Total CVEs

143,749

Critical Severity

4,091

High Severity

14,758

Last 7 Days

1,518
Quick preset (or use dates below)
Clear Filters
πŸ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years β†’
Showing 1,141 - 1,160 of 1,590 CVEs
CVE-2026-4222 LOW - 3.8

A vulnerability was determined in SSCMS up to 7.4.0. This vulnerability affects the function PathUtils.RemoveParentPath of the file /api/admin/plugins/install/actions/download. This manipulation of the argument path causes path traversal. Remote exploitation of the attack is possible. The exploit ha...

Published: Mar 16, 2026
Source: NVD
CVE-2026-4219 LOW - 3.3

A flaw has been found in INDEX Conferences & Exhibitions Organization YWF BPOF APGCS App up to 1.0.2 on Android. Affected by this vulnerability is an unknown functionality of the file com/index/event/BuildConfig.java of the component ae.index.apgcs. Executing a manipulation of the argument ACCES...

Published: Mar 16, 2026
Source: NVD
CVE-2026-4218 LOW - 2.5

A vulnerability was detected in myAEDES App up to 1.18.4 on Android. Affected is an unknown function of the file aedes/me/beta/utils/EngageBayUtils.java of the component aedes.me.beta. Performing a manipulation of the argument AUTH_KEY results in information disclosure. The attack is only possible w...

Published: Mar 16, 2026
Source: NVD
CVE-2026-4217 LOW - 2.5

A security vulnerability has been detected in XREAL Nebula App up to 3.2.1 on Android. This impacts an unknown function of the file inΒ ai/nreal/nebula/flutterPlugin/CloudStoragePlugin.java of the component ai.nreal.nebula.universal. Such manipulation of the argument accessKey/secretAccessKey/securit...

Published: Mar 16, 2026
Source: NVD
CVE-2026-4186 LOW - 3.5

A vulnerability was determined in UEditor up to 1.4.3.2. This issue affects some unknown processing of the file php/controller.php?action=uploadimage of the component JSONP Callback Handler. This manipulation of the argument callback causes cross site scripting. The attack can be initiated remotely....

Published: Mar 16, 2026
Source: NVD
CVE-2026-4175 LOW - 3.5

A vulnerability was determined in Aureus ERP up to 1.3.0-BETA2. The affected element is an unknown function of the file plugins/webkul/chatter/resources/views/filament/infolists/components/messages/content-text-entry.blade.php of the component Chatter Message Handler. Executing a manipulation of the...

Published: Mar 16, 2026
Source: NVD
CVE-2026-4174 LOW - 3.3

A vulnerability has been found in Radare2 5.9.9. This issue affects the function walk_exports_trie of the file libr/bin/format/mach0/mach0.c of the component Mach-O File Parser. Such manipulation leads to resource consumption. The attack can only be performed from a local environment. The exploit ha...

Published: Mar 16, 2026
Source: NVD
CVE-2026-4169 LOW - 2.4

A security flaw has been discovered in Tecnick TCExam up to 16.6.0. Affected is the function F_xml_export_users of the file admin/code/tce_xml_users.php of the component XML Export. Performing a manipulation results in cross site scripting. Remote exploitation of the attack is possible. There are st...

Published: Mar 16, 2026
Source: NVD
CVE-2026-4168 LOW - 2.4

A vulnerability was identified in Tecnick TCExam 16.5.0. This impacts an unknown function of the file /admin/code/tce_edit_group.php of the component Group Handler. Such manipulation of the argument Name leads to cross site scripting. The attack may be launched remotely. The exploit is publicly avai...

Published: Mar 16, 2026
Source: NVD
CVE-2026-4166 LOW - 3.5

A vulnerability was found in Wavlink WL-NU516U1 240425. The impacted element is the function sub_404F68 of the file /cgi-bin/login.cgi. The manipulation of the argument homepage/hostname results in cross site scripting. The attack can be launched remotely. The exploit has been made public and could ...

Published: Mar 16, 2026
Source: NVD
CVE-2026-4165 LOW - 2.4

A vulnerability has been found in Worksuite HR, CRM and Project Management up to 5.5.25. The affected element is an unknown function of the file /account/orders/create. The manipulation of the argument Client Note leads to cross site scripting. The attack can be initiated remotely. The exploit has b...

Published: Mar 16, 2026
Source: NVD

libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition.

Vendor: libexpat project
Product: libexpat
Published: Mar 16, 2026
Source: NVD

telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEW_ENVIRON SEND USERVAR.

Vendor: GNU
Product: inetutils
Published: Mar 16, 2026
Source: NVD

Lean 4 VS Code Extension is a Visual Studio Code extension for the Lean 4 proof assistant. Projects that use @leanprover/unicode-input-component are vulnerable to an XSS exploit in 0.1.9 of the package and lower. The component re-inserted text in the input element back into the input element as unes...

Vendor: leanprover
Product: vscode-lean4
Published: Mar 16, 2026
Source: NVD

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, in multi-user mode, AnythingLLM blocks suspended users on the normal JWT-backed session path, but it does not block them on the browser extension API key...

Vendor: Mintplex-Labs
Product: anything-llm
Published: Mar 16, 2026
Source: NVD

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The two generic system-preferences endpoints allow manager role access, while every other surface that touches the same settings is restricted to admin o...

Vendor: Mintplex-Labs
Product: anything-llm
Published: Mar 16, 2026
Source: NVD

Improper authorization in Settings prior to SMR Mar-2026 Release 1 allows local attacker to disable configuring the background data usage of application.

Vendor: Samsung Mobile
Product: Samsung Mobile Devices
Published: Mar 16, 2026
Source: NVD

Improper verification of cryptographic signature in Font Settings prior to SMR Mar-2026 Release 1 allows physical attackers to use custom font.

Vendor: Samsung Mobile
Product: Samsung Mobile Devices
Published: Mar 16, 2026
Source: NVD
CVE-2026-0849 LOW - 3.8

Malformed ATAES132A responses with an oversized length field overflow a 52-byte stack buffer in the Zephyr crypto driver, allowing a compromised device or bus attacker to corrupt kernel memory and potentially hijack execution.

Published: Mar 16, 2026
Source: NVD
CVE-2026-0639 LOW - 3.3

in OpenHarmony v6.0 and prior versions allow a local attacker case DOS through missing release of memory.

Vendor: openatom
Product: openharmony
Published: Mar 16, 2026
Source: NVD