Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,868
Quick preset (or use dates below)
Clear Filters
Showing 10,081 - 10,100 of 14,108 CVEs
CVE-2026-28513 HIGH - 8.5

Pocket ID is an OIDC provider that allows users to authenticate with their passkeys to your services. Prior to 2.4.0, the OIDC token endpoint rejects an authorization code only when both the client ID is wrong and the code is expired. This allows cross-client code exchange and expired code reuse. Th...

Vendor: go
Product: github.com/pocket-id/pocket-id/backend
Published: Mar 09, 2026
Source: GitHub
CVE-2026-28512 HIGH - 7.1

Pocket ID is an OIDC provider that allows users to authenticate with their passkeys to your services. From 2.0.0 to before 2.4.0, a flaw in callback URL validation allowed crafted redirect_uri values containing URL userinfo (@) to bypass legitimate callback pattern checks. If an attacker can trick a...

Vendor: go
Product: github.com/pocket-id/pocket-id/backend
Published: Mar 09, 2026
Source: GitHub
CVE-2026-3588 HIGH - 7.5

A server-side request forgery (SSRF) vulnerability in IKEA Dirigera v2.866.4 allows an attacker to exfiltrate private keys by sending a crafted request.

Published: Mar 09, 2026
Source: NVD
CVE-2026-25866 HIGH - 7.8

MobaXterm versions prior to 26.1 contain an uncontrolled search path element vulnerability. The application calls WinExec to execute Notepad++ without a fully qualified executable path when opening remote files. An attacker can exploit the search path behavior by placing a malicious executable earli...

Vendor: Mobatek
Product: MobaXterm
Published: Mar 09, 2026
Source: NVD
CVE-2025-70048 HIGH - 7.5

An issue pertaining to CWE-319: Cleartext Transmission of Sensitive Information was discovered in Nexusoft NexusInterface v3.2.0-beta.2.

Vendor: nexus
Product: nexusinterface
Published: Mar 09, 2026
Source: NVD
CVE-2025-70047 HIGH - 7.5

An issue pertaining to CWE-400: Uncontrolled Resource Consumption was discovered in Nexusoft NexusInterface v3.2.0-beta.2.

Vendor: nexus
Product: nexusinterface
Published: Mar 09, 2026
Source: NVD
CVE-2025-70250 HIGH - 7.5

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formdumpeasysetup.

Vendor: dlink
Product: dir-513_firmware
Published: Mar 09, 2026
Source: NVD
CVE-2025-70243 HIGH - 7.5

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard534.

Vendor: dlink
Product: dir-513_firmware
Published: Mar 09, 2026
Source: NVD
CVE-2025-70238 HIGH - 7.5

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard52.

Vendor: dlink
Product: dir-513_firmware
Published: Mar 09, 2026
Source: NVD
CVE-2025-70059 HIGH - 7.5

An issue pertaining to CWE-400: Uncontrolled Resource Consumption was discovered in YMFE yapi v1.12.0 and allows attackers to cause a denial of service.

Vendor: ymfe
Product: yapi
Published: Mar 09, 2026
Source: NVD
CVE-2026-3038 HIGH - 7.5

The rtsock_msg_buffer() function serializes routing information into a buffer. As a part of this, it copies sockaddr structures into a sockaddr_storage structure on the stack. It assumes that the source sockaddr length field had already been validated, but this is not necessarily the case, and it&...

Published: Mar 09, 2026
Source: NVD
CVE-2026-2261 HIGH - 7.5

Due to a programming error, blocklistd leaks a socket descriptor for each adverse event report it receives. Once a certain number of leaked sockets is reached, blocklistd becomes unable to run the helper script: a child process is forked, but this child dereferences a null pointer and crashes befor...

Published: Mar 09, 2026
Source: NVD
CVE-2026-3818 HIGH - 7.3

A flaw has been found in Tiandy Easy7 CMS Windows 7.17.0. Impacted is an unknown function of the file /Easy7/apps/WebService/GetDBData.jsp. This manipulation of the argument strTBName causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used. The vend...

Vendor: tiandy
Product: easy7_cms
Published: Mar 09, 2026
Source: NVD
CVE-2025-15576 HIGH - 7.5

If two sibling jails are restricted to separate filesystem trees, which is to say that neither of the two jail root directories is an ancestor of the other, jailed processes may nonetheless be able to access a shared directory via a nullfs mount, if the administrator has configured one. In this cas...

Vendor: FreeBSD
Product: FreeBSD
Published: Mar 09, 2026
Source: NVD
CVE-2025-15547 HIGH - 8.8

By default, jailed processes cannot mount filesystems, including nullfs(4). However, the allow.mount.nullfs option enables mounting nullfs filesystems, subject to privilege checks. If a privileged user within a jail is able to nullfs-mount directories, a limitation of the kernel's path lookup...

Vendor: FreeBSD
Product: FreeBSD
Published: Mar 09, 2026
Source: NVD
CVE-2025-14769 HIGH - 7.5

In some cases, the `tcp-setmss` handler may free the packet data and throw an error without halting the rule processing engine. A subsequent rule can then allow the traffic after the packet data is gone, resulting in a NULL pointer dereference. Maliciously crafted packets sent from a remote host m...

Vendor: FreeBSD
Product: FreeBSD
Published: Mar 09, 2026
Source: NVD
CVE-2025-14558 HIGH - 7.2

The rtsol(8) and rtsold(8) programs do not validate the domain search list options provided in router advertisement messages; the option body is passed to resolvconf(8) unmodified. resolvconf(8) is a shell script which does not validate its input. A lack of quoting meant that shell commands pass a...

Vendor: FreeBSD
Product: FreeBSD
Published: Mar 09, 2026
Source: NVD
CVE-2026-3815 HIGH - 8.8

A weakness has been identified in UTT HiPER 810G up to 1.7.7-1711. This affects the function strcpy of the file /goform/formApMail. Executing a manipulation can lead to buffer overflow. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used ...

Vendor: utt
Product: 810g_firmware
Published: Mar 09, 2026
Source: NVD
CVE-2025-69219 HIGH - 8.8

A user with access to the DB could craft a database entry that would result in executing code on Triggerer - which gives anyone who have access to DB the same permissions as Dag Author. Since direct DB access is not usual and recommended for Airflow, the likelihood of it making any damage is low. Y...

Vendor: Apache Software Foundation
Product: Apache Airflow Providers Http
Published: Mar 09, 2026
Source: NVD
CVE-2026-3814 HIGH - 8.8

A security flaw has been discovered in UTT HiPER 810G up to 1.7.7-1711. Affected by this issue is the function strcpy of the file /goform/getOneApConfTempEntry. Performing a manipulation results in buffer overflow. It is possible to initiate the attack remotely. The exploit has been released to the ...

Vendor: utt
Product: 810g_firmware
Published: Mar 09, 2026
Source: NVD