Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,743
Quick preset (or use dates below)
Clear Filters
Showing 10,801 - 10,820 of 14,604 CVEs
CVE-2025-9909 MEDIUM - 6.7

A flaw was found in the Red Hat Ansible Automation Platform Gateway route creation component. This vulnerability allows credential theft via the creation of misleading routes using a double-slash (//) prefix in the gateway_path. A malicious or socially engineered administrator can configure a honey-...

Published: Feb 27, 2026
Source: NVD
CVE-2025-9908 MEDIUM - 6.7

A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible (EDA) Event Streams. This vulnerability allows an authenticated user to gain access to sensitive internal infrastructure headers (such as X-Trusted-Proxy and X-Envoy-*) and event stream URLs via crafted requests and jo...

Published: Feb 27, 2026
Source: NVD
CVE-2025-9907 MEDIUM - 6.7

A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible (EDA) Event Stream API. This vulnerability allows exposure of sensitive client credentials and internal infrastructure headers via the test_headers field when an event stream is in test mode. The possible outcome inclu...

Published: Feb 27, 2026
Source: NVD
CVE-2025-9572 MEDIUM - 5.0

n authorization flaw in Foreman's GraphQL API allows low-privileged users to access metadata beyond their assigned permissions. Unlike the REST API, which correctly enforces access controls, the GraphQL endpoint does not apply proper filtering, leading to an authorization bypass.

Published: Feb 27, 2026
Source: NVD
CVE-2025-13327 MEDIUM - 6.3

A flaw was found in uv. This vulnerability allows an attacker to execute malicious code during package resolution or installation via specially crafted ZIP (Zipped Information Package) archives that exploit parsing differentials, requiring user interaction to install an attacker-controlled package.

Vendor: astral-sh, Red Hat
Product: uv, Red Hat AI Inference Server, Red Hat OpenShift AI (RHOAI)
Published: Feb 27, 2026
Source: NVD
CVE-2026-3302 MEDIUM - 4.3

A weakness has been identified in SourceCodester Doctor Appointment System 1.0. Affected by this issue is some unknown functionality of the file /register.php of the component Sign Up Page. Executing a manipulation of the argument Email can lead to cross site scripting. The attack can be launched re...

Vendor: remyandrade
Product: doctor_appointment_system
Published: Feb 27, 2026
Source: NVD
CVE-2025-14149 MEDIUM - 6.4

The Xpro Addons โ€” 140+ Widgets for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Scroller widget box link attribute in all versions up to, and including, 1.4.24 due to insufficient input sanitization and output escaping on user supplied attri...

Vendor: xpro
Product: Xpro Addons โ€” 140+ Widgets for Elementor
Published: Feb 27, 2026
Source: NVD
CVE-2025-14040 MEDIUM - 6.4

The Automotive Car Dealership Business WordPress Theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Call to Action' custom fields in all versions up to, and including, 13.4. This is due to insufficient input sanitization and output escaping on user-supplied attribute...

Vendor: themesuite
Product: Automotive Car Dealership Business WordPress Theme
Published: Feb 27, 2026
Source: NVD
CVE-2026-27653 MEDIUM - 6.7

The installers for multiple products provided by Soliton Systems K.K. contain an issue with incorrect default permissions, which may allow arbitrary code to be executed with SYSTEM privileges.

Vendor: Soliton Systems K.K.
Product: Soliton SecureBrowser for OneGate, Soliton SecureBrowser II, Soliton SecureWorkspace (formerly WrappingBox)
Published: Feb 27, 2026
Source: NVD
CVE-2026-3292 MEDIUM - 6.3

A security vulnerability has been detected in jizhiCMS up to 2.5.6. Affected is the function findAll in the library frphp/lib/Model.php of the component Batch Interface. The manipulation of the argument data leads to sql injection. The attack is possible to be carried out remotely. The exploit has b...

