Total CVEs

141,537

Critical Severity

3,871

High Severity

13,923

Last 7 Days

1,576
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 9,981 - 10,000 of 14,061 CVEs
CVE-2025-13213 MEDIUM - 5.4

IBM Aspera Orchestrator 3.0.0 through 4.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system,ย including cross-site scripting, cache poisoning or session hijacking

Vendor: IBM
Product: Aspera Orchestrator
Published: Mar 10, 2026
Source: NVD
CVE-2026-31853 MEDIUM - 5.7

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-16 and 6.9.13-41, an overflow on 32-bit systems can cause a crash in the SFW decoder when processing extremely large images. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.

Vendor: nuget
Product: Magick.NET-Q16-AnyCPU
Published: Mar 10, 2026
Source: GitHub
CVE-2026-3582 MEDIUM - 4.3

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with a classic personal access token (PAT) lacking the repo scope to retrieve issues and commits from private and internal repositories via the search REST API endpoints. The user m...

Vendor: github
Product: enterprise_server
Published: Mar 10, 2026
Source: NVD
CVE-2026-2266 MEDIUM - 5.4

An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed DOM-based cross-site scripting via task list content. The task list content extraction logic did not properly re-encode browser-decoded text nodes before rendering, allowing user-supplied HTML t...

Vendor: github
Product: enterprise_server
Published: Mar 10, 2026
Source: NVD
CVE-2026-26123 MEDIUM - 5.5

Cwe is not in rca categories in Microsoft Authenticator allows an unauthorized attacker to disclose information locally.

Vendor: microsoft
Product: authenticator
Published: Mar 10, 2026
Source: NVD
CVE-2026-23868 MEDIUM - 5.1

Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling. The conditions needed to trigger this vulnerability are difficult but may be possible.

Vendor: giflib
Product: giflib
Published: Mar 10, 2026
Source: NVD
CVE-2025-70129 MEDIUM - 5.3

If the anti spam-captcha functionality in PluXml versions 5.8.22 and earlier is enabled, a captcha challenge is generated with a format that can be automatically recognized for articles, such that an automated script is able to solve this anti-spam mechanism trivially and publish spam comments. The ...

Published: Mar 10, 2026
Source: NVD
CVE-2025-70128 MEDIUM - 6.1

A Stored Cross-Site Scripting (XSS) vulnerability exists in the PluXml article comments feature for PluXml versions 5.8.22 and earlier. The application fails to properly sanitize or validate user-supplied input in the "link" field of a comment. An attacker can inject arbitrary JavaScript c...

Published: Mar 10, 2026
Source: NVD
CVE-2025-36227 MEDIUM - 5.4

IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.ย  This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.

Vendor: IBM
Product: Aspera Faspex 5
Published: Mar 10, 2026
Source: NVD
CVE-2025-36226 MEDIUM - 5.4

IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Vendor: IBM
Product: Aspera Faspex 5
Published: Mar 10, 2026
Source: NVD
CVE-2025-13219 MEDIUM - 5.9

IBM Aspera Orchestrator 3.0.0 through 4.1.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history.

Vendor: IBM
Product: Aspera Orchestrator
Published: Mar 10, 2026
Source: NVD
CVE-2026-27281 MEDIUM - 5.5

DNG SDK versions 1.7.1 2471 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to cause the application to crash or become unresponsive. Exploitation of this issue requires user in...

Vendor: Adobe
Product: DNG SDK
Published: Mar 10, 2026
Source: NVD
CVE-2026-27219 MEDIUM - 5.5

Substance3D - Painter versions 11.1.2 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a vic...

Vendor: Adobe
Product: Substance3D - Painter
Published: Mar 10, 2026
Source: NVD
CVE-2026-27218 MEDIUM - 5.5

Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user...

Vendor: Adobe
Product: Substance3D - Painter
Published: Mar 10, 2026
Source: NVD
CVE-2026-27217 MEDIUM - 5.5

Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to its availability. Exploitation of this issue requi...

Vendor: Adobe
Product: Substance3D - Painter
Published: Mar 10, 2026
Source: NVD
CVE-2026-27216 MEDIUM - 5.5

Substance3D - Painter versions 11.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a vic...

Vendor: Adobe
Product: Substance3D - Painter
Published: Mar 10, 2026
Source: NVD
CVE-2026-27215 MEDIUM - 5.5

Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to its availability. Exploitation of this issue requi...

Vendor: Adobe
Product: Substance3D - Painter
Published: Mar 10, 2026
Source: NVD
CVE-2026-27214 MEDIUM - 5.5

Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user...

Vendor: Adobe
Product: Substance3D - Painter
Published: Mar 10, 2026
Source: NVD
CVE-2026-21365 MEDIUM - 5.5

Substance3D - Painter versions 11.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a vic...

Vendor: Adobe
Product: Substance3D - Painter
Published: Mar 10, 2026
Source: NVD
CVE-2026-21364 MEDIUM - 5.5

Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user...

Vendor: Adobe
Product: Substance3D - Painter
Published: Mar 10, 2026
Source: NVD