Total CVEs

141,537

Critical Severity

3,871

High Severity

13,923

Last 7 Days

1,619
Quick preset (or use dates below)
Clear Filters
Showing 9,781 - 9,800 of 14,444 CVEs
CVE-2026-4013 MEDIUM - 6.3

A vulnerability was identified in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown function of the file add_admin.php. Such manipulation leads to improper authorization. The attack may be launched remotely.

Published: Mar 12, 2026
Source: NVD
CVE-2026-3994 MEDIUM - 5.3

A vulnerability was detected in rui314 mold up to 2.40.4. This issue affects the function mold::ObjectFilemold::X86_64::initialize_sections of the file src/input-files.cc of the component Object File Handler. Performing a manipulation results in heap-based buffer overflow. Attacking locally is a req...

Published: Mar 12, 2026
Source: NVD
CVE-2026-3993 MEDIUM - 4.3

A security vulnerability has been detected in itsourcecode Payroll Management System 1.0. This vulnerability affects unknown code of the file /manage_employee_deductions.php. Such manipulation of the argument ID leads to cross site scripting. The attack may be launched remotely. The exploit has been...

Published: Mar 12, 2026
Source: NVD
CVE-2026-3992 MEDIUM - 6.3

A weakness has been identified in CodeGenieApp serverless-express up to 4.17.1. This affects an unknown part of the file utils/dynamodb.ts of the component Users Endpoint. This manipulation of the argument filter causes injection. The attack may be initiated remotely. The exploit has been made avail...

Published: Mar 12, 2026
Source: NVD
CVE-2026-3990 MEDIUM - 4.3

A security flaw has been discovered in CesiumGS CesiumJS up to 1.137.0. Affected by this issue is some unknown functionality of the file Apps/Sandcastle/standalone.html. The manipulation of the argument c results in cross site scripting. The attack can be launched remotely. The exploit has been rele...

Published: Mar 12, 2026
Source: NVD
CVE-2026-2687 MEDIUM - 4.3

The Reading progressbar WordPress plugin before 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Published: Mar 12, 2026
Source: NVD
CVE-2025-15473 MEDIUM - 4.3

The Timetics WordPress plugin before 1.0.52 does not have authorization in a REST endpoint, allowing unauthenticated users to arbitrarily change a booking's payment status and post status for the "timetics-booking" custom post type.

Vendor: Unknown
Product: Timetics
Published: Mar 12, 2026
Source: NVD
CVE-2026-3982 MEDIUM - 4.3

A vulnerability was determined in itsourcecode University Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view_result.php. Executing a manipulation of the argument vr can lead to cross site scripting. The attack can be executed remotely. The exploit has...

Published: Mar 12, 2026
Source: NVD
CVE-2026-3979 MEDIUM - 5.3

A flaw has been found in quickjs-ng quickjs up to 0.12.1. This affects the function js_iterator_concat_return of the file quickjs.c. This manipulation causes use after free. The attack requires local access. The exploit has been published and may be used. Patch name: daab4ad4bae4ef071ed0294618d6244e...

Published: Mar 12, 2026
Source: NVD
CVE-2026-3977 MEDIUM - 6.3

A security vulnerability has been detected in projectsend up to r1945. The affected element is an unknown function of the component AJAX Endpoints. The manipulation leads to missing authorization. The attack can be initiated remotely. The identifier of the patch is 35dfd6f08f7d517709c77ee73e57367141...

Published: Mar 12, 2026
Source: NVD
CVE-2026-3226 MEDIUM - 4.3

The LearnPress โ€“ WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized email notification triggering due to missing capability checks on all 10 functions in the SendEmailAjax class in all versions up to, and including, 4.3.2.8. The AbstractAjax::catch_lp_ajax() dispatcher verifies ...

Published: Mar 12, 2026
Source: NVD
CVE-2026-1182 MEDIUM - 4.3

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.14 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to gain unauthorized access to confidential issue title created in public projects under certain circumstances.

Vendor: gitlab
Product: gitlab
Published: Mar 12, 2026
Source: NVD
CVE-2026-3968 MEDIUM - 6.3

A vulnerability has been found in AutohomeCorp frostmourne up to 1.0. This affects the function scriptEngine.eval of the file ExpressionRule.java of the component Oracle Nashorn JavaScript Engine. Such manipulation of the argument EXPRESSION leads to code injection. The attack can be executed remote...

Published: Mar 12, 2026
Source: NVD
CVE-2026-3967 MEDIUM - 6.3

A flaw has been found in Alfresco Activiti up to 7.19/8.8.0. Affected by this issue is the function deserialize/createObjectInputStream of the file activiti-core/activiti-engine/src/main/java/org/activiti/engine/impl/variable/SerializableType.java of the component Process Variable Serialization Syst...

Published: Mar 12, 2026
Source: NVD
CVE-2026-3966 MEDIUM - 6.3

A vulnerability was detected in 648540858 wvp-GB28181-pro up to 2.7.4-20260107. Affected by this vulnerability is the function getDownloadFilePath of the file /src/main/java/com/genersoft/iot/vmp/media/abl/ABLMediaNodeServerService.java of the component IP Address Handler. The manipulation of the ar...

Published: Mar 12, 2026
Source: NVD
CVE-2026-3965 MEDIUM - 6.3

A security vulnerability has been detected in whyour qinglong up to 2.20.1. Affected is an unknown function of the file back/loaders/express.ts of the component API Interface. The manipulation of the argument command leads to protection mechanism failure. The attack may be initiated remotely. The ex...

Vendor: npm
Product: @whyour/qinglong
Published: Mar 12, 2026
Source: NVD
CVE-2026-2808 MEDIUM - 6.8

HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5.

Vendor: go
Product: github.com/hashicorp/consul
Published: Mar 12, 2026
Source: NVD
CVE-2026-3964 MEDIUM - 5.3

A weakness has been identified in OpenAkita up to 1.24.3. This impacts the function run of the file src/openakita/tools/shell.py of the component Chat API Endpoint. Executing a manipulation of the argument Message can lead to os command injection. The attack is restricted to local execution. The exp...

Published: Mar 11, 2026
Source: NVD
CVE-2026-3962 MEDIUM - 4.3

A vulnerability was identified in Jcharis Machine-Learning-Web-Apps up to a6996b634d98ccec4701ac8934016e8175b60eb5. The impacted element is the function render_template of the file Machine-Learning-Web-Apps-master/Build-n-Deploy-Flask-App-with-Waypoint/app/app.py of the component Jinja2 Template Han...

Published: Mar 11, 2026
Source: NVD
CVE-2026-31988 MEDIUM - 5.3

yauzl (aka Yet Another Unzip Library) version 3.2.0 for Node.js contains an off-by-one error in the NTFS extended timestamp extra field parser within the getLastModDate() function. The while loop condition checks cursor < data.length + 4 instead of cursor + 4 <= data.length, allowing readUInt1...

Vendor: thejoshwolfe
Product: yauzl
Published: Mar 11, 2026
Source: NVD