Total CVEs

141,292

Critical Severity

3,799

High Severity

13,738

Last 7 Days

1,667
Quick preset (or use dates below)
Clear Filters
Showing 9,201 - 9,220 of 14,211 CVEs
CVE-2026-4147 MEDIUM - 6.5

An authenticated user with the read role may read limited amounts of uninitialized stack memory via specially-crafted issuances of the filemd5 command.

Published: Mar 17, 2026
Source: NVD
CVE-2026-28506 MEDIUM - 4.3

Outline is a service that allows for collaborative documentation. Prior to 1.5.0, the events.list API endpoint, used for retrieving activity logs, contains a logic flaw in its filtering mechanism. It allows any authenticated user to retrieve activity events associated with documents that have no col...

Vendor: outline
Product: outline
Published: Mar 17, 2026
Source: NVD
CVE-2026-21886 MEDIUM - 6.5

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.9.1, the GraphQL mutations "IndividualDeletionDeleteMutation" is intended to allow users to delete individual entity objects respectively. However, it was observed that t...

Vendor: OpenCTI-Platform
Product: opencti
Published: Mar 17, 2026
Source: NVD
CVE-2026-27978 MEDIUM - 4.3

Next.js is a React framework for building full-stack web applications. Starting in version 16.0.1 and prior to version 16.1.7, `origin: null` was treated as a "missing" origin during Server Action CSRF validation. As a result, requests from opaque contexts (such as sandboxed iframes) could...

Vendor: npm
Product: next
Published: Mar 17, 2026
Source: GitHub
CVE-2026-4324 MEDIUM - 5.4

A flaw was found in the Katello plugin for Red Hat Satellite. This vulnerability, caused by improper sanitization of user-provided input, allows a remote attacker to inject arbitrary SQL commands into the sort_by parameter of the /api/hosts/bootc_images API endpoint. This can lead to a Denial of Ser...

Vendor: rubygems
Product: katello
Published: Mar 17, 2026
Source: NVD
CVE-2025-62320 MEDIUM - 4.7

HTML Injection can be carried out in Product when a web application does not properly check or clean user input before showing it on a webpage. Because of this, an attacker may insert unwanted HTML code into the page. When the browser loads the page, it may automatically interact with external resou...

Vendor: HCL
Product: Sametime
Published: Mar 17, 2026
Source: NVD
CVE-2026-4271 MEDIUM - 5.3

A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This can lead to the appli...

Vendor: gnome
Product: libsoup
Published: Mar 17, 2026
Source: NVD
CVE-2026-28563 MEDIUM - 4.3

Apache Airflow versions 3.1.0 through 3.1.7 /ui/dependencies endpoint returns the full DAG dependency graph without filtering by authorized DAG IDs. This allows an authenticated user with only DAG Dependencies permission to enumerate DAGs they are not authorized to view. Users are recommended to u...

Vendor: Apache Software Foundation
Product: Apache Airflow
Published: Mar 17, 2026
Source: NVD
CVE-2026-32586 MEDIUM - 5.3

Missing Authorization vulnerability in Pluggabl Booster for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booster for WooCommerce: from n/a before 7.11.3.

Vendor: Pluggabl
Product: Booster for WooCommerce
Published: Mar 17, 2026
Source: NVD

The extension fails to properly define allowed classes used when deserializing transport failure metadata. An attacker may exploit this to execute untrusted serialized code. Note that an active exploit requires write access to the directory configured at $GLOBALS['TYPO3_CONF_VARS']['M...

Vendor: composer
Product: cpsit/typo3-mailqueue
Published: Mar 17, 2026
Source: NVD
CVE-2026-4308 MEDIUM - 6.3

A weakness has been identified in frdel/agent0ai agent-zero 0.9.7. This affects the function handle_pdf_document of the file python/helpers/document_query.py. This manipulation causes server-side request forgery. The attack is possible to be carried out remotely. The exploit has been made available ...

Published: Mar 17, 2026
Source: NVD
CVE-2026-4307 MEDIUM - 4.3

A security flaw has been discovered in frdel/agent0ai agent-zero 0.9.7-10. The impacted element is the function get_abs_path of the file python/helpers/files.py. The manipulation results in path traversal. The attack can be executed remotely. The exploit has been released to the public and may be us...

Published: Mar 17, 2026
Source: NVD
CVE-2026-2373 MEDIUM - 5.3

The Royal Addons for Elementor โ€“ Addons and Templates Kit for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.1049 via the get_main_query_args() function due to insufficient restrictions on which posts can be included. This makes it poss...

Published: Mar 17, 2026
Source: NVD
CVE-2026-4284 MEDIUM - 4.7

A vulnerability was determined in taoofagi easegen-admin up to 8f87936ac774065b92fb20aab55b274a6ea76433. This issue affects the function downloadFile of the file - yudao-module-digitalcourse/yudao-module-digitalcourse-biz/src/main/java/cn/iocoder/yudao/module/digitalcourse/util/PPTUtil.java of the c...

Published: Mar 16, 2026
Source: NVD
CVE-2026-21991 MEDIUM - 5.5

A DTrace component, dtprobed, allows arbitrary file creation through crafted USDT provider names.

Vendor: Oracle Corporation
Product: Oracle Linux
Published: Mar 16, 2026
Source: NVD
CVE-2026-32757 MEDIUM - 5.4

Admidio is an open-source user management solution. In versions 5.0.6 and below, the eCard send handler uses a raw $_POST['ecard_message'] value instead of the HTMLPurifier-sanitized $formValues['ecard_message'] when constructing the greeting card HTML. This allows an authenticat...

Vendor: composer
Product: admidio/admidio
Published: Mar 16, 2026
Source: GitHub
CVE-2026-32812 MEDIUM - 6.8

Admidio is an open-source user management solution. In versions 5.0.0 through 5.0.6, unrestricted URL fetch in the SSO Metadata API can result in SSRF and local file reads. The SSO Metadata fetch endpoint at modules/sso/fetch_metadata.php accepts an arbitrary URL via $_GET['url'], validate...

Vendor: composer
Product: admidio/admidio
Published: Mar 16, 2026
Source: GitHub
CVE-2026-32755 MEDIUM - 5.7

Admidio is an open-source user management solution. In versions 5.0.6 and below, the save_membership action in modules/profile/profile_function.php saves changes to a member's role membership start and end dates but does not validate the CSRF token. The handler checks stop_membership and remove...

Vendor: composer
Product: admidio/admidio
Published: Mar 16, 2026
Source: GitHub
CVE-2026-2454 MEDIUM - 5.8

Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to handle incorrectly reported array lengths which allows malicious user to cause OOM errors and crash the server via sending corrupted msgpack frames within websocket messages to calls plugin. Mattermost Advis...

Vendor: mattermost
Product: mattermost_server
Published: Mar 16, 2026
Source: NVD
CVE-2026-1629 MEDIUM - 4.3

Mattermost versions 10.11.x <= 10.11.10 Fail to invalidate cached permalink preview data when a user loses channel access which allows the user to continue viewing private channel content via previously cached permalink previews until cache reset or relogin.. Mattermost Advisory ID: MMSA-2026-005...

Vendor: mattermost
Product: mattermost_server
Published: Mar 16, 2026
Source: NVD