Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,724
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 10,641 - 10,660 of 14,221 CVEs
CVE-2025-14480 MEDIUM - 5.1

IBM Aspera faspio Gateway 1.3.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information

Vendor: IBM
Product: Aspera faspio Gateway
Published: Mar 03, 2026
Source: NVD
CVE-2025-14456 MEDIUM - 5.9

IBM MQ Appliance 9.4 CD through 9.4.4.0 to 9.4.4.1

Vendor: IBM
Product: MQ Appliance
Published: Mar 03, 2026
Source: NVD
CVE-2025-13688 MEDIUM - 6.3

IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the wrapped command component.

Vendor: IBM
Product: DataStage on Cloud Pak for Data
Published: Mar 03, 2026
Source: NVD
CVE-2025-13687 MEDIUM - 6.3

IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the user-defined function component.

Vendor: IBM
Product: DataStage on Cloud Pak for Data
Published: Mar 03, 2026
Source: NVD
CVE-2025-13686 MEDIUM - 6.3

IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the job subroutine component.

Vendor: IBM
Product: DataStage on Cloud Pak for Data
Published: Mar 03, 2026
Source: NVD
CVE-2026-28784 MEDIUM - 7.2

Craft is a content management system (CMS). Prior to 5.8.22 and 4.16.18, it is possible to craft a malicious payload using the Twig map filter in text fields that accept Twig input under Settings in the Craft control panel or using the System Messages utility, which could lead to a RCE. For this to ...

Vendor: composer
Product: craftcms/cms
Published: Mar 03, 2026
Source: GitHub
CVE-2026-28782 MEDIUM - 4.3

Craft is a content management system (CMS). Prior to 5.9.0-beta.1 and 4.17.0-beta.1, the "Duplicate" entry action does not properly verify if the user has permission to perform this action on the specific target elements. Even with only "View Entries" permission (where the "...

Vendor: composer
Product: craftcms/cms
Published: Mar 03, 2026
Source: GitHub
CVE-2026-28783 MEDIUM - 9.1

Craft is a content management system (CMS). Prior to 5.9.0-beta.1 and 4.17.0-beta.1, Craft CMS implements a blocklist to prevent potentially dangerous PHP functions from being called via Twig non-Closure arrow functions. In order to be able to successfully execute this attack, you need to either hav...

Vendor: composer
Product: craftcms/cms
Published: Mar 03, 2026
Source: GitHub
CVE-2026-28781 MEDIUM - 6.5

Craft is a content management system (CMS). Prior to 4.17.0-beta.1 and 5.9.0-beta.1, the entry creation process allows for Mass Assignment of the authorId attribute. A user with "Create Entries" permission can inject the authorIds[] (or authorId) parameter into the POST request, which the ...

Vendor: composer
Product: craftcms/cms
Published: Mar 03, 2026
Source: GitHub
CVE-2026-28695 MEDIUM - 7.2

Craft is a content management system (CMS). There is an authenticated admin RCE in Craft CMS 5.8.21 via Server-Side Template Injection using the create() Twig function combined with a Symfony Process gadget chain. The create() Twig function exposes Craft::createObject(), which allows instantiation o...

Vendor: composer
Product: craftcms/cms
Published: Mar 03, 2026
Source: GitHub
CVE-2026-3494 MEDIUM - 4.3

In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_events variable configured with QUERY_DCL, QUERY_DDL, or QUERY_DML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen (—) or hash (#) style comments, the stat...

Vendor: mariadb
Product: mariadb
Published: Mar 03, 2026
Source: NVD
CVE-2026-3484 MEDIUM - 6.3

A vulnerability was detected in PhialsBasement nmap-mcp-server up to bee6d23547d57ae02460022f7c78ac0893092e38. Affected by this issue is the function child_process.exec of the file src/index.ts of the component Nmap CLI Command Handler. The manipulation results in command injection. The attack may b...

Vendor: phialsbasement
Product: mcp_nmap_server
Published: Mar 03, 2026
Source: NVD
CVE-2026-2606 MEDIUM - 6.5

IBM webMethods API Gateway (on-prem) 10.11 through 10.11_Fix3210.15 to 10.15_Fix2711.1 to 11.1_Fix7 IBM webMethods API Management (on-prem) fails to properly validate user-supplied input passed to the url parameter on the /createapi endpoint. An attacker can modify this parameter to use a file:// UR...

Vendor: ibm
Product: webmethods_api_gateway
Published: Mar 03, 2026
Source: NVD
CVE-2026-1265 MEDIUM - 4.3

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to writing of sensitive Information in a log file.

Vendor: ibm
Product: infosphere_information_server
Published: Mar 03, 2026
Source: NVD
CVE-2025-36364 MEDIUM - 6.2

IBM DevOps Plan 3.0.0 through 3.0.5 allows web page cache to be stored locally which can be read by another user on the system.

Vendor: IBM
Product: DevOps Plan
Published: Mar 03, 2026
Source: NVD
CVE-2025-36363 MEDIUM - 5.9

IBM DevOps Plan 3.0.0 through 3.0.5 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.

Vendor: IBM
Product: DevOps Plan
Published: Mar 03, 2026
Source: NVD
CVE-2025-14923 MEDIUM - 4.7

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.2 IBM WebSphere Application Server Liberty could provide weaker than expected security when using the Security Utility when administering security settings.

Vendor: IBM
Product: WebSphere Application Server - Liberty
Published: Mar 03, 2026
Source: NVD
CVE-2025-14604 MEDIUM - 6.6

IBM Storage Scale IBM S through rage Scale 5.2.3.0 - 5.2.3.5, and IBM S through rage Scale 6.0.0.0 - 6.0.0.1 could allow a local user to unintentionally trigger additional permissions for resources in a way that allows that resource to be executed by unintended actors.

Vendor: IBM
Product: Storage Scale
Published: Mar 03, 2026
Source: NVD
CVE-2025-13734 MEDIUM - 5.4

IBM Engineering Requirements Management DOORS Next 7.1, and 7.2 could allow an authenticated user to view and edit data beyond their authorized access permissions.

Vendor: IBM
Product: Engineering Requirements Management DOORS Next
Published: Mar 03, 2026
Source: NVD
CVE-2025-13616 MEDIUM - 6.5

IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used in further attacks against the system.

Vendor: IBM
Product: DataStage on Cloud Pak for Data
Published: Mar 03, 2026
Source: NVD