Total CVEs

141,249

Critical Severity

3,795

High Severity

13,708

Last 7 Days

2,152
Quick preset (or use dates below)
Clear Filters
Showing 8,301 - 8,320 of 13,708 CVEs
CVE-2026-24068 HIGH - 8.8

The VSL privileged helper does utilize NSXPC for IPC. The implementation of the "shouldAcceptNewConnection" function, which is used by the NSXPC framework to validate if a client should be allowed to connect to the XPC listener, does not validate clients at all.Β This means that any process...

Vendor: Vienna Symphonic Library GmbH
Product: Vienna Assistant
Published: Mar 26, 2026
Source: NVD
CVE-2026-4862 HIGH - 8.8

A security vulnerability has been detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file /goform/formConfigDnsFilterGlobal of the component Parameter Handler. Such manipulation of the argument GroupName leads to buffer overflow. The attack can be l...

Published: Mar 26, 2026
Source: NVD
CVE-2026-4861 HIGH - 8.8

A weakness has been identified in Wavlink WL-NU516U1 260227. This vulnerability affects the function ftext of the file /cgi-bin/nas.cgi. This manipulation of the argument Content-Length causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made available to t...

Published: Mar 26, 2026
Source: NVD
CVE-2026-4860 HIGH - 7.3

A security flaw has been discovered in 648540858 wvp-GB28181-pro up to 2.7.4. This affects the function GenericFastJsonRedisSerializer of the file src/main/java/com/genersoft/iot/vmp/conf/redis/RedisTemplateConfig.java of the component API Endpoint. The manipulation results in deserialization. It is...

Published: Mar 26, 2026
Source: NVD
CVE-2026-4850 HIGH - 7.3

A security flaw has been discovered in code-projects Simple Laundry System 1.0. Affected is an unknown function of the file /checkregisitem.php of the component Parameter Handler. The manipulation of the argument Long-arm-shirtVol results in sql injection. The attack may be launched remotely. The ex...

Published: Mar 26, 2026
Source: NVD
CVE-2026-33744 HIGH - 7.8

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.37, the `docker.system_packages` field in `bentofile.yaml` accepts arbitrary strings that are interpolated directly into Dockerfile `RUN` commands without sanitization. Since `syst...

Vendor: pip
Product: bentoml
Published: Mar 26, 2026
Source: GitHub
CVE-2026-4747 HIGH - 8.8

Each RPCSEC_GSS data packet is validated by a routine which checks a signature in the packet. This routine copies a portion of the packet into a stack buffer, but fails to ensure that the buffer is sufficiently large, and a malicious client can trigger a stack overflow. Notably, this does not requ...

Published: Mar 26, 2026
Source: NVD
CVE-2026-4652 HIGH - 7.5

On a system exposing an NVMe/TCP target, a remote client can trigger a kernel panic by sending a CONNECT command for an I/O queue with a bogus or stale CNTLID. An attacker with network access to the NVMe/TCP target can trigger an unauthenticated Denial of Service condition on the affected machine.

Published: Mar 26, 2026
Source: NVD
CVE-2026-4247 HIGH - 7.5

When a challenge ACK is to be sent tcp_respond() constructs and sends the challenge ACK and consumes the mbuf that is passed in. When no challenge ACK should be sent the function returns and leaks the mbuf. If an attacker is either on path with an established TCP connection, or can themselves esta...

Published: Mar 26, 2026
Source: NVD
CVE-2026-32680 HIGH - 7.8

The installer of RATOC RAID Monitoring Manager for Windows allows to customize the installation folder. If the installation folder is customized to some non-default one, the folder may be left with un-secure ACLs and non-administrative users can alter contents of that folder. It may allow a non-admi...

Vendor: RATOC Systems, Inc.
Product: RATOC RAID Monitoring Manager for Windows
Published: Mar 26, 2026
Source: NVD
CVE-2026-28760 HIGH - 7.8

The installer of RATOC RAID Monitoring Manager for Windows searches the current directory to load certain DLLs. If a user is directed to place a crafted DLL with the installer, an arbitrary code may be executed with the administrator privilege.

Vendor: RATOC Systems, Inc.
Product: RATOC RAID Monitoring Manager for Windows
Published: Mar 26, 2026
Source: NVD
CVE-2026-4844 HIGH - 7.3

A vulnerability was detected in code-projects Online Food Ordering System 1.0. This issue affects some unknown processing of the file /admin.php of the component Admin Login Module. The manipulation of the argument Username results in sql injection. The attack may be performed from remote. The explo...

Published: Mar 26, 2026
Source: NVD
CVE-2026-4842 HIGH - 7.3

A security vulnerability has been detected in itsourcecode Online Enrollment System 1.0. This vulnerability affects unknown code of the file /sms/grades/index.php?view=edit&id=1 of the component Parameter Handler. The manipulation of the argument deptid leads to sql injection. The attack is poss...

Published: Mar 26, 2026
Source: NVD
CVE-2026-4841 HIGH - 7.3

A weakness has been identified in code-projects Online Food Ordering System 1.0. This affects an unknown part of the file form/cart.php of the component Shopping Cart Module. Executing a manipulation of the argument del can lead to sql injection. The attack can be executed remotely. The exploit has ...

Published: Mar 26, 2026
Source: NVD
CVE-2026-4840 HIGH - 8.8

A security flaw has been discovered in Netcore Power 15AX up to 3.0.0.6938. Affected by this issue is the function setTools of the file /bin/netis.cgi of the component Diagnostic Tool Interface. Performing a manipulation of the argument IpAddr results in os command injection. Remote exploitation of ...

Published: Mar 26, 2026
Source: NVD
CVE-2026-4329 HIGH - 7.2

The Blackhole for Bad Bots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the User-Agent HTTP header in all versions up to and including 3.8. This is due to insufficient input sanitization and output escaping. The plugin uses sanitize_text_field() when capturing bot data (whic...

Published: Mar 26, 2026
Source: NVD
CVE-2026-2931 HIGH - 8.8

The Amelia Booking plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 9.1.2. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for authe...

Published: Mar 26, 2026
Source: NVD
CVE-2026-4839 HIGH - 7.3

A vulnerability has been found in SourceCodester Food Ordering System 1.0. This affects an unknown function of the file /purchase.php of the component Parameter Handler. The manipulation of the argument custom leads to sql injection. The attack can be initiated remotely. The exploit has been disclos...

Published: Mar 26, 2026
Source: NVD
CVE-2026-4838 HIGH - 7.3

A flaw has been found in SourceCodester Malawi Online Market 1.0. The impacted element is an unknown function of the file /display.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used....

Published: Mar 26, 2026
Source: NVD
CVE-2026-3328 HIGH - 7.2

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to PHP Object Injection via deserialization of the 'post_content' of admin_form posts in all versions up to, and including, 3.28.31. This is due to the use of WordPress's `maybe_unserialize()` function without class r...

Published: Mar 26, 2026
Source: NVD