Total CVEs

141,249

Critical Severity

3,795

High Severity

13,708

Last 7 Days

2,217
Quick preset (or use dates below)
Clear Filters
Showing 8,341 - 8,360 of 14,200 CVEs
CVE-2026-4825 MEDIUM - 6.3

A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file /update_sales.php of the component HTTP GET Parameter Handler. The manipulation of the argument sid results in sql injection. The attack may be launched remotely. The exploit has been...

Published: Mar 25, 2026
Source: NVD
CVE-2026-33912 MEDIUM - 5.4

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an authenticated attacker could craft a malicious form that, when submitted by a victim, executes arbitrary JavaScript in the victim's browser session. Version 8.0....

Vendor: openemr
Product: openemr
Published: Mar 25, 2026
Source: NVD
CVE-2026-33911 MEDIUM - 5.4

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the POST parameter `title` is reflected back in a JSON response built with `json_encode()`. Because the response is served with a `text/html` Content-Type, the browser i...

Vendor: openemr
Product: openemr
Published: Mar 25, 2026
Source: NVD
CVE-2026-33909 MEDIUM - 5.9

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, several variables in the MedEx recall/reminder processing code are concatenated directly into SQL queries without parameterization or type casting, enabling SQL injectio...

Vendor: openemr
Product: openemr
Published: Mar 25, 2026
Source: NVD
CVE-2026-32120 MEDIUM - 6.5

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct Object Reference (IDOR) vulnerability in the fee sheet product save logic (`library/FeeSheet.class.php`) allows any authenticated user with fee sheet ...

Vendor: openemr
Product: openemr
Published: Mar 25, 2026
Source: NVD
CVE-2025-36187 MEDIUM - 4.4

IBM Knowledge Catalog Standard Cartridge 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.1, 5.1.1, 5,1.2, 5.1.3, 5.2.0, 5.2.1 stores potentially sensitive information in log files that could be read by a local privileged user.

Vendor: IBM
Product: Knowledge Catalog Standard Cartridge
Published: Mar 25, 2026
Source: NVD
CVE-2025-14684 MEDIUM - 4.0

IBM Maximo Application Suite - Monitor Component 9.1, 9.0, 8.11, and 8.10 could allow an unauthorized user to inject data into log messages due to improper neutralization of special elements when written to log files.

Vendor: IBM
Product: Maximo Application Suite - Monitor Component
Published: Mar 25, 2026
Source: NVD
CVE-2026-33183 MEDIUM - 9.1

Saloon is a PHP library that gives users tools to build API integrations and SDKs. Prior to version 4.0.0, fixture names were used to build file paths under the configured fixture directory without validation. A name containing path segments (e.g. ../traversal or ../../etc/passwd) resulted in a path...

Vendor: composer
Product: saloonphp/saloon
Published: Mar 25, 2026
Source: GitHub
CVE-2026-33182 MEDIUM - 7.5

Saloon is a PHP library that gives users tools to build API integrations and SDKs. Prior to version 4.0.0, when building the request URL, Saloon combined the connector's base URL with the request endpoint. If the endpoint was a valid absolute URL, the code used that URL as-is and ignored the ba...

Vendor: composer
Product: saloonphp/saloon
Published: Mar 25, 2026
Source: GitHub
CVE-2026-33682 MEDIUM - 4.7

Streamlit is a data oriented application development framework for python. Streamlit Open Source versions prior to 1.54.0 running on Windows hosts have an unauthenticated Server-Side Request Forgery (SSRF) vulnerability. The vulnerability arises from improper validation of attacker-supplied filesyst...

Vendor: pip
Product: Streamlit
Published: Mar 25, 2026
Source: GitHub
CVE-2026-2485 MEDIUM - 4.8

IBM Infosphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trust...

Vendor: ibm
Product: infosphere_information_server
Published: Mar 25, 2026
Source: NVD
CVE-2026-2484 MEDIUM - 4.3

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information exposure vulnerability caused by overly verbose error messages

Vendor: ibm
Product: infosphere_information_server
Published: Mar 25, 2026
Source: NVD
CVE-2026-2483 MEDIUM - 5.4

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session

Vendor: ibm
Product: infosphere_information_server
Published: Mar 25, 2026
Source: NVD
CVE-2026-1561 MEDIUM - 5.4

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery (SSRF). This may allow remote attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating ...

Vendor: ibm
Product: websphere_application_server
Published: Mar 25, 2026
Source: NVD
CVE-2026-1262 MEDIUM - 4.3

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability.

Vendor: ibm
Product: infosphere_information_server
Published: Mar 25, 2026
Source: NVD
CVE-2026-1015 MEDIUM - 5.4

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

Vendor: ibm
Product: infosphere_information_server
Published: Mar 25, 2026
Source: NVD
CVE-2026-1014 MEDIUM - 6.5

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to exposure of sensitive information via JSON server response manipulation.

Vendor: ibm
Product: infosphere_information_server
Published: Mar 25, 2026
Source: NVD
CVE-2025-64648 MEDIUM - 5.9

IBM Concert 1.0.0 through 2.2.0 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques.

Vendor: IBM
Product: Concert
Published: Mar 25, 2026
Source: NVD
CVE-2025-64647 MEDIUM - 5.9

IBM Concert 1.0.0 through 2.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information

Vendor: IBM
Product: Concert
Published: Mar 25, 2026
Source: NVD
CVE-2025-64646 MEDIUM - 6.2

IBM Concert 1.0.0 through 2.2.0 could allow an attacker to access sensitive information in memory due to the buffer not properly clearing resources.

Vendor: IBM
Product: Concert
Published: Mar 25, 2026
Source: NVD