Total CVEs

141,249

Critical Severity

3,795

High Severity

13,708

Last 7 Days

2,152
Quick preset (or use dates below)
Clear Filters
Showing 8,541 - 8,560 of 14,200 CVEs
CVE-2026-20637 MEDIUM - 6.2

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An app may be able to cause unexpected system term...

Vendor: Apple
Product: iOS and iPadOS, macOS, tvOS, visionOS, watchOS
Published: Mar 25, 2026
Source: NVD
CVE-2026-20633 MEDIUM - 5.5

This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access user-sensitive data.

Vendor: Apple
Product: macOS
Published: Mar 25, 2026
Source: NVD
CVE-2026-20632 MEDIUM - 5.3

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Tahoe 26.4. An app may be able to access sensitive user data.

Vendor: Apple
Product: macOS
Published: Mar 25, 2026
Source: NVD
CVE-2026-20607 MEDIUM - 4.0

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access protected user data.

Vendor: Apple
Product: macOS
Published: Mar 25, 2026
Source: NVD
CVE-2025-43534 MEDIUM - 6.8

A path handling issue was addressed with improved validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.2 and iPadOS 26.2. A user with physical access to an iOS device may be able to bypass Activation Lock.

Vendor: Apple
Product: iOS and iPadOS
Published: Mar 25, 2026
Source: NVD
CVE-2026-4781 MEDIUM - 6.3

A flaw has been found in SourceCodester Sales and Inventory System 1.0. The affected element is an unknown function of the file update_purchase.php of the component HTTP GET Parameter Handler. Executing a manipulation of the argument sid can lead to sql injection. The attack may be performed from re...

Published: Mar 25, 2026
Source: NVD
CVE-2026-4780 MEDIUM - 6.3

A vulnerability was detected in SourceCodester Sales and Inventory System 1.0. Impacted is an unknown function of the file update_out_standing.php of the component HTTP GET Parameter Handler. Performing a manipulation of the argument sid results in sql injection. The attack is possible to be carried...

Published: Mar 25, 2026
Source: NVD
CVE-2026-4779 MEDIUM - 6.3

A security vulnerability has been detected in SourceCodester Sales and Inventory System 1.0. This issue affects some unknown processing of the file update_customer_details.php of the component HTTP GET Parameter Handler. Such manipulation of the argument sid leads to sql injection. The attack can be...

Published: Mar 24, 2026
Source: NVD
CVE-2026-4778 MEDIUM - 6.3

A weakness has been identified in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file update_category.php of the component HTTP GET Parameter Handler. This manipulation of the argument sid causes sql injection. Remote exploitation of the attack is possi...

Published: Mar 24, 2026
Source: NVD
CVE-2026-33638 MEDIUM - 5.3

Ech0 is an open-source, self-hosted publishing platform for personal idea sharing. Prior to version 4.2.0, `GET /api/allusers` is mounted as a public endpoint and returns user records without authentication. This allows remote unauthenticated user enumeration and exposure of user profile metadata. A...

Vendor: go
Product: github.com/lin-snow/ech0
Published: Mar 24, 2026
Source: GitHub
CVE-2026-4777 MEDIUM - 6.3

A security flaw has been discovered in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file view_supplier.php of the component POST Parameter Handler. The manipulation of the argument searchtxt results in sql injection. The attack may be launched remotely. The expl...

Published: Mar 24, 2026
Source: NVD
CVE-2026-33248 MEDIUM - 4.2

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, when using mTLS for client identity, with `verify_and_map` to derive a NATS identity from the client certificate's Subject DN, certain patterns of RDN would not ...

Vendor: go
Product: github.com/nats-io/nats-server/v2
Published: Mar 24, 2026
Source: GitHub
CVE-2026-33246 MEDIUM - 6.4

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server offers a `Nats-Request-Info:` message header, providing information about a request. This is supposed to provide enough information to allow for account/user identification, such that NATS...

Vendor: go
Product: github.com/nats-io/nats-server/v2
Published: Mar 24, 2026
Source: GitHub
CVE-2026-33223 MEDIUM - 6.4

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, the NATS message header `Nats-Request-Info:` is supposed to be a guarantee of identity by the NATS server, but the stripping of this header from inbound messages was ...

Vendor: go
Product: github.com/nats-io/nats-server/v2
Published: Mar 24, 2026
Source: GitHub
CVE-2026-33222 MEDIUM - 4.9

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, users with JetStream admin API access to restore one stream could restore to other stream names, impacting data which should have been protected against them. Version...

Vendor: go
Product: github.com/nats-io/nats-server/v2
Published: Mar 24, 2026
Source: GitHub
CVE-2026-33219 MEDIUM - 5.3

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, a malicious client which can connect to the WebSockets port can cause unbounded memory use in the nats-server before authentication; this requires sending a correspon...

Vendor: go
Product: github.com/nats-io/nats-server/v2
Published: Mar 24, 2026
Source: GitHub
CVE-2026-3889 MEDIUM - 6.5

Spoofing issue in Thunderbird. This vulnerability affects Thunderbird < 149 and Thunderbird < 140.9.

Vendor: mozilla
Product: thunderbird
Published: Mar 24, 2026
Source: NVD
CVE-2026-33215 MEDIUM - 6.5

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server provides an MQTT client interface. Prior to versions 2.11.15 and 2.12.5, Sessions and Messages can by hijacked via MQTT Client ID malfeasance. Versions 2.11.15 and 2.12.5 patch the issue. ...

Vendor: nats-io
Product: nats-server
Published: Mar 24, 2026
Source: NVD
CVE-2026-21790 MEDIUM - 6.3

HCL Traveler is susceptible to a weak default HTTP header validation vulnerability, which could allow an attacker to bypass additional authentication checks.

Vendor: HCLSoftware
Product: Traveler
Published: Mar 24, 2026
Source: NVD
CVE-2025-33242 MEDIUM - 5.9

NVIDIA B300 MCU contains a vulnerability in the CX8 MCU that could allow a malicious actor to modify unsupported registries, causing a bad state. A successful exploit of this vulnerability might lead to denial of service and data tampering.

Vendor: NVIDIA
Product: HGX and DGX B300
Published: Mar 24, 2026
Source: NVD