Total CVEs

141,537

Critical Severity

3,871

High Severity

13,923

Last 7 Days

1,636
Quick preset (or use dates below)
Clear Filters
Showing 9,741 - 9,760 of 14,444 CVEs
CVE-2025-60012 MEDIUM - 6.3

Malicious configuration can lead to unauthorized file access in Apache Livy. This issue affects Apache Livy 0.7.0 and 0.8.0 when connecting to Apache Spark 3.1 or later. A request that includes a Spark configuration value supported from Apache Spark version 3.1 can lead to users gaining access to ...

Vendor: Apache Software Foundation
Product: Apache Livy
Published: Mar 13, 2026
Source: NVD
CVE-2025-57849 MEDIUM - 6.4

A container privilege escalation flaw was found in certain Fuse images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can l...

Vendor: Red Hat
Product: Red Hat Fuse 7
Published: Mar 13, 2026
Source: NVD
CVE-2025-36368 MEDIUM - 6.5

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, and 6.2.1.0 through 6.2.1.1_1 are vulnerable to SQL injection. An administrative user could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or d...

Vendor: IBM
Product: Sterling B2B Integrator
Published: Mar 13, 2026
Source: NVD
CVE-2025-14504 MEDIUM - 5.4

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering...

Vendor: IBM
Product: Sterling B2B Integrator, Sterling File Gateway
Published: Mar 13, 2026
Source: NVD
CVE-2025-14483 MEDIUM - 4.3

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 could disclose sensitive host information to authenticated users in responses that could be used in further attacks against the system.

Vendor: IBM
Product: Sterling B2B Integrator
Published: Mar 13, 2026
Source: NVD
CVE-2025-13778 MEDIUM - 6.5

Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1.

Vendor: ABB
Product: AWIN GW100 rev.2, AWIN GW120
Published: Mar 13, 2026
Source: NVD
CVE-2025-13726 MEDIUM - 5.3

IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow a remote attacker to obtain sensitive information when detailed technical error messages are returned. This information could be used in further attacks against the system.

Vendor: IBM
Product: Sterling Partner Engagement Manager
Published: Mar 13, 2026
Source: NVD
CVE-2025-13723 MEDIUM - 5.3

IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive user information using an expired access token

Vendor: IBM
Product: Sterling Partner Engagement Manager
Published: Mar 13, 2026
Source: NVD
CVE-2025-13702 MEDIUM - 6.1

IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credenti...

Vendor: IBM
Product: Sterling Partner Engagement Manager
Published: Mar 13, 2026
Source: NVD
CVE-2023-40693 MEDIUM - 5.4

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, and 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functional...

Vendor: IBM
Product: Sterling B2B Integrator
Published: Mar 13, 2026
Source: NVD
CVE-2026-2581 MEDIUM - 5.9

This is an uncontrolled resource consumption vulnerability (CWE-400) that can lead to Denial of Service (DoS). In vulnerable Undici versions, when interceptors.deduplicate() is enabled, response data for deduplicated requests could be accumulated in memory for downstream handlers. An attacker-contr...

Vendor: npm
Product: undici
Published: Mar 12, 2026
Source: NVD
CVE-2026-1527 MEDIUM - 4.6

ImpactWhen an application passes user-controlled input to the upgrade option of client.request(), an attacker can inject CRLF sequences (\r\n) to: * Inject arbitrary HTTP headers * Terminate the HTTP request prematurely and smuggle raw data to non-HTTP services (Redis, Memcached, Elasticsearc...

Vendor: npm
Product: undici
Published: Mar 12, 2026
Source: NVD
CVE-2026-32320 MEDIUM - 6.5

Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a PathSwitchRequest containing UE Security Capabilities with zero-length NR encryption or integrity protection algorithm bitstrings, resulting in a denial of service. An attacker able to send craft...

Vendor: go
Product: github.com/ellanetworks/core
Published: Mar 12, 2026
Source: GitHub
CVE-2026-32269 MEDIUM - 6.5

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.13 and 8.6.39, the OAuth2 authentication adapter does not correctly validate app IDs when appidField and appIds are configured. During app ID validation, a malformed value is ...

Vendor: parse-community
Product: parse-server
Published: Mar 12, 2026
Source: NVD
CVE-2026-32259 MEDIUM - 6.7

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-16 and 6.9.13-41, when a memory allocation fails in the sixel encoder it would be possible to write past the end of a buffer on the stack. This vulnerability is fixed in 7.1.2-16 and 6.9.13-...

Vendor: ImageMagick
Product: ImageMagick
Published: Mar 12, 2026
Source: NVD
CVE-2026-32249 MEDIUM - 5.3

Vim is an open source, command line text editor. From 9.1.0011 to before 9.2.0137, Vim's NFA regex compiler, when encountering a collection containing a combining character as the endpoint of a character range (e.g. [0-0\u05bb]), incorrectly emits the composing bytes of that character as separa...

Vendor: vim
Product: vim
Published: Mar 12, 2026
Source: NVD
CVE-2026-32240 MEDIUM - 6.5

Cap'n Proto is a data interchange format and capability-based RPC system. Prior to 1.4.0, when using Transfer-Encoding: chunked, if a chunk's size parsed to a value of 2^64 or larger, it would be truncated to a 64-bit integer. In theory, this bug could enable HTTP request/response smugglin...

Vendor: capnproto
Product: capnproto
Published: Mar 12, 2026
Source: NVD
CVE-2026-32239 MEDIUM - 6.5

Cap'n Proto is a data interchange format and capability-based RPC system. Prior to 1.4.0, a negative Content-Length value was converted to unsigned, treating it as an impossibly large length instead. In theory, this bug could enable HTTP request/response smuggling. This vulnerability is fixed i...

Vendor: capnproto
Product: capnproto
Published: Mar 12, 2026
Source: NVD
CVE-2026-1525 MEDIUM - 6.5

Undici allows duplicate HTTP Content-Length headers when they are provided in an array with case-variant names (e.g., Content-Length and content-length). This produces malformed HTTP/1.1 requests with multiple conflicting Content-Length values on the wire. Who is impacted: * Applications using ...

Vendor: npm
Product: undici
Published: Mar 12, 2026
Source: NVD
CVE-2026-32245 MEDIUM - 6.5

Tinyauth is an authentication and authorization server. Prior to 5.0.3, the OIDC token endpoint does not verify that the client exchanging an authorization code is the same client the code was issued to. A malicious OIDC client operator can exchange another client's authorization code using the...

Vendor: steveiliop56
Product: tinyauth
Published: Mar 12, 2026
Source: NVD