Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,791
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 10,181 - 10,200 of 14,221 CVEs
CVE-2026-27661 MEDIUM - 4.3

A vulnerability has been identified in SINEC Security Monitor (All versions < V4.9.0). The affected application leaks confidential information in metadata, and files such as information on contributors and email address, on `SSM Server`.

Vendor: Siemens
Product: SINEC Security Monitor
Published: Mar 10, 2026
Source: NVD
CVE-2026-25972 MEDIUM - 4.3

An improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4 may allow a remote unauthenticated attacker to provide arbitrary data enabling a social engineering attack via spoofed URL parame...

Vendor: Fortinet
Product: FortiSIEM
Published: Mar 10, 2026
Source: NVD
CVE-2026-25689 MEDIUM - 6.5

An improper neutralization of argument delimiters in a command ('argument injection') vulnerability in Fortinet FortiDeceptor 6.2.0, FortiDeceptor 6.0 all versions, FortiDeceptor 5.3 all versions, FortiDeceptor 5.2 all versions, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all version...

Vendor: Fortinet
Product: FortiDeceptor
Published: Mar 10, 2026
Source: NVD
CVE-2026-25605 MEDIUM - 6.7

A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The affected application performs file deletion without properly validating the file path or target. An attacker could delete files or sockets that the affected process has permission to remove, potentially resulting ...

Vendor: Siemens
Product: SICAM SIAPP SDK
Published: Mar 10, 2026
Source: NVD
CVE-2026-25572 MEDIUM - 5.1

A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The SICAM SIAPP SDK server component does not enforce maximum length checks on certain variables before use. This could allow an attacker to send an oversized input that could trigger a stack overflow crashing the pro...

Vendor: Siemens
Product: SICAM SIAPP SDK
Published: Mar 10, 2026
Source: NVD
CVE-2026-25571 MEDIUM - 5.1

A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The SICAM SIAPP SDK client component does not enforce maximum length checks on certain variables before use. This could allow an attacker to send an oversized input that could trigger a stack overflow crashing the pro...

Vendor: Siemens
Product: SICAM SIAPP SDK
Published: Mar 10, 2026
Source: NVD
CVE-2026-25186 MEDIUM - 5.5

Exposure of sensitive information to an unauthorized actor in Windows Accessibility Infrastructure (ATBroker.exe) allows an authorized attacker to disclose information locally.

Vendor: microsoft
Product: windows_10_1607
Published: Mar 10, 2026
Source: NVD
CVE-2026-25185 MEDIUM - 5.3

Exposure of sensitive information to an unauthorized actor in Windows Shell Link Processing allows an unauthorized attacker to perform spoofing over a network.

Vendor: microsoft
Product: windows_10_1607
Published: Mar 10, 2026
Source: NVD
CVE-2026-25180 MEDIUM - 5.5

Out-of-bounds read in Microsoft Graphics Component allows an unauthorized attacker to disclose information locally.

Vendor: microsoft
Product: office
Published: Mar 10, 2026
Source: NVD
CVE-2026-25169 MEDIUM - 6.2

Divide by zero in Microsoft Graphics Component allows an unauthorized attacker to deny service locally.

Vendor: microsoft
Product: windows_10_1607
Published: Mar 10, 2026
Source: NVD
CVE-2026-25168 MEDIUM - 6.2

Null pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to deny service locally.

Vendor: microsoft
Product: windows_10_1607
Published: Mar 10, 2026
Source: NVD
CVE-2026-24640 MEDIUM - 6.6

A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0.2 through 7.0.12 may allow a remote authenticated attacker who can bypass stack protection an...

Vendor: Fortinet
Product: FortiWeb
Published: Mar 10, 2026
Source: NVD
CVE-2026-24297 MEDIUM - 6.5

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kerberos allows an unauthorized attacker to bypass a security feature over a network.

Vendor: microsoft
Product: windows_10_1607
Published: Mar 10, 2026
Source: NVD
CVE-2026-24288 MEDIUM - 6.8

Heap-based buffer overflow in Windows Mobile Broadband allows an unauthorized attacker to execute code with a physical attack.

Vendor: microsoft
Product: windows_10_21h2
Published: Mar 10, 2026
Source: NVD
CVE-2026-24282 MEDIUM - 5.5

Out-of-bounds read in Push Message Routing Service allows an authorized attacker to disclose information locally.

Vendor: microsoft
Product: windows_10_1607
Published: Mar 10, 2026
Source: NVD
CVE-2026-23907 MEDIUM - 5.3

This issue affects the ExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.35, from 3.0.0 through 3.0.6. The ExtractEmbeddedFiles example contains a path traversal vulnerability (CWE-22) because the filename that is obtained from PDComplexFileSpecification.getFilename() is ap...

Vendor: Apache Software Foundation
Product: Apache PDFBox Examples
Published: Mar 10, 2026
Source: NVD
CVE-2026-23656 MEDIUM - 5.9

Insufficient verification of data authenticity in Windows App Installer allows an unauthorized attacker to perform spoofing over a network.

Vendor: microsoft
Product: windows_app
Published: Mar 10, 2026
Source: NVD
CVE-2026-22628 MEDIUM - 5.3

An improper access control vulnerability in Fortinet FortiSwitchAXFixed 1.0.0 through 1.0.1 may allow an authenticated admin to execute system commands via a specifically crafted SSH config file.

Vendor: Fortinet
Product: FortiSwitchAXFixed
Published: Mar 10, 2026
Source: NVD
CVE-2026-22614 MEDIUM - 6.1

The encryption mechanism used in Eaton's EasySoft project file was insecure and susceptible to brute force attacks, an attacker with access to this file and the local host machine could potentially read the sensitive information stored and tamper with the project file. This security issue has b...

Vendor: Eaton
Product: EasySoft
Published: Mar 10, 2026
Source: NVD
CVE-2025-70025 MEDIUM - 6.1

An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in benkeen generatedata 4.0.14.

Published: Mar 10, 2026
Source: NVD