Total CVEs

141,537

Critical Severity

3,871

High Severity

13,923

Last 7 Days

1,602
Quick preset (or use dates below)
Clear Filters
Showing 9,741 - 9,760 of 13,923 CVEs
CVE-2025-70249 HIGH - 7.5

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWizard2.

Vendor: dlink
Product: dir-513_firmware
Published: Mar 10, 2026
Source: NVD
CVE-2025-70247 HIGH - 7.5

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWizard1.

Vendor: dlink
Product: dir-513_firmware
Published: Mar 10, 2026
Source: NVD
CVE-2025-70246 HIGH - 7.5

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formVirtualServ.

Vendor: dlink
Product: dir-513_firmware
Published: Mar 10, 2026
Source: NVD
CVE-2025-70242 HIGH - 7.5

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the webPage parameter to goform/formSetWanPPTP.

Vendor: dlink
Product: dir-513_firmware
Published: Mar 10, 2026
Source: NVD
CVE-2025-70227 HIGH - 7.5

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the nextPage parameter to goform/formLanguageChange.

Vendor: dlink
Product: dir-513_firmware
Published: Mar 10, 2026
Source: NVD
CVE-2026-27826 HIGH - 8.2

MCP Atlassian is a Model Context Protocol (MCP) server for Atlassian products (Confluence and Jira). Prior to version 0.17.0, an unauthenticated attacker who can reach the mcp-atlassian HTTP endpoint can force the server process to make outbound HTTP requests to an arbitrary attacker-controlled URL ...

Vendor: sooperset
Product: mcp-atlassian
Published: Mar 10, 2026
Source: NVD
CVE-2026-27280 HIGH - 7.8

DNG SDK versions 1.7.1 2471 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor: Adobe
Product: DNG SDK
Published: Mar 10, 2026
Source: NVD
CVE-2026-27279 HIGH - 7.8

Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor: Adobe
Product: Substance3D - Stager
Published: Mar 10, 2026
Source: NVD
CVE-2026-27277 HIGH - 7.8

Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor: Adobe
Product: Substance3D - Stager
Published: Mar 10, 2026
Source: NVD
CVE-2026-27276 HIGH - 7.8

Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor: Adobe
Product: Substance3D - Stager
Published: Mar 10, 2026
Source: NVD
CVE-2026-27275 HIGH - 7.8

Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor: Adobe
Product: Substance3D - Stager
Published: Mar 10, 2026
Source: NVD
CVE-2026-27274 HIGH - 7.8

Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor: Adobe
Product: Substance3D - Stager
Published: Mar 10, 2026
Source: NVD
CVE-2026-27273 HIGH - 7.8

Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor: Adobe
Product: Substance3D - Stager
Published: Mar 10, 2026
Source: NVD
CVE-2026-27269 HIGH - 7.8

Premiere Pro versions 25.5 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploi...

Vendor: Adobe
Product: Premiere Pro
Published: Mar 10, 2026
Source: NVD
CVE-2026-26801 HIGH - 7.5

Server-Side Request Forgery (SSRF) vulnerability in pdfmake versions 0.3.0-beta.2 through 0.3.5 allows a remote attacker to obtain sensitive information via the src/URLResolver.js component. The fix was released in version 0.3.6 which introduces the setUrlAccessPolicy() method allowing server operat...

Vendor: npm
Product: pdfmake
Published: Mar 10, 2026
Source: NVD
CVE-2026-26742 HIGH - 8.1

PX4 Autopilot versions 1.12.x through 1.15.x contain a protection mechanism failure in the "Re-arm Grace Period" logic. The system incorrectly applies the in-air emergency re-arm logic to ground scenarios. If a pilot switches to Manual mode and re-arms within 5 seconds (default configurati...

Vendor: dronecode
Product: px4_drone_autopilot
Published: Mar 10, 2026
Source: NVD
CVE-2026-26741 HIGH - 8.1

PX4 Autopilot versions 1.12.x through 1.15.x contain a logic flaw in the mode switching mechanism. When switching from Auto mode to Manual mode while the drone is in the "ARMED" state (after landing and before the automatic disarm triggered by the COM_DISARM_LAND parameter), the system lac...

Vendor: dronecode
Product: px4_drone_autopilot
Published: Mar 10, 2026
Source: NVD
CVE-2026-26308 HIGH - 7.5

Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, the Envoy RBAC (Role-Based Access Control) filter contains a logic vulnerability in how it validates HTTP headers when multiple values are present for the same header name. Instead of validating each...

Vendor: go
Product: github.com/envoyproxy/envoy
Published: Mar 10, 2026
Source: GitHub
CVE-2026-29175 HIGH - 5.4

Craft Commerce is an ecommerce platform for Craft CMS. Prior to 5.5.3, Stored XSS vulnerabilities exist in the Commerce Inventory page. The Product Title, Variant Title, and Variant SKU fields are rendered without proper HTML escaping, allowing an attacker to execute arbitrary JavaScript when any us...

Vendor: composer
Product: craftcms/commerce
Published: Mar 10, 2026
Source: GitHub
CVE-2026-29174 HIGH - 8.8

Craft Commerce is an ecommerce platform for Craft CMS. Prior to 5.5.3, Craft Commerce is vulnerable to SQL Injection in the inventory levels table data endpoint. The sort[0][direction] and sort[0][sortField] parameters are concatenated directly into an addOrderBy() clause without any validation or s...

Vendor: composer
Product: craftcms/commerce
Published: Mar 10, 2026
Source: GitHub