Total CVEs

141,272

Critical Severity

3,795

High Severity

13,729

Last 7 Days

1,917
Quick preset (or use dates below)
Clear Filters
Showing 8,721 - 8,740 of 14,204 CVEs
CVE-2026-4542 MEDIUM - 5.4

A vulnerability has been found in SSCMS 4.7.0. The affected element is an unknown function of the file LayerImageController.Submit.cs of the component layerImage Endpoint. Such manipulation of the argument filePaths leads to path traversal. The attack may be performed from remote. The exploit has be...

Published: Mar 22, 2026
Source: NVD
CVE-2026-4538 MEDIUM - 5.3

A vulnerability was identified in PyTorch 2.10.0. The affected element is an unknown function of the component pt2 Loading Handler. The manipulation leads to deserialization. The attack can only be performed from a local environment. The exploit is publicly available and might be used. The project w...

Published: Mar 22, 2026
Source: NVD
CVE-2026-4537 MEDIUM - 4.7

A vulnerability was determined in Cudy TR1200 R46-2.4.15-20250721-164017. Impacted is the function action_ipsec_conn of the file /usr/bin/lib/lua/luci/controller/ipsec.lua. Executing a manipulation can lead to command injection. The attack may be launched remotely. The exploit has been publicly disc...

Published: Mar 22, 2026
Source: NVD
CVE-2026-3427 MEDIUM - 6.4

The Yoast SEO โ€“ Advanced SEO with real-time guidance and built-in AI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the `jsonText` block attribute in all versions up to, and including, 27.1.1 due to insufficient input sanitization and output escaping. This makes it possibl...

Published: Mar 22, 2026
Source: NVD
CVE-2026-4533 MEDIUM - 6.3

A vulnerability was detected in code-projects Simple Food Ordering System 1.0. Affected by this issue is some unknown functionality of the file all-tickets.php. The manipulation of the argument Status results in sql injection. It is possible to launch the attack remotely. The exploit is now public a...

Published: Mar 22, 2026
Source: NVD
CVE-2026-33549 MEDIUM - 6.7

SPIP 4.4.10 through 4.4.12 before 4.4.13 allows unintended privilege assignment (of administrator privileges) during the editing of an author data structure because of STATUT mishandling.

Vendor: SPIP
Product: SPIP
Published: Mar 22, 2026
Source: NVD
CVE-2025-71276 MEDIUM - 6.4

SOGo before 5.12.5 is prone to a XSS vulnerability with events, tasks, and contacts categories.

Vendor: Alinto
Product: SOGo
Published: Mar 22, 2026
Source: NVD
CVE-2026-4532 MEDIUM - 5.3

A security vulnerability has been detected in code-projects Simple Food Ordering System up to 1.0. Affected by this vulnerability is an unknown functionality of the file /food/sql/food.sql of the component Database Backup Handler. The manipulation leads to files or directories accessible. It is poss...

Published: Mar 22, 2026
Source: NVD
CVE-2026-4531 MEDIUM - 5.3

A weakness has been identified in Free5GC 4.1.0. Affected is the function HandleRegistrationComplete of the file internal/gmm/handler.go of the component AMF. Executing a manipulation can lead to denial of service. The attack may be performed from remote. This patch is called 52e9386401ce56ea773c5aa...

Published: Mar 22, 2026
Source: NVD
CVE-2019-25589 MEDIUM - 6.2

ZOC Terminal 7.23.4 contains a buffer overflow vulnerability in the Shell field of Program Settings that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a crafted payload into the Shell configuration field and trigger a crash when accessin...

Vendor: Emtec
Product: ZOC Terminal
Published: Mar 22, 2026
Source: NVD
CVE-2019-25588 MEDIUM - 6.2

BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the DNS Address field that allows local attackers to crash the application by supplying an excessively long string. Attackers can enable the DNS Address option in the Firewall settings and paste a buffer of 700 bytes to...

Vendor: Bpftpserver
Product: BulletProof FTP Server
Published: Mar 22, 2026
Source: NVD
CVE-2019-25587 MEDIUM - 6.2

BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the Storage-Path configuration parameter that allows local attackers to crash the application by supplying an excessively long string value. Attackers can enable the Override Storage-Path setting and paste a buffer of 5...

Vendor: Bpftpserver
Product: BulletProof FTP Server
Published: Mar 22, 2026
Source: NVD
CVE-2019-25586 MEDIUM - 6.2

Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the URL field. Attackers can paste a buffer of 5000 characters into the 'From URL' field during torrent addition to trigger an applicatio...

Vendor: Dev
Product: Deluge
Published: Mar 22, 2026
Source: NVD
CVE-2019-25585 MEDIUM - 6.2

Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Webseeds field. Attackers can paste a buffer of 5000 bytes into the Webseeds field during torrent creation to trigger an application crash.

Vendor: Dev
Product: Deluge
Published: Mar 22, 2026
Source: NVD
CVE-2019-25584 MEDIUM - 6.2

RarmaRadio 2.72.3 contains a buffer overflow vulnerability in the Server field of the Network settings that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a malicious payload exceeding 4000 bytes into the Server field via the Settings men...

Vendor: Raimersoft
Product: RarmaRadio
Published: Mar 22, 2026
Source: NVD
CVE-2019-25583 MEDIUM - 6.2

RarmaRadio 2.72.3 contains a denial of service vulnerability in the Username field that allows local attackers to crash the application by submitting excessively long input. Attackers can paste a buffer of 5000 bytes into the Username field via Settings > Network to trigger an application crash.

Vendor: Raimersoft
Product: RarmaRadio
Published: Mar 22, 2026
Source: NVD
CVE-2026-4530 MEDIUM - 5.3

A security flaw has been discovered in apconw Aix-DB up to 1.2.3. This impacts an unknown function of the file agent/text2sql/rag/terminology_retriever.py. Performing a manipulation of the argument Description results in sql injection. The attack requires a local approach. The exploit has been relea...

Published: Mar 22, 2026
Source: NVD
CVE-2026-2756 MEDIUM - 5.0

A security vulnerability has been detected in OmniPEMF NeoRhythm up to 20260308. This affects an unknown function of the component BLE Interface. Such manipulation leads to missing authentication. The attack can only be initiated within the local network. This attack is characterized by high complex...

Published: Mar 21, 2026
Source: NVD
CVE-2019-25582 MEDIUM - 6.5

i-doit CMDB 1.12 contains an arbitrary file download vulnerability that allows authenticated attackers to download sensitive files by manipulating the file parameter in index.php. Attackers can send GET requests to index.php with file_manager=image and supply arbitrary file paths like src/config.inc...

Vendor: I-Doit
Product: doit CMDB
Published: Mar 21, 2026
Source: NVD
CVE-2019-25577 MEDIUM - 5.5

SeoToaster Ecommerce 3.0.0 contains a local file inclusion vulnerability that allows authenticated attackers to read arbitrary files by manipulating path parameters in backend theme endpoints. Attackers can send POST requests to /backend/backend_theme/editcss/ or /backend/backend_theme/editjs/ with ...

Vendor: Seotoaster
Product: SeoToaster Ecommerce
Published: Mar 21, 2026
Source: NVD