Total CVEs

141,249

Critical Severity

3,795

High Severity

13,708

Last 7 Days

1,948
Quick preset (or use dates below)
Clear Filters
Showing 8,601 - 8,620 of 14,200 CVEs
CVE-2026-32642 MEDIUM - 4.3

Incorrect Authorization (CWE-863) vulnerability in Apache Artemis, Apache ActiveMQ Artemis exists when an application using the OpenWire protocol attempts to create a non-durable JMS topic subscription on an address that doesn't exist with an authenticated user which has the "createDurable...

Vendor: Apache Software Foundation
Product: Apache Artemis, Apache ActiveMQ Artemis
Published: Mar 24, 2026
Source: NVD
CVE-2026-4754 MEDIUM - 6.1

CWE-79 vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11.

Vendor: molotovcherry
Product: android-imagemagick7
Published: Mar 24, 2026
Source: NVD
CVE-2026-4752 MEDIUM - 6.4

Use After Free vulnerability in No-Chicken Echo-Mate.This issue affects Echo-Mate: before V250329.

Published: Mar 24, 2026
Source: NVD
CVE-2026-4751 MEDIUM - 5.3

NULL Pointer Dereference vulnerability in tmate-io tmate.This issue affects tmate: before 2.4.0.

Published: Mar 24, 2026
Source: NVD
CVE-2026-4749 MEDIUM - 6.5

NVD-CWE-noinfo vulnerability in albfan miraclecast.This issue affects miraclecast: before v1.0.

Published: Mar 24, 2026
Source: NVD
CVE-2026-33855 MEDIUM - 5.5

Integer Overflow or Wraparound vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11.

Vendor: MolotovCherry
Product: Android-ImageMagick7
Published: Mar 24, 2026
Source: NVD
CVE-2026-33853 MEDIUM - 5.5

NULL Pointer Dereference vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-10.

Vendor: MolotovCherry
Product: Android-ImageMagick7
Published: Mar 24, 2026
Source: NVD
CVE-2026-3260 MEDIUM - 5.9

A flaw was found in Undertow. A remote attacker could exploit this vulnerability by sending an HTTP GET request containing multipart/form-data content. If the underlying application processes parameters using methods like `getParameterMap()`, the server prematurely parses and stores this content to ...

Published: Mar 24, 2026
Source: NVD
CVE-2026-3138 MEDIUM - 6.5

The Product Filter for WooCommerce by WBW plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check in all versions up to, and including, 3.1.2. This is due to the plugin's MVC framework dynamically registering unauthenticated AJAX handlers via `wp_ajax_nopr...

Published: Mar 24, 2026
Source: NVD
CVE-2026-4733 MEDIUM - 5.3

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3.

Published: Mar 24, 2026
Source: NVD
CVE-2026-33308 MEDIUM - 6.8

Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS. Prior to version 0.13.0, code for client certificate verification did not check the key purpose as set in the Extended Key Usage extension. An attacker with access to the private key for a valid certificate issued by a CA trusted for TLS c...

Vendor: airtower-luna
Product: mod_gnutls
Published: Mar 24, 2026
Source: NVD
CVE-2026-3079 MEDIUM - 6.5

The LearnDash LMS plugin for WordPress is vulnerable to blind time-based SQL Injection via the 'filters[orderby_order]' parameter in the 'learndash_propanel_template' AJAX action in all versions up to, and including, 5.0.3. This is due to insufficient escaping on the user supplie...

Published: Mar 24, 2026
Source: NVD
CVE-2026-33290 MEDIUM - 4.3

WPGraphQL provides a GraphQL API for WordPress sites. Prior to version 2.10.0, an authorization flaw in updateComment allows an authenticated low-privileged user (including a custom role with zero capabilities) to change moderation status of their own comment (for example to APPROVE) without the mod...

Vendor: wp-graphql
Product: wp-graphql
Published: Mar 24, 2026
Source: NVD
CVE-2026-4614 MEDIUM - 6.3

A vulnerability was determined in itsourcecode sanitize or validate this input 1.0. This issue affects some unknown processing of the file /admin/subjects.php of the component Parameter Handler. This manipulation of the argument subject_code causes sql injection. The attack is possible to be carried...

Published: Mar 24, 2026
Source: NVD
CVE-2026-4056 MEDIUM - 5.4

The User Registration & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the Content Access Rules REST API endpoints in versions 5.0.1 through 5.1.4. This is due to the `check_permissions()` method only checking for `edit_pos...

Published: Mar 24, 2026
Source: NVD
CVE-2026-4066 MEDIUM - 4.3

The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relational_posts_search() function in all versions up to, and including, 5.0.6. This makes it possible for authenticated attackers, with Contributor-level access and abo...

Published: Mar 23, 2026
Source: NVD
CVE-2026-3225 MEDIUM - 4.3

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized deletion of quiz question answers due to a missing capability check in the delete_question_answer() function of the EditQuestionAjax class in all versions up to, and including, 4.3.2.8. The AbstractAjax::catch_l...

Published: Mar 23, 2026
Source: NVD
CVE-2026-2412 MEDIUM - 6.5

The Quiz and Survey Master (QSM) plugin for WordPress is vulnerable to SQL Injection via the 'merged_question' parameter in all versions up to, and including, 10.3.5. This is due to insufficient sanitization of user-supplied input before being used in a SQL query. The sanitize_text_field()...

Published: Mar 23, 2026
Source: NVD
CVE-2026-32279 MEDIUM - 6.8

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, a Server-Side Request Forgery (SSRF) issue exists in the external page migration feature of the Page Management Plugin. Versions 1.41.1 and ...

Vendor: opensource-workshop
Product: connect-cms
Published: Mar 23, 2026
Source: NVD
CVE-2026-29111 MEDIUM - 5.5

systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an assert, but stack overwriting, with the attacker controlled content. From version v250 and newer this is...

Vendor: systemd
Product: systemd
Published: Mar 23, 2026
Source: NVD