Total CVEs

141,537

Critical Severity

3,871

High Severity

13,923

Last 7 Days

1,619
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 9,541 - 9,560 of 14,061 CVEs
CVE-2026-25783 MEDIUM - 4.3

Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to properly validate User-Agent header tokens which allows an authenticated attacker to cause a request panic via a specially crafted User-Agent header. Mattermost Advisory ID: MMSA-2026-00586

Vendor: Mattermost
Product: Mattermost
Published: Mar 16, 2026
Source: NVD
CVE-2026-25780 MEDIUM - 4.3

Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to bound memory allocation when processing DOC files which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted DOC file.. Mattermost Adviso...

Vendor: Mattermost
Product: Mattermost
Published: Mar 16, 2026
Source: NVD
CVE-2026-20991 MEDIUM - 4.4

Improper privilege management in ThemeManager prior to SMR Mar-2026 Release 1 allows local privileged attackers to reuse trial contents.

Vendor: Samsung Mobile
Product: Samsung Mobile Devices
Published: Mar 16, 2026
Source: NVD
CVE-2026-20988 MEDIUM - 5.0

Improper verification of intent by broadcast receiver in Settings prior to SMR Mar-2026 Release 1 allows local attacker to launch arbitrary activity with Settings privilege. User interaction is required for triggering this vulnerability.

Vendor: Samsung Mobile
Product: Samsung Mobile Devices
Published: Mar 16, 2026
Source: NVD
CVE-2026-1948 MEDIUM - 4.3

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivate_license() function in all versions up to, and including, 9.1.9. This makes it possible for authenticated attackers, with Sub...

Published: Mar 16, 2026
Source: NVD
CVE-2026-1883 MEDIUM - 4.3

The Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post Types plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the delete_folders() function due to missing validation on a user controlled key. This makes it possibl...

Published: Mar 16, 2026
Source: NVD
CVE-2026-1870 MEDIUM - 5.3

The Thim Kit for Elementor – Pre-built Templates & Widgets for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing validation checks on the 'thim-ekit/archive-course/get-courses' REST endpoint callback function in all versions up to, and includi...

Published: Mar 16, 2026
Source: NVD
CVE-2026-0977 MEDIUM - 5.1

IBM CICS Transaction Gateway for Multiplatforms 9.3 and 10.1 could allow a user to transfer or view files due to improper access controls.

Published: Mar 16, 2026
Source: NVD
CVE-2026-0385 MEDIUM - 5.0

Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability

Published: Mar 16, 2026
Source: NVD
CVE-2025-6969 MEDIUM - 5.0

in OpenHarmony v5.1.0 and prior versions allow a local attacker cause DOS through improper input.

Vendor: openatom
Product: openharmony
Published: Mar 16, 2026
Source: NVD
CVE-2025-69245 MEDIUM - 6.1

Raytha CMS is vulnerable to Reflected XSS via returnUrl parameter in logon functionality. An attacker can craft a malicious URL which, when opened by the authenticated victim, results in arbitrary JavaScript execution in the victim’s browser. This issue was fixed in 1.4.6.

Vendor: Raytha
Product: Raytha
Published: Mar 16, 2026
Source: NVD
CVE-2025-69243 MEDIUM - 5.3

Raytha CMS is vulnerable to User Enumeration in password reset functionality. Difference in messages could allow an attacker to determine if the login is valid or not, enabling a brute force attack with valid logins. This issue was fixed in version 1.5.0.

Vendor: Raytha
Product: Raytha
Published: Mar 16, 2026
Source: NVD
CVE-2025-69242 MEDIUM - 6.1

Raytha CMS is vulnerable to reflected XSS via the backToListUrl parameter. An attacker can craft a malicious URL which, when opened by authenticated victim, results in arbitrary JavaScript execution in the victim’s browser. This issue was fixed in version 1.4.6.

Vendor: Raytha
Product: Raytha
Published: Mar 16, 2026
Source: NVD
CVE-2025-69241 MEDIUM - 5.4

Raytha CMS is vulnerable to Stored XSS via FirstName and LastName parameters in profile editing functionality. Authenticated attacker can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in version 1.4.6.

Vendor: Raytha
Product: Raytha
Published: Mar 16, 2026
Source: NVD
CVE-2025-69238 MEDIUM - 4.3

Raytha CMS is vulnerable to Cross-Site Request Forgery across multiple endpoints. Attacker can craft special website, which when visited by the authenticated victim, will automatically send POST request to the endpoint (e. x. deletion of the data) without enforcing token verification.  This issue w...

Vendor: Raytha
Product: Raytha
Published: Mar 16, 2026
Source: NVD
CVE-2025-69237 MEDIUM - 5.4

Raytha CMS is vulnerable to Stored XSS via FieldValues[0].Value parameter in page creation functionality. Authenticated attacker with permissions to create content can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in versi...

Vendor: Raytha
Product: Raytha
Published: Mar 16, 2026
Source: NVD
CVE-2025-69236 MEDIUM - 5.4

Raytha CMS is vulnerable to Stored XSS via FieldValues[1].Value parameter in post editing functionality. Authenticated attacker with permissions to edit posts can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in version 1....

Vendor: Raytha
Product: Raytha
Published: Mar 16, 2026
Source: NVD
CVE-2025-52648 MEDIUM - 4.8

HCL AION is affected by a vulnerability where offering images are not digitally signed. Lack of image signing may allow the use of unverified or tampered images, potentially leading to security risks such as integrity compromise or unintended behavior in the system

Vendor: HCL
Product: AION
Published: Mar 16, 2026
Source: NVD
CVE-2025-52638 MEDIUM - 5.6

HCL AION is affected by a vulnerability where generated containers may execute binaries with root-level privileges. Running containers with root privileges may increase the potential security risk, as it grants elevated permissions within the container environment. Aligning container configurations ...

Vendor: HCL
Product: AION
Published: Mar 16, 2026
Source: NVD
CVE-2025-52637 MEDIUM - 4.5

HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific con...

Vendor: HCL
Product: AION
Published: Mar 16, 2026
Source: NVD