Search
19,079 CVEs
CVEs (19,079, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 251–275 of 19,079 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↑ | Description |
|---|---|---|---|---|---|
| CVE-2026-31974 | LOW | Patched | 3.0 | 2026-03-11 | OpenProject is an open-source, web-based project management software. Prior to 17.2.0, OpenProject SMTP test endpoint (POST /admin/settings/mail_notifications) accepts arbi… |
| CVE-2026-31976 | CRITICAL | Patched | 9.8 | 2026-03-11 | xygeni-action is the GitHub Action for Xygeni Scanner. On March 3, 2026, an attacker with access to compromised credentials created a series of pull requests (#46, #47, #48… |
| CVE-2026-31979 | HIGH | Patched | 8.8 | 2026-03-11 | Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Prior to 3.1.0 and 2.3.8, the himmelblaud-tasks daemon, running as root, writes Kerberos ca… |
| CVE-2026-32094 | MEDIUM | Patched | 6.5 | 2026-03-11 | Shescape is a simple shell escape library for JavaScript. Prior to 2.1.10, Shescape#escape() does not escape square-bracket glob syntax for Bash, BusyBox sh, and Dash. Appl… |
| CVE-2026-32095 | MEDIUM | Patched | 5.4 | 2026-03-11 | Plunk is an open-source email platform built on top of AWS SES. Prior to 0.7.1, Plunk's image upload endpoint accepted SVG files, which browsers treat as active documents c… |
| CVE-2026-32096 | CRITICAL | Patched | 9.3 | 2026-03-11 | Plunk is an open-source email platform built on top of AWS SES. Prior to 0.7.0, a Server-Side Request Forgery (SSRF) vulnerability existed in the SNS webhook handler. An un… |
| CVE-2026-32097 | HIGH | Patched | 8.8 | 2026-03-11 | PingPong is a platform for using large language models (LLMs) for teaching and learning. Prior to 7.27.2, an authenticated user may be able to retrieve or delete files outs… |
| CVE-2026-32098 | HIGH | Patched | 7.5 | 2026-03-11 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.9 and 8.6.35, an attacker can exploit LiveQuery… |
| CVE-2026-32234 | MEDIUM | Patched | 4.7 | 2026-03-11 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.10 and 8.6.36, an attacker with access to the m… |
| CVE-2026-3950 | LOW | 3.3 | 2026-03-11 | A vulnerability was identified in strukturag libheif up to 1.21.2. This impacts the function Track::load of the file libheif/sequences/track.cc of the component stsz/stts. … | |
| CVE-2026-3951 | MEDIUM | 4.3 | 2026-03-11 | A security flaw has been discovered in LockerProject Locker 0.0.0/0.0.1/0.1.0. Affected is the function authIsAwesome of the file source-code/Locker-master/Ops/registry.js … | |
| CVE-2026-3954 | MEDIUM | 6.5 | 2026-03-11 | A weakness has been identified in OpenBMB XAgent 1.0.0. Affected by this vulnerability is the function workspace of the file XAgentServer/application/routers/workspace.py. … | |
| CVE-2025-66956 | CRITICAL | 9.9 | 2026-03-11 | Insecure Access Control in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote attackers to access and execute attachments via a computable URL. | |
| CVE-2025-70024 | CRITICAL | 9.8 | 2026-03-11 | An issue pertaining to CWE-89: Improper Neutralization of Special Elements used in an SQL Command was discovered in benkeen generatedata 4.0.14. | |
| CVE-2025-70041 | CRITICAL | 9.8 | 2026-03-11 | An issue pertaining to CWE-259: Use of Hard-coded Password was discovered in oslabs-beta ThermaKube master. | |
| CVE-2026-0520 | LOW | 2.8 | 2026-03-11 | A potential vulnerability was reported in the Lenovo FileZ Android application that, under certain conditions, could allow a local authenticated user to retrieve some sensi… | |
| CVE-2026-0940 | MEDIUM | 6.7 | 2026-03-11 | A potential improper initialization vulnerability was reported in the BIOS of some ThinkPads that could allow a local privileged user to modify data and execute arbitrary code. | |
| CVE-2026-1068 | MEDIUM | 5.3 | 2026-03-11 | An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network traffic to obtain sens… | |
| CVE-2026-1652 | MEDIUM | 6.1 | 2026-03-11 | A potential buffer overflow vulnerability was reported in the Lenovo Virtual Bus driver used in Smart Connect that could allow a local authenticated user to corrupt memory … | |
| CVE-2026-1653 | MEDIUM | 5.5 | 2026-03-11 | A potential divide by zero vulnerability was reported in the Lenovo Virtual Bus driver used in Smart Connect that could allow a local authenticated user to cause a Windows … | |
| CVE-2026-1715 | HIGH | Patched | 7.1 | 2026-03-11 | An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to mod… |
| CVE-2026-1716 | HIGH | Patched | 7.1 | 2026-03-11 | An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to del… |
| CVE-2026-1717 | MEDIUM | Patched | 5.5 | 2026-03-11 | An input validation vulnerability was reported in the LenovoProductivitySystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to… |
| CVE-2026-2368 | HIGH | 7.1 | 2026-03-11 | An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network traffic to execute arb… | |
| CVE-2026-2640 | MEDIUM | 5.5 | 2026-03-11 | During an internal security assessment, a potential vulnerability was discovered in Lenovo PC Manager that could allow a local authenticated user to terminate privileged processes. |