Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,755
Quick preset (or use dates below)
Clear Filters
Showing 10,541 - 10,560 of 14,604 CVEs
CVE-2026-28685 MEDIUM - 6.5

Kimai is a web-based multi-user time-tracking application. Prior to version 2.51.0, "GET /api/invoices/{id}" only checks the role-based view_invoice permission but does not verify the requesting user has access to the invoice's customer. Any user with ROLE_TEAMLEAD (which grants view_...

Vendor: composer
Product: kimai/kimai
Published: Mar 04, 2026
Source: GitHub
CVE-2026-28434 MEDIUM - 5.3

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.35.0, when a request handler throws a C++ exception and the application has not registered a custom exception handler via set_exception_handler(), the library catches the exception and writes its message dir...

Vendor: yhirose
Product: cpp-httplib
Published: Mar 04, 2026
Source: NVD
CVE-2026-29086 MEDIUM - 5.4

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, the setCookie() utility did not validate semicolons (;), carriage returns (\r), or newline characters (\n) in the domain and path options when constructing the Set-Cookie header. Because co...

Vendor: npm
Product: hono
Published: Mar 04, 2026
Source: GitHub
CVE-2026-29085 MEDIUM - 6.5

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, when using streamSSE() in Streaming Helper, the event, id, and retry fields were not validated for carriage return (\r) or newline (\n) characters. Because the SSE protocol uses line breaks...

Vendor: npm
Product: hono
Published: Mar 04, 2026
Source: GitHub
CVE-2026-20064 MEDIUM - 6.5

A vulnerability in of Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to cause the device to unexpectedly reload, causing a denial of service (DoS) condition. This vulnerability is due to improper validation of user-supplied input. An attacker with...

Vendor: Cisco
Product: Cisco Secure Firewall Threat Defense (FTD) Software
Published: Mar 04, 2026
Source: NVD
CVE-2026-20025 MEDIUM - 6.8

A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an authenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition. To exploit this vulnerability, the attacker must have the OSPF se...

Vendor: Cisco
Product: Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, Cisco Secure Firewall Threat Defense (FTD) Software
Published: Mar 04, 2026
Source: NVD
CVE-2026-20024 MEDIUM - 6.8

A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an authenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition. To exploit this vulnerability, the attacker must have the OSPF se...

Vendor: Cisco
Product: Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, Cisco Secure Firewall Threat Defense (FTD) Software
Published: Mar 04, 2026
Source: NVD
CVE-2026-20023 MEDIUM - 6.1

A vulnerability in the OSPF protocol of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, adjacent attacker to corrupt memory on an affected device, resulting in a denial of service (DoS) condition...

Vendor: Cisco
Product: Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, Cisco Secure Firewall Threat Defense (FTD) Software
Published: Mar 04, 2026
Source: NVD
CVE-2026-20022 MEDIUM - 6.1

A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition when OSPF canonicalization debug is enabled by using the command...

Vendor: Cisco
Product: Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, Cisco Secure Firewall Threat Defense (FTD) Software
Published: Mar 04, 2026
Source: NVD
CVE-2026-20021 MEDIUM - 4.3

A vulnerability in the OSPF protocol of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, adjacent attacker to exhaust memory on an affected device, resulting in a denial of service (DoS) condition. ...

Vendor: Cisco
Product: Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, Cisco Secure Firewall Threat Defense (FTD) Software
Published: Mar 04, 2026
Source: NVD
CVE-2026-20020 MEDIUM - 6.8

A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition. If OSPF authentication is enabled, the attacker must know the s...

Vendor: Cisco
Product: Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, Cisco Secure Firewall Threat Defense (FTD) Software
Published: Mar 04, 2026
Source: NVD
CVE-2026-20016 MEDIUM - 6.0

A vulnerability in the Cisco FXOS Software CLI feature for Cisco Secure Firewall ASA Software and Secure FTD Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level privileges. To exploit this vulnerability, the attacker ...

Vendor: Cisco
Product: Cisco Secure Firewall Threat Defense (FTD) Software
Published: Mar 04, 2026
Source: NVD
CVE-2026-28343 MEDIUM - 6.4

CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. Prior to version 47.6.0, a cross-site scripting (XSS) vulnerability has been discovered in the General HTML Support feature. This vulnerability could be triggered by inserting specially crafted markup, leading to unauthoriz...

Vendor: npm
Product: @ckeditor/ckeditor5-html-support
Published: Mar 04, 2026
Source: GitHub
CVE-2026-26998 MEDIUM - 4.4

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.38 and 3.6.9, there is a potential vulnerability in Traefik managing the ForwardAuth middleware responses. When Traefik is configured to use the ForwardAuth middleware, the response body from the authentication server is read...

Vendor: go
Product: github.com/traefik/traefik/v2
Published: Mar 04, 2026
Source: GitHub
CVE-2026-26949 MEDIUM - 5.5

Dell Device Management Agent (DDMA), versions prior to 26.02, contain an Incorrect Authorization vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

Vendor: Dell
Product: Device Management Agent (DDMA)
Published: Mar 04, 2026
Source: NVD
CVE-2026-20149 MEDIUM - 6.1

A vulnerability in Cisco Webex could have allowed an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Cisco has addressed this vulnerability, and no customer action is needed. This vulnerability was due to improper filtering of user-supplied input. Prior to this vu...

Vendor: Cisco
Product: Cisco Webex Meetings
Published: Mar 04, 2026
Source: NVD
CVE-2026-20106 MEDIUM - 5.3

A vulnerability in the Remote Access SSL VPN, HTTP management and MUS functionality, of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust device memory resulting in a denial of...

Vendor: Cisco
Product: Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, Cisco Secure Firewall Threat Defense (FTD) Software
Published: Mar 04, 2026
Source: NVD
CVE-2026-20102 MEDIUM - 6.1

A vulnerability in the SAML 2.0 single sign-on (SSO) feature of Cisco Secure Firewall ASA Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the SAML feature and access sensitive, bro...

Vendor: Cisco
Product: Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, Cisco Secure Firewall Threat Defense (FTD) Software
Published: Mar 04, 2026
Source: NVD
CVE-2026-20073 MEDIUM - 5.8

A vulnerability in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to send traffic that should be denied through an affected device. This vulnerability is due to improper error...

Vendor: Cisco
Product: Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, Cisco Secure Firewall Threat Defense (FTD) Software
Published: Mar 04, 2026
Source: NVD
CVE-2026-20070 MEDIUM - 6.1

A vulnerability in the VPN web services component of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a browser that is acces...

Vendor: Cisco
Product: Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, Cisco Secure Firewall Threat Defense (FTD) Software
Published: Mar 04, 2026
Source: NVD