Total CVEs

141,492

Critical Severity

3,867

High Severity

13,899

Last 7 Days

1,601
Quick preset (or use dates below)
Clear Filters
Showing 9,681 - 9,700 of 14,430 CVEs
CVE-2026-32335 MEDIUM - 5.3

Missing Authorization vulnerability in raratheme The Conference the-conference allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Conference: from n/a through <= 1.2.5.

Vendor: raratheme
Product: The Conference
Published: Mar 13, 2026
Source: NVD
CVE-2026-32334 MEDIUM - 5.3

Missing Authorization vulnerability in raratheme JobScout jobscout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobScout: from n/a through <= 1.1.7.

Vendor: raratheme
Product: JobScout
Published: Mar 13, 2026
Source: NVD
CVE-2026-32332 MEDIUM - 5.3

Missing Authorization vulnerability in Ays Pro Easy Form easy-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form: from n/a through <= 2.7.9.

Vendor: Ays Pro
Product: Easy Form
Published: Mar 13, 2026
Source: NVD
CVE-2026-32331 MEDIUM - 4.3

Missing Authorization vulnerability in Israpil Textmetrics webtexttool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Textmetrics: from n/a through <= 3.6.4.

Vendor: Israpil
Product: Textmetrics
Published: Mar 13, 2026
Source: NVD
CVE-2026-32330 MEDIUM - 4.3

Cross-Site Request Forgery (CSRF) vulnerability in 10Web Photo Gallery by 10Web photo-gallery allows Cross Site Request Forgery.This issue affects Photo Gallery by 10Web: from n/a through <= 1.8.37.

Vendor: 10Web
Product: Photo Gallery by 10Web
Published: Mar 13, 2026
Source: NVD
CVE-2026-32329 MEDIUM - 5.3

Missing Authorization vulnerability in Ays Pro Advanced Related Posts advanced-related-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Related Posts: from n/a through <= 1.9.1.

Vendor: Ays Pro
Product: Advanced Related Posts
Published: Mar 13, 2026
Source: NVD
CVE-2026-32328 MEDIUM - 5.4

Cross-Site Request Forgery (CSRF) vulnerability in shufflehound Lemmony lemmony allows Cross Site Request Forgery.This issue affects Lemmony: from n/a through < 1.7.1.

Vendor: shufflehound
Product: Lemmony
Published: Mar 13, 2026
Source: NVD
CVE-2026-32322 MEDIUM - 5.3

soroban-sdk is a Rust SDK for Soroban contracts. Prior to 22.0.11, 23.5.3, and 25.3.0, The Fr (scalar field) types for BN254 and BLS12-381 in soroban-sdk compared values using their raw U256 representation without first reducing modulo the field modulus r. This caused mathematically equal field elem...

Vendor: stellar
Product: rs-soroban-sdk
Published: Mar 13, 2026
Source: NVD
CVE-2026-31949 MEDIUM - 6.5

LibreChat is a ChatGPT clone with additional features. Prior to 0.8.3-rc1, a Denial of Service (DoS) vulnerability exists in the DELETE /api/convos endpoint that allows an authenticated attacker to crash the Node.js server process by sending malformed requests. The DELETE /api/convos route handler a...

Vendor: danny-avila
Product: LibreChat
Published: Mar 13, 2026
Source: NVD
CVE-2026-31919 MEDIUM - 4.3

Missing Authorization vulnerability in Josh Kohlbach Advanced Coupons for WooCommerce Coupons advanced-coupons-for-woocommerce-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Coupons for WooCommerce Coupons: from n/a through <= 4.7.1.

Vendor: Josh Kohlbach
Product: Advanced Coupons for WooCommerce Coupons
Published: Mar 13, 2026
Source: NVD
CVE-2026-31918 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in immonex immonex Kickstart immonex-kickstart allows Stored XSS.This issue affects immonex Kickstart: from n/a through <= 1.13.0.

Vendor: immonex
Product: immonex Kickstart
Published: Mar 13, 2026
Source: NVD
CVE-2026-31916 MEDIUM - 5.3

Missing Authorization vulnerability in Iulia Cazan Latest Post Shortcode latest-post-shortcode allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Latest Post Shortcode: from n/a through <= 14.2.1.

Vendor: Iulia Cazan
Product: Latest Post Shortcode
Published: Mar 13, 2026
Source: NVD
CVE-2026-31915 MEDIUM - 5.3

Missing Authorization vulnerability in UX-themes Flatsome flatsome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flatsome: from n/a through <= 3.19.6.

Vendor: UX-themes
Product: Flatsome
Published: Mar 13, 2026
Source: NVD
CVE-2026-31885 MEDIUM - 6.5

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, there is an out-of-bounds read in MS-ADPCM and IMA-ADPCM decoders due to unchecked predictor and step_index values from input data. This vulnerability is fixed in 3.24.0.

Vendor: FreeRDP
Product: FreeRDP
Published: Mar 13, 2026
Source: NVD
CVE-2026-31884 MEDIUM - 6.5

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, division by zero in MS-ADPCM and IMA-ADPCM decoders when nBlockAlign is 0, leading to a crash. In libfreerdp/codec/dsp.c, both ADPCM decoders use size % block_size where block_size = context->common.format.nBlockAli...

Vendor: FreeRDP
Product: FreeRDP
Published: Mar 13, 2026
Source: NVD
CVE-2026-31883 MEDIUM - 6.5

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a size_t underflow in the IMA-ADPCM and MS-ADPCM audio decoders leads to heap-buffer-overflow write via the RDPSND audio channel. In libfreerdp/codec/dsp.c, the IMA-ADPCM and MS-ADPCM decoders subtract block header siz...

Vendor: FreeRDP
Product: FreeRDP
Published: Mar 13, 2026
Source: NVD
CVE-2026-31864 MEDIUM - 6.8

JumpServer is an open source bastion host and an operation and maintenance security audit system. a Server-Side Template Injection (SSTI) vulnerability exists in JumpServer's Applet and VirtualApp upload functionality. This vulnerability can only be exploited by users with administrative privil...

Vendor: jumpserver
Product: jumpserver
Published: Mar 13, 2026
Source: NVD
CVE-2026-31798 MEDIUM - 5.0

JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v4.10.16-lts, JumpServer improperly validates certificates in the Custom SMS API Client. When JumpServer sends MFA/OTP codes via Custom SMS API, an attacker can intercept the request and captur...

Vendor: jumpserver
Product: jumpserver
Published: Mar 13, 2026
Source: NVD
CVE-2026-30961 MEDIUM - 4.3

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, the chunked upload completion path for file requests does not validate the total file size against the per-request MaxSize limit. An attacker with a public file request link can split an ove...

Vendor: Forceu
Product: Gokapi
Published: Mar 13, 2026
Source: NVD
CVE-2026-30955 MEDIUM - 6.5

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, An API endpoint accepts unbounded request bodies without any size limit. An authenticated user can cause an OOM kill and complete service disruption for all users. This vulnerability is fixe...

Vendor: Forceu
Product: Gokapi
Published: Mar 13, 2026
Source: NVD