Total CVEs

141,249

Critical Severity

3,795

High Severity

13,708

Last 7 Days

2,217
Quick preset (or use dates below)
Clear Filters
Showing 8,361 - 8,380 of 14,200 CVEs
CVE-2025-36440 MEDIUM - 5.1

IBM Concert 1.0.0 through 2.2.0 could allow a local user to obtain sensitive information due to missing function level access control.

Vendor: IBM
Product: Concert
Published: Mar 25, 2026
Source: NVD
CVE-2025-36438 MEDIUM - 5.1

IBM Concert 1.0.0 through 2.2.0 could allow a privileged user to perform unauthorized actions due to improper restriction of channel communication to intended endpoints.

Vendor: IBM
Product: Concert
Published: Mar 25, 2026
Source: NVD
CVE-2025-36422 MEDIUM - 4.3

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 IBM InfoSphere DataStage Flow Designer is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

Vendor: IBM
Product: InfoSphere Information Server
Published: Mar 25, 2026
Source: NVD
CVE-2025-14974 MEDIUM - 5.7

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable due to Insecure Direct Object Reference (IDOR).

Vendor: IBM
Product: InfoSphere Information Server
Published: Mar 25, 2026
Source: NVD
CVE-2025-14917 MEDIUM - 6.7

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty could provide weaker than expected security when administering security settings.

Vendor: IBM
Product: WebSphere Application Server - Liberty
Published: Mar 25, 2026
Source: NVD
CVE-2025-14915 MEDIUM - 6.5

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is affected by privilege escalation. A privileged user could gain additional access to the application server.

Vendor: IBM
Product: WebSphere Application Server - Liberty
Published: Mar 25, 2026
Source: NVD
CVE-2025-14912 MEDIUM - 5.4

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

Vendor: IBM
Product: InfoSphere Information Server
Published: Mar 25, 2026
Source: NVD
CVE-2025-14810 MEDIUM - 6.3

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 does not invalidate a session after privileges have been modified which could allow an authenticated user to retain access to sensitive information. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CWE: CWE-613: Insufficient Session Expiration ...

Vendor: IBM
Product: InfoSphere Information Server
Published: Mar 25, 2026
Source: NVD
CVE-2025-14807 MEDIUM - 6.5

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or se...

Vendor: IBM
Product: InfoSphere Information Server
Published: Mar 25, 2026
Source: NVD
CVE-2026-33672 MEDIUM - 5.3

Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to a method injection vulnerability affecting the `POSIX_REGEX_SOURCE` object. Because the object inherits from `Object.prototype`, specially crafted POSIX bracket expressions (e.g., `[[:construc...

Vendor: npm
Product: picomatch
Published: Mar 25, 2026
Source: GitHub
CVE-2026-33693 MEDIUM - 6.5

Lemmy is a link aggregator and forum for the fediverse. Prior to version 0.7.0-beta.9, the `v4_is_invalid()` function in `activitypub-federation-rust` (`src/utils.rs`) does not check for `Ipv4Addr::UNSPECIFIED` (0.0.0.0). An unauthenticated attacker controlling a remote domain can point it to 0.0.0....

Vendor: rust
Product: activitypub_federation
Published: Mar 25, 2026
Source: GitHub
CVE-2025-14790 MEDIUM - 6.5

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information due to insufficiently protected credentials.

Vendor: IBM
Product: InfoSphere Information Server
Published: Mar 25, 2026
Source: NVD
CVE-2025-12708 MEDIUM - 6.2

IBM Concert 1.0.0 through 2.2.0 contains hard-coded credentials that could be obtained by a local user.

Vendor: IBM
Product: Concert
Published: Mar 25, 2026
Source: NVD
CVE-2026-33532 MEDIUM - 4.3

`yaml` is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of `yaml` on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a ...

Vendor: npm
Product: yaml
Published: Mar 25, 2026
Source: GitHub
CVE-2026-33699 MEDIUM - 7.5

pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.2 have a vulnerability in which an attacker can craft a PDF which leads to an infinite loop. This requires reading a file in non-strict mode. This has been fixed in pypdf 6.9.2. If users cannot upgrade yet, consider apply...

Vendor: pip
Product: pypdf
Published: Mar 25, 2026
Source: GitHub
CVE-2026-33809 MEDIUM - 5.3

A maliciously crafted TIFF file can cause image decoding to attempt to allocate up 4GiB of memory, causing either excessive resource consumption or an out-of-memory error.

Vendor: golang.org/x/image
Product: golang.org/x/image/tiff
Published: Mar 25, 2026
Source: NVD
CVE-2026-33751 MEDIUM - 4.8

n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, a flaw in the LDAP node's filter escape logic allowed LDAP metacharacters to pass through unescaped when user-controlled input was interpolated into LDAP search filters. In workflows where extern...

Vendor: n8n-io
Product: n8n
Published: Mar 25, 2026
Source: NVD
CVE-2026-33749 MEDIUM - 8.9

n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, an authenticated user with permission to create or modify workflows could craft a workflow that produces an HTML binary data object without a filename. The `/rest/binary-data` endpoint served such res...

Vendor: n8n-io
Product: n8n
Published: Mar 25, 2026
Source: NVD
CVE-2026-33724 MEDIUM - 5.4

n8n is an open source workflow automation platform. Prior to version 2.5.0, when the Source Control feature is configured to use SSH, the SSH command used for git operations explicitly disabled host key verification. A network attacker positioned between the n8n instance and the remote Git server co...

Vendor: n8n-io
Product: n8n
Published: Mar 25, 2026
Source: NVD
CVE-2026-33720 MEDIUM - 4.7

n8n is an open source workflow automation platform. Prior to version 2.8.0, when the `N8N_SKIP_AUTH_ON_OAUTH_CALLBACK` environment variable is set to `true`, the OAuth callback handler skips ownership verification of the OAuth state parameter. This allows an attacker to trick a victim into completin...

Vendor: n8n-io
Product: n8n
Published: Mar 25, 2026
Source: NVD