Total CVEs

141,537

Critical Severity

3,871

High Severity

13,923

Last 7 Days

1,618
Quick preset (or use dates below)
Clear Filters
Showing 9,621 - 9,640 of 13,923 CVEs
CVE-2026-32097 HIGH - 8.8

PingPong is a platform for using large language models (LLMs) for teaching and learning. Prior to 7.27.2, an authenticated user may be able to retrieve or delete files outside the intended authorization scope. This issue could result in retrieval or deletion of private files, including user-uploaded...

Vendor: comppolicylab
Product: pingpong
Published: Mar 11, 2026
Source: NVD
CVE-2026-31979 HIGH - 8.8

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Prior to 3.1.0 and 2.3.8, the himmelblaud-tasks daemon, running as root, writes Kerberos cache files under /tmp/krb5cc_<uid> without symlink protections. Since commit 87a51ee, PrivateTmp is explicitly removed from...

Vendor: himmelblau-idm
Product: himmelblau
Published: Mar 11, 2026
Source: NVD
CVE-2026-31958 HIGH - 7.5

Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit on the number of parts in multipart/form-data is the max_body_size setting (default 100MB). Since parsing occurs synchronously on the main thread, this creates the possibility...

Vendor: tornadoweb
Product: tornado
Published: Mar 11, 2026
Source: NVD
CVE-2026-31895 HIGH - 8.8

WeGIA is a web manager for charitable institutions. Prior to version 3.6.6, WeGIA (Web gerenciador para instituições assistenciais) contains a SQL injection vulnerability in html/matPat/restaurar_produto.php. The id_produto parameter from $_GET is directly interpolated into SQL queries without param...

Vendor: LabRedesCefetRJ
Product: WeGIA
Published: Mar 11, 2026
Source: NVD
CVE-2026-31894 HIGH - 7.5

WeGIA is a web manager for charitable institutions. In 3.6.5, The patched loadBackupDB() extracts tar.gz archives to a temporary directory using PHP's PharData class, then uses glob() and file_get_contents() to read SQL files from the extracted contents. Neither the extraction nor the file read...

Vendor: LabRedesCefetRJ
Product: WeGIA
Published: Mar 11, 2026
Source: NVD
CVE-2026-27703 HIGH - 7.5

RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other embedded devices. In 2026.01 and earlier, the default handler for the well_known_core resource coap_well_known_core_default_handler writes user-provided option da...

Vendor: RIOT-OS
Product: RIOT
Published: Mar 11, 2026
Source: NVD
CVE-2026-31889 HIGH - 8.9

Shopware is an open commerce platform. Prior to 6.6.10.15 and 6.7.8.1, a vulnerability in the Shopware app registration flow that could, under specific conditions, allow attackers to take over the communication channel between a shop and an app. The legacy app registration flow used HMAC‑based authe...

Vendor: composer
Product: shopware/platform
Published: Mar 11, 2026
Source: GitHub
CVE-2026-31887 HIGH - 7.5

Shopware is an open commerce platform. Prior to 6.7.8.1 and 6.6.10.15, an insufficient check on the filter types for unauthenticated customers allows access to orders of other customers. This is part of the deepLinkCode support on the store-api.order endpoint. This vulnerability is fixed in 6.7.8.1 ...

Vendor: shopware
Product: core, platform
Published: Mar 11, 2026
Source: NVD
CVE-2026-31881 HIGH - 7.7

Runtipi is a personal homeserver orchestrator. Prior to 4.8.0, an unauthenticated attacker can reset the operator (admin) password when a password-reset request is active, resulting in full account takeover. The endpoint POST /api/auth/reset-password is exposed without authentication/authorization c...

Vendor: runtipi
Product: runtipi
Published: Mar 11, 2026
Source: NVD
CVE-2019-25486 HIGH - 8.2

Varient 1.6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the user_id parameter. Attackers can submit POST requests with crafted SQL payloads in the user_id field to bypass authentication and extract sensi...

