Total CVEs

141,537

Critical Severity

3,871

High Severity

13,923

Last 7 Days

1,599
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 9,801 - 9,820 of 14,061 CVEs
CVE-2026-3961 MEDIUM - 6.3

A vulnerability was determined in zyddnys manga-image-translator up to beta-0.3. The affected element is the function to_pil_image of the file manga-image-translator-main/server/request_extraction.py of the component Translate Endpoints. This manipulation causes server-side request forgery. It is po...

Published: Mar 11, 2026
Source: NVD
CVE-2026-3959 MEDIUM - 5.3

A vulnerability was found in 0xKoda WireMCP up to 7f45f8b2b4adeb76be8c6227eefb38533fdd6b1e. Impacted is the function server.tool of the file index.js of the component Tshark CLI Command Handler. The manipulation results in os command injection. The attack needs to be approached locally. The exploit ...

Published: Mar 11, 2026
Source: NVD
CVE-2026-3958 MEDIUM - 6.3

A vulnerability has been found in Woahai321 ListSync up to 0.6.6. This issue affects the function requests.post of the file list-sync-main/api_server.py of the component JSON Handler. The manipulation leads to server-side request forgery. The attack is possible to be carried out remotely. The exploi...

Published: Mar 11, 2026
Source: NVD
CVE-2026-3942 MEDIUM - 4.3

Incorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Vendor: google
Product: chrome
Published: Mar 11, 2026
Source: NVD
CVE-2026-3941 MEDIUM - 4.3

Insufficient policy enforcement in DevTools in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)

Vendor: google
Product: chrome
Published: Mar 11, 2026
Source: NVD
CVE-2026-3940 MEDIUM - 5.3

Insufficient policy enforcement in DevTools in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)

Vendor: google
Product: chrome
Published: Mar 11, 2026
Source: NVD
CVE-2026-3939 MEDIUM - 5.3

Insufficient policy enforcement in PDF in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted PDF file. (Chromium security severity: Low)

Vendor: google
Product: chrome
Published: Mar 11, 2026
Source: NVD
CVE-2026-3938 MEDIUM - 6.5

Insufficient policy enforcement in Clipboard in Google Chrome prior to 146.0.7680.71 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

Vendor: google
Product: chrome
Published: Mar 11, 2026
Source: NVD
CVE-2026-3937 MEDIUM - 6.5

Incorrect security UI in Downloads in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Vendor: google
Product: chrome
Published: Mar 11, 2026
Source: NVD
CVE-2026-3935 MEDIUM - 4.3

Incorrect security UI in WebAppInstalls in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: Mar 11, 2026
Source: NVD
CVE-2026-3934 MEDIUM - 6.5

Insufficient policy enforcement in ChromeDriver in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: Mar 11, 2026
Source: NVD
CVE-2026-3930 MEDIUM - 5.3

Unsafe navigation in Navigation in Google Chrome on iOS prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: Mar 11, 2026
Source: NVD
CVE-2026-3928 MEDIUM - 4.3

Insufficient policy enforcement in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: Mar 11, 2026
Source: NVD
CVE-2026-3927 MEDIUM - 4.3

Incorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: Mar 11, 2026
Source: NVD
CVE-2026-3925 MEDIUM - 4.3

Incorrect security UI in LookalikeChecks in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: Mar 11, 2026
Source: NVD
CVE-2026-32128 MEDIUM - 6.3

FastGPT is an AI Agent building platform. In 4.14.7 and earlier, FastGPT's Python Sandbox (fastgpt-sandbox) includes guardrails intended to prevent file writes (static detection + seccomp). These guardrails are bypassable by remapping stdout (fd 1) to an arbitrary writable file descriptor using...

Vendor: labring
Product: FastGPT
Published: Mar 11, 2026
Source: NVD
CVE-2026-3957 MEDIUM - 4.7

A flaw has been found in xierongwkhd weimai-wetapp up to 5fe9e8225be4f73f2c5087f134aff657bdf1c6f2. This vulnerability affects the function getLikeMovieList of the file source-code/src/main/java/com/moke/wp/wx_weimai/controller/HomeController.java of the component Endpoint. Executing a manipulation o...

Published: Mar 11, 2026
Source: NVD
CVE-2026-3956 MEDIUM - 4.7

A vulnerability was detected in xierongwkhd weimai-wetapp up to 5fe9e8225be4f73f2c5087f134aff657bdf1c6f2. This affects the function getAdmins of the file source-code/src/main/java/com/moke/wp/wx_weimai/controller/admin/Admin_AdminUserController.java. Performing a manipulation of the argument keyword...

Published: Mar 11, 2026
Source: NVD
CVE-2026-3955 MEDIUM - 6.3

A security vulnerability has been detected in elecV2P up to 3.8.3. Affected by this issue is the function runJSFile of the file source-code/elecV2P-master/webser/wbjs.js of the component jsfile Endpoint. Such manipulation leads to code injection. The attack may be launched remotely. The exploit has ...

Published: Mar 11, 2026
Source: NVD
CVE-2026-32125 MEDIUM - 5.4

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, track/item names from the Track Anything feature are stored from user input (POST) and later rendered in Dygraph charts (titles/labels) using innerHTML or equivalent without esc...

Vendor: openemr
Product: openemr
Published: Mar 11, 2026
Source: NVD