Total CVEs

141,249

Critical Severity

3,795

High Severity

13,708

Last 7 Days

2,152
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 8,321 - 8,340 of 13,819 CVEs
CVE-2026-4846 MEDIUM - 4.3

A vulnerability has been found in dameng100 muucmf 1.9.5.20260309. The affected element is an unknown function of the file channel/admin.Account/autoReply.html. Such manipulation of the argument keyword leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been...

Published: Mar 26, 2026
Source: NVD
CVE-2026-4845 MEDIUM - 4.3

A flaw has been found in dameng100 muucmf 1.9.5.20260309. Impacted is an unknown function of the file /admin/Member/index.html. This manipulation of the argument Search causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been published and may be used. The ve...

Published: Mar 26, 2026
Source: NVD
CVE-2026-1206 MEDIUM - 4.3

The Elementor Website Builder plugin for WordPress is vulnerable to Incorrect Authorization to Sensitive Information Exposure in all versions up to, and including, 3.35.7. This is due to a logic error in the is_allowed_to_read_template() function permission check that treats non-published templates ...

Published: Mar 26, 2026
Source: NVD
CVE-2026-4389 MEDIUM - 6.4

The DSGVO snippet for Leaflet Map and its Extensions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `leafext-cookie-time` and `leafext-delete-cookie` shortcodes in all versions up to, and including, 3.1. This is due to insufficient input sanitization and output escaping on...

Published: Mar 26, 2026
Source: NVD
CVE-2026-4331 MEDIUM - 4.3

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthorized data loss in all versions up to, and including, 8.8.2. This is due to the resetSocialMetaTags() function only verifying that the user has the 'read' capability and a valid b2s_securit...

Published: Mar 26, 2026
Source: NVD
CVE-2026-4281 MEDIUM - 5.3

The FormLift for Infusionsoft Web Forms plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 7.5.21. This is due to missing capability checks on the connect() and listen_for_tokens() methods of the FormLift_Infusionsoft_Manager class, both of which are ho...

Published: Mar 26, 2026
Source: NVD
CVE-2026-4278 MEDIUM - 6.4

The Simple Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sdc_menu' shortcode in all versions up to, and including, 2.3. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes, specifically the &...

Published: Mar 26, 2026
Source: NVD
CVE-2026-33201 MEDIUM - 6.8

Digital Photo Frame GH-WDF10A provided by GREEN HOUSE CO., LTD. contains an active debug code vulnerability. If this vulnerability is exploited, files or configurations on the affected device may be read or written, or arbitrary files may be executed with root privileges.

Vendor: GREEN HOUSE CO., LTD.
Product: Digital Photo Frame GH-WDF10A
Published: Mar 26, 2026
Source: NVD
CVE-2026-4335 MEDIUM - 5.4

The ShortPixel Image Optimizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the attachment post_title in all versions up to, and including, 6.4.3. This is due to insufficient output escaping in the getEditorPopup() function and its corresponding media-popup.php template. Spe...

Published: Mar 26, 2026
Source: NVD
CVE-2026-4075 MEDIUM - 6.4

The BWL Advanced FAQ Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'baf_sbox' shortcode in all versions up to and including 1.1.1. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes such as '...

Published: Mar 26, 2026
Source: NVD
CVE-2026-1986 MEDIUM - 6.1

The FloristPress for Woo โ€“ Customize your eCommerce store for your Florist plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'noresults' parameter in all versions up to, and including, 7.8.2 due to insufficient input sanitization and output escaping on the user s...

Published: Mar 26, 2026
Source: NVD
CVE-2026-4836 MEDIUM - 6.3

A vulnerability was detected in code-projects Accounting System 1.0. The affected element is an unknown function of the file /my_account/delete.php. Performing a manipulation of the argument cos_id results in sql injection. It is possible to initiate the attack remotely. The exploit is now public an...

Published: Mar 26, 2026
Source: NVD
CVE-2026-4830 MEDIUM - 5.6

A vulnerability was identified in kalcaddle kodbox 1.64. This issue affects the function Add of the file app/controller/explorer/userShare.class.php of the component Public Share Handler. Such manipulation leads to unrestricted upload. The attack can be executed remotely. This attack is characterize...

Published: Mar 26, 2026
Source: NVD
CVE-2026-33515 MEDIUM - 6.5

Squid is a caching proxy for the Web. Prior to version 7.5, due to improper input validation, Squid is vulnerable to out of bounds read when handling ICP traffic. This problem allows a remote attacker to receive small amounts of memory potentially containing sensitive information when responding wit...

Vendor: squid-cache
Product: squid
Published: Mar 26, 2026
Source: NVD
CVE-2026-4826 MEDIUM - 6.3

A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /update_stock.php of the component HTTP GET Parameter Handler. This manipulation of the argument sid causes sql injection. Remote exploitation of the attack is possibl...

Published: Mar 26, 2026
Source: NVD
CVE-2026-34051 MEDIUM - 5.4

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 have an improper access control on the Import/Export functionality, allowing unauthorized users to perform import and export actions through direct request manipulation ...

Vendor: openemr
Product: openemr
Published: Mar 26, 2026
Source: NVD
CVE-2026-33934 MEDIUM - 4.3

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 have a missing authorization check in `portal/sign/lib/show-signature.php` that allows any authenticated patient portal user to retrieve the drawn signature image of any...

Vendor: openemr
Product: openemr
Published: Mar 26, 2026
Source: NVD
CVE-2026-33933 MEDIUM - 6.1

OpenEMR is a free and open source electronic health records and medical practice management application. Starting in version 7.0.2.1 and prior to version 8.0.0.3, a reflected cross-site scripting (XSS) vulnerability in the custom template editor allows an attacker to execute arbitrary JavaScript in ...

Vendor: openemr
Product: openemr
Published: Mar 26, 2026
Source: NVD
CVE-2026-33931 MEDIUM - 6.5

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct Object Reference (IDOR) vulnerability in the patient portal payment page allows any authenticated portal patient to access other patients' paymen...

Vendor: openemr
Product: openemr
Published: Mar 26, 2026
Source: NVD
CVE-2026-33915 MEDIUM - 5.4

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, five insurance company REST API routes are missing the `RestConfig::request_authorization_check()` call that every other data-modifying route in the standard API uses. T...

Vendor: openemr
Product: openemr
Published: Mar 26, 2026
Source: NVD