Total CVEs

141,492

Critical Severity

3,867

High Severity

13,899

Last 7 Days

1,757
Quick preset (or use dates below)
Clear Filters
Showing 9,441 - 9,460 of 14,430 CVEs
CVE-2026-32759 MEDIUM - 8.1

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. In versions 2.61.2 and below, the TUS resumable upload handler parses the Upload-Length header as a signed 64-bit integer without validating that the value is non-...

Vendor: go
Product: github.com/filebrowser/filebrowser/v2
Published: Mar 16, 2026
Source: GitHub
CVE-2026-30882 MEDIUM - 6.1

Chamilo LMS is a learning management system. Chamilo LMS version 1.11.34 and prior contains a Reflected Cross-Site Scripting (XSS) vulnerability in the session category listing page. The keyword parameter from $_REQUEST is echoed directly into an HTML href attribute without any encoding or sanitizat...

Vendor: chamilo
Product: chamilo-lms
Published: Mar 16, 2026
Source: NVD
CVE-2026-30876 MEDIUM - 5.3

Chamilo LMS is a learning management system. Prior to version 1.11.36, Chamilo is vulnerable to user enumeration with valid/invalid username. This issue has been patched in version 1.11.36.

Vendor: chamilo
Product: chamilo-lms
Published: Mar 16, 2026
Source: NVD
CVE-2026-29516 MEDIUM - 4.9

Buffalo TeraStation NAS TS5400R firmware version 4.02-0.06 and prior contain an excessive file permissions vulnerability that allows authenticated attackers to read the /etc/shadow file by uploading and executing a PHP file through the webserver. Attackers can exploit world-readable permissions on /...

Vendor: Buffalo
Product: TeraStation NAS TS5400R
Published: Mar 16, 2026
Source: NVD
CVE-2026-26304 MEDIUM - 4.3

Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2 fail to verify run_create permission for empty playbookId, which allows team members to create unauthorized runs via the playbook run API. Mattermost Advisory ID: MMSA-2025-00542

Vendor: Mattermost
Product: Mattermost
Published: Mar 16, 2026
Source: NVD
CVE-2025-69693 MEDIUM - 5.4

Out-of-bounds read in FFmpeg 8.0 and 8.0.1 RV60 video decoder (libavcodec/rv60dec.c). The quantization parameter (qp) validation at line 2267 only checks the lower bound (qp < 0) but is missing upper bound validation. The qp value can reach 65 (base value 63 from 6-bit frame header + offset +2 fr...

Vendor: ffmpeg
Product: ffmpeg
Published: Mar 16, 2026
Source: NVD
CVE-2025-69727 MEDIUM - 5.3

An Incorrect Access Control vulnerability exists in INDEX-EDUCATION PRONOTE prior to 2025.2.8. The affected components (index.js and composeUrlImgPhotoIndividu) allow the construction of direct URLs to user profile images based solely on predictable identifiers such as user IDs and names. Due to mis...

Published: Mar 16, 2026
Source: NVD
CVE-2026-32751 MEDIUM - 9.0

SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the mobile file tree (MobileFiles.ts) renders notebook names via innerHTML without HTML escaping when processing renamenotebook WebSocket events. The desktop version (Files.ts) properly uses escapeHtml() for the same oper...

Vendor: go
Product: github.com/siyuan-note/siyuan/kernel
Published: Mar 16, 2026
Source: GitHub
CVE-2026-32750 MEDIUM - 6.8

SiYuan is a personal knowledge management system. In versions 3.6.0 and below, POST /api/import/importStdMd passes the localPath parameter directly to model.ImportFromLocalPath with zero path validation. The function recursively reads every file under the given path and permanently stores their cont...

Vendor: go
Product: github.com/siyuan-note/siyuan
Published: Mar 16, 2026
Source: GitHub
CVE-2026-32747 MEDIUM - 6.8

SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the globalCopyFiles API eads source files using filepath.Abs() with no workspace boundary check, relying solely on util.IsSensitivePath() whose blocklist omits /proc/, /run/secrets/, and home directory dotfiles. An admin...

