Total CVEs

141,249

Critical Severity

3,795

High Severity

13,708

Last 7 Days

2,152
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 8,301 - 8,320 of 13,819 CVEs
CVE-2018-25215 MEDIUM - 5.5

Excel Password Recovery Professional 8.2.0.0 contains a local buffer overflow vulnerability that allows attackers to cause a denial of service by supplying an excessively long string to the 'E-Mail and Registrations Code' field. Attackers can paste a crafted payload containing 5000 bytes o...

Vendor: Recoverlostpassword
Product: Excel Password Recovery Professional
Published: Mar 26, 2026
Source: NVD
CVE-2018-25214 MEDIUM - 6.2

MegaPing contains a local buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload to the Destination Address List field in the Finger function. Attackers can paste a crafted buffer exceeding expected input limits into the vulnerable field ...

Vendor: Magnetosoft
Product: MegaPing
Published: Mar 26, 2026
Source: NVD
CVE-2026-4887 MEDIUM - 6.1

A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an off-by-one error. A remote attacker could exploit this by convincing a user to open a specially crafted PCX image. Successful exploitation could lead to out-of-bounds memory disclosure and a possible ap...

Published: Mar 26, 2026
Source: NVD
CVE-2026-4875 MEDIUM - 4.7

A vulnerability was determined in itsourcecode Free Hotel Reservation System 1.0. The affected element is an unknown function of the file /admin/mod_amenities/index.php?view=add. This manipulation of the argument image causes unrestricted upload. The attack is possible to be carried out remotely. Th...

Published: Mar 26, 2026
Source: NVD
CVE-2025-55273 MEDIUM - 4.3

HCL Aftermarket DPC is affected by Cross Domain Script Include vulnerability where an attacker using external scripts can tamper with the DOM, altering the content or behavior of the application. Malicious scripts can steal cookies or session tokens, leading to session hijacking.

Vendor: HCL
Product: Aftermarket DPC
Published: Mar 26, 2026
Source: NVD
CVE-2025-55269 MEDIUM - 4.2

HCL Aftermarket DPC is affected by Weak Password Policy vulnerability, which makes it easier for attackers to guess weak passwords or use brute-force techniques to gain unauthorized access to user accounts.

Vendor: HCL
Product: Aftermarket DPC
Published: Mar 26, 2026
Source: NVD
CVE-2025-55268 MEDIUM - 4.3

HCL Aftermarket DPC is affected by Spamming Vulnerability which can allow the actor to excessive spamming can consume server bandwidth and processing resources which may lead to Denial of Service.

Vendor: HCL
Product: Aftermarket DPC
Published: Mar 26, 2026
Source: NVD
CVE-2025-55267 MEDIUM - 5.7

HCL Aftermarket DPC is affected by Unrestricted File Upload vulnerability, allows attacker to upload and execute malicious scripts, gaining full control over the server.

Vendor: HCL
Product: Aftermarket DPC
Published: Mar 26, 2026
Source: NVD
CVE-2025-55266 MEDIUM - 5.9

HCL Aftermarket DPC is affected by Session Fixation which allows attacker to takeover the user's session and use it carry out unauthorized transaction behalf of the user.

Vendor: HCL
Product: Aftermarket DPC
Published: Mar 26, 2026
Source: NVD
CVE-2025-55265 MEDIUM - 6.5

HCL Aftermarket DPC is affected by File Discovery which allows attacker could exploit this issue to read sensitive files present in the system and may use it to craft further attacks.

Vendor: HCL
Product: Aftermarket DPC
Published: Mar 26, 2026
Source: NVD
CVE-2025-41027 MEDIUM - 6.1

Reflected Cross Site Scripting (XSS) vulnerabilities in GDTaller. These vulnerabilities allows an attacker execute JavaScript code in the victim's browser by sending a malicious URL in 'site' parameter in 'app_recuperarclave.php'.

Vendor: GDTaller
Product: GDTaller
Published: Mar 26, 2026
Source: NVD
CVE-2025-41026 MEDIUM - 6.1

Reflected Cross Site Scripting (XSS) vulnerabilities in GDTaller. These vulnerabilities allows an attacker execute JavaScript code in the victim's browser by sending a malicious URL in 'site' parameter in 'app_login.php'.

Vendor: GDTaller
Product: GDTaller
Published: Mar 26, 2026
Source: NVD
CVE-2026-4274 MEDIUM - 5.4

Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 11.4.0, 11.3.x <= 11.3.1 fail to restrict team-level access when processing membership sync from a remote cluster, which allows a malicious remote cluster to grant a user access to an entire private team instead of only...

Vendor: mattermost
Product: mattermost_server
Published: Mar 26, 2026
Source: NVD
CVE-2026-4849 MEDIUM - 4.3

A vulnerability was identified in code-projects Simple Laundry System 1.0. This impacts an unknown function of the file /modify.php of the component Parameter Handler. The manipulation of the argument firstName leads to cross site scripting. The attack may be initiated remotely. The exploit is publi...

Published: Mar 26, 2026
Source: NVD
CVE-2026-4848 MEDIUM - 4.3

A vulnerability was determined in dameng100 muucmf 1.9.5.20260309. This affects an unknown function of the file /admin/extend/list.html. Executing a manipulation of the argument Name can lead to cross site scripting. The attack can be launched remotely. The exploit has been publicly disclosed and ma...

Published: Mar 26, 2026
Source: NVD
CVE-2026-4847 MEDIUM - 4.3

A vulnerability was found in dameng100 muucmf 1.9.5.20260309. The impacted element is an unknown function of the file /admin/config/list.html. Performing a manipulation of the argument Name results in cross site scripting. The attack can be initiated remotely. The exploit has been made public and co...

Published: Mar 26, 2026
Source: NVD
CVE-2026-1890 MEDIUM - 5.3

The LeadConnector WordPress plugin before 3.0.22 does not have authorization in a REST route, allowing unauthenticated users to call it and overwrite existing data

Published: Mar 26, 2026
Source: NVD
CVE-2026-1430 MEDIUM - 4.8

The WP Lightbox 2 WordPress plugin before 3.0.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Published: Mar 26, 2026
Source: NVD
CVE-2025-15488 MEDIUM - 6.5

The Responsive Plus WordPress plugin before 3.4.3 is vulnerable to arbitrary shortcode execution due to the software allowing unauthenticated users to execute the update_responsive_woo_free_shipping_left_shortcode AJAX action that does not properly validate the content_rech_data parameter before pr...

Vendor: Unknown
Product: Responsive Plus
Published: Mar 26, 2026
Source: NVD
CVE-2025-15433 MEDIUM - 6.8

The Shared Files WordPress plugin before 1.7.58 allows users with a role as low as Contributor to download any file on the web server (such as wp-config.php) via a path traversal vector

Vendor: Unknown
Product: Shared Files
Published: Mar 26, 2026
Source: NVD