Total CVEs

141,292

Critical Severity

3,799

High Severity

13,738

Last 7 Days

1,667
Quick preset (or use dates below)
Clear Filters
Showing 8,981 - 9,000 of 13,738 CVEs
CVE-2026-22558 HIGH - 7.7

An Authenticated NoSQL Injection vulnerability found in UniFi Network Application could allow a malicious actor with authenticated access to the network to escalate privileges.

Vendor: Ubiquiti Inc
Product: UniFi Network Application
Published: Mar 19, 2026
Source: NVD
CVE-2025-71260 HIGH - 8.8

BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a deserialization of untrusted data vulnerability in the ASP.NET servlet's VIEWSTATE handling that allows authenticated attackers to execute arbitrary code. Attackers can supply crafted serialized objects to the VIEWSTATE parame...

Vendor: BMC Software, Inc.
Product: FootPrints
Published: Mar 19, 2026
Source: NVD
CVE-2025-71257 HIGH - 7.3

BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain an authentication bypass vulnerability due to improper enforcement of security filters on restricted REST API endpoints and servlets. Unauthenticated remote attackers can bypass access controls to invoke restricted functionality and ...

Vendor: BMC Software, Inc.
Product: FootPrints
Published: Mar 19, 2026
Source: NVD

Ruby JSON is a JSON implementation for Ruby. From version 2.14.0 to before versions 2.15.2.1, 2.17.1.2, and 2.19.2, a format string injection vulnerability can lead to denial of service attacks or information disclosure, when the allow_duplicate_key: false parsing option is used to parse user suppli...

Vendor: rubygems
Product: json
Published: Mar 19, 2026
Source: GitHub
CVE-2026-33241 HIGH - 7.5

Salvo is a Rust web framework. Prior to version 0.89.3, Salvo's form data parsing implementations (`form_data()` method and `Extractible` macro) do not enforce payload size limits before reading request bodies into memory. This allows attackers to cause Out-of-Memory (OOM) conditions by sending...

Vendor: rust
Product: salvo
Published: Mar 19, 2026
Source: GitHub
CVE-2026-33242 HIGH - 7.5

Salvo is a Rust web framework. Versions 0.39.0 through 0.89.2 have a Path Traversal and Access Control Bypass vulnerability in the salvo-proxy component. The vulnerability allows an unauthenticated external attacker to bypass proxy routing constraints and access unintended backend paths (e.g., prote...

Vendor: rust
Product: salvo
Published: Mar 19, 2026
Source: GitHub
CVE-2026-33236 HIGH - 8.1

NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, the NLTK downloader does not validate the `subdir` and `id` attributes when processing remote XML index ...

Vendor: pip
Product: nltk
Published: Mar 19, 2026
Source: GitHub
CVE-2026-33231 HIGH - 7.5

NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, `nltk.app.wordnet_app` allows unauthenticated remote shutdown of the local WordNet Browser HTTP server w...

Vendor: pip
Product: nltk
Published: Mar 19, 2026
Source: GitHub
CVE-2026-33068 HIGH - 8.8

Claude Code is an agentic coding tool. Versions prior to 2.1.53 resolved the permission mode from settings files, including the repo-controlled .claude/settings.json, before determining whether to display the workspace trust confirmation dialog. A malicious repository could set permissions.defaultMo...

Vendor: npm
Product: @anthropic-ai/claude-code
Published: Mar 19, 2026
Source: GitHub
CVE-2026-3658 HIGH - 7.5

The Appointment Booking Calendar โ€” Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the 'fields' parameter in all versions up to, and including, 1.6.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient pr...

Published: Mar 19, 2026
Source: NVD
CVE-2026-3511 HIGH - 8.6

Improper Restriction of XML External Entity Reference vulnerability in XMLUtils.java in Slovensko.Digital Autogram allows remote unauthenticated attacker to conduct SSRF (Server Side Request Forgery) attacks and obtain unauthorized access to local files on filesystems running the vulnerable applicat...

Published: Mar 19, 2026
Source: NVD
CVE-2006-10002 HIGH - 7.5

XML::Parser versions through 2.47 for Perl could overflow the pre-allocated buffer size cause a heap corruption (double free or corruption) and crashes. A :utf8 PerlIO layer, parse_stream() in Expat.xs could overflow the XML input buffer because Perl's read() returns decoded characters while S...

Vendor: TODDR
Product: XML::Parser
Published: Mar 19, 2026
Source: NVD
CVE-2026-27070 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPEverest Everest Forms Pro allows Stored XSS.This issue affects Everest Forms Pro: from n/a through 1.9.10.

Vendor: WPEverest
Product: Everest Forms Pro
Published: Mar 19, 2026
Source: NVD
CVE-2026-27068 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ryan Howard Website LLMs.Txt allows Reflected XSS.This issue affects Website LLMs.Txt: from n/a through 8.2.6.

Vendor: Ryan Howard
Product: Website LLMs.txt
Published: Mar 19, 2026
Source: NVD
CVE-2026-25445 HIGH - 8.8

Deserialization of Untrusted Data vulnerability in Membership Software WishList Member X allows Object Injection.This issue affects WishList Member X: from n/a through 3.29.0.

Vendor: Membership Software
Product: WishList Member X
Published: Mar 19, 2026
Source: NVD
CVE-2026-25443 HIGH - 7.5

Missing Authorization vulnerability in Dotstore Fraud Prevention For Woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fraud Prevention For Woocommerce: from n/a through 2.3.3.

Vendor: Dotstore
Product: Fraud Prevention For Woocommerce
Published: Mar 19, 2026
Source: NVD
CVE-2026-25442 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QantumThemes Kentha allows Reflected XSS.This issue affects Kentha: from n/a through 4.7.2.

Vendor: QantumThemes
Product: Kentha
Published: Mar 19, 2026
Source: NVD
CVE-2026-25438 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeHunk Gutenberg Blocks allows Reflected XSS.This issue affects Gutenberg Blocks: from n/a through 1.2.8.

Vendor: ThemeHunk
Product: Gutenberg Blocks
Published: Mar 19, 2026
Source: NVD
CVE-2025-68836 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Markbeljaars Table of Contents Creator allows Reflected XSS.This issue affects Table of Contents Creator: from n/a through 1.6.4.1.

Vendor: Markbeljaars
Product: Table of Contents Creator
Published: Mar 19, 2026
Source: NVD
CVE-2025-67618 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ArtstudioWorks Brookside allows Reflected XSS.This issue affects Brookside: from n/a through 1.4.

Vendor: ArtstudioWorks
Product: Brookside
Published: Mar 19, 2026
Source: NVD