Total CVEs

141,492

Critical Severity

3,867

High Severity

13,899

Last 7 Days

1,757
Quick preset (or use dates below)
Clear Filters
Showing 9,181 - 9,200 of 13,899 CVEs
CVE-2026-31973 HIGH - 7.5

SAMtools is a program for reading, manipulating and writing bioinformatics file formats. Starting in version 1.17, in the cram-size command, used to write information about how well CRAM files are compressed, a check to see if the `cram_decode_compression_header()` was missing. If the function retur...

Vendor: samtools
Product: samtools
Published: Mar 18, 2026
Source: NVD
CVE-2026-33226 HIGH - 8.7

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In versions from 3.30.6 and prior, the REST datasource query preview endpoint (POST /api/queries/preview) makes server-side HTTP requests to any URL supplied by the user in fields.path with no validation. An au...

Vendor: npm
Product: budibase
Published: Mar 18, 2026
Source: GitHub
CVE-2026-33204 HIGH - 7.5

SimpleJWT is a simple JSON web token library written in PHP. Prior to version 1.1.1, an unauthenticated attacker can perform a Denial of Service via JWE header tampering when PBES2 algorithms are used. Applications that call JWE::decrypt() on attacker-controlled JWEs using PBES2 algorithms are affec...

Vendor: composer
Product: kelvinmo/simplejwt
Published: Mar 18, 2026
Source: GitHub
CVE-2026-4396 HIGH - 8.3

Improper certificate validation in Devolutions Hub Reporting Service 2025.3.1.1 and earlier allows a network attacker to perform a man-in-the-middle attack via disabled TLS certificate verification.

Published: Mar 18, 2026
Source: NVD
CVE-2026-31971 HIGH - 8.1

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. When reading data encoded using the `BYTE_ARRAY_LEN` method, the `cram_byte_array_len_decode()` failed t...

Vendor: samtools
Product: htslib
Published: Mar 18, 2026
Source: NVD
CVE-2026-31970 HIGH - 8.1

HTSlib is a library for reading and writing bioinformatics file formats. GZI files are used to index block-compressed GZIP [BGZF] files. In the GZI loading function, `bgzf_index_load_hfile()`, it was possible to trigger an integer overflow, leading to an under- or zero-sized buffer being allocated ...

Vendor: samtools
Product: htslib
Published: Mar 18, 2026
Source: NVD
CVE-2026-31969 HIGH - 8.1

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. When reading data encoded using the `BYTE_ARRAY_STOP` method, an out-by-one error in the `cram_byte_arr...

Vendor: samtools
Product: htslib
Published: Mar 18, 2026
Source: NVD
CVE-2026-31968 HIGH - 8.1

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. For the `VARINT` and `CONST` encodings, incomplete validation of the context in which the encodings were...

Vendor: samtools
Product: htslib
Published: Mar 18, 2026
Source: NVD
CVE-2026-33192 HIGH - 5.3

Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request (from UDR) into a 500 Internal Server Error when handling PATCH requests with an empty supi path parameter. Additiona...

Vendor: go
Product: github.com/free5gc/udm
Published: Mar 18, 2026
Source: GitHub
CVE-2026-33191 HIGH - 8.6

Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. Versions prior to 1.4.2 are vulnerable to null byte injection in URL path parameters. A remote attacker can inject null bytes (URL-encoded as %00) into the supi path parameter of the UDM's Nudm_Subs...

Vendor: go
Product: github.com/free5gc/udm
Published: Mar 18, 2026
Source: GitHub
CVE-2026-33203 HIGH - 7.5

SiYuan is a personal knowledge management system. Prior to version 3.6.2, the SiYuan kernel WebSocket server accepts unauthenticated connections when a specific "auth keepalive" query parameter is present. After connection, incoming messages are parsed using unchecked type assertions on at...

Vendor: go
Product: github.com/siyuan-note/siyuan/kernel
Published: Mar 18, 2026
Source: GitHub

DeepDiff is a project focused on Deep Difference and search of any Python data. From version 5.0.0 to before version 8.6.2, the pickle unpickler _RestrictedUnpickler validates which classes can be loaded but does not limit their constructor arguments. A few of the types in SAFE_TO_IMPORT have constr...

Vendor: pip
Product: deepdiff
Published: Mar 18, 2026
Source: GitHub
CVE-2026-33154 HIGH - 7.5

dynaconf is a configuration management tool for Python. Prior to version 3.2.13, Dynaconf is vulnerable to Server-Side Template Injection (SSTI) due to unsafe template evaluation in the @Jinja resolver. When the jinja2 package is installed, Dynaconf evaluates template expressions embedded in configu...

Vendor: pip
Product: dynaconf
Published: Mar 18, 2026
Source: GitHub
CVE-2026-33080 HIGH - 7.3

Filament is a collection of full-stack components for accelerated Laravel development. Versions 4.0.0 through 4.8.4 and 5.0.0 through 5.3.4 have two Filament Table summarizers (Range, Values) that render raw database values without escaping HTML. If there is a lack of validation for the data in the ...

Vendor: composer
Product: filament/tables
Published: Mar 18, 2026
Source: GitHub
CVE-2026-33064 HIGH - 7.5

Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. Versions prior to 1.4.2 are vulnerable to procedure panic caused by Nil Pointer Dereference in the /sdm-subscriptions endpoint. A remote attacker can cause the UDM service to panic and crash by sending a...

Vendor: go
Product: github.com/free5gc/udm
Published: Mar 18, 2026
Source: GitHub
CVE-2026-33063 HIGH - 7.5

free5GC is an open source 5G core network. free5GC AUSF prior to version 1.4.2 has is an Improper Null Check vulnerability leading to Denial of Service. All deployments of free5GC v4.0.1 using the AUSF UE authentication service (`/nausf-auth/v1/ue-authentications` endpoint) are affected. A remote at...

Vendor: go
Product: github.com/free5gc/ausf
Published: Mar 18, 2026
Source: GitHub
CVE-2026-33062 HIGH - 7.5

free5GC is an open source 5G core network. free5GC NRF prior to version 1.4.2 has an Improper Input Validation vulnerability leading to Denial of Service. All deployments of free5GC using the NRF discovery service are affected. The `EncodeGroupId` function attempts to access array indices [0], [1], ...

Vendor: go
Product: github.com/free5gc/nrf
Published: Mar 18, 2026
Source: GitHub
CVE-2026-33172 HIGH - 8.7

Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.14 and 6.7.0, a stored XSS vulnerability in SVG asset reuploads allows authenticated users with asset upload permissions to bypass SVG sanitization and inject malicious JavaScript that executes when the ass...

Vendor: composer
Product: statamic/cms
Published: Mar 18, 2026
Source: GitHub
CVE-2026-33040 HIGH - 7.5

libp2p-rust is the official rust language Implementation of the libp2p networking stack. In versions prior to 0.49.3, the Gossipsub implementation accepts attacker-controlled PRUNE backoff values and may perform unchecked time arithmetic when storing backoff state. A specially crafted PRUNE control ...

Vendor: rust
Product: libp2p-gossipsub
Published: Mar 18, 2026
Source: GitHub
CVE-2026-33166 HIGH - 8.6

Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. The Allure report generator prior to version 2.38.0 is vulnerable to an arbitrary file read via path traversal when processing test results. An attacker can craft a malicious result file (-result.json, -contai...

Vendor: maven
Product: io.qameta.allure:allure-generator
Published: Mar 18, 2026
Source: GitHub