written in PHP using CodeIgniter framework. Prior to version 3.4.2, an Insecure Direct Object Reference (IDOR) vulnerability allows an authenticated low-privileged user to access the password change functionality of o...

Vendor: opensourcepos
Product: opensourcepos
Published: Mar 27, 2026
Source: NVD