Total CVEs

141,292

Critical Severity

3,799

High Severity

13,738

Last 7 Days

1,855
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 8,681 - 8,700 of 13,828 CVEs
CVE-2019-25621 MEDIUM - 6.2

Pixel Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the keyboard interface. Attackers can trigger the vulnerability by entering arbitrary characters, causing the application to become unresponsive or t...

Vendor: Pixarra
Product: Pixel Studio
Published: Mar 23, 2026
Source: NVD
CVE-2019-25620 MEDIUM - 6.2

Tree Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the keyboard interface. Attackers can trigger the vulnerability by entering arbitrary characters during application runtime, causing the application t...

Vendor: Pixarra
Product: Tree Studio
Published: Mar 23, 2026
Source: NVD
CVE-2026-4586 MEDIUM - 6.3

A vulnerability was found in CodePhiliaX Chat2DB up to 0.3.7. This affects the function Upload of the file chat2db-server/chat2db-server-web/chat2db-server-web-api/src/main/java/ai/chat2db/server/web/api/controller/driver/JdbcDriverController.java of the component JDBC Driver Upload. Performing a ma...

Published: Mar 23, 2026
Source: NVD
CVE-2026-31846 MEDIUM - 6.5

Missing authentication in the /goform/ate endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows an adjacent unauthenticated attacker to retrieve sensitive device information, including the administrator password. The endpoint returns a raw response containing parameters...

Vendor: Nexxt Solutions
Product: Nebula 300+ / Tenda F3 V2.0 Firmware
Published: Mar 23, 2026
Source: NVD
CVE-2026-4583 MEDIUM - 5.0

A vulnerability was detected in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. Affected by this issue is some unknown functionality of the component Bluetooth Handler. Performing a manipulation results in authentication bypass by capture-replay. The attack must originate from the local network. The a...

Published: Mar 23, 2026
Source: NVD
CVE-2026-4582 MEDIUM - 5.0

A security vulnerability has been detected in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. Affected by this vulnerability is an unknown functionality of the component Bluetooth. Such manipulation leads to missing authentication. The attack must be carried out from within the local network. Attacks ...

Published: Mar 23, 2026
Source: NVD
CVE-2026-4628 MEDIUM - 4.3

A flaw was found in Keycloak. An improper Access Control vulnerability in Keycloakโ€™s User-Managed Access (UMA) resource_set endpoint allows attackers with valid credentials to bypass the allowRemoteResourceManagement=false restriction. This occurs due to incomplete enforcement of access control chec...

Published: Mar 23, 2026
Source: NVD
CVE-2025-6229 MEDIUM - 6.4

The Sina Extension for Elementor (Header Builder, Footer Builter, Theme Builder, Slider, Gallery, Form, Modal, Data Table Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `Fancy Text Widget` And `Countdown Widget` DOM attribu...

Published: Mar 23, 2026
Source: NVD
CVE-2025-13997 MEDIUM - 5.3

The King Addons for Elementor โ€“ 4,000+ ready Elementor sections, 650+ templates, 70+ FREE widgets for Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in all versions up to, and including, 51.1.49 due to the plugin adding the API keys to the HTML source code via ren...

Vendor: kingaddons
Product: King Addons for Elementor โ€“ 80+ Elementor Widgets, 4 000+ Elementor Templates, WooCommerce, Mega Menu, Popup Builder
Published: Mar 23, 2026
Source: NVD
CVE-2026-4603 MEDIUM - 5.9

Versions of the package jsrsasign before 11.1.1 are vulnerable to Division by zero due to the RSASetPublic/KEYUTIL parsing path in ext/rsa.js and the BigInteger.modPowInt reduction logic in ext/jsbn.js. An attacker can force RSA public-key operations (e.g., verify and encryption) to collapse to dete...

Vendor: jsrsasign_project
Product: jsrsasign
Published: Mar 23, 2026
Source: NVD
CVE-2026-4574 MEDIUM - 6.3

A vulnerability was detected in SourceCodester Simple E-learning System 1.0. This vulnerability affects unknown code of the component User Profile Update Handler. The manipulation of the argument firstName results in sql injection. It is possible to launch the attack remotely. The exploit is now pub...

Published: Mar 23, 2026
Source: NVD
CVE-2026-4573 MEDIUM - 6.3

A security vulnerability has been detected in SourceCodester Simple E-learning System 1.0. This affects an unknown part of the file /includes/form_handlers/delete_post.php of the component HTTP GET Parameter Handler. The manipulation of the argument post_id leads to sql injection. It is possible to ...

Published: Mar 23, 2026
Source: NVD
CVE-2026-1969 MEDIUM - 5.3

The trx_addons WordPress plugin before 2.38.5 does not correctly validate file types in one of its AJAX action, allowing unauthenticated users to upload arbitrary file. This is due to an incorrect fix of CVE-2024-13448

Published: Mar 23, 2026
Source: NVD
CVE-2025-10734 MEDIUM - 5.3

The ReviewX โ€“ WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.12 via the syncedData function. This makes it possible for unauthenticated ...

Vendor: reviewx
Product: ReviewX โ€“ Multi-Criteria Reviews for WooCommerce with Google Reviews & Schema
Published: Mar 23, 2026
Source: NVD
CVE-2025-10731 MEDIUM - 5.3

The ReviewX โ€“ WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.12 via the allReminderSettings function. This makes it possible for unauthe...

Vendor: reviewx
Product: ReviewX โ€“ Multi-Criteria Reviews for WooCommerce with Google Reviews & Schema
Published: Mar 23, 2026
Source: NVD
CVE-2026-4572 MEDIUM - 6.3

A weakness has been identified in SourceCodester Sales and Inventory System 1.0. Affected by this issue is some unknown functionality of the file /view_product.php of the component HTTP POST Request Handler. Executing a manipulation of the argument searchtxt can lead to sql injection. The attack may...

Published: Mar 23, 2026
Source: NVD
CVE-2026-4571 MEDIUM - 6.3

A security flaw has been discovered in SourceCodester Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /view_payments.php of the component HTTP POST Request Handler. Performing a manipulation of the argument searchtxt results in sql injection. Th...

Published: Mar 23, 2026
Source: NVD
CVE-2026-4570 MEDIUM - 6.3

A vulnerability was identified in SourceCodester Sales and Inventory System 1.0. Affected is an unknown function of the file /view_customers.php of the component HTTP POST Request Handler. Such manipulation of the argument searchtxt leads to sql injection. The attack can be executed remotely. The ex...

Published: Mar 23, 2026
Source: NVD
CVE-2025-10736 MEDIUM - 6.5

The ReviewX โ€“ WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to unauthorized access of data due to improper authorization checks on the userAccessibility() function in all versions up to, and including, 2.2.10. T...

Vendor: reviewx
Product: ReviewX โ€“ Multi-Criteria Reviews for WooCommerce with Google Reviews & Schema
Published: Mar 23, 2026
Source: NVD
CVE-2026-4569 MEDIUM - 6.3

A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This impacts an unknown function of the file /view_category.php of the component HTTP POST Request Handler. This manipulation of the argument searchtxt causes sql injection. Remote exploitation of the attack is possible...

Published: Mar 23, 2026
Source: NVD