Total CVEs

141,292

Critical Severity

3,799

High Severity

13,738

Last 7 Days

1,850
Quick preset (or use dates below)
Clear Filters
Showing 8,941 - 8,960 of 14,211 CVEs
CVE-2026-4473 MEDIUM - 4.7

A vulnerability was detected in itsourcecode Online Doctor Appointment System 1.0. This issue affects some unknown processing of the file /admin/appointment_action.php. The manipulation of the argument appointment_id results in sql injection. The attack can be launched remotely. The exploit is now p...

Vendor: unguardable
Product: online_doctor_appointment_system
Published: Mar 20, 2026
Source: NVD
CVE-2026-4472 MEDIUM - 6.3

A security vulnerability has been detected in itsourcecode Online Frozen Foods Ordering System 1.0. This vulnerability affects unknown code of the file /admin/admin_edit_supplier.php. The manipulation of the argument Supplier_Name leads to sql injection. The attack can be initiated remotely. The exp...

Vendor: adonesevangelista
Product: online_frozen_foods_ordering_system
Published: Mar 20, 2026
Source: NVD
CVE-2026-4471 MEDIUM - 4.7

A weakness has been identified in itsourcecode Online Frozen Foods Ordering System 1.0. This affects an unknown part of the file /admin/admin_edit_employee.php. Executing a manipulation of the argument First_Name can lead to sql injection. It is possible to launch the attack remotely. The exploit ha...

Vendor: adonesevangelista
Product: online_frozen_foods_ordering_system
Published: Mar 20, 2026
Source: NVD
CVE-2026-4470 MEDIUM - 4.7

A security flaw has been discovered in itsourcecode Online Frozen Foods Ordering System 1.0. Affected by this issue is some unknown functionality of the file /admin/admin_edit_menu.php. Performing a manipulation of the argument product_name results in sql injection. It is possible to initiate the at...

Vendor: adonesevangelista
Product: online_frozen_foods_ordering_system
Published: Mar 20, 2026
Source: NVD
CVE-2026-4469 MEDIUM - 4.7

A vulnerability was identified in itsourcecode Online Frozen Foods Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/admin_edit_menu_action.php. Such manipulation of the argument product_name leads to sql injection. The attack may be performed from re...

Vendor: adonesevangelista
Product: online_frozen_foods_ordering_system
Published: Mar 20, 2026
Source: NVD
CVE-2026-4468 MEDIUM - 4.7

A vulnerability was determined in Comfast CF-AC100 2.6.0.8. Affected is an unknown function of the file /cgi-bin/mbox-config?method=SET&section=update_interface_png. This manipulation causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly discl...

Published: Mar 20, 2026
Source: NVD
CVE-2026-4136 MEDIUM - 4.3

The Membership Plugin โ€“ Restrict Content plugin for WordPress is vulnerable to Unvalidated Redirect in all versions up to, and including, 3.2.24. This is due to insufficient validation on the redirect url supplied via the 'rcp_redirect' parameter. This makes it possible for unauthenticated...

Published: Mar 20, 2026
Source: NVD
CVE-2026-32114 MEDIUM - 4.3

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, there is an Insecure Direct Object Reference (IDOR) vulnerability that allows any authenticated user to access metadata about AI personas, features, and LLM models by providing their identif...

Vendor: discourse
Product: discourse
Published: Mar 20, 2026
Source: NVD
CVE-2026-4467 MEDIUM - 4.7

A vulnerability was found in Comfast CF-AC100 2.6.0.8. This impacts an unknown function of the file /cgi-bin/mbox-config?method=SET&section=wireless_device_dissoc. The manipulation results in command injection. The attack can be executed remotely. The exploit has been made public and could be us...

Published: Mar 20, 2026
Source: NVD
CVE-2026-31869 MEDIUM - 4.3

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the ComposerController#mentions endpoint reveals hidden group membership to any authenticated user who can message the group. By supplying allowed_names referencing a hidden-membership group...

Vendor: discourse
Product: discourse
Published: Mar 20, 2026
Source: NVD
CVE-2026-31805 MEDIUM - 5.3

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, an authorization bypass in the poll plugin allowed authenticated users to vote on, remove votes from, or toggle the open/closed status of polls they did not have access to. By passing post_i...

Vendor: discourse
Product: discourse
Published: Mar 20, 2026
Source: NVD
CVE-2026-30891 MEDIUM - 6.5

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a user could access another user's private activity due to insufficient authorization checks in the user actions endpoint. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a p...

Vendor: discourse
Product: discourse
Published: Mar 20, 2026
Source: NVD
CVE-2026-30889 MEDIUM - 4.9

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a moderator could exploit insufficient authorization checks to access metadata of posts they should not have permission to view. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a ...

Vendor: discourse
Product: discourse
Published: Mar 20, 2026
Source: NVD
CVE-2026-4466 MEDIUM - 4.7

A vulnerability has been found in Comfast CF-AC100 2.6.0.8. This affects an unknown function of the file /cgi-bin/mbox-config?method=SET&section=ntp_timezone. The manipulation leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public ...

Published: Mar 20, 2026
Source: NVD
CVE-2026-4465 MEDIUM - 6.3

A flaw has been found in D-Link DIR-513 1.10. The impacted element is an unknown function of the file /goform/formSysCmd. Executing a manipulation of the argument sysCmd can lead to os command injection. The attack may be launched remotely. The exploit has been published and may be used. This vulner...

Published: Mar 20, 2026
Source: NVD
CVE-2026-4453 MEDIUM - 4.3

Integer overflow in Dawn in Google Chrome on Mac prior to 146.0.7680.153 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Mar 20, 2026
Source: NVD
CVE-2026-32881 MEDIUM - 5.3

ewe is a Gleam web server. ewe is a Gleam web server. Versions 0.6.0 through 3.0.4 are vulnerable to authentication bypass or spoofed proxy-trust headers. Chunked transfer encoding trailer handling merges declared trailer fields into req.headers after body parsing, but the denylist only blocks 9 hea...

Vendor: vshakitskiy
Product: ewe
Published: Mar 20, 2026
Source: NVD
CVE-2026-32880 MEDIUM - 6.4

ChurchCRM is an open-source church management system. Versions prior to 7.0.2 allow an admin user to edit JSON type system settings to store a JavaScript payload that can execute when any admin views the system settings. The JSON input is left unescaped/unsanitized in SystemSettings.php, leading to ...

Vendor: ChurchCRM
Product: CRM
Published: Mar 20, 2026
Source: NVD
CVE-2026-32697 MEDIUM - 6.5

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 8.9.3, the `RecordHandler::getRecord()` method retrieves any record by module and ID without checking the current user's ACL view permission. The companion `saveRecord()` ...

Vendor: SuiteCRM
Product: SuiteCRM-Core
Published: Mar 20, 2026
Source: NVD
CVE-2026-29108 MEDIUM - 6.5

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 8.9.3, an authenticated API endpoint allows any user to retrieve detailed information about any other user, including their password hash, username, and MFA configuration. As a...

Vendor: SuiteCRM
Product: SuiteCRM-Core
Published: Mar 20, 2026
Source: NVD