Total CVEs

141,292

Critical Severity

3,799

High Severity

13,738

Last 7 Days

1,850
Quick preset (or use dates below)
Clear Filters
Showing 8,681 - 8,700 of 13,738 CVEs
CVE-2026-4623 HIGH - 7.3

A security vulnerability has been detected in DefaultFuction Jeson-Customer-Relationship-Management-System up to 1b4679c4d06b90d31dd521c2b000bfdec5a36e00. This affects an unknown function of the file /api/System.php of the component API Module. The manipulation of the argument url leads to server-si...

Published: Mar 24, 2026
Source: NVD
CVE-2026-33307 HIGH - 7.5

Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS. In versions prior to 0.12.3 and 0.13.0, code for client certificate verification imported the certificate chain sent by the client into a fixed size `gnutls_x509_crt_t x509[]` array without checking the number of certificates is less than ...

Vendor: airtower-luna
Product: mod_gnutls
Published: Mar 24, 2026
Source: NVD
CVE-2026-4680 HIGH - 8.8

Use after free in FedCM in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Mar 24, 2026
Source: NVD
CVE-2026-4679 HIGH - 8.8

Integer overflow in Fonts in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Mar 24, 2026
Source: NVD
CVE-2026-4678 HIGH - 8.8

Use after free in WebGPU in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Mar 24, 2026
Source: NVD
CVE-2026-4677 HIGH - 8.8

Inappropriate implementation in WebAudio in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Mar 24, 2026
Source: NVD
CVE-2026-4676 HIGH - 8.8

Use after free in Dawn in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Mar 24, 2026
Source: NVD
CVE-2026-4675 HIGH - 8.8

Heap buffer overflow in WebGL in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Mar 24, 2026
Source: NVD
CVE-2026-4674 HIGH - 8.8

Out of bounds read in CSS in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Mar 24, 2026
Source: NVD
CVE-2026-4673 HIGH - 8.8

Heap buffer overflow in WebAudio in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Mar 24, 2026
Source: NVD
CVE-2026-4617 HIGH - 7.3

A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0. The impacted element is the function ValidateToken of the file /php/api_patient_checkin.php of the component Patient Check-In Module. Executing a manipulation can lead to improper authorization. It is...

Published: Mar 24, 2026
Source: NVD
CVE-2026-33298 HIGH - 7.8

llama.cpp is an inference of several LLM models in C/C++. Prior to b7824, an integer overflow vulnerability in the `ggml_nbytes` function allows an attacker to bypass memory validation by crafting a GGUF file with specific tensor dimensions. This causes `ggml_nbytes` to return a significantly smalle...

Vendor: ggml-org
Product: llama.cpp
Published: Mar 24, 2026
Source: NVD
CVE-2026-22739 HIGH - 8.6

Vulnerability in Spring Cloud when substituting the profile parameter from a request made to the Spring Cloud Config Server configured to the native file system as a backend, because it was possible to access files outside of the configured search directories.This issue affects Spring Cloud: from 3....

Vendor: Spring
Product: Spring Cloud
Published: Mar 24, 2026
Source: NVD
CVE-2026-4615 HIGH - 7.3

A vulnerability was identified in SourceCodester Online Catering Reservation 1.0. Impacted is an unknown function of the file /search.php. Such manipulation of the argument rcode leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used.

Published: Mar 24, 2026
Source: NVD
CVE-2026-4613 HIGH - 7.3

A vulnerability was found in SourceCodester E-Commerce Site 1.0. This vulnerability affects unknown code of the file /products.php. The manipulation of the argument Search results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used.

Published: Mar 24, 2026
Source: NVD
CVE-2026-4021 HIGH - 8.1

The Contest Gallery plugin for WordPress is vulnerable to an authentication bypass leading to admin account takeover in all versions up to, and including, 28.1.5. This is due to the email confirmation handler in `users-registry-check-after-email-or-pin-confirmation.php` using the user's email s...

Published: Mar 24, 2026
Source: NVD
CVE-2026-3533 HIGH - 8.8

The Jupiter X Core plugin for WordPress is vulnerable to limited file uploads due to missing authorization on import_popup_templates() function as well as insufficient file type validation in the upload_files() function in all versions up to, and including, 4.14.1. This makes it possible for Authent...

Published: Mar 24, 2026
Source: NVD
CVE-2026-33250 HIGH - 7.5

Freeciv21 is a free open source, turn-based, empire-building strategy game. Versions prior to 3.1.1 crash with a stack overflow when receiving specially-crafted packets. A remote attacker can use this to take down any public server. A malicious server can use this to crash the game on the player...

Vendor: longturn
Product: freeciv21
Published: Mar 24, 2026
Source: NVD
CVE-2026-4306 HIGH - 7.5

The WP Job Portal plugin for WordPress is vulnerable to SQL Injection via the 'radius' parameter in all versions up to, and including, 2.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for ...

Published: Mar 23, 2026
Source: NVD
CVE-2026-33046 HIGH - 8.8

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In versions prior to 3.3.12, due to vulnerabilities in TeXLive and obscure LaTeX syntax that allowed circumventing Indico's LaTeX sanitizer, it is possible to use specially-crafted L...

Vendor: indico
Product: indico
Published: Mar 23, 2026
Source: NVD