Total CVEs

141,292

Critical Severity

3,799

High Severity

13,738

Last 7 Days

1,666
Quick preset (or use dates below)
Clear Filters
Showing 9,301 - 9,320 of 14,211 CVEs
CVE-2026-2461 MEDIUM - 4.3

Mattermost Plugins versions <=11.3 11.0.3 11.2.2 10.10.11.0 fail to implement authorisation checks on comment block modifications, which allows an authorised attacker with editor permission to modify comments created by other board members. Mattermost Advisory ID: MMSA-2025-00559

Vendor: mattermost
Product: mattermost_server
Published: Mar 16, 2026
Source: NVD
CVE-2026-2458 MEDIUM - 4.3

Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to properly validate team membership when searching channels which allows a removed team member to enumerate all public channels within a private team via the channel search API endpoint.. Mattermost Advisory I...

Vendor: go
Product: github.com/mattermost/mattermost/server/v8
Published: Mar 16, 2026
Source: NVD
CVE-2026-2457 MEDIUM - 4.3

Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to sanitize client-supplied post metadata which allows an authenticated attacker to spoof permalink embeds impersonating other users via crafted PUT requests to the post update API endpoint.. Mattermost Advisor...

Vendor: mattermost
Product: mattermost_server
Published: Mar 16, 2026
Source: NVD
CVE-2026-2456 MEDIUM - 5.3

Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 Mattermost fails to limit the size of responses from integration action endpoints, which allows an authenticated attacker to cause server memory exhaustion and denial of service via a malicious integration server th...

Vendor: go
Product: github.com/mattermost/mattermost/server/v8
Published: Mar 16, 2026
Source: NVD
CVE-2026-2233 MEDIUM - 5.3

The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the draft_post() function in all versions up to, and including, 4.2.8. This makes i...

Published: Mar 16, 2026
Source: NVD
CVE-2026-28522 MEDIUM - 6.5

arduino-TuyaOpen before version 1.2.1 contains a null pointer dereference vulnerability in the WiFiUDP component. An attacker on the same local area network can send a large volume of malicious UDP packets to cause memory exhaustion on the device, triggering a null pointer dereference and resulting ...

Vendor: Tuya
Product: arduino-TuyaOpen
Published: Mar 16, 2026
Source: NVD
CVE-2026-26246 MEDIUM - 4.3

Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to bound memory allocation when processing PSD image files which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted PSD file. Mattermost A...

Vendor: Mattermost
Product: Mattermost
Published: Mar 16, 2026
Source: NVD
CVE-2026-25783 MEDIUM - 4.3

Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to properly validate User-Agent header tokens which allows an authenticated attacker to cause a request panic via a specially crafted User-Agent header. Mattermost Advisory ID: MMSA-2026-00586

Vendor: Mattermost
Product: Mattermost
Published: Mar 16, 2026
Source: NVD
CVE-2026-25780 MEDIUM - 4.3

Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to bound memory allocation when processing DOC files which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted DOC file.. Mattermost Adviso...

Vendor: Mattermost
Product: Mattermost
Published: Mar 16, 2026
Source: NVD
CVE-2026-20991 MEDIUM - 4.4

Improper privilege management in ThemeManager prior to SMR Mar-2026 Release 1 allows local privileged attackers to reuse trial contents.

Vendor: Samsung Mobile
Product: Samsung Mobile Devices
Published: Mar 16, 2026
Source: NVD
CVE-2026-20988 MEDIUM - 5.0

Improper verification of intent by broadcast receiver in Settings prior to SMR Mar-2026 Release 1 allows local attacker to launch arbitrary activity with Settings privilege. User interaction is required for triggering this vulnerability.

Vendor: Samsung Mobile
Product: Samsung Mobile Devices
Published: Mar 16, 2026
Source: NVD
CVE-2026-1948 MEDIUM - 4.3

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivate_license() function in all versions up to, and including, 9.1.9. This makes it possible for authenticated attackers, with Sub...

Published: Mar 16, 2026
Source: NVD
CVE-2026-1883 MEDIUM - 4.3

The Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post Types plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the delete_folders() function due to missing validation on a user controlled key. This makes it possibl...

Published: Mar 16, 2026
Source: NVD
CVE-2026-1870 MEDIUM - 5.3

The Thim Kit for Elementor – Pre-built Templates & Widgets for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing validation checks on the 'thim-ekit/archive-course/get-courses' REST endpoint callback function in all versions up to, and includi...

Published: Mar 16, 2026
Source: NVD
CVE-2026-0977 MEDIUM - 5.1

IBM CICS Transaction Gateway for Multiplatforms 9.3 and 10.1 could allow a user to transfer or view files due to improper access controls.

Published: Mar 16, 2026
Source: NVD
CVE-2026-0385 MEDIUM - 5.0

Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability

Published: Mar 16, 2026
Source: NVD
CVE-2025-6969 MEDIUM - 5.0

in OpenHarmony v5.1.0 and prior versions allow a local attacker cause DOS through improper input.

Vendor: openatom
Product: openharmony
Published: Mar 16, 2026
Source: NVD
CVE-2025-69245 MEDIUM - 6.1

Raytha CMS is vulnerable to Reflected XSS via returnUrl parameter in logon functionality. An attacker can craft a malicious URL which, when opened by the authenticated victim, results in arbitrary JavaScript execution in the victim’s browser. This issue was fixed in 1.4.6.

Vendor: Raytha
Product: Raytha
Published: Mar 16, 2026
Source: NVD
CVE-2025-69243 MEDIUM - 5.3

Raytha CMS is vulnerable to User Enumeration in password reset functionality. Difference in messages could allow an attacker to determine if the login is valid or not, enabling a brute force attack with valid logins. This issue was fixed in version 1.5.0.

Vendor: Raytha
Product: Raytha
Published: Mar 16, 2026
Source: NVD
CVE-2025-69242 MEDIUM - 6.1

Raytha CMS is vulnerable to reflected XSS via the backToListUrl parameter. An attacker can craft a malicious URL which, when opened by authenticated victim, results in arbitrary JavaScript execution in the victim’s browser. This issue was fixed in version 1.4.6.

Vendor: Raytha
Product: Raytha
Published: Mar 16, 2026
Source: NVD