Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,898
Quick preset (or use dates below)
Clear Filters
Showing 10,321 - 10,340 of 14,604 CVEs
CVE-2026-3702 MEDIUM - 4.3

A vulnerability was detected in SourceCodester Loan Management System 1.0. Affected by this issue is some unknown functionality of the file /index.php. Performing a manipulation of the argument page results in cross site scripting. The attack is possible to be carried out remotely. The exploit is no...

Vendor: oretnom23
Product: loan_management_system
Published: Mar 08, 2026
Source: NVD
CVE-2026-3704 MEDIUM - 4.7

A vulnerability has been found in Wavlink NU516U1 251208. This vulnerability affects the function sub_405B2C of the file /cgi-bin/firewall.cgi of the component Incomplete Fix CVE-2025-10959. The manipulation leads to command injection. It is possible to initiate the attack remotely. The exploit has ...

Vendor: wavlink
Product: wl-nu516u1_firmware
Published: Mar 08, 2026
Source: NVD
CVE-2026-3697 MEDIUM - 6.3

A vulnerability was determined in Planet ICG-2510 1.0_20250811. The impacted element is the function sub_40C8E4 of the file /usr/sbin/httpd of the component Language Package Configuration Handler. Executing a manipulation of the argument Language can lead to stack-based buffer overflow. The attack c...

Published: Mar 08, 2026
Source: NVD
CVE-2026-3695 MEDIUM - 6.5

A vulnerability has been found in SourceCodester Modern Image Gallery App 1.0. Impacted is an unknown function of the file /delete.php. Such manipulation of the argument filename leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and m...

Vendor: remyandrade
Product: modern_image_gallery_app
Published: Mar 08, 2026
Source: NVD
CVE-2026-3683 MEDIUM - 6.3

A vulnerability was detected in bufanyun HotGo up to 2.0. This issue affects the function ImageTransferStorage of the file /server/internal/logic/common/upload.go of the component Endpoint. The manipulation results in server-side request forgery. The attack may be launched remotely. The exploit is n...

Published: Mar 08, 2026
Source: NVD
CVE-2026-3682 MEDIUM - 6.3

A security vulnerability has been detected in welovemedia FFmate up to 2.0.15. This vulnerability affects the function Execute of the file /internal/service/ffmpeg/ffmpeg.go. The manipulation leads to argument injection. The attack may be initiated remotely. The exploit has been disclosed publicly a...

Published: Mar 08, 2026
Source: NVD
CVE-2026-3681 MEDIUM - 6.3

A weakness has been identified in welovemedia FFmate up to 2.0.15. This affects the function fireWebhook of the file /internal/service/webhook/webhook.go. Executing a manipulation can lead to server-side request forgery. The attack can be launched remotely. The exploit has been made available to the...

Published: Mar 07, 2026
Source: NVD
CVE-2026-3680 MEDIUM - 6.3

A security flaw has been discovered in RyuzakiShinji biome-mcp-server up to 1.0.0. Affected by this issue is some unknown functionality of the file biome-mcp-server.ts. Performing a manipulation results in command injection. The attack can be initiated remotely. The exploit has been released to the ...

Published: Mar 07, 2026
Source: NVD
CVE-2026-3675 MEDIUM - 5.3

A vulnerability was determined in Freedom Factory dGEN1 up to 20260221. Affected by this issue is the function FakeAppReceiver of the component org.ethosmobile.ethoslauncher. Executing a manipulation can lead to improper authorization. The attack needs to be launched locally. The exploit has been pu...

Published: Mar 07, 2026
Source: NVD
CVE-2026-3674 MEDIUM - 5.3

A vulnerability was found in Freedom Factory dGEN1 up to 20260221. Affected by this vulnerability is the function FakeAppProvider of the component org.ethosmobile.ethoslauncher. Performing a manipulation results in improper authorization. The attack must be initiated from a local position. The explo...

Published: Mar 07, 2026
Source: NVD
CVE-2026-3672 MEDIUM - 6.3

A vulnerability has been found in JeecgBoot up to 3.9.1. Affected is the function isExistSqlInjectKeyword of the file /jeecg-boot/sys/api/getDictItems. Such manipulation leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.

Published: Mar 07, 2026
Source: NVD
CVE-2026-3670 MEDIUM - 5.3

A vulnerability was detected in Freedom Factory dGEN1 up to 20260221. Affected is an unknown function of the component com.dgen.alarm. Performing a manipulation results in improper authorization. The attack requires a local approach. The exploit is now public and may be used. The vendor was contacte...

Published: Mar 07, 2026
Source: NVD
CVE-2026-3669 MEDIUM - 5.3

A security vulnerability has been detected in Freedom Factory dGEN1 up to 20260221. This impacts the function AlarmService of the component com.dgen.alarm. Such manipulation leads to improper authorization. The attack needs to be performed locally. The exploit has been disclosed publicly and may be ...

Published: Mar 07, 2026
Source: NVD
CVE-2026-30854 MEDIUM - 5.3

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. From version 9.3.1-alpha.3 to before version 9.5.0-alpha.10, when graphQLPublicIntrospection is disabled, __type queries nested inside inline fragments (e.g. ... on Query { __type(name:"User&...

Vendor: parse-community
Product: parse-server
Published: Mar 07, 2026
Source: NVD
CVE-2026-30850 MEDIUM - 5.9

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.9 and 9.5.0-alpha.9, the file metadata endpoint (GET /files/:appId/metadata/:filename) does not enforce beforeFind / afterFind file triggers. When these triggers are used as ...

Vendor: parse-community
Product: parse-server
Published: Mar 07, 2026
Source: NVD
CVE-2026-30848 MEDIUM - 3.7

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.8 and 9.5.0-alpha.8, the PagesRouter static file serving route is vulnerable to a path traversal attack that allows unauthenticated reading of files outside the configured pa...

Vendor: parse-community
Product: parse-server
Published: Mar 07, 2026
Source: NVD
CVE-2026-29195 MEDIUM - 6.5

Netmaker makes networks with WireGuard. Prior to version 1.5.0, the user update handler (PUT /api/users/{username}) lacks validation to prevent an admin-role user from assigning the super-admin role during account updates. While the code correctly blocks an admin from assigning the admin role to ano...

Vendor: gravitl
Product: netmaker
Published: Mar 07, 2026
Source: NVD
CVE-2026-3667 MEDIUM - 5.3

A security flaw has been discovered in Freedom Factory dGEN1 up to 20260221. The impacted element is the function FakeAppService of the component org.ethosmobile.ethoslauncher. The manipulation results in improper authorization. The attack must be initiated from a local position. The exploit has bee...

Published: Mar 07, 2026
Source: NVD
CVE-2026-29190 MEDIUM - 4.1

Karapace is an open-source implementation of Kafka REST and Schema Registry. Prior to version 6.0.0, there is a Path Traversal vulnerability in the backup reader (backup/backends/v3/backend.py). If a malicious backup file is provided to Karapace, an attacker may exploit insufficient path validation ...

Vendor: Aiven-Open
Product: karapace
Published: Mar 07, 2026
Source: NVD
CVE-2026-29076 MEDIUM - 5.9

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.37.0, cpp-httplib uses std::regex (libstdc++) to parse RFC 5987 encoded filename* values in multipart Content-Disposition headers. The regex engine in libstdc++ implements backtracking via deep recur...

Vendor: yhirose
Product: cpp-httplib
Published: Mar 07, 2026
Source: NVD