Total CVEs

141,249

Critical Severity

3,795

High Severity

13,708

Last 7 Days

2,157
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 8,281 - 8,300 of 13,819 CVEs
CVE-2026-33726 MEDIUM - 5.4

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.14, 1.18.8, and 1.19.2, Ingress Network Policies are not enforced for traffic from pods to L7 Services (Envoy, GAMMA) with a local backend on the same node, when Per-Endpoint Routing is ...

Vendor: go
Product: github.com/cilium/cilium
Published: Mar 26, 2026
Source: GitHub
CVE-2026-4897 MEDIUM - 5.5

A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the `polkit-agent-helper-1` setuid binary via standard input (stdin). This unbounded input can lead to an out-of-memory (OOM) condition, resulting in a Denial of Service (DoS) for th...

Published: Mar 26, 2026
Source: NVD
CVE-2026-30162 MEDIUM - 6.1

Cross Site Scripting (xss) vulnerability in Timo 2.0.3 via crafted links in the title field.

Vendor: auntvt
Product: timo
Published: Mar 26, 2026
Source: NVD
CVE-2026-29976 MEDIUM - 6.2

Buffer Overflow vulnerability in ZerBea hcxpcapngtool v. 7.0.1-43-g2ee308e allows a local attacker to obtain sensitive information via the getradiotapfield() function

Vendor: zerbea
Product: hcxtools
Published: Mar 26, 2026
Source: NVD
CVE-2026-29934 MEDIUM - 6.1

A reflected cross-site scripting (XSS) vulnerability in the /admin/menus component of Lightcms v2.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying the referer value in the request header.

Vendor: lightcms_project
Product: lightcms
Published: Mar 26, 2026
Source: NVD
CVE-2026-29933 MEDIUM - 6.1

A reflected cross-site scripting (XSS) vulnerability in the /index/login.html component of YZMCMS v7.4 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying the referrer value in the request header.

Vendor: yzmcms
Product: yzmcms
Published: Mar 26, 2026
Source: NVD
CVE-2026-28298 MEDIUM - 5.9

SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution.

Vendor: SolarWinds
Product: SolarWinds Observability Self-Hosted
Published: Mar 26, 2026
Source: NVD
CVE-2026-28297 MEDIUM - 6.1

SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution.

Vendor: SolarWinds
Product: SolarWinds Observability Self-Hosted
Published: Mar 26, 2026
Source: NVD
CVE-2026-27663 MEDIUM - 6.5

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.10), RTUM85ย RTU Base (All versions < V26.10). The affected application contains denial-of-service (DoS) vulnerability. The remote operation mode is susceptible to a resource exhaustion condition ...

Vendor: Siemens
Product: CPCI85 Central Processing/Communication, RTUM85ย RTU Base
Published: Mar 26, 2026
Source: NVD
CVE-2026-26072 MEDIUM - 4.2

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to `std::map<std::optional>` concurrent access (container/optional corruption possible). The trigger is EV SoC update with powermeter periodic update and unplugging/SessionFinished status. Version 20...

Vendor: EVerest
Product: everest-core
Published: Mar 26, 2026
Source: NVD
CVE-2026-26071 MEDIUM - 4.2

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to `std::string` concurrent access. with heap-use-after-free possible. This is triggered by EVCCID update (EV/ISO15118) and OCPP session/authorization events. Version 2026.02.0 contains a patch.

Vendor: EVerest
Product: everest-core
Published: Mar 26, 2026
Source: NVD
CVE-2026-26070 MEDIUM - 4.6

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to `std::map<std::optional>` concurrent access (container/optional corruption possible). The trigger is an EV SoC update with powermeter periodic update and unplugging/SessionFinished state. Version ...

Vendor: EVerest
Product: everest-core
Published: Mar 26, 2026
Source: NVD
CVE-2026-4877 MEDIUM - 4.3

A security flaw has been discovered in itsourcecode Payroll Management System up to 1.0. This affects an unknown function of the file /index.php. Performing a manipulation of the argument page results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been relea...

Published: Mar 26, 2026
Source: NVD
CVE-2026-4876 MEDIUM - 6.3

A vulnerability was identified in itsourcecode Free Hotel Reservation System 1.0. The impacted element is an unknown function of the file /admin/mod_amenities/index.php?view=editpic. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit is ...

Published: Mar 26, 2026
Source: NVD
CVE-2026-2389 MEDIUM - 4.9

The Complianz โ€“ GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 7.4.4.2. This is due to the `revert_divs_to_summary` function replacing `&#8221;` HTML entities with literal double-quote characters (`"`) in post...

Published: Mar 26, 2026
Source: NVD
CVE-2026-1032 MEDIUM - 4.3

The Conditional Menus plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.6. This is due to missing nonce validation on the 'save_options' function. This makes it possible for unauthenticated attackers to modify conditional menu assign...

Published: Mar 26, 2026
Source: NVD
CVE-2025-55264 MEDIUM - 5.5

HCL Aftermarket DPC is affected by Failure to Invalidate Session on Password Change will allow attacker to access to a session, then they can maintain control over the account despite the password change leading to account takeover.

Vendor: HCL
Product: Aftermarket DPC
Published: Mar 26, 2026
Source: NVD
CVE-2019-25649 MEDIUM - 5.5

River Past Audio Converter 7.7.16 contains a local buffer overflow vulnerability in the activation code field that allows local attackers to crash the application by supplying an oversized input string. Attackers can paste a large payload of repeated characters into the 'E-Mail and Activation C...

Vendor: riverpast
Product: River Past Audio Converter
Published: Mar 26, 2026
Source: NVD
CVE-2019-25648 MEDIUM - 6.2

MyVideoConverter Pro 3.14 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying an excessively long string to the registration code input field. Attackers can paste a malicious payload containing 10000 bytes into the 'Copy and Paste Registrat...

Vendor: Ivideogo
Product: MyVideoConverter Pro
Published: Mar 26, 2026
Source: NVD
CVE-2018-25216 MEDIUM - 6.2

AnyBurn 4.3 contains a local buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the image file name field. Attackers can paste a 10000-byte payload into the 'Image file name' parameter during the 'Copy disk to ...

Vendor: Anyburn
Product: AnyBurn
Published: Mar 26, 2026
Source: NVD