Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,724
Quick preset (or use dates below)
Clear Filters
Showing 11,021 - 11,040 of 14,604 CVEs
CVE-2026-0400 MEDIUM - 4.9

A post-authentication Format String vulnerability in SonicOS allows a remote attacker to crash a firewall.

Vendor: sonicwall
Product: sonicos
Published: Feb 24, 2026
Source: NVD
CVE-2026-0399 MEDIUM - 4.9

Multiple post-authentication stack-based buffer overflow vulnerabilities in the SonicOS management interface due to improper bounds checking in a API endpoint.

Vendor: sonicwall
Product: sonicos
Published: Feb 24, 2026
Source: NVD
CVE-2025-10010 MEDIUM - 6.8

The CPSD CryptoPro Secure Disk application boots a small Linux operating system to perform user authentication before using BitLocker to decrypt the Windows partition. The system is located on a separate unencrypted partition which can be reached by anyone with access to the hard disk. Multiple che...

Vendor: CPSD IT SERVICES GMBH
Product: CryptoPro Secure Disk for BitLocker
Published: Feb 24, 2026
Source: NVD
CVE-2026-2804 MEDIUM - 5.4

Use-after-free in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148 and Thunderbird < 148.

Vendor: mozilla
Product: firefox
Published: Feb 24, 2026
Source: NVD
CVE-2026-2802 MEDIUM - 4.2

Race condition in the JavaScript: GC component. This vulnerability affects Firefox < 148 and Thunderbird < 148.

Vendor: mozilla
Product: firefox
Published: Feb 24, 2026
Source: NVD
CVE-2026-23984 MEDIUM - 6.5

An Improper Input Validation vulnerability exists in Apache Superset that allows an authenticated user with SQLLab access to bypass the read-only verification check when using a PostgreSQL database connection. While the system effectively blocks standard Data Manipulation Language (DML) statements (...

Vendor: Apache Software Foundation
Product: Apache Superset
Published: Feb 24, 2026
Source: NVD
CVE-2026-23983 MEDIUM - 6.5

A Sensitive Data Exposure vulnerability exists in Apache Superset allowing authenticated users to retrieve sensitive user information. The Tag endpoint (disabled by default) allows users to retrieve a list of objects associated with a specific tag. When these associated objects include Users, the AP...

Vendor: Apache Software Foundation
Product: Apache Superset
Published: Feb 24, 2026
Source: NVD
CVE-2026-23982 MEDIUM - 6.5

An Improper Authorization vulnerability exists in Apache Superset that allows a low-privileged user to bypass data access controls. When creating a dataset, Superset enforces permission checks to prevent users from querying unauthorized data. However, an authenticated attacker with permissions to wr...

Vendor: Apache Software Foundation
Product: Apache Superset
Published: Feb 24, 2026
Source: NVD
CVE-2026-23980 MEDIUM - 6.5

Improper Neutralization of Special Elements used in a SQL Command ('SQL Injection') vulnerability in Apache Superset allows an authenticated user with read access to conduct error-based SQL injection via the sqlExpression or where parameters. This issue affects Apache Superset: before 6.0...

Vendor: Apache Software Foundation
Product: Apache Superset
Published: Feb 24, 2026
Source: NVD
CVE-2026-23969 MEDIUM - 6.5

Apache Superset utilizes a configurable dictionary, DISALLOWED_SQL_FUNCTIONS, to restrict the execution of potentially sensitive SQL functions within SQL Lab and charts. While this feature included restrictions for engines like PostgreSQL, a vulnerability was reported where the default list for the ...

Vendor: Apache Software Foundation
Product: Apache Superset
Published: Feb 24, 2026
Source: NVD
CVE-2026-1772 MEDIUM - 5.3

RTU500 web interface: An unprivileged user can read user management information. The information cannot be accessed via the RTU500 web user interface but requires further tools like browser development utilities to access them without required privileges.

Vendor: hitachienergy
Product: rtu520_firmware
Published: Feb 24, 2026
Source: NVD
CVE-2025-27555 MEDIUM - 6.5

Airflow versions before 2.11.1 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive connection parameters were set via airflow CLI, values of those variables appeared in the audit log and were store...

Vendor: Apache Software Foundation
Product: Apache Airflow
Published: Feb 24, 2026
Source: NVD
CVE-2026-24314 MEDIUM - 4.3

Under certain conditions SAP S/4HANA (Manage Payment Media) allows an authenticated attacker to access information which would otherwise be restricted. This could cause low impact on confidentiality of the application while integrity and availability are not impacted.

Vendor: SAP_SE
Product: S/4HANA (Manage Payment Media)
Published: Feb 24, 2026
Source: NVD
CVE-2026-3070 MEDIUM - 4.3

A vulnerability was detected in SourceCodester Modern Image Gallery App 1.0. Affected by this vulnerability is an unknown functionality of the file upload.php. The manipulation of the argument filename results in cross site scripting. The attack may be launched remotely. The exploit is now public an...

Vendor: remyandrade
Product: modern_image_gallery_app
Published: Feb 24, 2026
Source: NVD
CVE-2026-3067 MEDIUM - 6.3

A vulnerability has been found in HummerRisk up to 1.5.0. This issue affects the function extractTarGZ/extractZip of the file hummer-common/hummer-common-core/src/main/java/com/hummer/common/core/utils/CommandUtils.java of the component Archive Extraction. The manipulation leads to path traversal. T...

Vendor: hummerrisk
Product: hummerrisk
Published: Feb 24, 2026
Source: NVD
CVE-2026-3066 MEDIUM - 6.3

A flaw has been found in HummerRisk up to 1.5.0. This vulnerability affects the function fixedCommand of the file hummer-common/hummer-common-core/src/main/java/com/hummer/common/core/utils/PlatformUtils.java of the component Cloud Compliance Scanning. Executing a manipulation can lead to command in...

Vendor: hummerrisk
Product: hummerrisk
Published: Feb 24, 2026
Source: NVD
CVE-2026-27461 MEDIUM - 4.9

Pimcore is an Open Source Data & Experience Management Platform. In versions up to and including 11.5.14.1 and 12.3.2, the filter query parameter in the dependency listing endpoints is JSON-decoded and the value field is concatenated directly into RLIKE clauses without sanitization or parameteri...

Vendor: pimcore
Product: pimcore
Published: Feb 24, 2026
Source: NVD
CVE-2026-3091 MEDIUM - 6.7

An uncontrolled search path element vulnerability in Synology Presto Client before 2.1.3-0672 allows local users to read or write arbitrary files during installation by placing a malicious DLL in advance in the same directory as the installer.

Published: Feb 24, 2026
Source: NVD
CVE-2026-3065 MEDIUM - 6.3

A vulnerability was detected in HummerRisk up to 1.5.0. This affects the function CommandUtils.commonExecCmdWithResult of the file CloudTaskService.java of the component Cloud Task Dry-run. Performing a manipulation of the argument fileName results in command injection. Remote exploitation of the at...

Vendor: hummerrisk
Product: hummerrisk
Published: Feb 24, 2026
Source: NVD
CVE-2026-3064 MEDIUM - 6.3

A security vulnerability has been detected in HummerRisk up to 1.5.0. Affected by this issue is some unknown functionality of the file ResourceCreateService.java of the component Cloud Task Scheduler. Such manipulation of the argument regionId leads to command injection. The attack may be launched r...

Vendor: hummerrisk
Product: hummerrisk
Published: Feb 24, 2026
Source: NVD