Total CVEs

143,749

Critical Severity

4,091

High Severity

14,758

Last 7 Days

1,529
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 1,021 - 1,040 of 1,590 CVEs

Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corruption and malformed heap data by sending specially crafted input. Attackers can exploit this vulnerability to trigger a denial of service condition, resulting in low availability impact to the authen...

Vendor: Wazuh
Product: Wazuh
Published: Mar 27, 2026
Source: NVD
CVE-2023-7340 LOW - 3.5

Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corruption and malformed heap data by sending specially crafted input. Attackers can exploit this vulnerability to trigger a denial of service condition, resulting in low availability impact to the authen...

Vendor: wazuh
Product: wazuh
Published: Mar 27, 2026
Source: NVD
CVE-2026-4957 LOW - 2.7

A flaw has been found in OpenBMB XAgent 1.0.0. The impacted element is the function FunctionHandler.handle_tool_call of the file XAgent/function_handler.py of the component API Key Handler. This manipulation of the argument api_key causes sensitive information in log files. The attack may be initiat...

Published: Mar 27, 2026
Source: NVD

If auth_username_chars is empty, it is possible to inject arbitrary LDAP filter to Dovecot's LDAP authentication. This leads to potentially bypassing restrictions and allows probing of LDAP structure. Do not clear out auth_username_chars, or install fixed version. No publicly available exploits...

Vendor: Open-Xchange GmbH
Product: OX Dovecot Pro
Published: Mar 27, 2026
Source: NVD
CVE-2026-4909 LOW - 2.4

A weakness has been identified in code-projects Exam Form Submission 1.0/7.php. This impacts an unknown function of the file /admin/update_s7.php. This manipulation of the argument sname causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available ...

Published: Mar 27, 2026
Source: NVD

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, any authenticated user can read other users' private memories via `/api/v1/retrieval/query/collection`. Version 0.8.6 patches the issue.

Vendor: open-webui
Product: open-webui
Published: Mar 27, 2026
Source: NVD
CVE-2026-4899 LOW - 2.4

A security flaw has been discovered in code-projects Online Food Ordering System 1.0. Affected by this issue is some unknown functionality of the file /dbfood/food.php. The manipulation of the argument cuisines results in cross site scripting. It is possible to launch the attack remotely. The exploi...

Published: Mar 26, 2026
Source: NVD
CVE-2026-2271 LOW - 3.3

A flaw was found in GIMP's PSP (Paint Shop Pro) file parser. A remote attacker could exploit an integer overflow vulnerability in the read_creator_block() function by providing a specially crafted PSP image file. This vulnerability occurs when a 32-bit length value from the file is used for mem...

Published: Mar 26, 2026
Source: NVD
CVE-2026-2239 LOW - 2.8

A flaw was found in GIMP. Heap-buffer-overflow vulnerability exists in the fread_pascal_string function when processing a specially crafted PSD (Photoshop Document) file. This occurs because the buffer allocated for a Pascal string is not properly null-terminated, leading to an out-of-bounds read wh...

Published: Mar 26, 2026
Source: NVD
CVE-2026-0968 LOW - 3.1

A flaw was found in libssh in which a malicious SFTP (SSH File Transfer Protocol) server can exploit this by sending a malformed 'longname' field within an `SSH_FXP_NAME` message during a file listing operation. This missing null check can lead to reading beyond allocated memory on the hea...

Published: Mar 26, 2026
Source: NVD
CVE-2026-0967 LOW - 2.2

A flaw was found in libssh. A remote attacker, by controlling client configuration files or known_hosts files, could craft specific hostnames that when processed by the `match_pattern()` function can lead to inefficient regular expression backtracking. This can cause timeouts and resource exhaustion...

Vendor: libssh
Product: libssh
Published: Mar 26, 2026
Source: NVD
CVE-2026-0965 LOW - 3.3

A flaw was found in libssh where it can attempt to open arbitrary files during configuration parsing. A local attacker can exploit this by providing a malicious configuration file or when the system is misconfigured. This vulnerability could lead to a Denial of Service (DoS) by causing the system to...

Vendor: libssh
Product: libssh
Published: Mar 26, 2026
Source: NVD
CVE-2026-3109 LOW - 2.2

Mattermost Plugins versions <=11.4 10.11.11.0 fail to validate webhook request timestamps which allows an attacker to corrupt Zoom meeting state in Mattermost via replayed webhook requests. Mattermost Advisory ID: MMSA-2026-00584

Published: Mar 26, 2026
Source: NVD

HCL Aftermarket DPC is affected by Use of Vulnerable/Outdated Versions vulnerability using which an attacker may make use of the exploits available across the internet and craft attacks against the application.

Vendor: HCL
Product: Aftermarket DPC
Published: Mar 26, 2026
Source: NVD

HCL Aftermarket DPC is affected by Internal IP Disclosure vulnerability will give attackers a clearer map of the organization’s network layout.

Vendor: HCL
Product: Aftermarket DPC
Published: Mar 26, 2026
Source: NVD

HCL Aftermarket DPC is affected by Admin Session Concurrency vulnerability using which an attacker can exploit concurrent sessions to hijack or impersonate an admin user.

Vendor: HCL
Product: Aftermarket DPC
Published: Mar 26, 2026
Source: NVD

HCL Aftermarket DPC is affected by Cross-Origin Resource Sharing vulnerability. CORS misconfigurations includes the exposure of sensitive user information to attackers, unauthorized access to APIs, and possible data manipulation or leakage. If an attacker to exploit CORS misconfiguration, they could...

Vendor: HCL
Product: Aftermarket DPC
Published: Mar 26, 2026
Source: NVD

HCL Aftermarket DPC is affected by Banner Disclosure vulnerability where attackers gain insights into the system’s software and version details which would allow them to craft software specific attacks.

Vendor: HCL
Product: Aftermarket DPC
Published: Mar 26, 2026
Source: NVD

HCL Aftermarket DPC is affected by HTTP Response Splitting vulnerability where in depending on how the web application handles the split response, an attacker may be able to execute arbitrary commands or inject harmful content into the response..

Vendor: HCL
Product: Aftermarket DPC
Published: Mar 26, 2026
Source: NVD

HCL Aftermarket DPC is affected by Improper Input Validation which allows an attacker to inject executable code and can carry out attacks such as XSS, SQL Injection, Command Injection etc.

Vendor: HCL
Product: Aftermarket DPC
Published: Mar 26, 2026
Source: NVD