Total CVEs

141,537

Critical Severity

3,871

High Severity

13,923

Last 7 Days

1,618
Quick preset (or use dates below)
Clear Filters
Showing 9,641 - 9,660 of 13,923 CVEs
CVE-2026-20074 HIGH - 7.4

A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) multi-instance routing feature of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the IS-IS process to restart unexpectedly. This vulnerability is due to insufficient input validation of ing...

Vendor: Cisco
Product: Cisco IOS XR Software
Published: Mar 11, 2026
Source: NVD
CVE-2026-20046 HIGH - 8.8

A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to elevate privileges and gain full administrative control of an affected device. This vulnerability is due to incorrect mapping of a command to task groups wi...

Vendor: Cisco
Product: Cisco IOS XR Software
Published: Mar 11, 2026
Source: NVD
CVE-2026-20040 HIGH - 8.8

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI c...

Vendor: Cisco
Product: Cisco IOS XR Software
Published: Mar 11, 2026
Source: NVD
CVE-2025-68623 HIGH - 8.8

In Microsoft DirectX End-User Runtime Web Installer 9.29.1974.0, a low-privilege user can replace an executable file during the installation process, which may result in unintended elevation of privileges. During installation, the installer runs with HIGH integrity and downloads executables and DLLs...

Published: Mar 11, 2026
Source: NVD
CVE-2025-67037 HIGH - 8.8

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "tunnel" parameter when killing a tunnel connection. Injected commands are executed with root privileges.

Published: Mar 11, 2026
Source: NVD
CVE-2025-67036 HIGH - 8.8

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The Log Info page allows users to see log files by specifying their names. Due to a missing sanitization in the file name parameter, an authenticated attacker can inject arbitrary OS commands that are executed with root privileges.

Published: Mar 11, 2026
Source: NVD
CVE-2025-67034 HIGH - 8.8

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "name" parameter when deleting SSL credentials through the management interface. Injected commands are executed with root privileges.

Published: Mar 11, 2026
Source: NVD
CVE-2026-31892 HIGH - 8.1

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 2.9.0 to before 4.0.2 and 3.7.11, A user who can submit Workflows can completely bypass all security settings defined in a WorkflowTemplate by including a podSpecPatch field in their...

Vendor: argoproj
Product: argo-workflows
Published: Mar 11, 2026
Source: NVD
CVE-2026-22248 HIGH - 8.0

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. From 11.0.0 to before 11.0.5, an authenticated technician user can upload a malicious file and trigger its execution through an unsafe PHP instantiation....

Vendor: glpi-project
Product: glpi
Published: Mar 11, 2026
Source: NVD
CVE-2026-21888 HIGH - 7.5

NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. MQTT v5 Variable Byte Integer parsing out-of-bounds: get_var_integer() accepts 5-byte varints without bounds checks; reliably triggers OOB read / crash when built with ASan. This affects 0.24.6 and earlier.

Vendor: nanomq
Product: nanomq
Published: Mar 11, 2026
Source: NVD
CVE-2026-1090 HIGH - 8.7

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user, when the `markdown_placeholders` feature flag was enabled, to inject JavaScript in a browser due to improper saniti...

Vendor: gitlab
Product: gitlab
Published: Mar 11, 2026
Source: NVD
CVE-2026-1069 HIGH - 7.5

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service by sending specially crafted GraphQL requests due to uncontrolled recursion under certain circumstances.

Vendor: gitlab
Product: gitlab
Published: Mar 11, 2026
Source: NVD
CVE-2025-14513 HIGH - 7.5

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.11 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service condition due to improper input validation when processing specially crafted JSON pa...

Vendor: GitLab
Product: GitLab
Published: Mar 11, 2026
Source: NVD
CVE-2025-13929 HIGH - 7.5

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.0 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service by issuing specially crafted requests to repository archive endpoints under certain c...

Vendor: GitLab
Product: GitLab
Published: Mar 11, 2026
Source: NVD
CVE-2026-30902 HIGH - 7.8

Improper Privilege Management in certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access.

Vendor: Zoom Communications Inc.
Product: Zoom Workplace
Published: Mar 11, 2026
Source: NVD
CVE-2026-30901 HIGH - 7.0

Improper Input Validation in Zoom Rooms for Windows before 6.6.5 in Kiosk Mode may allow an authenticated user to conduct an escalation of privilege via local access.

Vendor: Zoom Communications Inc.
Product: Zoom Rooms
Published: Mar 11, 2026
Source: NVD
CVE-2026-30900 HIGH - 7.8

Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access.

Vendor: Zoom Communications Inc.
Product: Zoom Workplace
Published: Mar 11, 2026
Source: NVD
CVE-2025-70027 HIGH - 7.5

An issue pertaining to CWE-918: Server-Side Request Forgery was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. This allows attackers to obtain sensitive information

Published: Mar 11, 2026
Source: NVD
CVE-2025-67298 HIGH - 8.1

An issue in ClasroomIO before v.0.2.6 allows a remote attacker to escalate privileges via the endpoints /api/verify and /rest/v1/profile

Published: Mar 11, 2026
Source: NVD
CVE-2026-31857 HIGH - 8.8

Craft is a content management system (CMS). Prior to 5.9.9 and 4.17.4, a Remote Code Execution vulnerability exists in the Craft CMS 5 conditions system. The BaseElementSelectConditionRule::getElementIds() method passes user-controlled string input through renderObjectTemplate() -- an unsandboxed Tw...

Vendor: composer
Product: craftcms/cms
Published: Mar 11, 2026
Source: GitHub