Vendor: go
Product: github.com/siyuan-note/siyuan/kernel
Published: Mar 16, 2026
Source: GitHub
CVE-2026-4253 MEDIUM - 4.7

A security flaw has been discovered in Tenda AC8 16.03.50.11. This affects the function route_set_user_policy_rule of the file /cgi-bin/UploadCfg of the component Web Interface. The manipulation of the argument wans.policy.list1 results in os command injection. It is possible to launch the attack re...

Vendor: tenda
Product: ac8_firmware
Published: Mar 16, 2026
Source: NVD
CVE-2026-29521 MEDIUM - 4.3

Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a cross-site request forgery vulnerability that allows attackers to modify device configuration by exploiting missing CSRF protections in setup.cgi. Attackers can host malicious pages that submit forged requests using automatically-include...

Vendor: Shenzhen Hereta Technology Co., Ltd.
Product: Hereta ETH-IMC408M
Published: Mar 16, 2026
Source: NVD
CVE-2026-29520 MEDIUM - 6.1

Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a reflected cross-site scripting vulnerability in the Network Diagnosis ping function that allows attackers to execute arbitrary JavaScript. Attackers can craft malicious links with injected script payloads in the ping_ipaddr parameter to ...

Vendor: Shenzhen Hereta Technology Co., Ltd.
Product: Hereta ETH-IMC408M
Published: Mar 16, 2026
Source: NVD
CVE-2026-29513 MEDIUM - 5.4

Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a stored cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary JavaScript by manipulating the Device Location field. Attackers can inject malicious scripts through the System Status interface that execu...

Vendor: Shenzhen Hereta Technology Co., Ltd.
Product: Hereta ETH-IMC408M
Published: Mar 16, 2026
Source: NVD
CVE-2026-29510 MEDIUM - 5.4

Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a stored cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary JavaScript by manipulating the Device Name field. Attackers can inject malicious scripts through the System Status interface that execute i...

Vendor: Shenzhen Hereta Technology Co., Ltd.
Product: Hereta ETH-IMC408M
Published: Mar 16, 2026
Source: NVD

The Amazon S3 for Craft CMS plugin provides an Amazon S3 integration for Craft CMS. In versions 2.0.2 through 2.2.4, unauthenticated users can view a list of buckets the plugin has access to. The `BucketsController->actionLoadBucketData()` endpoint allows unauthenticated users with a valid CSRF t...

Vendor: composer
Product: craftcms/aws-s3
Published: Mar 16, 2026
Source: GitHub
CVE-2026-32262 MEDIUM - 4.3

Craft CMS is a content management system (CMS). From version 4.0.0-RC1 to before version 4.17.5 and from version 5.0.0-RC1 to before version 5.9.11, the AssetsController->replaceFile() method has a targetFilename body parameter that is used unsanitized in a deleteFile() call before Assets::prepar...

Vendor: composer
Product: craftcms/cms
Published: Mar 16, 2026
Source: GitHub
CVE-2026-4270 MEDIUM - 5.5

Improper Protection of Alternate Path exists in the no-access and workdir feature of the AWS API MCP Server versions >= 0.2.14 and < 1.3.9 on all platforms may allow the bypass of intended file access restriction and expose arbitrary local file contents in the MCP client application context. ...

Vendor: pip
Product: awslabs.aws-api-mcp-server
Published: Mar 16, 2026
Source: NVD
CVE-2025-65734 MEDIUM - 5.4

An authenticated arbitrary file upload vulnerability in the Courses/Work Assignments module of gunet Open eClass v3.11, and fixed in v3.13, allows attackers to execute arbitrary code via uploading a crafted SVG file.

Published: Mar 16, 2026
Source: NVD
CVE-2026-32723 MEDIUM - 4.7

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.35, SandboxJS timers have an execution-quota bypass. A global tick state (`currentTicks.current`) is shared between sandboxes. Timer string handlers are compiled at execution time using that global tick state rather than the scheduling sandb...

Vendor: npm
Product: @nyariv/sandboxjs
Published: Mar 16, 2026
Source: GitHub