Total CVEs

141,537

Critical Severity

3,871

High Severity

13,923

Last 7 Days

1,619
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 9,581 - 9,600 of 14,061 CVEs
CVE-2026-32704 MEDIUM - 6.5

SiYuan is a personal knowledge management system. Prior to 3.6.1, POST /api/template/renderSprig lacks model.CheckAdminRole, allowing any authenticated user to execute arbitrary SQL queries against the SiYuan workspace database and exfiltrate all note content, metadata, and custom attributes. This v...

Vendor: go
Product: github.com/siyuan-note/siyuan/kernel
Published: Mar 13, 2026
Source: GitHub
CVE-2026-32630 MEDIUM - 5.3

file-type detects the file type of a file, stream, or data. From 20.0.0 to 21.3.1, a crafted ZIP file can trigger excessive memory growth during type detection in file-type when using fileTypeFromBuffer(), fileTypeFromBlob(), or fileTypeFromFile(). The ZIP inflate output limit is enforced for stream...

Vendor: npm
Product: file-type
Published: Mar 13, 2026
Source: GitHub
CVE-2026-32594 MEDIUM - 7.3

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.40 and 9.6.0-alpha.14, the GraphQL WebSocket endpoint for subscriptions does not pass requests through the Express middleware chain that enforces authentication, introspection control...

Vendor: npm
Product: parse-server
Published: Mar 13, 2026
Source: GitHub
CVE-2026-4105 MEDIUM - 6.7

A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a s...

Published: Mar 13, 2026
Source: NVD
CVE-2026-4063 MEDIUM - 4.3

The Social Icons Widget & Block by WPZOOM plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check in the add_menu_item() method hooked to admin_menu in all versions up to, and including, 4.5.8. This is due to the method performing wp_insert_post() a...

Published: Mar 13, 2026
Source: NVD
CVE-2026-3986 MEDIUM - 6.4

The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form settings in all versions up to, and including, 5.4.5.0. This is due to insufficient capability checks on the form settings save handler and insufficient input sanitization of the `fcontent` fiel...

Published: Mar 13, 2026
Source: NVD
CVE-2026-32745 MEDIUM - 6.3

In JetBrains Datalore before 2026.1 session hijacking was possible due to missing secure attribute for cookie settings

Vendor: JetBrains
Product: Datalore
Published: Mar 13, 2026
Source: NVD
CVE-2026-32612 MEDIUM - 5.4

Statamic is a Laravel and Git powered content management system (CMS). Prior to 6.6.2, stored XSS in the control panel color mode preference allows authenticated users with control panel access to inject malicious JavaScript that executes when a higher-privileged user impersonates their account. Thi...

Vendor: statamic
Product: cms
Published: Mar 13, 2026
Source: NVD
CVE-2026-32598 MEDIUM - 6.5

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.24, the password reset flow logs the complete password reset URL โ€” containing the plaintext reset token โ€” at INFO log level, which is enabled by default in production. Anyone with access to application logs (log aggre...

Vendor: OneUptime
Product: oneuptime
Published: Mar 13, 2026
Source: NVD
CVE-2026-32543 MEDIUM - 5.3

Missing Authorization vulnerability in CyberChimps Responsive Blocks responsive-block-editor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Blocks: from n/a through <= 2.2.0.

Vendor: CyberChimps
Product: Responsive Blocks
Published: Mar 13, 2026
Source: NVD
CVE-2026-32487 MEDIUM - 5.3

Missing Authorization vulnerability in raratheme Lawyer Landing Page lawyer-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lawyer Landing Page: from n/a through <= 1.2.7.

Vendor: raratheme
Product: Lawyer Landing Page
Published: Mar 13, 2026
Source: NVD
CVE-2026-32486 MEDIUM - 5.3

Missing Authorization vulnerability in wptravelengine Travel Booking travel-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Booking: from n/a through <= 1.3.9.

Vendor: wptravelengine
Product: Travel Booking
Published: Mar 13, 2026
Source: NVD
CVE-2026-32462 MEDIUM - 5.9

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Liton Arefin Master Addons for Elementor master-addons allows DOM-Based XSS.This issue affects Master Addons for Elementor: from n/a through <= 2.1.3.

Vendor: Liton Arefin
Product: Master Addons for Elementor
Published: Mar 13, 2026
Source: NVD
CVE-2026-32461 MEDIUM - 5.3

Missing Authorization vulnerability in Really Simple Plugins Really Simple SSL really-simple-ssl allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Really Simple SSL: from n/a through <= 9.5.7.

Vendor: Really Simple Plugins
Product: Really Simple SSL
Published: Mar 13, 2026
Source: NVD
CVE-2026-32460 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Ultimate Addons for Contact Form 7 ultimate-addons-for-contact-form-7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Addons fo...

Vendor: Themefic
Product: Ultimate Addons for Contact Form 7
Published: Mar 13, 2026
Source: NVD
CVE-2026-32457 MEDIUM - 5.3

Missing Authorization vulnerability in Wombat Plugins Advanced Product Fields (Product Addons) for WooCommerce advanced-product-fields-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Product Fields (Product Addons) for WooCommerce: ...

Vendor: Wombat Plugins
Product: Advanced Product Fields (Product Addons) for WooCommerce
Published: Mar 13, 2026
Source: NVD
CVE-2026-32456 MEDIUM - 4.3

Cross-Site Request Forgery (CSRF) vulnerability in Janis Elsts Admin Menu Editor admin-menu-editor allows Cross Site Request Forgery.This issue affects Admin Menu Editor: from n/a through <= 1.14.1.

Vendor: Janis Elsts
Product: Admin Menu Editor
Published: Mar 13, 2026
Source: NVD
CVE-2026-32455 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows DOM-Based XSS.This issue affects MDTF: from n/a through <= 1.3.5.

Vendor: RealMag777
Product: MDTF
Published: Mar 13, 2026
Source: NVD
CVE-2026-32454 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeFusion Avada Core fusion-core allows DOM-Based XSS.This issue affects Avada Core: from n/a through < 5.15.0.

Vendor: ThemeFusion
Product: Avada Core
Published: Mar 13, 2026
Source: NVD
CVE-2026-32453 MEDIUM - 5.3

Missing Authorization vulnerability in ThemeFusion Avada Core fusion-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Avada Core: from n/a through < 5.15.0.

Vendor: ThemeFusion
Product: Avada Core
Published: Mar 13, 2026
Source: NVD