Total CVEs

141,537

Critical Severity

3,871

High Severity

13,923

Last 7 Days

1,590
Quick preset (or use dates below)
Clear Filters
Showing 9,861 - 9,880 of 13,923 CVEs
CVE-2025-54820 HIGH - 8.1

A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiManager 7.4.0 through 7.4.2, FortiManager 7.2.0 through 7.2.10, FortiManager 6.4 all versions may allow a remote unauthenticated attacker to execute unauthorized commands via crafted requests, if the service is enab...

Vendor: Fortinet
Product: FortiManager
Published: Mar 10, 2026
Source: NVD
CVE-2026-3585 HIGH - 7.5

The The Events Calendar plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.15.17 via the 'ajax_create_import' function. This makes it possible for authenticated attackers, with Author-level access and above, to read the contents of arbitrary files ...

Published: Mar 10, 2026
Source: NVD
CVE-2026-30919 HIGH - 7.6

facileManager is a modular suite of web apps built with the sysadmin in mind. Prior to 6.0.4 , stored XSS (also known as persistent or second-order XSS) occurs when an application receives data from an untrusted source and includes that data in its subsequent HTTP responses in an unsafe manner. This...

Vendor: facileManager
Product: facileManager
Published: Mar 10, 2026
Source: NVD
CVE-2026-30918 HIGH - 7.6

facileManager is a modular suite of web apps built with the sysadmin in mind. Prior to 6.0.4 , a reflected XSS occurs when an application receives data from an untrusted source and uses it in its HTTP responses in a way that could lead to vulnerabilities. It is possible to inject malicious JavaScrip...

Vendor: facileManager
Product: facileManager
Published: Mar 10, 2026
Source: NVD
CVE-2026-2364 HIGH - 7.3

If a legitimate user confirms a self-update prompt or initiate an installation of a CODESYS Development System, a low privileged local attacker can gain elevated rights due to a TOCTOU vulnerability in the CODESYS installer.

Published: Mar 10, 2026
Source: NVD
CVE-2026-28281 HIGH - 7.1

InstantCMS is a free and open source content management system. Prior to 2.18.1, InstantCMS does not validate CSRF tokens, which allows attackers grant moderator privileges to users, execute scheduled tasks, move posts to trash, and accept friend requests on behalf of the user. This vulnerability is...

Vendor: instantsoft
Product: icms2
Published: Mar 10, 2026
Source: NVD
CVE-2026-27689 HIGH - 7.7

Due to an uncontrolled resource consumption (Denial of Service) vulnerability, an authenticated attacker with regular user privileges and network access can repeatedly invoke a remote-enabled function module with an excessively large loop-control parameter. This triggers prolonged loop execution tha...

Vendor: SAP_SE
Product: SAP Supply Chain Management
Published: Mar 10, 2026
Source: NVD

node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar (npm) can be tricked into creating a symlink that points outside the extraction directory by using a drive-relative symlink target such as C:../../../target.txt, which enables file overwrite outside cwd during normal tar.x() e...

Vendor: isaacs
Product: node-tar
Published: Mar 10, 2026
Source: NVD
CVE-2026-30929 HIGH - 7.7

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, MagnifyImage uses a fixed-size stack buffer. When using a specific image it is possible to overflow this buffer and corrupt the stack. This vulnerability is fixed ...

Vendor: ImageMagick
Product: ImageMagick
Published: Mar 10, 2026
Source: NVD
CVE-2026-28693 HIGH - 8.1

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an integer overflow in DIB coder can result in out of bounds read or write. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.

Vendor: ImageMagick
Product: ImageMagick
Published: Mar 10, 2026
Source: NVD
CVE-2026-28691 HIGH - 7.5

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an uninitialized pointer dereference vulnerability exists in the JBIG decoder due to a missing check. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.

Vendor: ImageMagick
Product: ImageMagick
Published: Mar 10, 2026
Source: NVD
CVE-2026-28494 HIGH - 7.1

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a stack buffer overflow exists in ImageMagick's morphology kernel parsing functions. User-controlled kernel strings exceeding a buffer are copied into fixed-s...

Vendor: ImageMagick
Product: ImageMagick
Published: Mar 10, 2026
Source: NVD
CVE-2026-28432 HIGH - 7.5

Misskey is an open source, federated social media platform. All Misskey servers prior to 2026.3.1 contain a vulnerability that allows bypassing HTTP signature verification. Although this is a vulnerability related to federation, it affects all servers regardless of whether federation is enabled or d...

Vendor: misskey-dev
Product: misskey
Published: Mar 10, 2026
Source: NVD
CVE-2026-28431 HIGH - 7.5

Misskey is an open source, federated social media platform. All Misskey servers running versions 8.45.0 and later, but prior to 2026.3.1, contain a vulnerability that allows bad actors access to data that they ordinarily wouldn't be able to access due to insufficient permission checks and prope...

Vendor: misskey-dev
Product: misskey
Published: Mar 10, 2026
Source: NVD

liquidjs is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.0, the layout, render, and include tags allow arbitrary file access via absolute paths (either as string literals or through Liquid variables, the latter require dynamicPartials: true, which is the def...

Vendor: npm
Product: liquidjs
Published: Mar 10, 2026
Source: GitHub
CVE-2026-30939 HIGH - 7.5

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.13 and 9.5.1-alpha.2, an unauthenticated attacker can crash the Parse Server process by calling a Cloud Function endpoint with a prototype property name as the function name. The serv...

Vendor: npm
Product: parse-server
Published: Mar 10, 2026
Source: GitHub
CVE-2026-30925 HIGH - 7.5

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.0-alpha.14 and 8.6.11, a malicious client can subscribe to a LiveQuery with a crafted $regex pattern that causes catastrophic backtracking, blocking the Node.js event loop. This makes...

Vendor: npm
Product: parse-server
Published: Mar 10, 2026
Source: GitHub
CVE-2026-3288 HIGH - 8.8

A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/rewrite-target` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to...

Published: Mar 09, 2026
Source: NVD
CVE-2026-25737 HIGH - 8.9

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.24.0 and earlier, an arbitrary file upload vulnerability exists even though file extension restrictions are configured. The restriction is enforced only at the UI level. An attacker can bypass these restri...

Vendor: Budibase
Product: budibase
Published: Mar 09, 2026
Source: NVD
CVE-2026-25045 HIGH - 8.8

Budibase is a low code platform for creating internal tools, workflows, and admin panels. This issue is a combination of Vertical Privilege Escalation and IDOR (Insecure Direct Object Reference) due to missing server-side RBAC checks in the /api/global/users endpoints. A Creator-level user, who shou...

Vendor: Budibase
Product: budibase
Published: Mar 09, 2026
Source: NVD