Total CVEs

141,249

Critical Severity

3,795

High Severity

13,708

Last 7 Days

2,216
Quick preset (or use dates below)
Clear Filters
Showing 8,381 - 8,400 of 14,200 CVEs
CVE-2026-1001 MEDIUM - 4.8

Domoticz versions prior to 2026.1 contain a stored cross-site scripting vulnerability in the Add Hardware and rename device functionality of the web interface that allows authenticated administrators to execute arbitrary scripts by supplying crafted names containing script or HTML markup. Attackers ...

Vendor: domoticz
Product: domoticz
Published: Mar 25, 2026
Source: NVD
CVE-2026-30587 MEDIUM - 5.4

Multiple Stored XSS vulnerabilities exist in Seafile Server version 13.0.15,13.0.16-pro,12.0.14 and prior and fixed in 13.0.17, 13.0.17-pro, and 12.0.20-pro, via the Seadoc (sdoc) editor. The application fails to properly sanitize WebSocket messages regarding document structure updates. This allows ...

Vendor: seafile
Product: seafile_server
Published: Mar 25, 2026
Source: NVD
CVE-2026-34085 MEDIUM - 5.9

fontconfig before 2.17.1 has an off-by-one error in allocation during sfnt capability handling, leading to a one-byte out-of-bounds write, and potentially a crash or code execution. This is in FcFontCapabilities in fcfreetype.c.

Vendor: fontconfig
Product: fontconfig
Published: Mar 25, 2026
Source: NVD
CVE-2026-32567 MEDIUM - 6.8

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in icopydoc YML for Yandex Market yml-for-yandex-market allows Path Traversal.This issue affects YML for Yandex Market: from n/a through < 5.3.0.

Vendor: icopydoc
Product: YML for Yandex Market
Published: Mar 25, 2026
Source: NVD
CVE-2026-32562 MEDIUM - 5.4

Missing Authorization vulnerability in WP Folio Team PPWP password-protect-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PPWP: from n/a through <= 1.9.15.

Vendor: WP Folio Team
Product: PPWP
Published: Mar 25, 2026
Source: NVD
CVE-2026-32541 MEDIUM - 6.5

Missing Authorization vulnerability in Premmerce Premmerce Redirect Manager premmerce-redirect-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premmerce Redirect Manager: from n/a through <= 1.0.12.

Vendor: Premmerce
Product: Premmerce Redirect Manager
Published: Mar 25, 2026
Source: NVD
CVE-2026-32535 MEDIUM - 6.5

Authorization Bypass Through User-Controlled Key vulnerability in JoomSky JS Help Desk js-support-ticket allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Help Desk: from n/a through <= 3.0.3.

Vendor: JoomSky
Product: JS Help Desk
Published: Mar 25, 2026
Source: NVD
CVE-2026-32533 MEDIUM - 6.5

Authorization Bypass Through User-Controlled Key vulnerability in LatePoint LatePoint latepoint allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LatePoint: from n/a through <= 5.2.6.

Vendor: LatePoint
Product: LatePoint
Published: Mar 25, 2026
Source: NVD
CVE-2026-32527 MEDIUM - 6.5

Missing Authorization vulnerability in CRM Perks WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms cf7-insightly allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Insightly for Contact Form 7, WPForms, Elementor, Formidable an...

Vendor: CRM Perks
Product: WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms
Published: Mar 25, 2026
Source: NVD
CVE-2026-32521 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface allows DOM-Based XSS.This issue affects WP Custom Admin Interface: from n/a through <= 7.42.

Vendor: Northern Beaches Websites
Product: WP Custom Admin Interface
Published: Mar 25, 2026
Source: NVD
CVE-2026-32514 MEDIUM - 6.5

Missing Authorization vulnerability in Anton Voytenko Petitioner petitioner allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Petitioner: from n/a through <= 0.7.3.

Vendor: Anton Voytenko
Product: Petitioner
Published: Mar 25, 2026
Source: NVD
CVE-2026-32511 MEDIUM - 5.4

Deserialization of Untrusted Data vulnerability in Mikado-Themes Stål stal allows Object Injection.This issue affects Stål: from n/a through < 1.7.

Vendor: Mikado-Themes
Product: Stål
Published: Mar 25, 2026
Source: NVD
CVE-2026-32510 MEDIUM - 5.4

Deserialization of Untrusted Data vulnerability in Edge-Themes Kamperen kamperen allows Object Injection.This issue affects Kamperen: from n/a through < 1.3.

Vendor: Edge-Themes
Product: Kamperen
Published: Mar 25, 2026
Source: NVD
CVE-2026-32509 MEDIUM - 5.4

Deserialization of Untrusted Data vulnerability in Edge-Themes Gracey gracey allows Object Injection.This issue affects Gracey: from n/a through < 1.4.

Vendor: Edge-Themes
Product: Gracey
Published: Mar 25, 2026
Source: NVD
CVE-2026-32508 MEDIUM - 5.4

Deserialization of Untrusted Data vulnerability in Mikado-Themes Halstein halstein allows Object Injection.This issue affects Halstein: from n/a through < 1.8.

Vendor: Mikado-Themes
Product: Halstein
Published: Mar 25, 2026
Source: NVD
CVE-2026-32507 MEDIUM - 5.4

Deserialization of Untrusted Data vulnerability in Elated-Themes Leroux leroux allows Object Injection.This issue affects Leroux: from n/a through < 1.4.

Vendor: Elated-Themes
Product: Leroux
Published: Mar 25, 2026
Source: NVD
CVE-2026-32506 MEDIUM - 5.4

Deserialization of Untrusted Data vulnerability in Edge-Themes Archicon archicon allows Object Injection.This issue affects Archicon: from n/a through < 1.7.

Vendor: Edge-Themes
Product: Archicon
Published: Mar 25, 2026
Source: NVD
CVE-2026-32497 MEDIUM - 5.3

Weak Authentication vulnerability in PickPlugins User Verification user-verification allows Authentication Abuse.This issue affects User Verification: from n/a through <= 2.0.45.

Vendor: PickPlugins
Product: User Verification
Published: Mar 25, 2026
Source: NVD
CVE-2026-32496 MEDIUM - 6.7

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in NYSL Spam Protect for Contact Form 7 wp-contact-form-7-spam-blocker allows Path Traversal.This issue affects Spam Protect for Contact Form 7: from n/a through <= 1.2.9.

Vendor: NYSL
Product: Spam Protect for Contact Form 7
Published: Mar 25, 2026
Source: NVD
CVE-2026-32492 MEDIUM - 5.3

Authentication Bypass by Spoofing vulnerability in Joe Dolson My Tickets my-tickets allows Identity Spoofing.This issue affects My Tickets: from n/a through <= 2.1.1.

Vendor: Joe Dolson
Product: My Tickets
Published: Mar 25, 2026
Source: NVD