Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,724
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 10,661 - 10,680 of 14,221 CVEs
CVE-2025-13490 MEDIUM - 5.9

IBM App Connect Operator versions CD 11.3.0 through 11.6.0 and 12.1.0 through 12.20.0, LTS versions 12.0.0 through 12.0.20, and IBM App Connect Enterprise Certified Containers Operands versions CD 12.0.11.2โ€‘r1 through 12.0.12.5โ€‘r1 and 13.0.1.0โ€‘r1 through 13.0.6.1โ€‘r1, and LTS versions 12.0.12โ€‘r1 thro...

Vendor: IBM
Product: App Connect Operator, App Connect EnterpriseCertified Containers Operands
Published: Mar 03, 2026
Source: NVD
CVE-2024-55025 MEDIUM - 6.5

Incorrect access control in the VNC component of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to access the HMI system.

Vendor: weintek
Product: easyweb
Published: Mar 03, 2026
Source: NVD
CVE-2024-55023 MEDIUM - 5.3

Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded encryption key which could allow attackers to access sensitive information.

Vendor: weintek
Product: easyweb
Published: Mar 03, 2026
Source: NVD
CVE-2024-55019 MEDIUM - 6.5

Incorrect access control in the component download_wb.cgi of Weintek cMT-3072XH2 easyweb Web Version v2.1.53, OS v20231011 allows unauthenticated attack to download arbitrary files.

Vendor: weintek
Product: easyweb
Published: Mar 03, 2026
Source: NVD
CVE-2026-0540 MEDIUM - 6.1

DOMPurify 3.1.3 through 3.3.1 and 2.5.3 through 2.5.8, fixed in commit 729097f, contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting five missing rawtext elements (noscript, xmp, noembed, noframes, iframe) in the SAFE_FOR_XML regex. Attack...

Vendor: cure53
Product: dompurify
Published: Mar 03, 2026
Source: NVD
CVE-2025-15599 MEDIUM - 6.1

DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting missing textarea rawtext element validation in the SAFE_FOR_XML regex. Attackers can include closing rawtext tags like </textarea...

Vendor: cure53
Product: DOMPurify
Published: Mar 03, 2026
Source: NVD
CVE-2021-35483 MEDIUM - 4.1

The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload JavaScript files via the /ui/rest-proxy/application fileupload parameter. This can occur during the adding of a new application, or during the editing of an exis...

Vendor: nokia
Product: impact
Published: Mar 03, 2026
Source: NVD
CVE-2026-28223 MEDIUM - 6.1

Wagtail is an open source content management system built on Django. Prior to versions 6.3.8, 7.0.6, 7.2.3, and 7.3.1, a stored cross-site scripting (XSS) vulnerability exists on confirmation messages within the wagtail.contrib.simple_translation module. A user with access to the Wagtail admin area ...

Vendor: pip
Product: wagtail
Published: Mar 03, 2026
Source: GitHub
CVE-2026-28222 MEDIUM - 6.1

Wagtail is an open source content management system built on Django. Prior to versions 6.3.8, 7.0.6, 7.2.3, and 7.3.1, a stored cross-site scripting (XSS) vulnerability exists on rendering TableBlock blocks within a StreamField. A user with access to create or edit pages containing TableBlock Stream...

Vendor: pip
Product: wagtail
Published: Mar 03, 2026
Source: GitHub
CVE-2026-24415 MEDIUM - 6.1

OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contains Reflected XSS vulnerabilities in invoice/order/contract modification modals. The application fails to properly sanitize user-supplied input from the righe GET param...

Vendor: composer
Product: devcode-it/openstamanager
Published: Mar 03, 2026
Source: GitHub
CVE-2025-62816 MEDIUM - 5.5

An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400, 1580, and 2500. Unvalidated VS4L_VERTEXIOC_BOOTUP input leads to a denial of service.

Vendor: samsung
Product: exynos_1280_firmware
Published: Mar 03, 2026
Source: NVD
CVE-2025-62879 MEDIUM - 6.8

A vulnerability has been identified within the Rancher Backup Operator, resulting in the leakage of S3 tokens (both accessKey and secretKey) into the rancher-backup-operator pod's logs.

Vendor: go
Product: github.com/rancher/backup-restore-operator
Published: Mar 03, 2026
Source: GitHub
CVE-2025-62815 MEDIUM - 5.5

An issue was discovered in Samsung Mobile Processor Exynos 1380, 1480, 2400, 1580, and 2500. A NULL pointer dereference of npu_proto_drv.ast.thread_ref in set_cpu_affinity() causes a denial of service.

Vendor: samsung
Product: exynos_1380_firmware
Published: Mar 03, 2026
Source: NVD
CVE-2025-64736 MEDIUM - 6.1

An out-of-bounds read vulnerability exists in the ABF parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (5462afb0). A specially crafted .abf file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability.

Vendor: The Biosig Project
Product: libbiosig
Published: Mar 03, 2026
Source: NVD
CVE-2022-21951 MEDIUM - 6.8

A Cleartext Transmission of Sensitive Information vulnerability in SUSE Rancher, Rancher allows attackers on the network to read and change network data due to missing encryption of data transmitted via the network when a cluster is created from an RKE template with the CNI value overridden This iss...

Vendor: go
Product: github.com/rancher/rancher
Published: Mar 03, 2026
Source: GitHub
CVE-2026-3344 MEDIUM - 4.9

A vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS filesystem integrity check and maintain limited persistence via a maliciously-crafted firmware update package.This issue affects Fireware OS 12.0 up to and including 12.11.7, 12.5.9 up to and including 12.5.16,...

Vendor: watchguard
Product: fireware
Published: Mar 03, 2026
Source: NVD
CVE-2026-3343 MEDIUM - 6.1

A reflected cross-site scripting (XSS) vulnerability in the Fireware OS Web UI enabled execution of malicious JavaScript in the context of an authenticated management user's browser when they click on a specially crafted link. This vulnerability affects Fireware OS 12.7 up to and including 12....

Vendor: watchguard
Product: fireware
Published: Mar 03, 2026
Source: NVD

Improper authorization in the API endpoint GET /1.0/certificates in Canonical LXD 6.6 on Linux allows an authenticated, restricted user to enumerate all certificate fingerprints trusted by the lxd server.

Vendor: go
Product: github.com/canonical/lxd
Published: Mar 03, 2026
Source: NVD
CVE-2025-59060 MEDIUM - 5.3

Hostname verification bypass issue in Apache Ranger NiFiRegistryClient/NiFiClient is reported in Apache Ranger versions <= 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue.

Vendor: Apache Software Foundation
Product: Apache Ranger
Published: Mar 03, 2026
Source: NVD
CVE-2026-3455 MEDIUM - 6.1

Versions of the package mailparser before 3.9.3 are vulnerable to Cross-site Scripting (XSS) via the textToHtml() function due to the improper sanitisation of URLs in the email content. An attacker can execute arbitrary scripts in victim browsers by adding extra quote " to the URL with embedde...

Published: Mar 03, 2026
Source: NVD