Total CVEs

143,749

Critical Severity

4,091

High Severity

14,758

Last 7 Days

1,522
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 1,121 - 1,140 of 1,590 CVEs
CVE-2026-3632 LOW - 3.9

A flaw was found in libsoup, a library used by applications to send network requests. This vulnerability occurs because libsoup does not properly validate hostnames, allowing special characters to be injected into HTTP headers. A remote attacker could exploit this to perform HTTP smuggling, where th...

Vendor: gnome
Product: libsoup
Published: Mar 17, 2026
Source: NVD

The extension fails to verify, if an authenticated user has permissions to access to redirects resulting in exposure of redirect records when editing a page.

Vendor: composer
Product: ayacoo/redirect-tab
Published: Mar 17, 2026
Source: NVD
CVE-2026-4285 LOW - 2.7

A vulnerability was identified in taoofagi easegen-admin up to 8f87936ac774065b92fb20aab55b274a6ea76433. Impacted is the function recognizeMarkdown of the file yudao-module-digitalcourse/yudao-module-digitalcourse-biz/src/main/java/cn/iocoder/yudao/module/digitalcourse/util/Pdf2MdUtil.java. Such man...

Published: Mar 17, 2026
Source: NVD

Mattermost versions 10.11.x <= 10.11.10 fail to properly validate permission requirements in the team member roles API endpoint which allows team administrators to demote members to guest role. Mattermost Advisory ID: MMSA-2025-00531

Vendor: Mattermost
Product: Mattermost
Published: Mar 16, 2026
Source: NVD

The Google Cloud Storage for Craft CMS plugin provides a Google Cloud Storage integration for Craft CMS. In versions on the 2.x branch prior to 2.2.1, the `DefaultController->actionLoadBucketData()` endpoint allows unauthenticated users with a valid CSRF token to view a list of buckets that the p...

Vendor: composer
Product: craftcms/google-cloud
Published: Mar 16, 2026
Source: GitHub
CVE-2026-4251 LOW - 2.5

A vulnerability was determined in CityData CityChat up to 0.12.6 on Android. Affected by this vulnerability is an unknown functionality of the file resources/assets/flutter_assets/assets/credentials.json of the component ai.citydata.citychat. Executing a manipulation can lead to unprotected storage ...

Published: Mar 16, 2026
Source: NVD

Memray is a memory profiler for Python. Prior to Memray 1.19.2, Memray rendered the command line of the tracked process directly into generated HTML reports without escaping. Because there was no escaping, attacker-controlled command line arguments were inserted as raw HTML into the generated report...

Vendor: pip
Product: memray
Published: Mar 16, 2026
Source: GitHub

StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.4, the REST API `getUsers` endpoint in StudioCMS uses the attacker-controlled `rank` query parameter to decide whether owner accounts should be filtered from the result set. As a result, an admin toke...

Vendor: npm
Product: studiocms
Published: Mar 16, 2026
Source: GitHub
CVE-2026-4250 LOW - 2.5

A vulnerability was found in Albert Sağlık Hizmetleri ve Ticaret Albert Health up to 1.7.3 on Android. Affected is an unknown function of the file resources/assets/service-account.json of the component Google Cloud Service Account Key Handler. Performing a manipulation results in unprotected storage...

Published: Mar 16, 2026
Source: NVD
CVE-2026-4243 LOW - 2.5

A weakness has been identified in La Nacion App 10.2.25 on Android. This impacts an unknown function of the file source/app/lanacion/clublanacion/BuildConfig.java of the component app.lanacion.activity. Executing a manipulation of the argument API_KEY_WEBSOCKET_CV can lead to unprotected storage of ...

Published: Mar 16, 2026
Source: NVD
CVE-2026-4242 LOW - 2.5

A security flaw has been discovered in BabyChakra Pregnancy & Parenting App up to 5.4.3.0 on Android. This affects an unknown function of the file file app/babychakra/babychakra/Configuration.java of the component app.babychakra.babychakra. Performing a manipulation of the argument SEGMENT_WRITE...

Published: Mar 16, 2026
Source: NVD

Mattermost versions 10.11.x <= 10.11.10 fail to validate user's authentication method when processing account auth type switch which allows an authenticated attacker to change account password without confirmation via falsely claiming a different auth provider.. Mattermost Advisory ID: MMSA-...

Vendor: Mattermost
Product: Mattermost
Published: Mar 16, 2026
Source: NVD

HCL AION is affected by a vulnerability where certain identifiers may be predictable in nature. Predictable identifiers may allow an attacker to infer or guess system-generated values, potentially leading to limited information disclosure or unintended access under specific conditions.

Vendor: HCL
Product: AION
Published: Mar 16, 2026
Source: NVD

HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific con...

Vendor: HCL
Product: AION
Published: Mar 16, 2026
Source: NVD

HCL AION is affected by a vulnerability where model packaging and distribution mechanisms may not include sufficient authenticity verification. This may allow the possibility of unverified or modified model artifacts being used, potentially leading to integrity concerns or unintended behaviour.

Vendor: HCL
Product: AION
Published: Mar 16, 2026
Source: NVD

HCL AION is affected by a vulnerability where internal filesystem paths may be exposed through application responses or system behaviour. Exposure of internal paths may reveal environment structure details which could potentially aid in further targeted attacks or information disclosure.

Vendor: HCL
Product: AION
Published: Mar 16, 2026
Source: NVD

HCL AION is affected by a vulnerability related to the handling of upload size limits. Improper control or validation of upload sizes may allow excessive resource consumption, which could potentially lead to service degradation or denial-of-service conditions under certain scenarios.

Vendor: HCL
Product: AION
Published: Mar 16, 2026
Source: NVD

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to `set_tlsext_servername_callback` raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback fo...

Vendor: pip
Product: pyopenssl
Published: Mar 16, 2026
Source: GitHub
CVE-2026-4239 LOW - 3.5

A vulnerability was found in Lagom WHMCS Template up to 2.3.7. Impacted is an unknown function of the component Datatables. The manipulation results in improperly controlled modification of object prototype attributes. It is possible to launch the attack remotely. The exploit has been made public an...

Published: Mar 16, 2026
Source: NVD
CVE-2026-4225 LOW - 2.4

A security flaw has been discovered in CMS Made Simple up to 2.2.21. Impacted is an unknown function of the file admin/listusers.php of the component User Management Module. Performing a manipulation of the argument Message results in cross site scripting. The attack is possible to be carried out re...

Published: Mar 16, 2026
Source: NVD