Total CVEs

141,249

Critical Severity

3,795

High Severity

13,708

Last 7 Days

2,216
Quick preset (or use dates below)
Clear Filters
Showing 8,441 - 8,460 of 14,200 CVEs
CVE-2026-23972 MEDIUM - 6.5

Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking and Rental Manager: from n/a through <= 2.6.0.

Vendor: magepeopleteam
Product: Booking and Rental Manager
Published: Mar 25, 2026
Source: NVD
CVE-2026-23636 MEDIUM - 5.5

Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, the manager of a form could potentially exploit an Unrestricted Upload of File with Dangerous Type due to a missing validation. Upgrade Kiteworks to version 9.2.1 or later to receive a patch.

Vendor: kiteworks
Product: Secure Data Forms
Published: Mar 25, 2026
Source: NVD
CVE-2026-23635 MEDIUM - 6.5

Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, a misconfiguration of the security attributes could potentially lead to Unprotected Transport of Credentials under certain circumstances. Upgrade Kiteworks to version 9.2.1 or later to receive a patch.

Vendor: kiteworks
Product: Secure Data Forms
Published: Mar 25, 2026
Source: NVD
CVE-2026-22485 MEDIUM - 6.5

Missing Authorization vulnerability in Ruhul Amin My Album Gallery my-album-gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects My Album Gallery: from n/a through <= 1.0.4.

Vendor: Ruhul Amin
Product: My Album Gallery
Published: Mar 25, 2026
Source: NVD
CVE-2026-20719 MEDIUM - 4.3

Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail to prevent rendering of external SVGs on link embeds which allows unauthenticated users to crash the Mattermost webapp and desktop app via creating an issue or PR on GitHub.. Mattermost Adv...

Vendor: Mattermost
Product: Mattermost
Published: Mar 25, 2026
Source: NVD
CVE-2026-1724 MEDIUM - 6.8

GitLab has remediated an issue in GitLab EE affecting all versions from 18.5 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to access API tokens of self-hosted AI models due to improper access control.

Vendor: gitlab
Product: gitlab
Published: Mar 25, 2026
Source: NVD
CVE-2025-14595 MEDIUM - 4.3

GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that under certain conditions could have allowed an authenticated user with Planner role to view security category metadata and attributes in group security config...

Vendor: GitLab
Product: GitLab
Published: Mar 25, 2026
Source: NVD
CVE-2025-13436 MEDIUM - 6.5

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to cause a denial of service due to excessive resource consumption when handling certain CI-related inputs.

Vendor: GitLab
Product: GitLab
Published: Mar 25, 2026
Source: NVD
CVE-2025-13078 MEDIUM - 6.5

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to cause a denial of service due to excessive resource consumption when processing certain webhook configuration ...

Vendor: GitLab
Product: GitLab
Published: Mar 25, 2026
Source: NVD
CVE-2026-3218 MEDIUM - 6.1

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Responsive Favicons allows Cross-Site Scripting (XSS).This issue affects Responsive Favicons: from 0.0.0 before 2.0.2.

Vendor: pixelite
Product: responsive_favicons
Published: Mar 25, 2026
Source: NVD
CVE-2026-3217 MEDIUM - 6.1

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal SAML SSO - Service Provider allows Cross-Site Scripting (XSS).This issue affects SAML SSO - Service Provider: from 0.0.0 before 3.1.3.

Vendor: miniorange
Product: saml_sso_-_service_provider
Published: Mar 25, 2026
Source: NVD
CVE-2026-3216 MEDIUM - 4.3

Server-Side Request Forgery (SSRF) vulnerability in Drupal Drupal Canvas allows Server Side Request Forgery.This issue affects Drupal Canvas: from 0.0.0 before 1.1.1.

Vendor: drupal_canvas_project
Product: drupal_canvas
Published: Mar 25, 2026
Source: NVD
CVE-2026-3215 MEDIUM - 6.1

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Islandora allows Cross-Site Scripting (XSS).This issue affects Islandora: from 0.0.0 before 2.17.5.

Vendor: islandora
Product: islandora
Published: Mar 25, 2026
Source: NVD
CVE-2026-3214 MEDIUM - 6.5

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal CAPTCHA allows Functionality Bypass.This issue affects CAPTCHA: from 0.0.0 before 1.17.0, from 2.0.0 before 2.0.10.

Published: Mar 25, 2026
Source: NVD
CVE-2026-3213 MEDIUM - 6.1

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Anti-Spam by CleanTalk allows Cross-Site Scripting (XSS).This issue affects Anti-Spam by CleanTalk: from 0.0.0 before 9.7.0.

Vendor: cleantalk
Product: anti-spam
Published: Mar 25, 2026
Source: NVD
CVE-2026-3212 MEDIUM - 6.1

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Tagify allows Cross-Site Scripting (XSS).This issue affects Tagify: from 0.0.0 before 1.2.49.

Vendor: factorial
Product: tagify
Published: Mar 25, 2026
Source: NVD
CVE-2026-3211 MEDIUM - 6.3

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Theme Negotiation by Rules allows Cross Site Request Forgery.This issue affects Theme Negotiation by Rules: from 0.0.0 before 1.2.1.

Vendor: webikon
Product: theme_negotiation_by_rules
Published: Mar 25, 2026
Source: NVD
CVE-2026-3210 MEDIUM - 6.5

Incorrect Authorization vulnerability in Drupal Material Icons allows Forceful Browsing.This issue affects Material Icons: from 0.0.0 before 2.0.4.

Vendor: imagexmedia
Product: material_icons
Published: Mar 25, 2026
Source: NVD
CVE-2026-2349 MEDIUM - 6.1

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal UI Icons allows Cross-Site Scripting (XSS).This issue affects UI Icons: from 0.0.0 before 1.0.1, from 1.1.0 before 1.1.1.

Vendor: beyris
Product: ui_icons
Published: Mar 25, 2026
Source: NVD
CVE-2026-2348 MEDIUM - 6.1

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Quick Edit allows Cross-Site Scripting (XSS).This issue affects Quick Edit: from 0.0.0 before 1.0.5, from 2.0.0 before 2.0.1.

Published: Mar 25, 2026
Source: NVD