Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,884
Quick preset (or use dates below)
Clear Filters
Showing 10,041 - 10,060 of 14,108 CVEs
CVE-2026-20967 HIGH - 8.8

Improper input validation in System Center Operations Manager allows an authorized attacker to elevate privileges over a network.

Vendor: microsoft
Product: system_center_operations_manager
Published: Mar 10, 2026
Source: NVD
CVE-2026-1261 HIGH - 7.2

The MetForm Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Quiz feature in all versions up to, and including, 3.9.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...

Published: Mar 10, 2026
Source: NVD
CVE-2025-68648 HIGH - 7.2

A use of externally-controlled format string vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4.0 through 7.4.7, FortiAnalyzer...

Vendor: Fortinet
Product: FortiManager Cloud, FortiAnalyzer, FortiManager, FortiAnalyzer Cloud
Published: Mar 10, 2026
Source: NVD
CVE-2025-66178 HIGH - 7.2

A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.11, FortiWeb 7.2.0 through 7.2.12, FortiWeb 7.0.0 through 7.0.12 may allow an authen...

Vendor: Fortinet
Product: FortiWeb
Published: Mar 10, 2026
Source: NVD
CVE-2025-56421 HIGH - 7.5

SQL Injection vulnerability in LimeSurvey before v.6.15.4+250710 allows a remote attacker to obtain sensitive information from the database.

Vendor: composer
Product: limesurvey/limesurvey
Published: Mar 10, 2026
Source: NVD
CVE-2025-54820 HIGH - 8.1

A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiManager 7.4.0 through 7.4.2, FortiManager 7.2.0 through 7.2.10, FortiManager 6.4 all versions may allow a remote unauthenticated attacker to execute unauthorized commands via crafted requests, if the service is enab...

Vendor: Fortinet
Product: FortiManager
Published: Mar 10, 2026
Source: NVD
CVE-2026-3585 HIGH - 7.5

The The Events Calendar plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.15.17 via the 'ajax_create_import' function. This makes it possible for authenticated attackers, with Author-level access and above, to read the contents of arbitrary files ...

Published: Mar 10, 2026
Source: NVD
CVE-2026-30919 HIGH - 7.6

facileManager is a modular suite of web apps built with the sysadmin in mind. Prior to 6.0.4 , stored XSS (also known as persistent or second-order XSS) occurs when an application receives data from an untrusted source and includes that data in its subsequent HTTP responses in an unsafe manner. This...

Vendor: facileManager
Product: facileManager
Published: Mar 10, 2026
Source: NVD
CVE-2026-30918 HIGH - 7.6

facileManager is a modular suite of web apps built with the sysadmin in mind. Prior to 6.0.4 , a reflected XSS occurs when an application receives data from an untrusted source and uses it in its HTTP responses in a way that could lead to vulnerabilities. It is possible to inject malicious JavaScrip...

Vendor: facileManager
Product: facileManager
Published: Mar 10, 2026
Source: NVD
CVE-2026-2364 HIGH - 7.3

If a legitimate user confirms a self-update prompt or initiate an installation of a CODESYS Development System, a low privileged local attacker can gain elevated rights due to a TOCTOU vulnerability in the CODESYS installer.

Published: Mar 10, 2026
Source: NVD
CVE-2026-28281 HIGH - 7.1

InstantCMS is a free and open source content management system. Prior to 2.18.1, InstantCMS does not validate CSRF tokens, which allows attackers grant moderator privileges to users, execute scheduled tasks, move posts to trash, and accept friend requests on behalf of the user. This vulnerability is...

Vendor: instantsoft
Product: icms2
Published: Mar 10, 2026
Source: NVD
CVE-2026-27689 HIGH - 7.7

Due to an uncontrolled resource consumption (Denial of Service) vulnerability, an authenticated attacker with regular user privileges and network access can repeatedly invoke a remote-enabled function module with an excessively large loop-control parameter. This triggers prolonged loop execution tha...

Vendor: SAP_SE
Product: SAP Supply Chain Management
Published: Mar 10, 2026
Source: NVD

node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar (npm) can be tricked into creating a symlink that points outside the extraction directory by using a drive-relative symlink target such as C:../../../target.txt, which enables file overwrite outside cwd during normal tar.x() e...

Vendor: isaacs
Product: node-tar
Published: Mar 10, 2026
Source: NVD
CVE-2026-30929 HIGH - 7.7

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, MagnifyImage uses a fixed-size stack buffer. When using a specific image it is possible to overflow this buffer and corrupt the stack. This vulnerability is fixed ...

Vendor: ImageMagick
Product: ImageMagick
Published: Mar 10, 2026
Source: NVD
CVE-2026-28693 HIGH - 8.1

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an integer overflow in DIB coder can result in out of bounds read or write. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.

Vendor: ImageMagick
Product: ImageMagick
Published: Mar 10, 2026
Source: NVD
CVE-2026-28691 HIGH - 7.5

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an uninitialized pointer dereference vulnerability exists in the JBIG decoder due to a missing check. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.

Vendor: ImageMagick
Product: ImageMagick
Published: Mar 10, 2026
Source: NVD
CVE-2026-28494 HIGH - 7.1

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a stack buffer overflow exists in ImageMagick's morphology kernel parsing functions. User-controlled kernel strings exceeding a buffer are copied into fixed-s...

Vendor: ImageMagick
Product: ImageMagick
Published: Mar 10, 2026
Source: NVD
CVE-2026-28432 HIGH - 7.5

Misskey is an open source, federated social media platform. All Misskey servers prior to 2026.3.1 contain a vulnerability that allows bypassing HTTP signature verification. Although this is a vulnerability related to federation, it affects all servers regardless of whether federation is enabled or d...

Vendor: misskey-dev
Product: misskey
Published: Mar 10, 2026
Source: NVD
CVE-2026-28431 HIGH - 7.5

Misskey is an open source, federated social media platform. All Misskey servers running versions 8.45.0 and later, but prior to 2026.3.1, contain a vulnerability that allows bad actors access to data that they ordinarily wouldn't be able to access due to insufficient permission checks and prope...

Vendor: misskey-dev
Product: misskey
Published: Mar 10, 2026
Source: NVD

liquidjs is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.0, the layout, render, and include tags allow arbitrary file access via absolute paths (either as string literals or through Liquid variables, the latter require dynamicPartials: true, which is the def...

Vendor: npm
Product: liquidjs
Published: Mar 10, 2026
Source: GitHub