Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,748
Quick preset (or use dates below)
Clear Filters
Showing 10,601 - 10,620 of 14,604 CVEs
CVE-2026-25907 MEDIUM - 5.3

Dell PowerScale OneFS, version 9.13.0.0, contains an overly restrictive account lockout mechanism vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service.

Vendor: Dell
Product: PowerScale OneFS
Published: Mar 04, 2026
Source: NVD
CVE-2026-22270 MEDIUM - 6.7

Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an uncontrolled search path element vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service, elevation of privileges, and ...

Vendor: Dell
Product: PowerScale OneFS,
Published: Mar 04, 2026
Source: NVD
CVE-2026-21426 MEDIUM - 6.7

Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an execution with unnecessary privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service, elevation of privileges,...

Vendor: Dell
Product: PowerScale OneFS
Published: Mar 04, 2026
Source: NVD
CVE-2026-21425 MEDIUM - 6.7

Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an incorrect privilege assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Vendor: Dell
Product: PowerScale OneFS
Published: Mar 04, 2026
Source: NVD
CVE-2026-21424 MEDIUM - 6.7

Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an execution with unnecessary privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Vendor: Dell
Product: PowerScale OneFS
Published: Mar 04, 2026
Source: NVD
CVE-2026-21423 MEDIUM - 6.7

Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an incorrect default permissions vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to code execution, denial of service, elevation of pri...

Vendor: Dell
Product: PowerScale OneFS
Published: Mar 04, 2026
Source: NVD
CVE-2026-21421 MEDIUM - 6.7

Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an execution with unnecessary privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges.

Vendor: Dell
Product: PowerScale OneFS
Published: Mar 04, 2026
Source: NVD
CVE-2026-3058 MEDIUM - 4.3

The Seraphinite Accelerator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.28.14 via the `seraph_accel_api` AJAX action with `fn=GetData`. This is due to the `OnAdminApi_GetData()` function not performing any capability checks. This makes...

Published: Mar 04, 2026
Source: NVD
CVE-2026-3056 MEDIUM - 4.3

The Seraphinite Accelerator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `seraph_accel_api` AJAX action with `fn=LogClear` in all versions up to, and including, 2.28.14. This makes it possible for authenticated attackers, with Subsc...

Published: Mar 04, 2026
Source: NVD
CVE-2026-2355 MEDIUM - 6.4

The My Calendar – Accessible Event Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `template` attribute of the `[my_calendar_upcoming]` shortcode in all versions up to, and including, 3.7.3. This is due to the use of `stripcslashes()` on user-supplied shortcode attr...

Published: Mar 04, 2026
Source: NVD
CVE-2026-1674 MEDIUM - 6.5

The Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization within the save_gutena_forms_schema() function in all versions up to, and including, 1.6.0. This mak...

Published: Mar 04, 2026
Source: NVD
CVE-2026-3439 MEDIUM - 4.9

A post-authentication Stack-based Buffer Overflow vulnerability in SonicOS certificate handling allows a remote attacker to crash a firewall.

Vendor: sonicwall
Product: sonicos
Published: Mar 04, 2026
Source: NVD
CVE-2026-1706 MEDIUM - 6.1

The All-in-One Video Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'vi' parameter in all versions up to, and including, 4.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject ar...

Published: Mar 04, 2026
Source: NVD
CVE-2026-2748 MEDIUM - 5.3

SEPPmail Secure Email Gateway before version 15.0.1 improperly validates S/MIME certificates issued for email addresses containing whitespaces, allowing signature spoofing.

Vendor: seppmail
Product: seppmail
Published: Mar 04, 2026
Source: NVD
CVE-2026-2746 MEDIUM - 5.3

SEPPmail Secure Email Gateway before version 15.0.1 does not properly communicate PGP signature verification results, leaving users unable to detect forged emails.

Vendor: seppmail
Product: seppmail
Published: Mar 04, 2026
Source: NVD
CVE-2026-27445 MEDIUM - 5.3

SEPPmail Secure Email Gateway before version 15.0.1 does not properly verify that a PGP signature was generated by the expected key, allowing signature spoofing.

Vendor: SEPPmail
Product: Secure Email Gateway
Published: Mar 04, 2026
Source: NVD
CVE-2026-1236 MEDIUM - 6.4

The Envira Gallery for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'justified_gallery_theme' parameter in all versions up to, and including, 1.12.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated a...

Published: Mar 04, 2026
Source: NVD
CVE-2025-66168 MEDIUM - 5.4

Apache ActiveMQ does not properly validate the remaining length field which may lead to an overflow during the decoding of malformed packets.Β When this integer overflow occurs, ActiveMQ may incorrectly compute the total Remaining Length and subsequently misinterpret the payload as multiple MQTT cont...

Vendor: Apache Software Foundation
Product: Apache ActiveMQ, Apache ActiveMQ All Module, Apache ActiveMQ MQTT Module
Published: Mar 04, 2026
Source: NVD
CVE-2026-28772 MEDIUM - 6.1

A Reflected Cross-Site Scripting (XSS) vulnerability in the /IDC_Logging/index.cgi endpoint of International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver Web Management Interface version 101 allows a remote attacker to execute arbitrary web scripts or HTML. The vulnerability ...

Vendor: International Datacasting Corporation (IDC)
Product: SFX Series SuperFlex SatelliteReceiver Web Management Interface
Published: Mar 04, 2026
Source: NVD
CVE-2026-28771 MEDIUM - 6.1

A Reflected Cross-Site Scripting (XSS) vulnerability exists in the /index.cgi endpoint of International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver Web Management Interface version 101. The application fails to adequately sanitize user-supplied input provided via the `cat` ...

Vendor: International Datacasting Corporation (IDC)
Product: SFX Series SuperFlex Satellite Receiver Web Management Interface
Published: Mar 04, 2026
Source: NVD