Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,798
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 10,161 - 10,180 of 14,221 CVEs
CVE-2026-21363 MEDIUM - 5.5

Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user...

Vendor: Adobe
Product: Substance3D - Painter
Published: Mar 10, 2026
Source: NVD
CVE-2026-26330 MEDIUM - 5.3

Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, At the rate limit filter, if the response phase limit with apply_on_stream_done in the rate limit configuration is enabled and the response phase limit request fails directly, it may crash Envoy. Whe...

Vendor: go
Product: github.com/envoyproxy/envoy
Published: Mar 10, 2026
Source: GitHub
CVE-2026-26311 MEDIUM - 5.9

Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, a logic vulnerability in Envoy's HTTP connection manager (FilterManager) that allows for Zombie Stream Filter Execution. This issue creates a "Use-After-Free" (UAF) or state-corruption...

Vendor: go
Product: github.com/envoyproxy/envoy
Published: Mar 10, 2026
Source: GitHub
CVE-2026-26309 MEDIUM - 5.3

Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, an off-by-one write in Envoy::JsonEscaper::escapeString() can corrupt std::string null-termination, causing undefined behavior and potentially leading to crashes or out-of-bounds reads when the resul...

Vendor: go
Product: github.com/envoyproxy/envoy
Published: Mar 10, 2026
Source: GitHub
CVE-2026-31867 MEDIUM - 4.8

Craft Commerce is an ecommerce platform for Craft CMS. Prior to 4.11.0 and 5.6.0, An Insecure Direct Object Reference (IDOR) vulnerability exists in Craft Commerce’s cart functionality that allows users to hijack any shopping cart by knowing or guessing its 32-character number. The CartController ac...

Vendor: composer
Product: craftcms/commerce
Published: Mar 10, 2026
Source: GitHub
CVE-2026-29176 MEDIUM - 4.8

Craft Commerce is an ecommerce platform for Craft CMS. Prior to 5.5.3, A stored XSS vulnerability exists in the Commerce Settings - Inventory Locations page. The Name field is rendered without proper HTML escaping, allowing an attacker to execute arbitrary JavaScript. This XSS triggers when an admin...

Vendor: composer
Product: craftcms/commerce
Published: Mar 10, 2026
Source: GitHub
CVE-2026-3846 MEDIUM - 6.5

Same-origin policy bypass in the CSS Parsing and Computation component. This vulnerability affects Firefox < 148.0.2.

Vendor: mozilla
Product: firefox
Published: Mar 10, 2026
Source: NVD
CVE-2026-3306 MEDIUM - 4.3

An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed a user with read access to a repository and write access to a project to modify issue and pull request metadata through the project. When adding an item to a project that already existed, column value upd...

Vendor: github
Product: enterprise_server
Published: Mar 10, 2026
Source: NVD
CVE-2026-3228 MEDIUM - 6.4

The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `[nxs_fbembed]` shortcode in all versions up to, and including, 4.4.6. This is due to insufficient input sanitization and output escaping on the `snapFB` post meta value. This makes...

Published: Mar 10, 2026
Source: NVD
CVE-2026-31797 MEDIUM - 6.1

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap out-of-bounds read in CTiffImg::ReadLine() when iccApplyProfiles processes a crafted TIFF image, causing memory disclosure or crash. This vulnerability is fixed in 2.3.1.5.

Vendor: InternationalColorConsortium
Product: iccDEV
Published: Mar 10, 2026
Source: NVD
CVE-2026-31794 MEDIUM - 5.5

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a segmentation fault from invalid/wild pointer read in CIccCLUT::Interp3d() causing a denial of service. This vulnerability is fixed in 2.3.1.5.

Vendor: InternationalColorConsortium
Product: iccDEV
Published: Mar 10, 2026
Source: NVD
CVE-2026-31793 MEDIUM - 5.5

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a segmentation fault due to invalid/wild pointer read in CIccCalculatorFunc::ApplySequence() causing denial of service. This vulnerability is fixed in 2.3.1.5.

Vendor: InternationalColorConsortium
Product: iccDEV
Published: Mar 10, 2026
Source: NVD
CVE-2026-30986 MEDIUM - 5.5

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-based buffer overflow write in CIccMatrixMath::SetRange() causing memory corruption or crash. This vulnerability is fixed in 2.3.1.5.

Vendor: InternationalColorConsortium
Product: iccDEV
Published: Mar 10, 2026
Source: NVD
CVE-2026-30984 MEDIUM - 6.1

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap out-of-bounds read in CIccCalculatorFunc::ApplySequence() causing an application crash. This vulnerability is fixed in 2.3.1.5.

Vendor: InternationalColorConsortium
Product: iccDEV
Published: Mar 10, 2026
Source: NVD
CVE-2026-30982 MEDIUM - 6.1

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap out-of-bounds read in CIccPcsXform::pushXYZConvert() causing crash and potentially leaking memory contents. This vulnerability is fixed in 2.3.1.5.

Vendor: InternationalColorConsortium
Product: iccDEV
Published: Mar 10, 2026
Source: NVD
CVE-2026-30981 MEDIUM - 6.1

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-buffer-overflow read in CIccXmlArrayType<>::DumpArray() causing out-of-bounds read and/or crash. This vulnerability is fixed in 2.3.1.5.

Vendor: InternationalColorConsortium
Product: iccDEV
Published: Mar 10, 2026
Source: NVD
CVE-2026-30980 MEDIUM - 5.5

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack overflow in CIccBasicStructFactory::CreateStruct() causing uncontrolled recursion/stack exhaustion and crash. This vulnerability is fixed in 2.3.1.5.

Vendor: InternationalColorConsortium
Product: iccDEV
Published: Mar 10, 2026
Source: NVD
CVE-2026-30973 MEDIUM - 6.5

Appium is an automation framework that provides WebDriver-based automation possibilities for a wide range platforms. Prior to 7.0.6, @appium/support contains a ZIP extraction implementation (extractAllTo() via ZipExtractor.extract()) with a path traversal (Zip Slip) check that is non-functional. The...

Vendor: @appium
Product: support
Published: Mar 10, 2026
Source: NVD
CVE-2026-30897 MEDIUM - 6.6

A stack-based buffer overflow vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow a remote authenticated attacker who can bypass stack protection and ASLR to execute arbitr...

Vendor: Fortinet
Product: FortiWeb
Published: Mar 10, 2026
Source: NVD

An authentication bypass vulnerability exists in Vaadin 14.0.0 through 14.14.0, 23.0.0 through 23.6.6, 24.0.0 through 24.9.7 and 25.0.0 through 25.0.1, applications using Spring Security due to inconsistent path pattern matching of reserved framework paths. Accessing the /VAADIN endpoint without a ...

Vendor: maven
Product: com.vaadin:flow-server
Published: Mar 10, 2026
Source: NVD