Total CVEs

141,292

Critical Severity

3,799

High Severity

13,738

Last 7 Days

1,667
Quick preset (or use dates below)
Clear Filters
Showing 8,921 - 8,940 of 13,738 CVEs
CVE-2026-4439 HIGH - 8.8

Out of bounds memory access in WebGL in Google Chrome on Android prior to 146.0.7680.153 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Vendor: google
Product: chrome
Published: Mar 20, 2026
Source: NVD
CVE-2026-32873 HIGH - 7.5

ewe is a Gleam web server. Versions 0.8.0 through 3.0.4 contain a bug in the handle_trailers function where rejected trailer headers (forbidden or undeclared) cause an infinite loop. When handle_trailers encounters such a trailer, three code paths (lines 520, 523, 526) recurse with the original buff...

Vendor: vshakitskiy
Product: ewe
Published: Mar 20, 2026
Source: NVD
CVE-2026-32808 HIGH - 8.1

pyLoad is a free and open-source download manager written in Python. Versions before 0.5.0b3.dev97 are vulnerable to path traversal during password verification of certain encrypted 7z archives (encrypted files with non-encrypted headers), causing arbitrary file deletion outside of the extraction di...

Vendor: pyload
Product: pyload
Published: Mar 20, 2026
Source: NVD
CVE-2026-32711 HIGH - 7.8

pydicom is a pure Python package for working with DICOM files. Versions 2.0.0-rc.1 through 3.0.1 are vulnerable to Path Traversal through a maliciously crafted DICOMDIR ReferencedFileID when it is set to a path outside the File-set root. pydicom resolves the path only to confirm that it exists, but ...

Vendor: pydicom
Product: pydicom
Published: Mar 20, 2026
Source: NVD
CVE-2026-33289 HIGH - 8.8

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, an LDAP Injection vulnerability exists in the SuiteCRM authentication flow. The application fails to properly sanitize user-supplied input before embedding it...

Vendor: SuiteCRM
Product: SuiteCRM
Published: Mar 20, 2026
Source: NVD
CVE-2026-33288 HIGH - 8.8

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, a SQL Injection vulnerability exists in the SuiteCRM authentication mechanisms when directory support is enabled. The application fails to properly sanitize t...

Vendor: SuiteCRM
Product: SuiteCRM
Published: Mar 20, 2026
Source: NVD
CVE-2026-29189 HIGH - 8.1

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, the SuiteCRM REST API V8 has missing ACL (Access Control List) checks on several endpoints, allowing authenticated users to access and manipulate data they sh...

Vendor: SuiteCRM
Product: SuiteCRM
Published: Mar 20, 2026
Source: NVD
CVE-2026-29109 HIGH - 7.2

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions up to and including 8.9.2 contain an unsafe deserialization vulnerability in the SavedSearch filter processing component that allows an authenticated administrator to execute arbitrary ...

Vendor: SuiteCRM
Product: SuiteCRM-Core
Published: Mar 20, 2026
Source: NVD
CVE-2026-22733 HIGH - 8.2

Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires authentication is declared under the path used by the CloudFoundry Actuator endpoints.Β This issue affects Spring Security: from 4.0.0 through 4.0....

Vendor: Spring
Product: Spring Security
Published: Mar 20, 2026
Source: NVD
CVE-2026-32721 HIGH - 8.6

LuCI is the OpenWrt Configuration Interface. Versions prior to both 24.10.5 and 25.12.0, contain a stored XSS vulnerability in the wireless scan modal, where SSID values from scan results are rendered as raw HTML without any sanitization. The wireless.js file in the luci-mod-network package passes S...

Vendor: openwrt
Product: luci, openwrt
Published: Mar 19, 2026
Source: NVD
CVE-2026-30874 HIGH - 7.8

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6, a vulnerability in the hotplug_call function allows an attacker to bypass environment variable filtering and inject an arbitrary PATH variable, potentially leading to privilege escalation. The funct...

Vendor: openwrt
Product: openwrt
Published: Mar 19, 2026
Source: NVD
CVE-2026-29102 HIGH - 7.2

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, an Authenticated Remote Code Execution (RCE) vulnerability exists in SuiteCRM modules. Versions 7.15.1 and 8.9.3 patch the issue.

Vendor: SuiteCRM
Product: SuiteCRM
Published: Mar 19, 2026
Source: NVD
CVE-2026-29100 HIGH - 7.1

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. SuiteCRM 7.15.0 contains a reflected HTML injection vulnerability in the login page that allows attackers to inject arbitrary HTML content, enabling phishing attacks and page defacement. Version...

Vendor: SuiteCRM
Product: SuiteCRM
Published: Mar 19, 2026
Source: NVD
CVE-2026-29099 HIGH - 8.8

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, the `retrieve()` function in `include/OutboundEmail/OutboundEmail.php` fails to properly neutralize the user controlled `$id` parameter. It is assumed that th...

Vendor: SuiteCRM
Product: SuiteCRM
Published: Mar 19, 2026
Source: NVD
CVE-2026-29097 HIGH - 7.5

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions prior to 7.15.1 and 8.9.3 contain a Server-Side Request Forgery (SSRF) vulnerability combined with a Denial of Service (DoS) condition in the RSS Feed Dashlet component. Versions 7.15.1...

Vendor: SuiteCRM
Product: SuiteCRM
Published: Mar 19, 2026
Source: NVD
CVE-2026-29096 HIGH - 8.1

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, when creating or editing a report (AOR_Reports module), the `field_function` parameter from POST data is saved directly into the `aor_fields` table without an...

Vendor: SuiteCRM
Product: SuiteCRM
Published: Mar 19, 2026
Source: NVD
CVE-2026-22731 HIGH - 8.2

Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires authentication is declared under a specific path, already configured for a Health Group additional path. This issue affects Spring Boot: from 4.0 ...

Vendor: Spring
Product: Spring Boot
Published: Mar 19, 2026
Source: NVD
CVE-2026-4342 HIGH - 8.8

A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in ...

Vendor: go
Product: k8s.io/ingress-nginx
Published: Mar 19, 2026
Source: NVD
CVE-2026-32815 HIGH - 7.5

SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the WebSocket endpoint (/ws) allows unauthenticated connections when specific URL parameters are provided (?app=siyuan&id=auth&type=auth). This bypass, intended for the login page to keep the kernel alive, allows ...

Vendor: siyuan-note
Product: siyuan
Published: Mar 19, 2026
Source: NVD
CVE-2026-32032 HIGH - 7.0

OpenClaw versions prior to 2026.2.22 contain an arbitrary shell execution vulnerability in shell environment fallback that trusts the unvalidated SHELL path from the host environment. An attacker with local environment access can inject a malicious SHELL variable to execute arbitrary commands with t...

Vendor: OpenClaw
Product: OpenClaw
Published: Mar 19, 2026
Source: NVD