Total CVEs

141,249

Critical Severity

3,795

High Severity

13,708

Last 7 Days

2,189
Quick preset (or use dates below)
Clear Filters
Showing 8,461 - 8,480 of 14,200 CVEs
CVE-2026-20115 MEDIUM - 6.1

A vulnerability in Cisco IOS XE Software for Cisco Meraki could allow a remote, unauthenticated attacker to view confidential device information. This vulnerability is due to a device configuration upload being performed over an insecure tunnel. An attacker could exploit this vulnerability by con...

Vendor: Cisco
Product: Cisco IOS XE Software
Published: Mar 25, 2026
Source: NVD
CVE-2026-20114 MEDIUM - 5.4

A vulnerability in the Lobby Ambassador web-based management API of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate their privileges and access management APIs that would not normally be available for Lobby Ambassador users. This vulnerability exists because parame...

Vendor: Cisco
Product: Cisco IOS XE Software
Published: Mar 25, 2026
Source: NVD
CVE-2026-20113 MEDIUM - 5.3

A vulnerability in the web-based Cisco IOx application hosting environment management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a carriage return line feed (CRLF) injection attack against a user. This vulnerability is due to insufficient validat...

Vendor: Cisco
Product: Cisco IOS XE Software
Published: Mar 25, 2026
Source: NVD
CVE-2026-20112 MEDIUM - 4.8

A vulnerability in the web-based Cisco IOx application hosting environment management interface of Cisco IOS XE Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. ...

Vendor: Cisco
Product: Cisco IOS XE Software
Published: Mar 25, 2026
Source: NVD
CVE-2026-20110 MEDIUM - 6.5

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because incorrect privileges are associated with the start maintenance command. An attacker could exploit ...

Vendor: Cisco
Product: Cisco IOS XE Software
Published: Mar 25, 2026
Source: NVD
CVE-2026-20108 MEDIUM - 5.4

A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user i...

Vendor: Cisco
Product: Cisco Catalyst SD-WAN Manager
Published: Mar 25, 2026
Source: NVD
CVE-2026-20104 MEDIUM - 6.1

A vulnerability in the bootloader of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches, Cisco Catalyst ESS9300 Embedded Series Switches, Cisco Catalyst IE9310 and IE9320 Rugged Series Switches, and Cisco IE3500 and IE3505 Rugged Series Switches could allow an authenticated, local attacke...

Vendor: Cisco
Product: Cisco IOS XE Software
Published: Mar 25, 2026
Source: NVD
CVE-2026-20083 MEDIUM - 6.5

A vulnerability in the Secure Copy Protocol (SCP) server feature of Cisco IOS XE Software could allow an authenticated, local attacker with low privileges to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of a malformed SCP request....

Vendor: Cisco
Product: Cisco IOS XE Software
Published: Mar 25, 2026
Source: NVD
CVE-2026-33268 MEDIUM - 6.5

Nanoleaf Lines 12.3.2 does not authenticate firmware file uploads. A remote, unauthenticated attacker can upload firmware files on the device and consume storage resources. Fixed in 12.3.6.

Vendor: Nanoleaf
Product: Lines
Published: Mar 25, 2026
Source: NVD
CVE-2026-4816 MEDIUM - 5.4

A Reflected Cross Site Scripting (XSS) vulnerability has been found in Support Board v3.7.7. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the 'search' parameter in '/supportboard/include/artic...

Vendor: schiocco
Product: support_board
Published: Mar 25, 2026
Source: NVD
CVE-2026-3591 MEDIUM - 5.4

A use-after-return vulnerability exists in the `named` server when handling DNS queries signed with SIG(0). Using a specially-crafted DNS request, an attacker may be able to cause an ACL to improperly (mis)match an IP address. In a default-allow ACL (denying only specific IP addresses), this may lea...

Published: Mar 25, 2026
Source: NVD
CVE-2026-3119 MEDIUM - 6.5

Under certain conditions, `named` may crash when processing a correctly signed query containing a TKEY record. The affected code can only be reached if an incoming request has a valid transaction signature (TSIG) from a key declared in the `named` configuration. This issue affects BIND 9 versions 9....

Published: Mar 25, 2026
Source: NVD
CVE-2025-40842 MEDIUM - 6.1

Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains a Cross-Site Scripting (XSS) vulnerability which, if exploited, can lead to unauthorized disclosure and modification of certain information.

Vendor: Ericsson
Product: Indoor Connect 8855
Published: Mar 25, 2026
Source: NVD
CVE-2025-40841 MEDIUM - 4.3

Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains a Cross-Site Request Forgery (CSRF) vulnerability which, if exploited, can lead to unauthorized modification of certain information.

Vendor: Ericsson
Product: Indoor Connect 8855
Published: Mar 25, 2026
Source: NVD
CVE-2026-32326 MEDIUM - 5.7

SHARP routers do not perform authentication for some web APIs. The device information may be retrieved without authentication. If the administrative password of the device is left as the initial one, the device may be taken over.

Vendor: Sharp Corporation
Product: home 5G HR01, home 5G HR02, Wi-Fi STATION SH-52A, Wi-Fi STATION SH-52B, Wi-Fi STATION SH-54C, 5G Mobile Router SH-U01, Pocket WiFi 5G A503SH, Speed Wi-Fi 5G X01
Published: Mar 25, 2026
Source: NVD
CVE-2026-33253 MEDIUM - 6.7

SANUPS SOFTWARE provided by SANYO DENKI CO., LTD. registers Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.

Vendor: SANYO DENKI CO., LTD.
Product: SANUPS SOFTWARE STANDALONE, SANUPS SOFTWARE
Published: Mar 25, 2026
Source: NVD
CVE-2026-2343 MEDIUM - 5.3

The PeproDev Ultimate Invoice WordPress plugin through 2.2.5 has a bulk download invoices action that generates ZIP archives containing exported invoice PDFs. The ZIP files are named predictably making it possible to brute force and retreive PII.

Published: Mar 25, 2026
Source: NVD
CVE-2026-1166 MEDIUM - 4.3

Open Redirect vulnerability in Hitachi Ops Center Administrator.This issue affects Hitachi Ops Center Administrator: from 10.2.0 before 11.0.8.

Published: Mar 25, 2026
Source: NVD
CVE-2026-4766 MEDIUM - 6.4

The Easy Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Gallery shortcode post meta field in all versions up to, and including, 1.5.3. This is due to insufficient input sanitization and output escaping on user-supplied gallery shortcode values. This makes it ...

Published: Mar 25, 2026
Source: NVD
CVE-2026-4783 MEDIUM - 6.3

A vulnerability has been found in itsourcecode College Management System 1.0. The impacted element is an unknown function of the file /admin/add-single-student-results.php of the component Parameter Handler. The manipulation of the argument course_code leads to sql injection. It is possible to initi...

Published: Mar 25, 2026
Source: NVD