Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,724
Quick preset (or use dates below)
Clear Filters
Showing 10,681 - 10,700 of 14,108 CVEs
CVE-2026-2568 HIGH - 7.2

The WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form submission data in all versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping. This makes it possible ...

Published: Mar 03, 2026
Source: NVD
CVE-2025-12345 HIGH - 8.8

A security vulnerability has been detected in LLM-Claw 0.1.0/0.1.1/0.1.1a/0.1.1a-p1. The affected element is the function agent_deploy_init of the file /agents/deploy/initiate.c of the component Agent Deployment. Such manipulation leads to buffer overflow. It is possible to launch the attack remotel...

Product: LLM-Claw
Published: Mar 03, 2026
Source: NVD
CVE-2026-2448 HIGH - 8.8

The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.33.5 via the locate_template() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary fil...

Published: Mar 03, 2026
Source: NVD
CVE-2026-2269 HIGH - 7.2

The Uncanny Automator โ€“ Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.0.0.3 via the download_url() function. This makes it possible for authenticated attackers, with Admin...

Published: Mar 03, 2026
Source: NVD
CVE-2026-1566 HIGH - 8.8

The LatePoint โ€“ Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 5.2.7. This is due to the plugin allowing users with a LatePoint Agent role, who are creating new customers to set t...

Published: Mar 03, 2026
Source: NVD
CVE-2026-3338 HIGH - 7.5

Improper signature validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass signature verification when processing PKCS7 objects with Authenticated Attributes. Customers of AWS services do not need to take action. Applications using AWS-LC should upgrade to AWS-LC version 1...

Published: Mar 02, 2026
Source: NVD
CVE-2026-3336 HIGH - 7.5

Improper certificate validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the final signer. Customers of AWS services do not need to take action. Applications using AWS-LC should up...

Vendor: aws
Product: aws_libcrypto
Published: Mar 02, 2026
Source: NVD

Idno is a social publishing platform. Prior to version 1.6.4, there is a remote code execution vulnerability via chained import file write and template path traversal. This issue has been patched in version 1.6.4.

Vendor: composer
Product: idno/known
Published: Mar 02, 2026
Source: GitHub
CVE-2026-28438 HIGH - 9.8

CocoIndex is a data transformation framework for AI. Prior to version 0.3.34, the Doris target connector didn't verify the configured table name before creating some SQL statements (ALTER TABLE). So, in the application code, if the table name is provided by an untrusted upstream, it expose vuln...

Vendor: pip
Product: cocoindex
Published: Mar 02, 2026
Source: GitHub
CVE-2026-27596 HIGH - 7.5

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found in Exiv2. The vulnerability is in the preview component, which is only triggered when running Exiv2 with an extra comma...

Vendor: Exiv2
Product: exiv2
Published: Mar 02, 2026
Source: NVD
CVE-2026-25884 HIGH - 8.1

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found. The vulnerability is in the CRW image parser. This issue has been patched in version 0.28.8.

Vendor: Exiv2
Product: exiv2
Published: Mar 02, 2026
Source: NVD
CVE-2026-28492 HIGH - 6.5

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.61.0, when a user creates a public share link for a directory, the withHashFile middleware in http/public.go uses filepath.Dir(link.Pa...

Vendor: go
Product: github.com/filebrowser/filebrowser/v2
Published: Mar 02, 2026
Source: GitHub
CVE-2026-21853 HIGH - 8.8

AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.25.4, there is a one-click remote code execution vulnerability. This vulnerability can be exploited by embedding a specially crafted affine: URL on a website. An attacker can trigger the vulnerability in two c...

Vendor: toeverything
Product: AFFiNE
Published: Mar 02, 2026
Source: NVD
CVE-2026-0047 HIGH - 8.4

In dumpBitmapsProto of ActivityManagerService.java, there is a possible way for an app to access private information due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Vendor: google
Product: android
Published: Mar 02, 2026
Source: NVD
CVE-2026-0038 HIGH - 8.4

In multiple functions of mem_protect.c, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Vendor: google
Product: android
Published: Mar 02, 2026
Source: NVD
CVE-2026-0037 HIGH - 8.4

In multiple functions of ffa.c, there is a possible memory corruption due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Vendor: google
Product: android
Published: Mar 02, 2026
Source: NVD
CVE-2026-0035 HIGH - 8.4

In createRequest of MediaProvider.java, there is a possible way for an app to gain read/write access to non-existing files due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitatio...

Vendor: google
Product: android
Published: Mar 02, 2026
Source: NVD
CVE-2026-0034 HIGH - 8.4

In setPackageOrComponentEnabled of ManagedServices.java, there is a possible notification policy desync due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Vendor: google
Product: android
Published: Mar 02, 2026
Source: NVD
CVE-2026-0032 HIGH - 7.8

In multiple functions of mem_protect.c, there is a possible out-of-bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Vendor: google
Product: android
Published: Mar 02, 2026
Source: NVD
CVE-2026-0031 HIGH - 8.4

In multiple functions of mem_protect.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Vendor: google
Product: android
Published: Mar 02, 2026
Source: NVD