Total CVEs

141,537

Critical Severity

3,871

High Severity

13,923

Last 7 Days

1,598
Quick preset (or use dates below)
Clear Filters
Showing 9,761 - 9,780 of 13,923 CVEs
CVE-2026-29172 HIGH - 8.8

Craft Commerce is an ecommerce platform for Craft CMS. Prior to 4.10.2 and 5.5.3, Craft Commerce is vulnerable to SQL Injection in the purchasables table endpoint. The sort parameter is split by | and the first part (column name) is passed directly as an array key to orderBy() without whitelist vali...

Vendor: composer
Product: craftcms/commerce
Published: Mar 10, 2026
Source: GitHub
CVE-2026-3854 HIGH - 8.8

An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an attacker with push access to a repository to achieve remote code execution on the instance. During a git push operation, user-supplied push option values were not properly sanitize...

Vendor: github
Product: enterprise_server
Published: Mar 10, 2026
Source: NVD
CVE-2026-3847 HIGH - 8.8

Memory safety bugs present in Firefox 148.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 148.0.2.

Vendor: mozilla
Product: firefox
Published: Mar 10, 2026
Source: NVD
CVE-2026-3845 HIGH - 8.8

Heap buffer overflow in the Audio/Video: Playback component in Firefox for Android. This vulnerability affects Firefox < 148.0.2.

Vendor: mozilla
Product: firefox
Published: Mar 10, 2026
Source: NVD
CVE-2026-3483 HIGH - 7.8

An exposed dangerous method in Ivanti DSM before version 2026.1.1 allows a local authenticated attacker to escalate their privileges.

Vendor: ivanti
Product: desktop_\&_server_management
Published: Mar 10, 2026
Source: NVD
CVE-2026-31796 HIGH - 7.8

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-based buffer overflow in icCurvesFromXml() causing heap memory corruption or crash. This vulnerability is fixed in 2.3.1.5.

Vendor: InternationalColorConsortium
Product: iccDEV
Published: Mar 10, 2026
Source: NVD
CVE-2026-31795 HIGH - 7.8

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack buffer overflow write in CIccXform3DLut::Apply() corrupting stack memory or crash. This vulnerability is fixed in 2.3.1.5.

Vendor: InternationalColorConsortium
Product: iccDEV
Published: Mar 10, 2026
Source: NVD
CVE-2026-31792 HIGH - 7.8

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a null pointer dereference in CIccTagXmlStruct::ParseTag() causing a segmentation fault or denial of service. This vulnerability is fixed in 2.3.1.5.

Vendor: InternationalColorConsortium
Product: iccDEV
Published: Mar 10, 2026
Source: NVD
CVE-2026-30987 HIGH - 7.8

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack buffer overflow in CIccTagNum<>::GetValues() causing stack memory corruption or crash. This vulnerability is fixed in 2.3.1.5.

Vendor: InternationalColorConsortium
Product: iccDEV
Published: Mar 10, 2026
Source: NVD
CVE-2026-30985 HIGH - 7.8

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-based buffer overflow write in CIccMatrixMath::SetRange() causing memory corruption or crash. This vulnerability is fixed in 2.3.1.5.

Vendor: InternationalColorConsortium
Product: iccDEV
Published: Mar 10, 2026
Source: NVD
CVE-2026-30983 HIGH - 7.8

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack buffer overflow in icFixXml() (strcpy) causing stack memory corruption or crash. This vulnerability is fixed in 2.3.1.5.

Vendor: InternationalColorConsortium
Product: iccDEV
Published: Mar 10, 2026
Source: NVD
CVE-2026-30979 HIGH - 7.8

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-based buffer overflow in CIccCalculatorFunc::InitSelectOp() triggered with local user interaction causing memory corruption/crash. This vulnerability is fixed in 2.3.1.5.

Vendor: InternationalColorConsortium
Product: iccDEV
Published: Mar 10, 2026
Source: NVD
CVE-2026-30978 HIGH - 7.8

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-use-after-free in CIccCmm::AddXform() causing invalid vptr dereference and crash. This vulnerability is fixed in 2.3.1.5.

Vendor: InternationalColorConsortium
Product: iccDEV
Published: Mar 10, 2026
Source: NVD
CVE-2026-30958 HIGH - 7.2

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, an unauthenticated path traversal in the /workflow/docs/:componentName endpoint allows reading arbitrary files from the server filesystem. The componentName route parameter is concatenated directly into a file pat...

Vendor: OneUptime
Product: oneuptime
Published: Mar 10, 2026
Source: NVD
CVE-2026-30945 HIGH - 7.1

StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.0, the DELETE /studiocms_api/dashboard/api-tokens endpoint allows any authenticated user with editor privileges or above to revoke API tokens belonging to any other user, including admin and owner acc...

Vendor: withstudiocms
Product: studiocms
Published: Mar 10, 2026
Source: NVD
CVE-2026-30944 HIGH - 8.8

StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.0, the /studiocms_api/dashboard/api-tokens endpoint allows any authenticated user (at least Editor) to generate API tokens for any other user, including owner and admin accounts. The endpoint fails to...

Vendor: withstudiocms
Product: studiocms
Published: Mar 10, 2026
Source: NVD
CVE-2026-30941 HIGH - 7.5

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.14 and 9.5.2-alpha.1, NoSQL injection vulnerability allows an unauthenticated attacker to inject MongoDB query operators via the token field in the password reset and email verificati...

Vendor: parse-community
Product: parse-server
Published: Mar 10, 2026
Source: NVD
CVE-2026-2724 HIGH - 7.2

The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form entry fields in all versions up to, and including, 2.0.5. This is due to insufficient input sanitization and output escaping on form submission data displayed in the admin Form Entries...

Published: Mar 10, 2026
Source: NVD
CVE-2026-2339 HIGH - 7.5

Missing Authentication for Critical Function vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Remote Code Inclusion, Privilege Abuse, Command Injection.This issue affects Liderahenk: before v3.4.0.

Published: Mar 10, 2026
Source: NVD
CVE-2026-26738 HIGH - 7.8

Buffer Overflow vulnerability in Uderzo Software SpaceSniffer v.2.0.5.18 allows a remote attacker to execute arbitrary code via a crafted .sns snapshot file.

Published: Mar 10, 2026
Source: NVD