Total CVEs

141,292

Critical Severity

3,799

High Severity

13,738

Last 7 Days

1,823
Quick preset (or use dates below)
Clear Filters
Showing 8,861 - 8,880 of 13,738 CVEs
CVE-2026-31836 HIGH - 8.1

Checkmate is an open-source, self-hosted tool designed to track and monitor server hardware, uptime, response times, and incidents in real-time with beautiful visualizations. In versions from 3.5.1 and prior, a mass assignment vulnerability in Checkmate's user profile update endpoint allows any...

Vendor: bluewave-labs
Product: Checkmate
Published: Mar 20, 2026
Source: NVD
CVE-2026-33331 HIGH - 8.2

oRPC is an tool that helps build APIs that are end-to-end type-safe and adhere to OpenAPI standards. Prior to version 1.13.9, a stored cross-site scripting (XSS) vulnerability exists in the OpenAPI documentation generation of orpc. If an attacker can control any field within the OpenAPI specificatio...

Vendor: npm
Product: @orpc/openapi
Published: Mar 20, 2026
Source: GitHub
CVE-2026-33316 HIGH - 8.1

Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.0, a flaw in Vikunja’s password reset logic allows disabled users to regain access to their accounts. The `ResetPassword()` function sets the user’s status to `StatusActive` after a successful password reset without...

Vendor: go
Product: code.vikunja.io/api
Published: Mar 20, 2026
Source: GitHub
CVE-2026-4491 HIGH - 8.8

A vulnerability has been found in Tenda A18 Pro 02.03.02.28. Impacted is the function fromSetIpMacBind of the file /goform/SetIpMacBind. Such manipulation of the argument list leads to stack-based buffer overflow. The attack can be executed remotely. The exploit has been disclosed to the public and ...

Published: Mar 20, 2026
Source: NVD
CVE-2026-4490 HIGH - 8.8

A flaw has been found in Tenda A18 Pro 02.03.02.28. This issue affects the function setSchedWifi of the file /goform/openSchedWifi. This manipulation causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used.

Published: Mar 20, 2026
Source: NVD
CVE-2026-4489 HIGH - 8.8

A vulnerability was detected in Tenda A18 Pro 02.03.02.28. This vulnerability affects the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. The manipulation results in stack-based buffer overflow. The attack may be launched remotely. The exploit is now public and may be ...

Published: Mar 20, 2026
Source: NVD
CVE-2026-4488 HIGH - 8.8

A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected is the function strcpy of the file /goform/setSysAdm. Such manipulation of the argument GroupName leads to buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might...

Published: Mar 20, 2026
Source: NVD
CVE-2026-32989 HIGH - 8.8

Precurio Intranet Portal 4.4 contains a cross-site request forgery vulnerability that allows attackers to induce authenticated users to submit crafted requests to a profile update endpoint handling file uploads. Attackers can exploit this to upload executable files to web-accessible locations, leadi...

Vendor: Precurio
Product: Precurio Intranet Portal
Published: Mar 20, 2026
Source: NVD
CVE-2025-67260 HIGH - 8.8

The Terrapack software, from ASTER TEC / ASTER S.p.A., with the indicated components and versions has a file upload vulnerability that may allow attackers to execute arbitrary code. Vulnerable components include Terrapack TkWebCoreNG:: 1.0.20200914, Terrapack TKServerCGI 2.5.4.150, and Terrapack Tpk...

Published: Mar 20, 2026
Source: NVD
CVE-2025-46597 HIGH - 7.5

Bitcoin Core 0.13.0 through 29.x has an integer overflow.

Published: Mar 20, 2026
Source: NVD
CVE-2026-4487 HIGH - 8.8

A vulnerability was determined in UTT HiPER 1200GW up to 2.5.3-170306. This impacts the function strcpy of the file /goform/websHostFilter. This manipulation causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.

Published: Mar 20, 2026
Source: NVD
CVE-2026-4486 HIGH - 8.8

A vulnerability was found in D-Link DIR-513 1.10. This affects the function formEasySetPassword of the file /goform/formEasySetPassword of the component Web Service. The manipulation of the argument curTime results in stack-based buffer overflow. The attack may be performed from remote. The exploit ...

Published: Mar 20, 2026
Source: NVD
CVE-2026-4434 HIGH - 8.1

Improper certificate validation in the PAM propagation WinRM connections allows a network attacker to perform a man-in-the-middle attack via disabled TLS certificate verification.

Published: Mar 20, 2026
Source: NVD
CVE-2026-33133 HIGH - 7.2

WeGIA is a web manager for charitable institutions. In versions 3.6.5 and 3.6.6, the loadBackupDB() function imports SQL files from uploaded backup archives without any content validation. An attacker can craft a backup archive containing arbitrary SQL statements that create rogue administrator acco...

Vendor: LabRedesCefetRJ
Product: WeGIA
Published: Mar 20, 2026
Source: NVD
CVE-2026-32305 HIGH - 5.3

Traefik is an HTTP reverse proxy and load balancer. Versions 2.11.40 and below, 3.0.0-beta1 through 3.6.11, and 3.7.0-ea.1 are vulnerable to mTLS bypass through the TLS SNI pre-sniffing logic related to fragmented ClientHello packets. When a TLS ClientHello is fragmented across multiple records, Tra...

Vendor: traefik
Product: traefik
Published: Mar 20, 2026
Source: NVD
CVE-2026-33124 HIGH - 8.8

Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Versions prior to 0.17.0-beta1 allow any authenticated user to change their own password without verifying the current password through the /users/{username}/password endpoint. Changing a password does not...

Vendor: blakeblackshear
Product: frigate
Published: Mar 20, 2026
Source: NVD
CVE-2026-22324 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Melania allows PHP Local File Inclusion.This issue affects Melania: from n/a through 2.5.0.

Vendor: ThemeREX
Product: Melania
Published: Mar 20, 2026
Source: NVD
CVE-2026-0677 HIGH - 7.2

Deserialization of Untrusted Data vulnerability in TotalSuite TotalContest Lite allows Object Injection.This issue affects TotalContest Lite: from n/a through 2.9.1.

Published: Mar 20, 2026
Source: NVD
CVE-2024-32537 HIGH - 7.1

Cross-Site request forgery (CSRF) vulnerability in joshuae1974 Flash Video Player allows Cross Site Request Forgery.This issue affects Flash Video Player: from n/a through 5.0.4.

Vendor: joshuae1974
Product: Flash Video Player
Published: Mar 20, 2026
Source: NVD
CVE-2026-33075 HIGH - 8.8

FastGPT is an AI Agent building platform. In versions 4.14.8.3 and below, the fastgpt-preview-image.yml workflow is vulnerable to arbitrary code execution and secret exfiltration by any external contributor. It uses pull_request_target (which runs with access to repository secrets) but checks out co...

Vendor: labring
Product: FastGPT
Published: Mar 20, 2026
Source: NVD