Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,726
Quick preset (or use dates below)
Clear Filters
Showing 10,581 - 10,600 of 14,108 CVEs
CVE-2026-29042 HIGH - 9.8

Nuclio is a "Serverless" framework for Real-Time Events and Data Processing. Prior to version 1.15.20, the Nuclio Shell Runtime component contains a command injection vulnerability in how it processes user-supplied arguments. When a function is invoked via HTTP, the runtime reads the X-Nuc...

Vendor: go
Product: github.com/nuclio/nuclio
Published: Mar 04, 2026
Source: GitHub
CVE-2026-29039 HIGH - 7.5

changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, the changedetection.io application allows users to specify XPath expressions as content filters via the include_filters field. These XPath expressions are processed using the elementpath library which i...

Vendor: pip
Product: changedetection.io
Published: Mar 04, 2026
Source: GitHub
CVE-2026-28802 HIGH - 9.8

Authlib is a Python library which builds OAuth and OpenID Connect servers. From version 1.6.5 to before version 1.6.7, previous tests involving passing a malicious JWT containing alg: none and an empty signature was passing the signature verification step without any changes to the application code ...

Vendor: pip
Product: authlib
Published: Mar 04, 2026
Source: GitHub

Lemmy, a link aggregator and forum for the fediverse, is vulnerable to server-side request forgery via a dependency on activitypub_federation, a framework for ActivityPub federation in Rust. Prior to version 0.19.16, the GET /api/v4/image/{filename} endpoint is vulnerable to unauthenticated SSRF thr...

Vendor: rust
Product: lemmy_routes
Published: Mar 04, 2026
Source: GitHub
CVE-2026-28681 HIGH - 8.1

Internet Routing Registry daemon version 4 is an IRR database server, processing IRR objects in the RPSL format. From version 4.4.0 to before version 4.4.5 and from version 4.5.0 to before version 4.5.1, an attacker can manipulate the HTTP Host header on a password reset or account creation request....

Vendor: pip
Product: irrd
Published: Mar 04, 2026
Source: GitHub
CVE-2026-29091 HIGH - 8.1

Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior to version 3.0.0, a remote code execution (RCE) flaw was discovered in the locutus project, specifically within the call_user_func_array function implementation. The vulnerability allows an attacker t...

Vendor: npm
Product: locutus
Published: Mar 04, 2026
Source: GitHub
CVE-2026-3544 HIGH - 8.8

Heap buffer overflow in WebCodecs in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Mar 04, 2026
Source: NVD
CVE-2026-3543 HIGH - 8.8

Inappropriate implementation in V8 in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Mar 04, 2026
Source: NVD
CVE-2026-3542 HIGH - 8.8

Inappropriate implementation in WebAssembly in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Mar 04, 2026
Source: NVD
CVE-2026-3541 HIGH - 8.8

Inappropriate implementation in CSS in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Mar 04, 2026
Source: NVD
CVE-2026-3540 HIGH - 8.8

Inappropriate implementation in WebAudio in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Mar 04, 2026
Source: NVD
CVE-2026-3539 HIGH - 8.8

Object lifecycle issue in DevTools in Google Chrome prior to 145.0.7632.159 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Mar 04, 2026
Source: NVD
CVE-2026-3538 HIGH - 8.8

Integer overflow in Skia in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Critical)

Vendor: google
Product: chrome
Published: Mar 04, 2026
Source: NVD
CVE-2026-3537 HIGH - 8.8

Object lifecycle issue in PowerVR in Google Chrome on Android prior to 145.0.7632.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

Vendor: google
Product: chrome
Published: Mar 04, 2026
Source: NVD
CVE-2026-3536 HIGH - 8.8

Integer overflow in ANGLE in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Critical)

Vendor: google
Product: chrome
Published: Mar 04, 2026
Source: NVD
CVE-2026-28435 HIGH - 7.5

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.35.0, cpp-httplib (httplib.h) does not enforce Server::set_payload_max_length() on the decompressed request body when using HandlerWithContentReader (streaming ContentReader) with Content-Encoding: gzip (or ...

Vendor: yhirose
Product: cpp-httplib
Published: Mar 04, 2026
Source: NVD
CVE-2026-29087 HIGH - 7.5

@hono/node-server allows running the Hono application on Node.js. Prior to version 1.19.10, when using @hono/node-server's static file serving together with route-based middleware protections (e.g. protecting /admin/*), inconsistent URL decoding can allow protected static resources to be access...

Vendor: npm
Product: @hono/node-server
Published: Mar 04, 2026
Source: GitHub
CVE-2026-29045 HIGH - 7.5

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, when using serveStatic together with route-based middleware protections (e.g. app.use('/admin/*', ...)), inconsistent URL decoding allowed protected static resources to be accesse...

Vendor: npm
Product: hono
Published: Mar 04, 2026
Source: GitHub
CVE-2026-3125 HIGH - 6.5

A Server-Side Request Forgery (SSRF) vulnerability was identified in the @opennextjs/cloudflare package, resulting from a path normalization bypass in the /cdn-cgi/image/ handler.The @opennextjs/cloudflare worker template includes a /cdn-cgi/image/ handler intended for development use only. In produ...

Vendor: npm
Product: @opennextjs/cloudflare
Published: Mar 04, 2026
Source: NVD
CVE-2026-0847 HIGH - 8.6

A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path traversal in multiple CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader. These classes fail to properly sanitize or validate file paths, enabling attack...

Published: Mar 04, 2026
Source: NVD