Vendor: Varient
Product: Varient SQL Inj.
Published: Mar 11, 2026
Source: NVD
CVE-2019-25483 HIGH - 8.4

Comtrend AR-5310 GE31-412SSG-C01_R10.A2pG039u.d24k contains a restricted shell escape vulnerability that allows local users to bypass command restrictions by using the command substitution operator $( ). Attackers can inject arbitrary commands through the $( ) syntax when passed as arguments to allo...

Vendor: Comtrend
Product: AR-5310
Published: Mar 11, 2026
Source: NVD
CVE-2019-25480 HIGH - 7.5

ARMBot contains an unrestricted file upload vulnerability in upload.php that allows unauthenticated attackers to upload arbitrary files by manipulating the file parameter with path traversal sequences. Attackers can upload PHP files with traversal payloads ../public_html/ to write executable code to...

Vendor: ARMBot
Product: ARMBot
Published: Mar 11, 2026
Source: NVD
CVE-2019-25478 HIGH - 7.5

GetGo Download Manager 6.2.2.3300 contains a buffer overflow vulnerability that allows remote attackers to cause denial of service by sending HTTP responses with excessively long headers. Attackers can craft malicious HTTP responses with oversized header values to crash the application and make it u...

Vendor: Getgosoft
Product: GetGo Download Manager
Published: Mar 11, 2026
Source: NVD
CVE-2019-25472 HIGH - 7.5

IntelBras Telefone IP TIP200 and 200 LITE contain an unauthenticated arbitrary file read vulnerability in the dumpConfigFile function accessible via the cgiServer.exx endpoint. Attackers can send GET requests to /cgi-bin/cgiServer.exx with the command parameter containing dumpConfigFile() to read se...

Vendor: Intelbras
Product: Telefone IP TIP 200, Telefone IP TIP 200 LITE
Published: Mar 11, 2026
Source: NVD
CVE-2019-25470 HIGH - 7.5

eWON Firmware versions 12.2 to 13.0 contain an authentication bypass vulnerability that allows attackers with minimal privileges to retrieve sensitive user data by exploiting the wsdReadForm endpoint. Attackers can send POST requests to /wrcgi.bin/wsdReadForm with base64-encoded partial credentials ...

Vendor: eWON
Product: eWON
Published: Mar 11, 2026
Source: NVD
CVE-2019-25467 HIGH - 8.4

Verypdf docPrint Pro 8.0 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized alphanumeric encoded payload in the User Password or Master Password fields. Attackers can craft a malicious payload with en...

Vendor: Verypdf
Product: docPrint Pro
Published: Mar 11, 2026
Source: NVD
CVE-2019-25466 HIGH - 8.4

Easy File Sharing Web Server 7.2 contains a local structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by creating a malicious username. Attackers can craft a username with a payload containing 4059 bytes of padding followed by a nseh valu...

Vendor: Sharing-File
Product: Easy File Sharing Web Server
Published: Mar 11, 2026
Source: NVD
CVE-2019-25465 HIGH - 7.5

Hisilicon HiIpcam V100R003 contains a directory traversal vulnerability that allows unauthenticated attackers to access sensitive configuration files by exploiting directory listing in the cgi-bin directory. Attackers can request the getadslattr.cgi endpoint to retrieve ADSL credentials and network ...

Vendor: Hisilicon
Product: HiIpcam
Published: Mar 11, 2026
Source: NVD
CVE-2026-31870 HIGH - 7.5

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.1, when a cpp-httplib client uses the streaming API (httplib::stream::Get, httplib::stream::Post, etc.), the library calls std::stoull() directly on the Content-Length header value received from the serve...

Vendor: yhirose
Product: cpp-httplib
Published: Mar 11, 2026
Source: NVD
CVE-2026-20163 HIGH - 7.2

In Splunk Enterprise versions below 10.2.0, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.5, 10.0.2503.12, 10.1.2507.16, and 9.3.2411.124, a user who holds a role that contains the high-privilege capability `edit_cmd` could execute arbitrary shell commands using the `...

Vendor: Splunk
Product: Splunk Enterprise, Splunk Cloud Platform
Published: Mar 11, 2026
Source: NVD