Search
19,079 CVEs
CVEs (19,079, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 276–300 of 19,079 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↑ | Description |
|---|---|---|---|---|---|
| CVE-2026-32101 | HIGH | Patched | 7.6 | 2026-03-11 | StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.3.1, the S3 storage manager's isAuthorized() function is declared async (r… |
| CVE-2026-32102 | MEDIUM | Patched | 6.5 | 2026-03-11 | OliveTin gives access to predefined shell commands from a web interface. In 3000.10.2 and earlier, OliveTin’s live EventStream broadcasts execution events and action output… |
| CVE-2026-32103 | MEDIUM | Patched | 6.8 | 2026-03-11 | StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.3, the POST /studiocms_api/dashboard/create-reset-link endpoint allows a… |
| CVE-2026-32104 | MEDIUM | Patched | 5.4 | 2026-03-11 | StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.3, the updateUserNotifications endpoint accepts a user ID from the reque… |
| CVE-2026-32106 | MEDIUM | Patched | 4.7 | 2026-03-11 | StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.3, the REST API createUser endpoint uses string-based rank checks that o… |
| CVE-2026-32108 | MEDIUM | Patched | 6.5 | 2026-03-11 | Copyparty is a portable file server. Prior to 1.20.12, there was a missing permission-check in the shares feature (the shr global-option). This vulnerability only applies w… |
| CVE-2026-32109 | LOW | Patched | 3.7 | 2026-03-11 | Copyparty is a portable file server. Prior to 1.20.12, if an attacker has been given both read- and write-permissions to the server, they can upload a malicious file with t… |
| CVE-2026-32110 | HIGH | Patched | 8.3 | 2026-03-11 | SiYuan is a personal knowledge management system. Prior to 3.6.0, the /api/network/forwardProxy endpoint allows authenticated users to make arbitrary HTTP requests from the… |
| CVE-2026-32111 | MEDIUM | Patched | 5.3 | 2026-03-11 | ha-mcp is a Home Assistant MCP Server. Prior to 7.0.0, the ha-mcp OAuth consent form (beta feature) accepts a user-supplied ha_url and makes a server-side HTTP request to {… |
| CVE-2026-32112 | MEDIUM | Patched | 6.8 | 2026-03-11 | ha-mcp is a Home Assistant MCP Server. Prior to 7.0.0, the ha-mcp OAuth consent form renders user-controlled parameters via Python f-strings with no HTML escaping. An attac… |
| CVE-2026-32118 | MEDIUM | Patched | 5.4 | 2026-03-11 | OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, stored cross-site scripting (XSS) in the Graphica… |
| CVE-2026-32121 | HIGH | Patched | 7.7 | 2026-03-11 | OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, Stored XSS in prescription CSS/HTML print view v… |
| CVE-2026-32122 | MEDIUM | Patched | 4.3 | 2026-03-11 | OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, the Claim File Tracker feature exposes an AJAX en… |
| CVE-2026-32123 | HIGH | Patched | 7.7 | 2026-03-11 | OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, sensitivity checks for group encounters are broke… |
| CVE-2026-32124 | MEDIUM | Patched | 5.4 | 2026-03-11 | OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, the dynamic code picker AJAX endpoint returns cod… |
| CVE-2026-32125 | MEDIUM | Patched | 5.4 | 2026-03-11 | OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, track/item names from the Track Anything feature … |
| CVE-2026-32126 | HIGH | Patched | 7.1 | 2026-03-11 | OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, an inverted boolean condition in ControllerRouter… |
| CVE-2026-32127 | HIGH | Patched | 8.8 | 2026-03-11 | OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, OpenEMR contains a SQL injection vulnerability in… |
| CVE-2026-3955 | MEDIUM | 6.3 | 2026-03-11 | A security vulnerability has been detected in elecV2P up to 3.8.3. Affected by this issue is the function runJSFile of the file source-code/elecV2P-master/webser/wbjs.js of… | |
| CVE-2026-3956 | MEDIUM | 4.7 | 2026-03-11 | A vulnerability was detected in xierongwkhd weimai-wetapp up to 5fe9e8225be4f73f2c5087f134aff657bdf1c6f2. This affects the function getAdmins of the file source-code/src/ma… | |
| CVE-2026-3957 | MEDIUM | 4.7 | 2026-03-11 | A flaw has been found in xierongwkhd weimai-wetapp up to 5fe9e8225be4f73f2c5087f134aff657bdf1c6f2. This vulnerability affects the function getLikeMovieList of the file sour… | |
| CVE-2025-62328 | LOW | 3.7 | 2026-03-11 | HCL Nomad server on Domino did not configure the frame-ancestors directive in the Content-Security-Policy header by default which could allow an attacker to obtain sensitiv… | |
| CVE-2026-27591 | CRITICAL | Patched | 9.9 | 2026-03-11 | Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Prior to 1.0.477, 1.1.12, and 1.2.12, Winter CMS allowed authenticated bac… |
| CVE-2026-32117 | HIGH | Patched | 7.6 | 2026-03-11 | The grafanacubism-panel plugin allows use of cubism.js in Grafana. In 0.1.2 and earlier, the panel's zoom-link handler passes a dashboard-editor-supplied URL directly to wi… |
| CVE-2026-32128 | MEDIUM | Patched | 6.3 | 2026-03-11 | FastGPT is an AI Agent building platform. In 4.14.7 and earlier, FastGPT's Python Sandbox (fastgpt-sandbox) includes guardrails intended to prevent file writes (static dete… |