Total CVEs

141,492

Critical Severity

3,867

High Severity

13,899

Last 7 Days

1,728
Quick preset (or use dates below)
Clear Filters
Showing 9,461 - 9,480 of 14,430 CVEs
CVE-2026-32632 MEDIUM - 5.9

Glances is an open-source system cross-platform monitoring tool. Glances recently added DNS rebinding protection for the MCP endpoint, but prior to version 4.5.2, the main REST/WebUI FastAPI application still accepts arbitrary `Host` headers and does not apply `TrustedHostMiddleware` or an equivalen...

Vendor: pip
Product: Glances
Published: Mar 16, 2026
Source: GitHub
CVE-2026-28499 MEDIUM - 6.1

LeafKit is a templating language with Swift-inspired syntax. Prior to version 1.14.2, HTML escaping doesn't work correctly when a template prints a collection (Array / Dictionary) via `#(value)`. This can result in XSS, allowing potentially untrusted input to be rendered unescaped. Version 1.14...

Vendor: swift
Product: leaf-kit
Published: Mar 16, 2026
Source: GitHub
CVE-2026-32587 MEDIUM - 5.4

Missing Authorization vulnerability in Saad Iqbal WP EasyPay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP EasyPay: from n/a through 4.2.11.

Vendor: Saad Iqbal
Product: WP EasyPay
Published: Mar 16, 2026
Source: NVD
CVE-2026-32583 MEDIUM - 5.3

Missing Authorization vulnerability in Webnus Inc. Modern Events Calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Modern Events Calendar: from n/a through 7.29.0.

Vendor: Webnus Inc.
Product: Modern Events Calendar
Published: Mar 16, 2026
Source: NVD
CVE-2025-57543 MEDIUM - 6.1

Cross Site scripting vulnerability (XSS) in NetBox 4.3.5 "comment" field on object forms. An attacker can inject arbitrary HTML, which will be rendered in the web UI when viewed by other users. This could potentially lead to user interface redress attacks or be escalated to XSS in certain ...

Vendor: netbox
Product: netbox
Published: Mar 16, 2026
Source: NVD
CVE-2026-2455 MEDIUM - 4.3

Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to canonicalize IPv4-mapped IPv6 addresses before reserved IP validation which allows an attacker to perform SSRF attacks against internal services via IPv4-mapped IPv6 literals (e.g., [::ffff:127.0.0.1]).. Mat...

Vendor: mattermost
Product: mattermost_server
Published: Mar 16, 2026
Source: NVD
CVE-2026-24692 MEDIUM - 4.3

Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to properly enforce read permissions in search API endpoints which allows guest users without read permissions to access posts and files in channels via search API requests. Mattermost Advisory ID: MMSA-2025-00...

Vendor: Mattermost
Product: Mattermost
Published: Mar 16, 2026
Source: NVD
CVE-2026-21386 MEDIUM - 4.3

Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to use consistent error responses when handling the /mute command which allows an authenticated team member to enumerate private channels they are not authorized to know about via differing error messages for n...

Vendor: Mattermost
Product: Mattermost
Published: Mar 16, 2026
Source: NVD
CVE-2025-52644 MEDIUM - 5.8

HCL AION is affected by a vulnerability where certain user actions are not adequately audited or logged. The absence of proper auditing mechanisms may reduce traceability of user activities and could potentially impact monitoring, accountability, or incident investigation processes.

Vendor: HCL
Product: AION
Published: Mar 16, 2026
Source: NVD
CVE-2025-52643 MEDIUM - 4.7

HCL AION is affected by a vulnerability where untrusted file parsing operations are not executed within a properly isolated sandbox environment. This may expose the application to potential security risks, including unintended behaviour or integrity impact when processing specially crafted files.

Vendor: HCL
Product: AION
Published: Mar 16, 2026
Source: NVD
CVE-2026-4265 MEDIUM - 4.3

Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to validate team-specific upload_file permissions which allows a guest user to post files in channels where they lack upload_file permission via uploading files in a team where they have permission and reusing ...

Vendor: mattermost
Product: mattermost_server
Published: Mar 16, 2026
Source: NVD
CVE-2026-4241 MEDIUM - 6.3

A vulnerability was identified in itsourcecode College Management System 1.0. The impacted element is an unknown function of the file /admin/time-table.php. Such manipulation of the argument course_code leads to sql injection. The attack can be launched remotely. The exploit is publicly available an...

Published: Mar 16, 2026
Source: NVD
CVE-2026-4240 MEDIUM - 5.3

A vulnerability was determined in Open5GS up to 2.7.6. The affected element is the function smf_gx_cca_cb/smf_gy_cca_cb/smf_s6b_aaa_cb/smf_s6b_sta_cb of the component CCA Handler. This manipulation causes denial of service. The attack can be initiated remotely. The exploit has been publicly disclose...

Vendor: open5gs
Product: open5gs
Published: Mar 16, 2026
Source: NVD
CVE-2026-4238 MEDIUM - 4.7

A vulnerability has been found in itsourcecode College Management System 1.0. This issue affects some unknown processing of the file /admin/courses.php. The manipulation of the argument course_code leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed...

Published: Mar 16, 2026
Source: NVD
CVE-2026-4234 MEDIUM - 6.3

A security flaw has been discovered in SSCMS 7.4.0. This vulnerability affects unknown code of the file SitesAddController.Submit.cs of the component DDL Handler. The manipulation of the argument tableHandWrite results in sql injection. The attack can be executed remotely. The exploit has been relea...

Published: Mar 16, 2026
Source: NVD
CVE-2026-4233 MEDIUM - 4.3

A vulnerability was identified in ThingsGateway 12. This affects an unknown part of the file /api/file/download. The manipulation of the argument fileName leads to path traversal. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. The vendor was conta...

Published: Mar 16, 2026
Source: NVD
CVE-2026-4230 MEDIUM - 6.3

A vulnerability has been found in vanna-ai vanna up to 2.0.2. Affected is the function update_sql of the file src/vanna/legacy/flask/__init__.py of the component Endpoint. Such manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and ...

Published: Mar 16, 2026
Source: NVD
CVE-2026-4228 MEDIUM - 6.3

A vulnerability was detected in LB-LINK BL-WR9000 2.4.9. This affects the function sub_458754 of the file /goform/set_wifi. The manipulation results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about thi...

Vendor: lb-link
Product: bl-wr9000_firmware
Published: Mar 16, 2026
Source: NVD
CVE-2026-4216 MEDIUM - 5.3

A weakness has been identified in i-SENS SmartLog App up to 2.6.8 on Android. This affects an unknown function of the component air.SmartLog.android. This manipulation causes hard-coded credentials. The attack can only be executed locally. The exploit has been made available to the public and could ...

Published: Mar 16, 2026
Source: NVD
CVE-2026-4215 MEDIUM - 6.3

A security flaw has been discovered in FlowCI flow-core-x up to 1.23.01. The impacted element is the function Save of the file core/src/main/java/com/flowci/core/config/service/ConfigServiceImpl.java of the component SMTP Host Handler. The manipulation results in server-side request forgery. The att...

Published: Mar 16, 2026
Source: NVD