Total CVEs

143,749

Critical Severity

4,091

High Severity

14,758

Last 7 Days

1,527
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 1,061 - 1,080 of 1,590 CVEs

Action View provides conventions and helpers for building web pages with the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, when a blank string is used as an HTML attribute name in Action View tag helpers, the attribute escaping is bypassed, producing malformed HTML. A carefully c...

Vendor: rails
Product: actionview
Published: Mar 23, 2026
Source: NVD

Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page, leadin...

Vendor: rails
Product: actionpack
Published: Mar 23, 2026
Source: NVD
CVE-2026-4596 LOW - 3.5

A vulnerability was identified in projectworlds Lawyer Management System 1.0. This issue affects some unknown processing of the file /lawyers.php. The manipulation of the argument first_Name leads to cross site scripting. The attack may be initiated remotely. The exploit is publicly available and mi...

Published: Mar 23, 2026
Source: NVD
CVE-2026-4595 LOW - 2.4

A vulnerability was determined in code-projects Exam Form Submission 1.0. This vulnerability affects unknown code of the file /admin/update_s6.php. Executing a manipulation of the argument sname can lead to cross site scripting. The attack can be launched remotely. The exploit has been publicly disc...

Published: Mar 23, 2026
Source: NVD
CVE-2026-4590 LOW - 3.1

A security flaw has been discovered in kalcaddle kodbox 1.64. The impacted element is an unknown function of the file /workspace/source-code/plugins/oauth/controller/bind/index.class.php of the component loginSubmit API. Performing a manipulation of the argument third results in cross-site request f...

Published: Mar 23, 2026
Source: NVD
CVE-2026-4588 LOW - 3.7

A vulnerability was determined in kalcaddle kodbox 1.64. Impacted is the function shareSafeGroup of the file /workspace/source-code/app/controller/explorer/shareOut.class.php of the component Site-level API key Handler. This manipulation of the argument sk causes use of hard-coded cryptographic key ...

Published: Mar 23, 2026
Source: NVD
CVE-2026-4587 LOW - 3.7

A vulnerability was found in HybridAuth up to 3.12.2. This issue affects some unknown processing of the file src/HttpClient/Curl.php of the component SSL Handler. The manipulation of the argument curlOptions results in improper certificate validation. The attack can be launched remotely. This attack...

Published: Mar 23, 2026
Source: NVD
CVE-2026-4584 LOW - 3.1

A flaw has been found in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. This affects an unknown part of the component Cardholder Data Handler. Executing a manipulation can lead to cleartext transmission of sensitive information. The attack requires access to the local network. The attack requires a h...

Published: Mar 23, 2026
Source: NVD
CVE-2026-4633 LOW - 3.7

A flaw was found in Keycloak. A remote attacker can exploit differential error messages during the identity-first login flow when Organizations are enabled. This vulnerability allows an attacker to determine the existence of users, leading to information disclosure through user enumeration.

Published: Mar 23, 2026
Source: NVD
CVE-2026-4578 LOW - 2.4

A vulnerability was determined in code-projects Exam Form Submission 1.0. The impacted element is an unknown function of the file /admin/update_s3.php. Executing a manipulation of the argument sname can lead to cross site scripting. The attack may be launched remotely. The exploit has been publicly ...

Published: Mar 23, 2026
Source: NVD
CVE-2026-4577 LOW - 2.4

A vulnerability was found in code-projects Exam Form Submission 1.0. The affected element is an unknown function of the file /admin/update_s4.php. Performing a manipulation of the argument sname results in cross site scripting. The attack may be initiated remotely. The exploit has been made public a...

Published: Mar 23, 2026
Source: NVD
CVE-2026-4576 LOW - 2.4

A vulnerability has been found in code-projects Exam Form Submission 1.0. Impacted is an unknown function of the file /admin/update_s5.php. Such manipulation of the argument sname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may...

Published: Mar 23, 2026
Source: NVD
CVE-2026-4575 LOW - 2.4

A flaw has been found in code-projects Exam Form Submission 1.0. This issue affects some unknown processing of the file /admin/update_s2.php. This manipulation of the argument sname causes cross site scripting. The attack can be initiated remotely. The exploit has been published and may be used.

Published: Mar 23, 2026
Source: NVD
CVE-2026-4549 LOW - 3.1

A flaw has been found in mickasmt next-saas-stripe-starter 1.0.0. Affected by this issue is the function openCustomerPortal of the file actions/open-customer-portal.ts of the component Stripe API. This manipulation causes authorization bypass. Remote exploitation of the attack is possible. The compl...

Published: Mar 22, 2026
Source: NVD
CVE-2026-4115 LOW - 3.7

A vulnerability was detected in PuTTY 0.83. Affected is the function eddsa_verify of the file crypto/ecc-ssh.c of the component Ed25519 Signature Handler. The manipulation results in improper verification of cryptographic signature. The attack may be performed from remote. The attack requires a high...

Published: Mar 22, 2026
Source: NVD
CVE-2026-4544 LOW - 2.4

A vulnerability was determined in Wavlink WL-WN578W2 221110. This affects an unknown function of the file /cgi-bin/login.cgi of the component POST Request Handler. Executing a manipulation of the argument homepage/hostname/login_page can lead to cross site scripting. It is possible to launch the att...

Published: Mar 22, 2026
Source: NVD
CVE-2026-4541 LOW - 2.5

A flaw has been found in janmojzis tinyssh up to 20250501. Impacted is an unknown function of the file tinyssh/crypto_sign_ed25519_tinyssh.c of the component Ed25519 Signature Handler. This manipulation causes improper verification of cryptographic signature. The attack is restricted to local execut...

Published: Mar 22, 2026
Source: NVD
CVE-2026-4539 LOW - 3.3

A security flaw has been discovered in pygments up to 2.19.2. The impacted element is the function AdlLexer of the file pygments/lexers/archetype.py. The manipulation results in inefficient regular expression complexity. The attack is only possible with local access. The exploit has been released to...

Vendor: pip
Product: Pygments
Published: Mar 22, 2026
Source: NVD

SOGo before 5.12.5 does not renew the OTP if a user disables/enables it, and has a too short length (only 12 digits instead of the 20 recommended).

Vendor: Alinto
Product: SOGo
Published: Mar 22, 2026
Source: NVD

OpenClaw versions prior to 2026.2.22 reuse gateway.auth.token as a fallback hash secret for owner-ID prompt obfuscation when commands.ownerDisplay is set to hash and commands.ownerDisplaySecret is unset, creating dual-use of authentication secrets across security domains. Attackers with access to sy...

Vendor: OpenClaw
Product: OpenClaw
Published: Mar 21, 2026
Source: NVD