Search
19,079 CVEs
CVEs (19,079, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 226–250 of 19,079 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↑ | Description |
|---|---|---|---|---|---|
| CVE-2026-31874 | CRITICAL | 9.8 | 2026-03-11 | Taskosaur is an open source project management platform with conversational AI for task execution in-app. In 1.0.0, the application does not properly validate or restrict t… | |
| CVE-2026-31876 | MEDIUM | Patched | 5.4 | 2026-03-11 | Notesnook is a note-taking app focused on user privacy & ease of use. Prior to 3.3.9, a Stored Cross-Site Scripting (XSS) vulnerability existed in Notesnook's editor embed … |
| CVE-2026-31877 | CRITICAL | Patched | 9.8 | 2026-03-11 | Frappe is a full-stack web application framework. Prior to 15.84.0 and 14.99.0, a specially crafted request made to a certain endpoint could result in SQL injection, allowi… |
| CVE-2026-31878 | MEDIUM | Patched | 5.0 | 2026-03-11 | Frappe is a full-stack web application framework. Prior to 14.100.1, 15.100.0, and 16.6.0, a malicious user could send a crafted request to an endpoint which would lead to … |
| CVE-2026-31879 | MEDIUM | Patched | 5.4 | 2026-03-11 | Frappe is a full-stack web application framework. Prior to 14.100.2, 15.101.0, and 16.10.0, due to a lack of validation and improper permission checks, users could modify o… |
| CVE-2026-31881 | HIGH | Patched | 7.7 | 2026-03-11 | Runtipi is a personal homeserver orchestrator. Prior to 4.8.0, an unauthenticated attacker can reset the operator (admin) password when a password-reset request is active, … |
| CVE-2026-31887 | HIGH | Patched | 7.5 | 2026-03-11 | Shopware is an open commerce platform. Prior to 6.7.8.1 and 6.6.10.15, an insufficient check on the filter types for unauthenticated customers allows access to orders of ot… |
| CVE-2026-31888 | MEDIUM | Patched | 5.3 | 2026-03-11 | Shopware is an open commerce platform. Prior to 6.7.8.1 and 6.6.10.15, the Store API login endpoint (POST /store-api/account/login) returns different error codes depending … |
| CVE-2026-3949 | LOW | 3.3 | 2026-03-11 | A vulnerability was determined in strukturag libheif up to 1.21.2. This affects the function vvdec_push_data2 of the file libheif/plugins/decoder_vvdec.cc of the component … | |
| CVE-2026-24508 | LOW | Patched | 2.5 | 2026-03-11 | Dell Alienware Command Center (AWCC), versions prior to 6.12.24.0, contain an Improper Certificate Validation vulnerability. A low privileged attacker with local access cou… |
| CVE-2026-24510 | MEDIUM | Patched | 6.7 | 2026-03-11 | Dell Alienware Command Center (AWCC), versions prior to 6.12.24.0, contain an Improper Privilege Management vulnerability. A low privileged attacker with local access could… |
| CVE-2026-27478 | CRITICAL | Patched | 9.1 | 2026-03-11 | Unity Catalog is an open, multi-modal Catalog for data and AI. In 0.4.0 and earlier, a critical authentication bypass vulnerability exists in the Unity Catalog token exchan… |
| CVE-2026-27703 | HIGH | Patched | 7.5 | 2026-03-11 | RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other embedded devices. In 2026.01 and e… |
| CVE-2026-31889 | HIGH | Patched | 8.9 | 2026-03-11 | Shopware is an open commerce platform. Prior to 6.6.10.15 and 6.7.8.1, a vulnerability in the Shopware app registration flow that could, under specific conditions, allow at… |
| CVE-2026-31894 | HIGH | Patched | 7.5 | 2026-03-11 | WeGIA is a web manager for charitable institutions. In 3.6.5, The patched loadBackupDB() extracts tar.gz archives to a temporary directory using PHP's PharData class, then … |
| CVE-2026-31895 | HIGH | Patched | 8.8 | 2026-03-11 | WeGIA is a web manager for charitable institutions. Prior to version 3.6.6, WeGIA (Web gerenciador para instituições assistenciais) contains a SQL injection vulnerability i… |
| CVE-2026-31896 | CRITICAL | Patched | 9.8 | 2026-03-11 | WeGIA is a web manager for charitable institutions. Prior to version 3.6.6, a critical SQL injection vulnerability exists in the WeGIA application. The remover_produto_ocul… |
| CVE-2026-31900 | CRITICAL | Patched | 9.8 | 2026-03-11 | Black is the uncompromising Python code formatter. Black provides a GitHub action for formatting code. This action supports an option, use_pyproject: true, for reading the … |
| CVE-2026-31901 | MEDIUM | Patched | 5.3 | 2026-03-11 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.34 and 9.6.0-alpha.8, the email verification endpoint (… |
| CVE-2026-31954 | NONE | Patched | 0.0 | 2026-03-11 | Emlog is an open source website building system. In 2.6.6 and earlier, the delete_async action (asynchronous delete) lacks a call to LoginAuth::checkToken(), enabling CSRF attacks. |
| CVE-2026-31957 | CRITICAL | Patched | 10.0 | 2026-03-11 | Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 3.0.0 to before 3.1.0, if Himmelblau is deployed without a configured tenant domain in… |
| CVE-2026-31958 | HIGH | Patched | 7.5 | 2026-03-11 | Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit on the number of parts in multipart/form-data i… |
| CVE-2026-31959 | MEDIUM | Patched | 5.3 | 2026-03-11 | Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 contains a Server-Side Request Forgery (SSRF) vulnerability when at… |
| CVE-2026-31960 | MEDIUM | Patched | 5.3 | 2026-03-11 | Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 has unbounded reads of HTTP response bodies during the Apple notari… |
| CVE-2026-31961 | MEDIUM | Patched | 5.5 | 2026-03-11 | Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 contains an unbounded memory allocation vulnerability when parsing … |