Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,724
Quick preset (or use dates below)
Clear Filters
Showing 10,641 - 10,660 of 14,108 CVEs
CVE-2026-3452 HIGH - 7.2

Concrete CMS below version 9.4.8 is vulnerable to Remote Code Execution by stored PHP object injection into the Express Entry List block via the columns parameter. An authenticated administrator can store attacker-controlled serialized data in block configuration fields that are later passed to unse...

Vendor: concretecms
Product: concrete_cms
Published: Mar 04, 2026
Source: NVD
CVE-2026-1945 HIGH - 7.2

The WPBookit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpb_user_name' and 'wpb_user_email' parameters in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticate...

Published: Mar 04, 2026
Source: NVD
CVE-2026-1273 HIGH - 7.2

The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.8 via the `/ultp/v3/starter_dummy_post/` and `/ultp/v3/starter_import_content/` REST API endpoints. This makes it poss...

Published: Mar 04, 2026
Source: NVD
CVE-2026-27981 HIGH - 7.4

HomeBox is a home inventory and organization system. Prior to 0.24.0, the authentication rate limiter (authRateLimiter) tracks failed attempts per client IP. It determines the client IP by reading, 1. X-Real-IP header, 2. First entry of X-Forwarded-For header, and 3. r.RemoteAddr (TCP connection add...

Vendor: sysadminsmedia
Product: homebox
Published: Mar 03, 2026
Source: NVD
CVE-2026-25906 HIGH - 7.3

Dell Optimizer, versions prior to 6.3.1, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

Vendor: Dell
Product: Optimizer
Published: Mar 03, 2026
Source: NVD
CVE-2026-24502 HIGH - 8.8

Dell Command | Intel vPro Out of Band, versions prior to 4.7.0, contain an Uncontrolled Search Path Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Vendor: Dell
Product: Dell Command | Intel vPro Out of Band
Published: Mar 03, 2026
Source: NVD
CVE-2026-1567 HIGH - 7.1

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 An XML External Entity (XXE) vulnerability in IBM InfoSphere Information Server could allow attackers to retrieve sensitive information from the server.

Vendor: ibm
Product: infosphere_information_server
Published: Mar 03, 2026
Source: NVD
CVE-2026-28696 HIGH - 7.5

Craft is a content management system (CMS). Prior to 4.17.0-beta.1 and 5.9.0-beta.1, the GraphQL directive @parseRefs, intended to parse internal reference tags (e.g., {user:1:email}), can be abused by both authenticated users and unauthenticated guests (if a Public Schema is enabled) to access sens...

Vendor: composer
Product: craftcms/cms
Published: Mar 03, 2026
Source: GitHub
CVE-2026-2915 HIGH - 7.1

HP System Event Utility might allow denial of service with elevated arbitrary file writes. This potential vulnerability was remediated with HP System Event Utility version 3.2.16.

Vendor: hp
Product: system_event_utility
Published: Mar 03, 2026
Source: NVD
CVE-2026-29022 HIGH - 7.3

dr_libs version 0.14.4 and earlier (fixed in commit 8a7258c) contain a heap buffer overflow vulnerability in the drwav__read_smpl_to_metadata_obj() function of dr_wav.h that allows memory corruption via crafted WAV files. Attackers can exploit a mismatch between sampleLoopCount validation in pass 1 ...

Vendor: mackron
Product: dr_libs
Published: Mar 03, 2026
Source: NVD
CVE-2026-26892 HIGH - 7.2

Sourcecodester Logistic Hub Parcel's Management System v1.0 is vulnerable to SQL Injection in /manage_carrier.php.

Vendor: oretnom23
Product: simple_logistic_hub_parcel\'s_management_system
Published: Mar 03, 2026
Source: NVD
CVE-2026-0869 HIGH - 8.8

Authentication bypass in Brocade ASCG 3.4.0 Could allow an unauthorized user to perform ASCG operations related to Brocade Support Link(BSL) and streaming configuration. and could even disable the ASCG application or disable use of BSL data collection on Brocade switches within the fabric.

Vendor: broadcom
Product: brocade_active_support_connectivity_gateway
Published: Mar 03, 2026
Source: NVD
CVE-2024-55027 HIGH - 7.5

Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to stroe credentials in plaintext in the component uac_temp.db.

Vendor: weintek
Product: easyweb
Published: Mar 03, 2026
Source: NVD
CVE-2024-55026 HIGH - 8.8

An issue in the reset_pj.cgi endpoint of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to execute arbitrary commands via supplying a crafted GET request.

Vendor: weintek
Product: easyweb
Published: Mar 03, 2026
Source: NVD
CVE-2024-55024 HIGH - 8.8

An authentication bypass vulnerability in the authorization mechanism of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to perform Administrative actions using service accounts.

Vendor: weintek
Product: easyweb
Published: Mar 03, 2026
Source: NVD
CVE-2024-55022 HIGH - 8.8

Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain an authenticated command injection vulnerability via the HMI Name parameter.

Vendor: weintek
Product: easyweb
Published: Mar 03, 2026
Source: NVD
CVE-2024-55021 HIGH - 7.5

Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded password in the FTP protocol.

Vendor: weintek
Product: easyweb
Published: Mar 03, 2026
Source: NVD
CVE-2026-29053 HIGH - 7.7

Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can execute arbitrary code on the server running Ghost. This issue has been patched in version 6.19.1.

Vendor: npm
Product: ghost
Published: Mar 03, 2026
Source: GitHub
CVE-2026-3437 HIGH - 7.8

An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Portwell Engineering Toolkits version 4.8.2 could allow a local authenticated attacker to read and write to arbitrary memory via the Portwell Engineering Toolkits driver. Successful exploitation of this vulne...

Vendor: portwell
Product: engineering_toolkits
Published: Mar 03, 2026
Source: NVD
CVE-2025-69765 HIGH - 7.5

Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formGetIptv function and the list parameter, which can cause memory corruption and enable remote code execution.

Vendor: tenda
Product: ax3_firmware
Published: Mar 03, 2026
Source: NVD