Total CVEs

143,749

Critical Severity

4,091

High Severity

14,758

Last 7 Days

1,541
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 981 - 1,000 of 1,590 CVEs
CVE-2026-5254 LOW - 3.5

A security vulnerability has been detected in welovemedia FFmate up to 2.0.15. Affected by this issue is some unknown functionality of the file /ui/app/components/AppJsonTreeView.vue of the component Webhook Handler. The manipulation leads to cross site scripting. The attack may be initiated remotel...

Published: Apr 01, 2026
Source: NVD
CVE-2026-5253 LOW - 3.5

A weakness has been identified in bufanyun HotGo 1.0/2.0. Affected by this vulnerability is an unknown functionality of the file /web/src/layout/components/Header/MessageList.vue of the component editNotice Endpoint. Executing a manipulation can lead to cross site scripting. The attack can be launch...

Published: Apr 01, 2026
Source: NVD
CVE-2026-5252 LOW - 3.5

A security flaw has been discovered in z-9527 admin 1.0/2.0. Affected is an unknown function of the file /server/routes/message.js of the component Message Create Endpoint. Performing a manipulation results in cross site scripting. The attack can be initiated remotely. The exploit has been released ...

Published: Apr 01, 2026
Source: NVD
CVE-2026-5249 LOW - 3.5

A vulnerability was found in gougucms 4.08.18. This impacts an unknown function of the file \gougucms-master\app\admin\view\user\record.html of the component Record Endpoint. Performing a manipulation of the argument value.content results in cross site scripting. It is possible to initiate the attac...

Published: Apr 01, 2026
Source: NVD
CVE-2026-3470 LOW - 3.8

A vulnerability exists in the SonicWall Email Security appliance due to improper input sanitization that may lead to data corruption, allowing a remote authenticated attacker as admin user could exploit this issue by providing crafted input that corrupts application database.

Published: Mar 31, 2026
Source: NVD
CVE-2026-3469 LOW - 2.7

A denial-of-service (DoS) vulnerability exists due to improper input validation in the SonicWall Email Security appliance, allowing a remote authenticated attacker as admin user to cause the application to become unresponsive.

Published: Mar 31, 2026
Source: NVD

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to versions 2.4.30 and 3.0.10, user creation and editing via the REST API fails to apply the password validation rules defined by Django's AUTH_PASSWORD_VALIDATORS setting (which defaults to an empty list, i.e., no spe...

Vendor: nautobot
Product: nautobot
Published: Mar 31, 2026
Source: NVD
CVE-2026-5209 LOW - 2.4

A security vulnerability has been detected in SourceCodester Leave Application System 1.0. Affected by this issue is some unknown functionality of the component User Management Handler. Such manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclos...

Published: Mar 31, 2026
Source: NVD

Pega Platform versions 8.1.0 through 25.1.0 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given extensive access rights, impact to Confidentiality is low and Integrity is none.

Vendor: Pegasystems
Product: Pega Infinity
Published: Mar 31, 2026
Source: NVD

OpenClaw before 2026.3.11 contains a credential fallback vulnerability where unavailable local gateway.auth.token and gateway.auth.password SecretRefs are treated as unset, allowing fallback to remote credentials in local mode. Attackers can exploit misconfigured local auth references to cause CLI a...

Vendor: OpenClaw
Product: OpenClaw
Published: Mar 31, 2026
Source: NVD
CVE-2026-0397 LOW - 3.1

When the internal webserver is enabled (default is disabled), an attacker might be able to trick an administrator logged to the dashboard into visiting a malicious website and extract information about the running configuration from the dashboard. The root cause of the issue is a misconfiguration of...

Published: Mar 31, 2026
Source: NVD
CVE-2026-0396 LOW - 3.1

An attacker might be able to inject HTML content into the internal web dashboard by sending crafted DNS queries to a DNSdist instance where domain-based dynamic rules have been enabled via either DynBlockRulesGroup:setSuffixMatchRule or DynBlockRulesGroup:setSuffixMatchRuleFFI.

Published: Mar 31, 2026
Source: NVD

NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In NanoMQ version 0.24.6, after enabling auth.http_auth (HTTP authentication), when a client connects to the broker using MQTT CONNECT without providing username/password, and the configuration params uses the placeholders %u / %P...

Vendor: nanomq
Product: nanomq
Published: Mar 30, 2026
Source: NVD

An incomplete fix for CVE-2024-36137 leaves `FileHandle.chmod()` and `FileHandle.chown()` in the promises API without the required permission checks, while their callback-based equivalents (`fs.fchmod()`, `fs.fchown()`) were correctly patched. As a result, code running under `--permission` with r...

Vendor: nodejs
Product: node
Published: Mar 30, 2026
Source: NVD

A flaw in Node.js Permission Model filesystem enforcement leaves `fs.realpathSync.native()` without the required read permission checks, while all comparable filesystem functions correctly enforce them. As a result, code running under `--permission` with restricted `--allow-fs-read` can still use...

Vendor: nodejs
Product: node
Published: Mar 30, 2026
Source: NVD

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow WRITE in card-oberthur. The attack requires crafted USB device or smart card that would...

Vendor: OpenSC
Product: OpenSC
Published: Mar 30, 2026
Source: NVD

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, sc_compacttlv_find_tag searches a compact-TLV buffer for a given tag. In compact-TLV, a single byte encodes the tag (high nibble) and value length (low nibble). With a 1-byte buffer {0x0A}, the encoded element claims ...

Vendor: OpenSC
Product: OpenSC
Published: Mar 30, 2026
Source: NVD

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, feeding a crafted input to the fuzz_pkcs15_reader harness causes OpenSC to perform an out-of-bounds heap read in the X.509/SPKI handling path. Specifically, sc_pkcs15_pubkey_from_spki_fields() allocates a zero-length ...

Vendor: OpenSC
Product: OpenSC
Published: Mar 30, 2026
Source: NVD

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow write in GET RESPONSE. The attack requires crafted USB device or smart card that would ...

Vendor: OpenSC
Product: OpenSC
Published: Mar 30, 2026
Source: NVD
CVE-2026-5124 LOW - 3.7

A security vulnerability has been detected in osrg GoBGP up to 4.3.0. Affected is the function BGPHeader.DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component BGP Header Handler. The manipulation leads to improper access controls. Remote exploitation of the attack is possible. The attac...

Vendor: osrg
Product: gobgp
Published: Mar 30, 2026
Source: NVD