Vendor: jizhicms
Product: jizhicms
Published: Feb 27, 2026
Source: NVD
CVE-2026-3289 MEDIUM - 6.3

A weakness has been identified in Sanluan PublicCMS 6.202506.d. This impacts the function saveMetadata of the file TemplateCacheComponent.java of the component Template Cache Generation. Executing a manipulation can lead to path traversal. The attack can be executed remotely. The exploit has been ma...

Vendor: publiccms
Product: publiccms
Published: Feb 27, 2026
Source: NVD
CVE-2026-3287 MEDIUM - 6.3

A security flaw has been discovered in youlaitech youlai-mall 2.0.0. This affects the function listPagedSpuForApp of the file mall-pms/pms-boot/src/main/java/com/youlai/mall/pms/controller/app/SpuController.java of the component App-side Product Pagination Endpoint. Performing a manipulation of the ...

Vendor: youlai
Product: youlai-mall
Published: Feb 27, 2026
Source: NVD
CVE-2026-1558 MEDIUM - 5.3

The WP Recipe Maker plugin for WordPress is vulnerable to an Insecure Direct Object Reference (IDOR) in versions up to, and including, 10.3.2. This is due to the /wp-json/wp-recipe-maker/v1/integrations/instacart REST API endpoint's permission_callback being set to __return_true and a lack of s...

Published: Feb 27, 2026
Source: NVD
CVE-2026-3286 MEDIUM - 6.3

A vulnerability was identified in itwanger paicoding 1.0.0/1.0.1/1.0.2/1.0.3. The impacted element is the function Save of the file paicoding-web/src/main/java/com/github/paicoding/forum/web/common/image/rest/ImageRestController.java of the component Image Save Endpoint. Such manipulation of the arg...

Vendor: itwanger
Product: paicoding
Published: Feb 27, 2026
Source: NVD
CVE-2026-3281 MEDIUM - 5.3

A vulnerability was detected in libvips 8.19.0. This affects the function vips_bandrank_build of the file libvips/conversion/bandrank.c. Performing a manipulation of the argument index results in heap-based buffer overflow. The attack must be initiated from a local position. The exploit is now publi...

Vendor: libvips
Product: libvips
Published: Feb 27, 2026
Source: NVD
CVE-2026-20797 MEDIUM - 4.3

A stack based buffer overflow exists in an API route of XWEB Pro version 1.12.1 and prior, enabling unauthenticated attackers to cause stack corruption and a termination of the program.

Vendor: Copeland
Product: Copeland XWEB 300D PRO, Copeland XWEB 500D PRO, Copeland XWEB 500B PRO
Published: Feb 27, 2026
Source: NVD
CVE-2026-25774 MEDIUM - 6.5

Charging station authentication identifiers are publicly accessible via web-based mapping platforms.

Vendor: EV Energy
Product: ev.energy
Published: Feb 27, 2026
Source: NVD
CVE-2026-22878 MEDIUM - 6.5

Charging station authentication identifiers are publicly accessible via web-based mapping platforms.

Vendor: Mobility46
Product: mobility46.se
Published: Feb 27, 2026
Source: NVD
CVE-2021-4456 MEDIUM - 6.5

Net::CIDR versions before 0.24 for Perl mishandle leading zeros in IP CIDR addresses, which may have unspecified impact. The functions `addr2cidr` and `cidrlookup` may return leading zeros in a CIDR string, which may in turn be parsed as octal numbers by subsequent users. In some cases an attacker ...

Vendor: mrsam
Product: net\
Published: Feb 27, 2026
Source: NVD
CVE-2026-3270 MEDIUM - 6.3

A vulnerability has been found in psi-probe PSI Probe up to 5.3.0. This affects the function lookup of the file psi-probe-core/src/main/java/psiprobe/tools/Whois.java of the component Whois. The manipulation leads to server-side request forgery. The attack may be initiated remotely. The exploit has ...

Vendor: psi-probe
Product: psi_probe
Published: Feb 27, 2026
Source: NVD