Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,747
Quick preset (or use dates below)
Clear Filters
Showing 10,721 - 10,740 of 14,604 CVEs
CVE-2025-65465 MEDIUM - 6.1

A reflected Cross-Site Scripting (XSS) vulnerability in the RaiseError function of Skrol29 TbsZip version 2.17 and earlier allows remote attackers to execute arbitrary web script or HTML via a crafted payload in a filename parameter (e.g., to the FileRead function). This occurs because the error mes...

Published: Mar 02, 2026
Source: NVD
CVE-2025-50186 MEDIUM - 4.8

Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting (XSS) vulnerability exists due to insufficient sanitization of CSV filenames. An attacker can upload a maliciously named CSV file (e.g., <img src=q onerror=prompt(8)>.csv) that leads to JavaScript ...

Vendor: chamilo
Product: chamilo-lms
Published: Mar 02, 2026
Source: NVD
CVE-2024-50337 MEDIUM - 5.3

Chamilo is a learning management system. Prior to version 1.11.28, the OpenId function allows anyone to send requests to any URL on server's behalf, which results in unauthenticated blind SSRF. This issue has been patched in version 1.11.28.

Vendor: chamilo
Product: chamilo-lms
Published: Mar 02, 2026
Source: NVD
CVE-2026-26698 MEDIUM - 4.9

code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/modal_edit.php.

Vendor: carmelo
Product: simple_student_alumni_system
Published: Mar 02, 2026
Source: NVD
CVE-2026-26697 MEDIUM - 4.9

code-projects Simple Student Alumni System code-projects v1.0 is vulnerable to SQL Injection in /TracerStudy/recordteacher_view.php?teacherID=.

Vendor: carmelo
Product: simple_student_alumni_system
Published: Mar 02, 2026
Source: NVD
CVE-2026-1628 MEDIUM - 4.6

Mattermost Desktop App versions <=5.13.3 fail to attach listeners restricting navigation to external sites within the Mattermost app which allows a malicious server to expose preload script functionality to untrusted servers via having a user open an external link in their Mattermost server. Matt...

Vendor: mattermost
Product: mattermost_desktop
Published: Mar 02, 2026
Source: NVD
CVE-2025-58406 MEDIUM - 4.3

The CGM CLININET application respond without essential security HTTP headers, exposing users to client‑side attacks such as clickjacking, MIME sniffing, unsafe caching, weak cross‑origin isolation, and missing transport security controls.

Vendor: CGM
Product: CGM CLININET
Published: Mar 02, 2026
Source: NVD
CVE-2025-58405 MEDIUM - 6.1

The CGM CLININET application does not implement any mechanisms that prevent clickjacking attacks, neither HTTP security headers nor HTML-based frame‑busting protections were detected. As a result, an attacker can embed the application inside a maliciously crafted IFRAME and trick users into performi...

Vendor: CGM
Product: CGM CLININET
Published: Mar 02, 2026
Source: NVD
CVE-2026-20445 MEDIUM - 4.4

In MDDP, there is a possible system crash due to a race condition. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10289875; Issue ID: MSV-5184.

Vendor: MediaTek, Inc.
Product: MT6835, MT6855, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6991, MT6993, MT8188, MT8678, MT8755, MT8771, MT8797, MT8798
Published: Mar 02, 2026
Source: NVD
CVE-2026-20444 MEDIUM - 6.7

In display, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10436995; Issue ID: MSV-5721.

Vendor: google
Product: android
Published: Mar 02, 2026
Source: NVD
CVE-2026-20443 MEDIUM - 6.7

In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10436998; Issue ID: MSV-5722.

Vendor: google
Product: android
Published: Mar 02, 2026
Source: NVD
CVE-2026-20442 MEDIUM - 4.4

In display, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10436998; Issue ID: MSV-5723.

Vendor: google
Product: android
Published: Mar 02, 2026
Source: NVD
CVE-2026-20441 MEDIUM - 6.7

In MAE, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10432500; Issue ID: MSV-5803.

Vendor: MediaTek, Inc.
Product: MT2718, MT6899, MT6991, MT8678, MT8793
Published: Mar 02, 2026
Source: NVD
CVE-2026-20440 MEDIUM - 6.7

In MAE, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10431968; Issue ID: MSV-5824.

Vendor: MediaTek, Inc.
Product: MT2718, MT6899, MT6991, MT8678, MT8793
Published: Mar 02, 2026
Source: NVD
CVE-2026-20439 MEDIUM - 4.4

In imgsys, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10431955; Issue ID: MSV-5826.

Vendor: MediaTek, Inc.
Product: MT2718, MT6899, MT6991, MT8678, MT8793
Published: Mar 02, 2026
Source: NVD
CVE-2026-20438 MEDIUM - 6.4

In MAE, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10431920; Issue ID: MSV-5835.

Vendor: MediaTek, Inc.
Product: MT2718, MT6899, MT6991, MT8168, MT8169, MT8186, MT8188, MT8678, MT8695, MT8696, MT8793
Published: Mar 02, 2026
Source: NVD
CVE-2026-20437 MEDIUM - 4.4

In MAE, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10431940; Issue ID: MSV-5843.

Vendor: MediaTek, Inc.
Product: MT2718, MT6899, MT6991, MT8678, MT8793
Published: Mar 02, 2026
Source: NVD
CVE-2026-20436 MEDIUM - 6.7

In wlan STA driver, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00473802; Issue ID: MSV-5970...

Vendor: MediaTek, Inc.
Product: MT7902, MT7920, MT7921, MT7922, MT7925, MT7927, MT8696
Published: Mar 02, 2026
Source: NVD
CVE-2026-20435 MEDIUM - 4.6

In preloader, there is a possible read of device unique identifiers due to a logic error. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS...

Vendor: linuxfoundation
Product: yocto
Published: Mar 02, 2026
Source: NVD
CVE-2026-20429 MEDIUM - 4.4

In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5535.

Vendor: MediaTek, Inc.
Product: MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6991, MT6993, MT8196, MT8678, MT8793
Published: Mar 02, 2026
Source: NVD