Total CVEs

141,492

Critical Severity

3,867

High Severity

13,899

Last 7 Days

1,679
Quick preset (or use dates below)
Clear Filters
Showing 9,541 - 9,560 of 14,430 CVEs
CVE-2025-69238 MEDIUM - 4.3

Raytha CMS is vulnerable to Cross-Site Request Forgery across multiple endpoints. Attacker can craft special website, which when visited by the authenticated victim, will automatically send POST request to the endpoint (e. x. deletion of the data) without enforcing token verification.  This issue w...

Vendor: Raytha
Product: Raytha
Published: Mar 16, 2026
Source: NVD
CVE-2025-69237 MEDIUM - 5.4

Raytha CMS is vulnerable to Stored XSS via FieldValues[0].Value parameter in page creation functionality. Authenticated attacker with permissions to create content can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in versi...

Vendor: Raytha
Product: Raytha
Published: Mar 16, 2026
Source: NVD
CVE-2025-69236 MEDIUM - 5.4

Raytha CMS is vulnerable to Stored XSS via FieldValues[1].Value parameter in post editing functionality. Authenticated attacker with permissions to edit posts can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in version 1....

Vendor: Raytha
Product: Raytha
Published: Mar 16, 2026
Source: NVD
CVE-2025-52648 MEDIUM - 4.8

HCL AION is affected by a vulnerability where offering images are not digitally signed. Lack of image signing may allow the use of unverified or tampered images, potentially leading to security risks such as integrity compromise or unintended behavior in the system

Vendor: HCL
Product: AION
Published: Mar 16, 2026
Source: NVD
CVE-2025-52638 MEDIUM - 5.6

HCL AION is affected by a vulnerability where generated containers may execute binaries with root-level privileges. Running containers with root privileges may increase the potential security risk, as it grants elevated permissions within the container environment. Aligning container configurations ...

Vendor: HCL
Product: AION
Published: Mar 16, 2026
Source: NVD
CVE-2025-52637 MEDIUM - 4.5

HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific con...

Vendor: HCL
Product: AION
Published: Mar 16, 2026
Source: NVD
CVE-2025-52458 MEDIUM - 5.5

in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios.

Vendor: OpenHarmony
Product: OpenHarmony
Published: Mar 16, 2026
Source: NVD
CVE-2025-41432 MEDIUM - 5.5

in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios.

Vendor: OpenHarmony
Product: OpenHarmony
Published: Mar 16, 2026
Source: NVD
CVE-2025-25277 MEDIUM - 6.3

in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through using incompatible type. This vulnerability can be exploited only in restricted scenarios.

Vendor: OpenHarmony
Product: OpenHarmony
Published: Mar 16, 2026
Source: NVD
CVE-2025-13460 MEDIUM - 5.3

IBM Aspera Console 3.3.0 through 3.4.8 could allow an attacker to enumerate usernames due to an observable response discrepancy.

Vendor: IBM
Product: Aspera Console
Published: Mar 16, 2026
Source: NVD
CVE-2025-13212 MEDIUM - 5.3

IBM Aspera Console 3.3.0 through 3.4.8 could allow an authenticated user to cause a denial of service in the email service due to improper control of interaction frequency.

Vendor: IBM
Product: Aspera Console
Published: Mar 16, 2026
Source: NVD
CVE-2025-12736 MEDIUM - 6.5

in OpenHarmony v5.0.3 and prior versions allow a local attacker case sensitive information leak through use of uninitialized resource.

Vendor: OpenHarmony
Product: OpenHarmony
Published: Mar 16, 2026
Source: NVD
CVE-2017-20221 MEDIUM - 4.3

Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains a cross-site request forgery vulnerability that allows authenticated attackers to execute arbitrary system commands by exploiting missing request validation. Attackers can craft malicious web pages that perform administrative actions when vi...

Vendor: Telesquare
Product: SDT-CS3B1
Published: Mar 16, 2026
Source: NVD
CVE-2017-20219 MEDIUM - 6.1

Serviio PRO 1.8 DLNA Media Streaming Server contains a DOM-based cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads. Attackers can craft URLs with malicious input that is read from document.location and passed to documen...

Vendor: Serviio
Product: Serviio PRO
Published: Mar 16, 2026
Source: NVD
CVE-2016-20036 MEDIUM - 6.1

Wowza Streaming Engine 4.5.0 contains multiple reflected cross-site scripting vulnerabilities in the enginemanager interface where input passed through various parameters is not properly sanitized before being returned to users. Attackers can inject malicious script code through parameters like appN...

Vendor: Wowza Media Systems, LLC.
Product: Wowza Streaming Engine
Published: Mar 16, 2026
Source: NVD
CVE-2016-20035 MEDIUM - 5.3

Wowza Streaming Engine 4.5.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by crafting malicious web pages. Attackers can trick logged-in administrators into visiting a malicious site that submits POST requests to the user edit endpoint t...

Vendor: Wowza Media Systems, LLC.
Product: Wowza Streaming Engine
Published: Mar 16, 2026
Source: NVD
CVE-2016-20031 MEDIUM - 5.5

ZKTeco ZKBioSecurity 3.0 contains a local authorization bypass vulnerability in visLogin.jsp that allows attackers to authenticate without valid credentials by spoofing localhost requests. Attackers can exploit the EnvironmentUtil.getClientIp() method which treats IPv6 loopback address 0:0:0:0:0:0:0...

Vendor: ZKTeco Inc.
Product: ZKTeco ZKBioSecurity
Published: Mar 16, 2026
Source: NVD
CVE-2016-20029 MEDIUM - 6.2

ZKTeco ZKBioSecurity 3.0 contains a file path manipulation vulnerability that allows attackers to access arbitrary files by modifying file paths used to retrieve local resources. Attackers can manipulate path parameters to bypass access controls and retrieve sensitive information including configura...

Vendor: ZKTeco Inc.
Product: ZKTeco ZKBioSecurity
Published: Mar 16, 2026
Source: NVD
CVE-2016-20028 MEDIUM - 4.3

ZKTeco ZKBioSecurity 3.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious websites. Attackers can craft HTTP requests that add superadmin accounts without validity checks, enabling unauthor...

Vendor: ZKTeco Inc.
Product: ZKTeco ZKBioSecurity
Published: Mar 16, 2026
Source: NVD
CVE-2016-20027 MEDIUM - 6.1

ZKTeco ZKBioSecurity 3.0 contains multiple reflected cross-site scripting vulnerabilities that allow attackers to execute arbitrary HTML and script code by injecting malicious payloads through unsanitized parameters in multiple scripts. Attackers can craft malicious URLs with XSS payloads in vulnera...

Vendor: ZKTeco Inc.
Product: ZKTeco ZKBioSecurity
Published: Mar 16, 2026
Source: NVD