Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,780
Quick preset (or use dates below)
Clear Filters
Showing 10,421 - 10,440 of 14,604 CVEs
CVE-2026-27605 MEDIUM - 6.3

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.4, the application allows uploading files (project logos) without validating the file type or content. It trusts the extension provided by the user. The...

Vendor: chartbrew
Product: chartbrew
Published: Mar 06, 2026
Source: NVD
CVE-2026-25877 MEDIUM - 6.5

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1, the application performs authorization checks based solely on the project_id parameter when handling chart-related operations (update, delete, etc.)....

Vendor: chartbrew
Product: chartbrew
Published: Mar 06, 2026
Source: NVD
CVE-2026-27807 MEDIUM - 4.9

MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.4, MarkUs allows course instructors to upload YAML files to create/update various entities (e.g., assignment settings). These YAML files are parsed with aliases enabled. This issue has been patche...

Vendor: MarkUsProject
Product: Markus
Published: Mar 06, 2026
Source: NVD
CVE-2026-25962 MEDIUM - 6.5

MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.4, MarkUs currently extracts zip files without any size or entry-count limits. For example, instructors can upload a zip file to provide an assignment configuration; students can upload a zip file...

Vendor: MarkUsProject
Product: Markus
Published: Mar 06, 2026
Source: NVD
CVE-2025-59544 MEDIUM - 4.3

Chamilo is a learning management system. Prior to version 1.11.34, the functionality for the user to update the category does not implement authorization checks for the "category_id" parameter which allows users to update the category of any user by replacing the "category_id" pa...

Vendor: chamilo
Product: chamilo-lms
Published: Mar 06, 2026
Source: NVD
CVE-2025-59540 MEDIUM - 5.4

Chamilo is a learning management system. Prior to version 1.11.34, a stored XSS vulnerability exists in Chamilo LMS that allows a staff account to execute arbitrary JavaScript in the browser of higher-privileged admin users. The issue arises because feedback input in the exercise history page is not...

Vendor: chamilo
Product: chamilo-lms
Published: Mar 06, 2026
Source: NVD
CVE-2026-3616 MEDIUM - 6.3

A vulnerability was detected in DefaultFuction Jeson Customer Relationship Management System 1.0.0. Impacted is an unknown function of the file /modules/customers/edit.php. Performing a manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit is now...

Published: Mar 06, 2026
Source: NVD
CVE-2026-3610 MEDIUM - 4.3

A vulnerability was found in HSC Cybersecurity Mailinspector up to 5.3.2-3. Affected by this issue is some unknown functionality of the file /mailinspector/mliUserValidation.php of the component URL Handler. The manipulation of the argument error_description results in cross site scripting. The atta...

Published: Mar 06, 2026
Source: NVD
CVE-2026-2589 MEDIUM - 5.3

The Greenshift โ€“ animation and page builder blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 12.8.3 via the automated Settings Backup stored in a publicly accessible file. This makes it possible for unauthenticated attackers to extract...

Published: Mar 06, 2026
Source: NVD
CVE-2026-28726 MEDIUM - 4.3

Sensitive information disclosure due to improper access control. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.

Vendor: Acronis
Product: Acronis Cyber Protect 17
Published: Mar 06, 2026
Source: NVD
CVE-2026-28725 MEDIUM - 5.5

Sensitive information disclosure due to improper configuration of a headless browser. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.

Vendor: Acronis
Product: Acronis Cyber Protect 17
Published: Mar 06, 2026
Source: NVD
CVE-2026-28724 MEDIUM - 4.3

Unauthorized data access due to insufficient access control validation. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.

Vendor: Acronis
Product: Acronis Cyber Protect 17
Published: Mar 06, 2026
Source: NVD
CVE-2026-28723 MEDIUM - 4.3

Unauthorized report deletion due to insufficient access control. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.

Vendor: Acronis
Product: Acronis Cyber Protect 17
Published: Mar 06, 2026
Source: NVD
CVE-2026-28720 MEDIUM - 4.3

Unauthorized modification of settings due to insufficient authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.

Vendor: Acronis
Product: Acronis Cyber Protect 17
Published: Mar 06, 2026
Source: NVD
CVE-2026-28719 MEDIUM - 4.3

Unauthorized resource manipulation due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.

Vendor: Acronis
Product: Acronis Cyber Protect 17
Published: Mar 06, 2026
Source: NVD
CVE-2026-28718 MEDIUM - 5.3

Denial of service due to insufficient input validation in authentication logging. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.

Vendor: Acronis
Product: Acronis Cyber Protect 17
Published: Mar 06, 2026
Source: NVD
CVE-2026-28717 MEDIUM - 5.0

Local privilege escalation due to improper directory permissions. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186.

Vendor: Acronis
Product: Acronis Cyber Protect 17
Published: Mar 06, 2026
Source: NVD
CVE-2026-28716 MEDIUM - 4.4

Information disclosure and manipulation due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.

Vendor: Acronis
Product: Acronis Cyber Protect 17
Published: Mar 06, 2026
Source: NVD
CVE-2026-28715 MEDIUM - 6.5

Sensitive information disclosure due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.

Vendor: Acronis
Product: Acronis Cyber Protect 17
Published: Mar 06, 2026
Source: NVD
CVE-2026-28714 MEDIUM - 4.8

Unnecessary transmission of sensitive cryptographic material. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.

Vendor: Acronis
Product: Acronis Cyber Protect 17
Published: Mar 06, 2026
Source: NVD