Total CVEs

141,292

Critical Severity

3,799

High Severity

13,738

Last 7 Days

1,875
Quick preset (or use dates below)
Clear Filters
Showing 8,581 - 8,600 of 13,738 CVEs
CVE-2026-33218 HIGH - 7.5

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, a client which can connect to the leafnode port can crash the nats-server with a certain malformed message pre-authentication. Versions 2.11.15 and 2.12.6 contain a f...

Vendor: go
Product: github.com/nats-io/nats-server/v2
Published: Mar 24, 2026
Source: GitHub
CVE-2026-33217 HIGH - 7.1

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, when using ACLs on message subjects, these ACLs were not applied in the `$MQTT.>` namespace, allowing MQTT clients to bypass ACL checks for MQTT subjects. Versions...

Vendor: go
Product: github.com/nats-io/nats-server/v2
Published: Mar 24, 2026
Source: GitHub
CVE-2026-33216 HIGH - 8.6

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, for MQTT deployments using usercodes/passwords: MQTT passwords are incorrectly classified as a non-authenticating identity statement (JWT) and exposed via monitoring ...

Vendor: go
Product: github.com/nats-io/nats-server/v2
Published: Mar 24, 2026
Source: GitHub
CVE-2026-29785 HIGH - 7.5

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.14 and 2.12.5, if the nats-server has the "leafnode" configuration enabled (not default), then anyone who can connect can crash the nats-server by triggering a panic. This...

Vendor: go
Product: github.com/nats-io/nats-server/v2
Published: Mar 24, 2026
Source: GitHub
CVE-2026-4371 HIGH - 7.4

A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were compromised, an attacker could cause the parser to malfunction, potentially crashing Thunderbird or leaking sensitive...

Vendor: mozilla
Product: thunderbird
Published: Mar 24, 2026
Source: NVD
CVE-2026-24159 HIGH - 7.8

NVIDIA NeMo Framework contains a vulnerability where an attacker may cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure and data tampering.

Vendor: NVIDIA
Product: NeMo Framework
Published: Mar 24, 2026
Source: NVD
CVE-2026-24158 HIGH - 7.5

NVIDIA Triton Inference Server contains a vulnerability in the HTTP endpoint where an attacker may cause a denial of service by providing a large compressed payload. A successful exploit of this vulnerability may lead to denial of service.

Vendor: NVIDIA
Product: Triton Inference Server
Published: Mar 24, 2026
Source: NVD
CVE-2026-24157 HIGH - 7.8

NVIDIA NeMo Framework contains a vulnerability in checkpoint loading where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure and data tampering.

Vendor: NVIDIA
Product: NeMo Framework
Published: Mar 24, 2026
Source: NVD
CVE-2026-24152 HIGH - 7.8

NVIDIA Megatron-LM contains a vulnerability in checkpoint loading where an Attacker may cause an RCE by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.

Vendor: NVIDIA
Product: Megatron LM
Published: Mar 24, 2026
Source: NVD
CVE-2026-24151 HIGH - 7.8

NVIDIA Megatron-LM contains a vulnerability in inferencing where an Attacker may cause an RCE by convincing a user to load a maliciously crafted input. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.

Vendor: NVIDIA
Product: Megatron LM
Published: Mar 24, 2026
Source: NVD
CVE-2026-24150 HIGH - 7.8

NVIDIA Megatron-LM contains a vulnerability in checkpoint loading where an Attacker may cause an RCE by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.

Vendor: NVIDIA
Product: Megatron LM
Published: Mar 24, 2026
Source: NVD
CVE-2026-24141 HIGH - 7.8

NVIDIA Model Optimizer for Windows and Linux contains a vulnerability in the ONNX quantization feature, where a user could cause unsafe deserialization by providing a specially crafted input file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data...

Vendor: NVIDIA
Product: NVIDIA Model Optimizer
Published: Mar 24, 2026
Source: NVD
CVE-2025-33254 HIGH - 7.5

NVIDIA Triton Inference Server contains a vulnerability where an attacker may cause internal state corruption. A successful exploit of this vulnerability may lead to a denial of service.

Vendor: NVIDIA
Product: Triton Inference Server
Published: Mar 24, 2026
Source: NVD
CVE-2025-33248 HIGH - 7.8

NVIDIA Megatron-LM contains a vulnerability in the hybrid conversion script where an Attacker may cause an RCE by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data ta...

Vendor: NVIDIA
Product: Megatron LM
Published: Mar 24, 2026
Source: NVD
CVE-2025-33247 HIGH - 7.8

NVIDIA Megatron LM contains a vulnerability in quantization configuration loading, which could allow remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

Vendor: NVIDIA
Product: Megatron LM
Published: Mar 24, 2026
Source: NVD
CVE-2025-33238 HIGH - 7.5

NVIDIA Triton Inference Server Sagemaker HTTP server contains a vulnerability where an attacker may cause an exception. A successful exploit of this vulnerability may lead to denial of service.

Vendor: NVIDIA
Product: Triton Inference Server
Published: Mar 24, 2026
Source: NVD
CVE-2026-33247 HIGH - 7.4

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, if a nats-server is run with static credentials for all clients provided via argv (the command-line), then those credentials are visible to any user who can see the m...

Vendor: go
Product: github.com/nats-io/nats-server/v2
Published: Mar 24, 2026
Source: GitHub
CVE-2026-33330 HIGH - 7.1

FileRise is a self-hosted web file manager / WebDAV server. Prior to version 3.10.0, a broken access control issue in FileRise's ONLYOFFICE integration allows an authenticated user with read-only access to obtain a signed save callbackUrl for a file and then directly forge the ONLYOFFICE save c...

Vendor: error311
Product: FileRise
Published: Mar 24, 2026
Source: NVD
CVE-2026-33329 HIGH - 8.1

FileRise is a self-hosted web file manager / WebDAV server. From version 1.0.1 to before version 3.10.0, the resumableIdentifier parameter in the Resumable.js chunked upload handler (UploadModel::handleUpload()) is concatenated directly into filesystem paths without any sanitization. An authenticate...

Vendor: error311
Product: FileRise
Published: Mar 24, 2026
Source: NVD
CVE-2026-22559 HIGH - 8.8

An Improper Input Validation vulnerability in UniFi Network Server may allow unauthorized access to an account if the account owner is socially engineered into clicking a malicious link. Affected Products: UniFi Network Server (Version 10.1.85 and earlier) Mitigation: Update UniFi Netwo...

Vendor: Ubiquiti Inc
Product: UniFi Network Server
Published: Mar 24, 2026
Source: NVD