Total CVEs

141,249

Critical Severity

3,795

High Severity

13,708

Last 7 Days

2,137
Quick preset (or use dates below)
Clear Filters
Showing 8,321 - 8,340 of 13,708 CVEs
CVE-2025-15101 HIGH - 8.8

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Web management interface of certain ASUS router models. This vulnerability potentially allows actions to be performed with the existing privileges of an authenticated user on the affected device, including the ability to ex...

Vendor: ASUS
Product: Router
Published: Mar 26, 2026
Source: NVD
CVE-2026-33526 HIGH - 7.5

Squid is a caching proxy for the Web. Prior to version 7.5, due to heap Use-After-Free, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remote attacker to perform a reliable and repeatable Denial of Service attack against the Squid service using ICP protocol...

Vendor: squid-cache
Product: squid
Published: Mar 26, 2026
Source: NVD
CVE-2026-32748 HIGH - 7.5

Squid is a caching proxy for the Web. Prior to version 7.5, due to premature release of resource during expected lifetime and heap Use-After-Free bugs, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remote attacker to perform a reliable and repeatable Denia...

Vendor: squid-cache
Product: squid
Published: Mar 26, 2026
Source: NVD
CVE-2026-4758 HIGH - 8.8

The WP Job Portal plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'WPJOBPORTALcustomfields::removeFileCustom' function in all versions up to, and including, 2.4.9. This makes it possible for authenticated attackers, with Subscri...

Published: Mar 26, 2026
Source: NVD
CVE-2026-34056 HIGH - 7.7

OpenEMR is a free and open source electronic health records and medical practice management application. A Broken Access Control vulnerability in OpenEMR up to and including version 8.0.0.3 allows low-privilege users to view and download Ensora eRx error logs without proper authorization checks. Thi...

Vendor: openemr
Product: openemr
Published: Mar 26, 2026
Source: NVD
CVE-2026-34055 HIGH - 8.1

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the legacy patient notes functions in `library/pnotes.inc.php` perform updates and deletes using `WHERE id = ?` without verifying that the note belongs to a patient the ...

Vendor: openemr
Product: openemr
Published: Mar 26, 2026
Source: NVD
CVE-2026-34053 HIGH - 7.1

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, missing authorization in the AJAX deletion endpoint `interface/forms/procedure_order/handle_deletions.php` allows any authenticated user, regardless of role, to irrevers...

Vendor: openemr
Product: openemr
Published: Mar 26, 2026
Source: NVD
CVE-2026-33932 HIGH - 7.6

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, a stored cross-site scripting vulnerability in the CCDA document preview allows an attacker who can upload or send a CCDA document to execute arbitrary JavaScript in a c...

Vendor: openemr
Product: openemr
Published: Mar 26, 2026
Source: NVD
CVE-2026-33918 HIGH - 7.6

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the billing file-download endpoint `interface/billing/get_claim_file.php` only verifies that the caller has a valid session and CSRF token, but does not check any ACL pe...

Vendor: openemr
Product: openemr
Published: Mar 26, 2026
Source: NVD
CVE-2026-33917 HIGH - 8.8

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 contais a SQL injection vulnerability in the ajax_save CAMOS form that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input va...

Vendor: openemr
Product: openemr
Published: Mar 26, 2026
Source: NVD
CVE-2026-33914 HIGH - 7.2

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the PostCalendar module contains a blind SQL injection vulnerability in the `categoriesUpdate` administrative function. The `dels` POST parameter is read via `pnVarClean...

Vendor: openemr
Product: openemr
Published: Mar 26, 2026
Source: NVD
CVE-2026-33913 HIGH - 7.7

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an authenticated user with access to the Carecoordination module can upload a crafted CCDA document containing `<xi:include href="file:///etc/passwd" parse=...

Vendor: openemr
Product: openemr
Published: Mar 25, 2026
Source: NVD
CVE-2026-33910 HIGH - 7.2

OpenEMR is a free and open source electronic health records and medical practice management application. Versions up to and including 8.0.0.2 contain a SQL injection vulnerability in the patient selection feature that can be exploited by authenticated attackers. The vulnerability exists due to insuf...

Vendor: openemr
Product: openemr
Published: Mar 25, 2026
Source: NVD
CVE-2026-33348 HIGH - 8.7

OpenEMR is a free and open source electronic health records and medical practice management application. Users with the `Notes - my encounters` role can fill Eye Exam forms in patient encounters. The answers to the form are displayed on the encounter page and in the visit history for the users with ...

Vendor: openemr
Product: openemr
Published: Mar 25, 2026
Source: NVD
CVE-2026-29187 HIGH - 8.1

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, a Blind SQL Injection vulnerability exists in the Patient Search functionality (/interface/new/new_search_popup.php). The vulnerability allows an authenticated attacker ...

Vendor: openemr
Product: openemr
Published: Mar 25, 2026
Source: NVD
CVE-2026-4824 HIGH - 7.0

A vulnerability has been found in Enter Software Iperius Backup up to 8.7.3. Affected by this issue is some unknown functionality of the component Backup Job Configuration File Handler. The manipulation leads to improper privilege management. The attack must be carried out locally. The attack is con...

Published: Mar 25, 2026
Source: NVD
CVE-2026-33718 HIGH - 7.6

OpenHands is software for AI-driven development. Starting in version 1.5.0, a Command Injection vulnerability exists in the `get_git_diff()` method at `openhands/runtime/utils/git_handler.py:134`. The `path` parameter from the `/api/conversations/{conversation_id}/git/diff` API endpoint is passed un...

Vendor: pip
Product: openhands
Published: Mar 25, 2026
Source: GitHub
CVE-2026-4822 HIGH - 7.0

A vulnerability was detected in Enter Software Iperius Backup up to 8.7.3. Affected is an unknown function of the file C:\ProgramData\IperiusBackup\Jobs\ of the component Backup Service. Performing a manipulation results in creation of temporary file with insecure permissions. The attack is only pos...

Published: Mar 25, 2026
Source: NVD
CVE-2026-30976 HIGH - 8.6

Sonarr is a PVR for Usenet and BitTorrent users. In versions on the 4.x branch prior to 4.0.17.2950, an unauthenticated remote attacker can potentially read any file readable by the Sonarr process. These include application configuration files (containing API keys and database credentials), Windows ...

Vendor: Sonarr
Product: Sonarr
Published: Mar 25, 2026
Source: NVD
CVE-2026-30975 HIGH - 8.1

Sonarr is a PVR for Usenet and BitTorrent users. Versions prior to 4.0.16.2942 have an authentication bypass that affected users that had disabled authentication for local addresses (Authentication Required set to: `Disabled for Local Addresses`) without a reverse proxy running in front of Sonarr th...

Vendor: Sonarr
Product: Sonarr
Published: Mar 25, 2026
Source: NVD