Total CVEs

141,537

Critical Severity

3,871

High Severity

13,923

Last 7 Days

1,646
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 9,481 - 9,500 of 14,061 CVEs
CVE-2026-24692 MEDIUM - 4.3

Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to properly enforce read permissions in search API endpoints which allows guest users without read permissions to access posts and files in channels via search API requests. Mattermost Advisory ID: MMSA-2025-00...

Vendor: Mattermost
Product: Mattermost
Published: Mar 16, 2026
Source: NVD
CVE-2026-21386 MEDIUM - 4.3

Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to use consistent error responses when handling the /mute command which allows an authenticated team member to enumerate private channels they are not authorized to know about via differing error messages for n...

Vendor: Mattermost
Product: Mattermost
Published: Mar 16, 2026
Source: NVD
CVE-2025-52644 MEDIUM - 5.8

HCL AION is affected by a vulnerability where certain user actions are not adequately audited or logged. The absence of proper auditing mechanisms may reduce traceability of user activities and could potentially impact monitoring, accountability, or incident investigation processes.

Vendor: HCL
Product: AION
Published: Mar 16, 2026
Source: NVD
CVE-2025-52643 MEDIUM - 4.7

HCL AION is affected by a vulnerability where untrusted file parsing operations are not executed within a properly isolated sandbox environment. This may expose the application to potential security risks, including unintended behaviour or integrity impact when processing specially crafted files.

Vendor: HCL
Product: AION
Published: Mar 16, 2026
Source: NVD
CVE-2026-4265 MEDIUM - 4.3

Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to validate team-specific upload_file permissions which allows a guest user to post files in channels where they lack upload_file permission via uploading files in a team where they have permission and reusing ...

Vendor: mattermost
Product: mattermost_server
Published: Mar 16, 2026
Source: NVD
CVE-2026-4241 MEDIUM - 6.3

A vulnerability was identified in itsourcecode College Management System 1.0. The impacted element is an unknown function of the file /admin/time-table.php. Such manipulation of the argument course_code leads to sql injection. The attack can be launched remotely. The exploit is publicly available an...

Published: Mar 16, 2026
Source: NVD
CVE-2026-4240 MEDIUM - 5.3

A vulnerability was determined in Open5GS up to 2.7.6. The affected element is the function smf_gx_cca_cb/smf_gy_cca_cb/smf_s6b_aaa_cb/smf_s6b_sta_cb of the component CCA Handler. This manipulation causes denial of service. The attack can be initiated remotely. The exploit has been publicly disclose...

Vendor: open5gs
Product: open5gs
Published: Mar 16, 2026
Source: NVD
CVE-2026-4238 MEDIUM - 4.7

A vulnerability has been found in itsourcecode College Management System 1.0. This issue affects some unknown processing of the file /admin/courses.php. The manipulation of the argument course_code leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed...

Published: Mar 16, 2026
Source: NVD
CVE-2026-4234 MEDIUM - 6.3

A security flaw has been discovered in SSCMS 7.4.0. This vulnerability affects unknown code of the file SitesAddController.Submit.cs of the component DDL Handler. The manipulation of the argument tableHandWrite results in sql injection. The attack can be executed remotely. The exploit has been relea...

Published: Mar 16, 2026
Source: NVD
CVE-2026-4233 MEDIUM - 4.3

A vulnerability was identified in ThingsGateway 12. This affects an unknown part of the file /api/file/download. The manipulation of the argument fileName leads to path traversal. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. The vendor was conta...

Published: Mar 16, 2026
Source: NVD
CVE-2026-4230 MEDIUM - 6.3

A vulnerability has been found in vanna-ai vanna up to 2.0.2. Affected is the function update_sql of the file src/vanna/legacy/flask/__init__.py of the component Endpoint. Such manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and ...

Published: Mar 16, 2026
Source: NVD
CVE-2026-4228 MEDIUM - 6.3

A vulnerability was detected in LB-LINK BL-WR9000 2.4.9. This affects the function sub_458754 of the file /goform/set_wifi. The manipulation results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about thi...

Vendor: lb-link
Product: bl-wr9000_firmware
Published: Mar 16, 2026
Source: NVD
CVE-2026-4216 MEDIUM - 5.3

A weakness has been identified in i-SENS SmartLog App up to 2.6.8 on Android. This affects an unknown function of the component air.SmartLog.android. This manipulation causes hard-coded credentials. The attack can only be executed locally. The exploit has been made available to the public and could ...

Published: Mar 16, 2026
Source: NVD
CVE-2026-4215 MEDIUM - 6.3

A security flaw has been discovered in FlowCI flow-core-x up to 1.23.01. The impacted element is the function Save of the file core/src/main/java/com/flowci/core/config/service/ConfigServiceImpl.java of the component SMTP Host Handler. The manipulation results in server-side request forgery. The att...

Published: Mar 16, 2026
Source: NVD
CVE-2026-4210 MEDIUM - 6.3

A security flaw has been discovered in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected by this vulnerability is t...

Vendor: dlink
Product: dnr-202l_firmware
Published: Mar 16, 2026
Source: NVD
CVE-2026-4209 MEDIUM - 6.3

A vulnerability was identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected is the function cgi_create_impo...

Vendor: dlink
Product: dnr-202l_firmware
Published: Mar 16, 2026
Source: NVD
CVE-2026-4207 MEDIUM - 6.3

A vulnerability was determined in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This impacts the function cgi_device/cgi...

Vendor: dlink
Product: dnr-202l_firmware
Published: Mar 16, 2026
Source: NVD
CVE-2026-4206 MEDIUM - 6.3

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This affects the function FMT_rebuild_diskmgr...

Vendor: dlink
Product: dnr-202l_firmware
Published: Mar 16, 2026
Source: NVD
CVE-2026-4205 MEDIUM - 6.3

A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. The impacted element is the function cgi...

Vendor: dlink
Product: dnr-202l_firmware
Published: Mar 16, 2026
Source: NVD
CVE-2026-4204 MEDIUM - 6.3

A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. The affected element is the function cgi_myfavori...

Vendor: dlink
Product: dnr-202l_firmware
Published: Mar 16, 2026
Source: NVD