Total CVEs

141,537

Critical Severity

3,871

High Severity

13,923

Last 7 Days

1,619
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 9,561 - 9,580 of 14,061 CVEs
CVE-2025-52458 MEDIUM - 5.5

in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios.

Vendor: OpenHarmony
Product: OpenHarmony
Published: Mar 16, 2026
Source: NVD
CVE-2025-41432 MEDIUM - 5.5

in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios.

Vendor: OpenHarmony
Product: OpenHarmony
Published: Mar 16, 2026
Source: NVD
CVE-2025-25277 MEDIUM - 6.3

in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through using incompatible type. This vulnerability can be exploited only in restricted scenarios.

Vendor: OpenHarmony
Product: OpenHarmony
Published: Mar 16, 2026
Source: NVD
CVE-2025-13460 MEDIUM - 5.3

IBM Aspera Console 3.3.0 through 3.4.8 could allow an attacker to enumerate usernames due to an observable response discrepancy.

Vendor: IBM
Product: Aspera Console
Published: Mar 16, 2026
Source: NVD
CVE-2025-13212 MEDIUM - 5.3

IBM Aspera Console 3.3.0 through 3.4.8 could allow an authenticated user to cause a denial of service in the email service due to improper control of interaction frequency.

Vendor: IBM
Product: Aspera Console
Published: Mar 16, 2026
Source: NVD
CVE-2025-12736 MEDIUM - 6.5

in OpenHarmony v5.0.3 and prior versions allow a local attacker case sensitive information leak through use of uninitialized resource.

Vendor: OpenHarmony
Product: OpenHarmony
Published: Mar 16, 2026
Source: NVD
CVE-2017-20221 MEDIUM - 4.3

Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains a cross-site request forgery vulnerability that allows authenticated attackers to execute arbitrary system commands by exploiting missing request validation. Attackers can craft malicious web pages that perform administrative actions when vi...

Vendor: Telesquare
Product: SDT-CS3B1
Published: Mar 16, 2026
Source: NVD
CVE-2017-20219 MEDIUM - 6.1

Serviio PRO 1.8 DLNA Media Streaming Server contains a DOM-based cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads. Attackers can craft URLs with malicious input that is read from document.location and passed to documen...

Vendor: Serviio
Product: Serviio PRO
Published: Mar 16, 2026
Source: NVD
CVE-2016-20036 MEDIUM - 6.1

Wowza Streaming Engine 4.5.0 contains multiple reflected cross-site scripting vulnerabilities in the enginemanager interface where input passed through various parameters is not properly sanitized before being returned to users. Attackers can inject malicious script code through parameters like appN...

Vendor: Wowza Media Systems, LLC.
Product: Wowza Streaming Engine
Published: Mar 16, 2026
Source: NVD
CVE-2016-20035 MEDIUM - 5.3

Wowza Streaming Engine 4.5.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by crafting malicious web pages. Attackers can trick logged-in administrators into visiting a malicious site that submits POST requests to the user edit endpoint t...

Vendor: Wowza Media Systems, LLC.
Product: Wowza Streaming Engine
Published: Mar 16, 2026
Source: NVD
CVE-2016-20031 MEDIUM - 5.5

ZKTeco ZKBioSecurity 3.0 contains a local authorization bypass vulnerability in visLogin.jsp that allows attackers to authenticate without valid credentials by spoofing localhost requests. Attackers can exploit the EnvironmentUtil.getClientIp() method which treats IPv6 loopback address 0:0:0:0:0:0:0...

Vendor: ZKTeco Inc.
Product: ZKTeco ZKBioSecurity
Published: Mar 16, 2026
Source: NVD
CVE-2016-20029 MEDIUM - 6.2

ZKTeco ZKBioSecurity 3.0 contains a file path manipulation vulnerability that allows attackers to access arbitrary files by modifying file paths used to retrieve local resources. Attackers can manipulate path parameters to bypass access controls and retrieve sensitive information including configura...

Vendor: ZKTeco Inc.
Product: ZKTeco ZKBioSecurity
Published: Mar 16, 2026
Source: NVD
CVE-2016-20028 MEDIUM - 4.3

ZKTeco ZKBioSecurity 3.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious websites. Attackers can craft HTTP requests that add superadmin accounts without validity checks, enabling unauthor...

Vendor: ZKTeco Inc.
Product: ZKTeco ZKBioSecurity
Published: Mar 16, 2026
Source: NVD
CVE-2016-20027 MEDIUM - 6.1

ZKTeco ZKBioSecurity 3.0 contains multiple reflected cross-site scripting vulnerabilities that allow attackers to execute arbitrary HTML and script code by injecting malicious payloads through unsanitized parameters in multiple scripts. Attackers can craft malicious URLs with XSS payloads in vulnera...

Vendor: ZKTeco Inc.
Product: ZKTeco ZKBioSecurity
Published: Mar 16, 2026
Source: NVD
CVE-2015-20119 MEDIUM - 6.4

Next Click Ventures RealtyScript 4.0.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious HTML and iframe elements through the text parameter in the pages.php admin interface. Attackers can submit POST requests to the add page action with cra...

Vendor: Next Click Ventures
Product: RealtyScript
Published: Mar 16, 2026
Source: NVD
CVE-2015-20117 MEDIUM - 5.3

Next Click Ventures RealtyScript 4.0.2 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create unauthorized user accounts and administrative users by crafting malicious forms. Attackers can submit hidden form data to /admin/addusers.php and /admin/editadmi...

Vendor: Next Click Ventures
Product: RealtyScript
Published: Mar 16, 2026
Source: NVD
CVE-2015-20116 MEDIUM - 6.1

Next Click Ventures RealtyScript 4.0.2 fails to properly sanitize CSV file uploads, allowing attackers to inject malicious scripts through filename parameters in multipart form data. Attackers can upload files with XSS payloads in the filename field to execute arbitrary JavaScript in users' bro...

Vendor: Next Click Ventures
Product: RealtyScript
Published: Mar 16, 2026
Source: NVD
CVE-2015-20114 MEDIUM - 6.1

Next Click Ventures RealtyScript 4.0.2 contains a cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious input through multiple parameters that are not properly sanitized. Attackers can craft requests with injected script payloads in...

Vendor: Next Click Ventuers
Product: RealtyScript
Published: Mar 16, 2026
Source: NVD
CVE-2015-20113 MEDIUM - 5.3

Next Click Ventures RealtyScript 4.0.2 contains cross-site request forgery and persistent cross-site scripting vulnerabilities that allow attackers to perform administrative actions and inject malicious scripts. Attackers can craft malicious web pages that execute unauthorized actions when logged-in...

Vendor: Next Click Ventuers
Product: RealtyScript
Published: Mar 16, 2026
Source: NVD
CVE-2013-20005 MEDIUM - 5.3

Qool CMS 2.0 RC2 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious web pages. Attackers can forge POST requests to the /admin/adduser endpoint with parameters like username, password, email,...

Vendor: Qool
Product: Qool CMS
Published: Mar 16, 2026
Source: NVD