Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,724
Quick preset (or use dates below)
Clear Filters
Showing 10,741 - 10,760 of 14,108 CVEs
CVE-2026-3132 HIGH - 8.8

The Master Addons for Elementor Premium plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.1.3 via the 'JLTMA_Widget_Admin::render_preview'. This is due to missing capability check. This makes it possible for authenticated attackers, with Su...

Published: Mar 02, 2026
Source: NVD
CVE-2026-0655 HIGH - 8.0

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in TP-Link Deco BE25 v1.0 (web modules) allows authenticated adjacent attacker to read arbitrary files or cause denial of service.ย ย This issue affects Deco BE25 v1.0: through 1.1.1 Build 20250822.

Vendor: tp-link
Product: deco_be25_firmware
Published: Mar 02, 2026
Source: NVD
CVE-2026-0654 HIGH - 8.0

Improper input handling in the administration web interface on TP-Link Deco BE25 v1.0 allows crafted input to be executed as part of an OS command. An authenticated adjacent attacker may execute arbitrary commands via crafted configuration file, impacting confidentiality, integrity and availability...

Vendor: tp-link
Product: deco_be25_firmware
Published: Mar 02, 2026
Source: NVD
CVE-2026-21882 HIGH - 8.4

theshit is a command-line utility that automatically detects and fixes common mistakes in shell commands. Prior to version 0.2.0, improper privilege dropping allows local privilege escalation via command re-execution. This issue has been patched in version 0.2.0.

Vendor: rust
Product: theshit
Published: Mar 02, 2026
Source: GitHub
CVE-2026-28399 HIGH - 8.8

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, an authenticated user with Creator role can inject arbitrary SQL via the DATEADD formula's unit parameter. This issue has been patched in version 0.301.3.

Vendor: nocodb
Product: nocodb
Published: Mar 02, 2026
Source: NVD
CVE-2026-28286 HIGH - 8.5

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.2-beta3, the application enforces restrictions in the frontend/UI to prevent users from creating files or folders in internal OS paths. However, when interacting directly with the API, the r...

Vendor: IceWhaleTech
Product: ZimaOS
Published: Mar 02, 2026
Source: NVD
CVE-2026-21385 HIGH - 7.8

Memory corruption while using alignments for memory allocation.

Vendor: Qualcomm, Inc.
Product: Snapdragon
Published: Mar 02, 2026
Source: NVD
CVE-2025-70252 HIGH - 7.5

An issue was discovered in /goform/WifiWpsStart in Tenda AC6V2.0 V15.03.06.23_multi. The index and mode are controllable. If the conditions are met to sprintf, they will be spliced into tmp. It is worth noting that there is no size check,which leads to a stack overflow vulnerability.

Vendor: tenda
Product: ac6_firmware
Published: Mar 02, 2026
Source: NVD
CVE-2025-64427 HIGH - 7.1

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.0 and prior, due to insufficient validation or restriction of target URLs, an authenticated local user can craft requests that target internal IP addresses (e.g., 127.0.0.1, localhost, or pr...

Vendor: IceWhaleTech
Product: ZimaOS
Published: Mar 02, 2026
Source: NVD
CVE-2025-59603 HIGH - 7.8

Memory Corruption when processing invalid user address with nonstandard buffer address.

Vendor: Qualcomm, Inc.
Product: Snapdragon
Published: Mar 02, 2026
Source: NVD
CVE-2025-59600 HIGH - 7.8

Memory Corruption when adding user-supplied data without checking available buffer space.

Vendor: Qualcomm, Inc.
Product: Snapdragon
Published: Mar 02, 2026
Source: NVD
CVE-2025-47386 HIGH - 7.8

Memory Corruption while invoking IOCTL calls when concurrent access to shared buffer occurs.

Vendor: Qualcomm, Inc.
Product: Snapdragon
Published: Mar 02, 2026
Source: NVD
CVE-2025-47385 HIGH - 7.8

Memory Corruption when accessing trusted execution environment without proper privilege check.

Vendor: Qualcomm, Inc.
Product: Snapdragon
Published: Mar 02, 2026
Source: NVD
CVE-2025-47383 HIGH - 7.2

Weak configuration may lead to cryptographic issue when a VoWiFi call is triggered from UE.

Vendor: Qualcomm, Inc.
Product: Snapdragon
Published: Mar 02, 2026
Source: NVD
CVE-2025-47381 HIGH - 7.8

Memory Corruption while processing IOCTL calls when concurrent access to shared buffer occurs.

Vendor: Qualcomm, Inc.
Product: Snapdragon
Published: Mar 02, 2026
Source: NVD
CVE-2025-47379 HIGH - 7.8

Memory Corruption when concurrent access to shared buffer occurs due to improper synchronization between assignment and deallocation of buffer resources.

Vendor: Qualcomm, Inc.
Product: Snapdragon
Published: Mar 02, 2026
Source: NVD
CVE-2025-47378 HIGH - 7.1

Cryptographic Issue when a shared VM reference allows HLOS to boot loader and access cert chain.

Vendor: Qualcomm, Inc.
Product: Snapdragon
Published: Mar 02, 2026
Source: NVD
CVE-2025-47377 HIGH - 7.8

Memory Corruption when accessing a buffer after it has been freed while processing IOCTL calls.

Vendor: Qualcomm, Inc.
Product: Snapdragon
Published: Mar 02, 2026
Source: NVD
CVE-2025-47376 HIGH - 7.8

Memory Corruption when concurrent access to shared buffer occurs during IOCTL calls.

Vendor: Qualcomm, Inc.
Product: Snapdragon
Published: Mar 02, 2026
Source: NVD
CVE-2025-47375 HIGH - 7.8

Memory corruption while handling different IOCTL calls from the user-space simultaneously.

Vendor: Qualcomm, Inc.
Product: Snapdragon
Published: Mar 02, 2026
Source: NVD