Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,724
Quick preset (or use dates below)
Clear Filters
Showing 10,981 - 11,000 of 14,604 CVEs
CVE-2026-27621 MEDIUM - 5.4

TypiCMS is a multilingual content management system based on the Laravel framework. A Stored Cross-Site Scripting (XSS) vulnerability exists in the file upload module of TypiCMS prior to version 16.1.7. The application allows users with file upload permissions to upload SVG files. While there is a M...

Vendor: TypiCMS
Product: Core
Published: Feb 25, 2026
Source: NVD
CVE-2026-27612 MEDIUM - 6.1

Repostat is a React component to fetch and display GitHub repository info. Prior to version 1.0.1, the `RepoCard` component is vulnerable to Reflected Cross-Site Scripting (XSS). The vulnerability occurs because the component uses React's `dangerouslySetInnerHTML` to render the repository name ...

Vendor: denpiligrim
Product: repostat
Published: Feb 25, 2026
Source: NVD
CVE-2026-25135 MEDIUM - 4.5

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0 have an information disclosure vulnerability that leaks the entire contact information for all users, organizations, and patients in the system to anyone who has the syste...

Vendor: openemr
Product: openemr
Published: Feb 25, 2026
Source: NVD
CVE-2025-5781 MEDIUM - 5.2

Information Exposure Vulnerability in Hitachi Ops Center API Configuration Manager, Hitachi Configuration Manager, Hitachi Device Manager allows Session Hijacking.This issue affects Hitachi Ops Center API Configuration Manager: from 10.0.0-00 before 11.0.5-00; Hitachi Configuration Manager: from 8.5...

Vendor: hitachi
Product: configuration_manager
Published: Feb 25, 2026
Source: NVD
CVE-2026-25127 MEDIUM - 6.5

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the server does not properly validate user permission. Unauthorized users can view the information of authorized users. Version 8.0.0 fixes the issue.

Vendor: openemr
Product: openemr
Published: Feb 25, 2026
Source: NVD
CVE-2026-25124 MEDIUM - 6.5

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the OpenEMR application is vulnerable to an access control flaw that allows low-privileged users, such as receptionists, to export the entire message list containing sensi...

Vendor: openemr
Product: openemr
Published: Feb 25, 2026
Source: NVD
CVE-2026-24896 MEDIUM - 6.5

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, a Broken Access Control vulnerability exists in OpenEMR’s edih_main.php endpoint, which allows any authenticated user—including low-privilege roles like Receptionist—to ac...

Vendor: openemr
Product: openemr
Published: Feb 25, 2026
Source: NVD
CVE-2026-24847 MEDIUM - 6.1

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the Eye Exam form module allows any authenticated user to be redirected to an arbitrary external URL. This can be exploited for phishing attacks against healthcare provide...

Vendor: openemr
Product: openemr
Published: Feb 25, 2026
Source: NVD
CVE-2026-21443 MEDIUM - 6.1

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the `xl()` translation function returns unescaped strings. While wrapper functions exist for escaping in different contexts (`xlt()` for HTML, `xla()` for attributes, `xlj...

Vendor: openemr
Product: openemr
Published: Feb 25, 2026
Source: NVD
CVE-2025-68277 MEDIUM - 5.0

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 7.0.4, when a link is sent via Secure Messaging, clicking the link opens the website within the OpenEMR/Portal site. This behavior could be exploited for phishing. Version 7.0.4 ...

Vendor: openemr
Product: openemr
Published: Feb 25, 2026
Source: NVD
CVE-2026-3137 MEDIUM - 5.3

A security vulnerability has been detected in CodeAstro Food Ordering System 1.0. This affects an unknown function of the file food_ordering.exe. Such manipulation leads to stack-based buffer overflow. The attack can only be performed from a local environment. The exploit has been disclosed publicly...

Vendor: codeastro
Product: food_ordering_system
Published: Feb 25, 2026
Source: NVD
CVE-2025-67491 MEDIUM - 5.4

OpenEMR is a free and open source electronic health records and medical practice management application. Versions 5.0.0.5 through 7.0.3.4 have a stored cross-site scripting vulnerability in the ub04 helper of the billing interface. The variable `$data` is passed in a click event handler enclosed in ...

Vendor: openemr
Product: openemr
Published: Feb 25, 2026
Source: NVD
CVE-2026-26351 MEDIUM - 4.8

GetSimpleCMS Community Edition (CE) version 3.3.16 contains a stored cross-site scripting (XSS) vulnerability in the Theme to Components functionality within components.php. User-supplied input provided to the "slug" field of a component is stored without proper output encoding. While othe...

Vendor: GetSimpleCMS-CE
Product: GetSimpleCMS-CE
Published: Feb 24, 2026
Source: NVD
CVE-2026-27572 MEDIUM - 7.5

Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.6, 36.0.6, 4.0.04, 41.0.4, and 42.0.0, Wasmtime's implementation of the `wasi:http/types.fields` resource is susceptible to panics when too many fields are added to the set of headers. Wasmtime's implementation in the `wasmtime-...

Vendor: bytecodealliance
Product: wasmtime
Published: Feb 24, 2026
Source: NVD
CVE-2026-27204 MEDIUM - 6.5

Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.6, 36.0.6, 4.0.04, 41.0.4, and 42.0.0, Wasmtime's implementation of WASI host interfaces are susceptible to guest-controlled resource exhaustion on the host. Wasmtime did not appropriately place limits on resource allocations request...

Vendor: bytecodealliance
Product: wasmtime
Published: Feb 24, 2026
Source: NVD
CVE-2026-27195 MEDIUM - 7.5

Wasmtime is a runtime for WebAssembly. Starting with Wasmtime 39.0.0, the `component-model-async` feature became the default, which brought with it a new implementation of `[Typed]Func::call_async` which made it capable of calling async-typed guest export functions. However, that implementation had...

Vendor: bytecodealliance
Product: wasmtime
Published: Feb 24, 2026
Source: NVD
CVE-2026-27117 MEDIUM - 5.5

bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.11, a path traversal vulnerability ("Zip Slip") exists in bit7z's archive extraction functionality. The library does not adequately validate file paths contained ...

Vendor: rikyoz
Product: bit7z
Published: Feb 24, 2026
Source: NVD
CVE-2026-25882 MEDIUM - 7.5

Fiber is an Express inspired web framework written in Go. A denial of service vulnerability exists in Fiber v2 and v3 that allows remote attackers to crash the application by sending requests to routes with more than 30 parameters. The vulnerability results from missing validation during route regis...

Vendor: gofiber
Product: fiber
Published: Feb 24, 2026
Source: NVD
CVE-2025-46320 MEDIUM - 6.1

A cross-site scripting (XSS) vulnerability in a FileMaker WebDirect custom homepage could lead to unauthorized access and remote code execution. This vulnerability has been fully addressed in FileMaker Server 22.0.4 and FileMaker Server 21.1.7.

Vendor: Claris
Product: FileMaker Server
Published: Feb 24, 2026
Source: NVD
CVE-2026-3131 MEDIUM - 6.5

Improper access control in multiple DVLS REST API endpoints in Devolutions Server 2025.3.14.0 and earlier allows an authenticated user with view-only permission to access sensitive connection data.

Vendor: devolutions
Product: devolutions_server
Published: Feb 24, 2026
Source: NVD