Search
18,985 CVEs
CVEs (18,985, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 451–475 of 18,985 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↑ | Description |
|---|---|---|---|---|---|
| CVE-2026-21708 | CRITICAL | Patched | 9.9 | 2026-03-12 | A vulnerability allowing a Backup Viewer to perform remote code execution (RCE) as the postgres user. |
| CVE-2026-21887 | HIGH | Patched | 7.7 | 2026-03-12 | OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.8.16, the OpenCTI platform’s data ingestion feature accepts … |
| CVE-2026-24125 | MEDIUM | Patched | 6.3 | 2026-03-12 | Tina is a headless content management system. Prior to 2.1.2, TinaCMS allows users to create, update, and delete content documents using relative file paths (relativePath, … |
| CVE-2026-25529 | HIGH | Patched | 8.1 | 2026-03-12 | Postal is an open source SMTP server. Postal versions less than 3.3.5 had a HTML injection vulnerability that allowed unescaped data to be included in the admin interface. … |
| CVE-2026-27940 | HIGH | Patched | 7.8 | 2026-03-12 | llama.cpp is an inference of several LLM models in C/C++. Prior to b8146, the gguf_init_from_file_impl() in gguf.cpp is vulnerable to an Integer overflow, leading to an und… |
| CVE-2026-28356 | HIGH | Patched | 7.5 | 2026-03-12 | multipart is a fast multipart/form-data parser for python. Prior to 1.2.2, 1.3.1 and 1.4.0-dev, the parse_options_header() function in multipart.py uses a regular expressio… |
| CVE-2026-28791 | HIGH | Patched | 7.4 | 2026-03-12 | Tina is a headless content management system. Prior to 2.1.7, a path traversal vulnerability exists in the TinaCMS development server's media upload handler. The code at me… |
| CVE-2026-28792 | CRITICAL | Patched | 9.6 | 2026-03-12 | Tina is a headless content management system. Prior to 2.1.8 , the TinaCMS CLI dev server combines a permissive CORS configuration (Access-Control-Allow-Origin: *) with the… |
| CVE-2026-28793 | HIGH | Patched | 8.4 | 2026-03-12 | Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI development server exposes media endpoints that are vulnerable to path traversal, allowing att… |
| CVE-2026-29066 | MEDIUM | Patched | 6.2 | 2026-03-12 | Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI dev server configures Vite with server.fs.strict: false, which disables Vite's built-in filesy… |
| CVE-2026-31841 | MEDIUM | Patched | 6.5 | 2026-03-12 | Hyperterse is a tool-first MCP framework for building AI-ready backend surfaces from declarative config. Prior to v2.2.0, the search tool allows LLMs to search for tools us… |
| CVE-2026-4045 | LOW | 3.7 | 2026-03-12 | A flaw has been found in projectsend up to r1945. This impacts an unknown function of the file includes/Classes/Auth.php. Executing a manipulation of the argument ldap_emai… | |
| CVE-2025-13462 | CRITICAL | Patched | 9.8 | 2026-03-12 | The "tarfile" module would still apply normalization of AREGTYPE (\x00) blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPE_LONGNAME or GNUTYPE_LO… |
| CVE-2026-26791 | CRITICAL | 9.8 | 2026-03-12 | GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the string port parameter in the enable_echo_server function. This vulnerability… | |
| CVE-2026-26792 | CRITICAL | 9.8 | 2026-03-12 | GL-iNet GL-AR300M16 v4.3.11 was discovered to contain multiple command injection vulnerabilities in the set_upgrade function via the modem_url, target_version, current_vers… | |
| CVE-2026-26794 | HIGH | 8.8 | 2026-03-12 | GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a SQL injection vulnerability via the add_group() function. This vulnerability allows attackers to execute arbitrary S… | |
| CVE-2026-26795 | CRITICAL | 9.8 | 2026-03-12 | GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the module parameter in the M.get_system_log function. This vulnerability allows… | |
| CVE-2026-28252 | CRITICAL | Patched | 9.8 | 2026-03-12 | A Use of a Broken or Risky Cryptographic Algorithm vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to bypass authentication and g… |
| CVE-2026-28253 | HIGH | Patched | 7.5 | 2026-03-12 | A Memory Allocation with Excessive Size Value vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to cause a denial-o… |
| CVE-2026-28254 | HIGH | Patched | 7.5 | 2026-03-12 | A Missing Authorization vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to access sensitive information through u… |
| CVE-2026-28255 | CRITICAL | Patched | 9.8 | 2026-03-12 | A Use of Hard-coded Credentials vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to disclose sensitive information and take over accounts. |
| CVE-2026-28256 | CRITICAL | Patched | 9.8 | 2026-03-12 | A Use of Hard-coded, Security-relevant Constants vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to disclose sensitive informatio… |
| CVE-2026-31860 | MEDIUM | Patched | 6.1 | 2026-03-12 | Unhead is a document head and template manager. Prior to 2.1.11, useHeadSafe() can be bypassed to inject arbitrary HTML attributes, including event handlers, into SSR-rende… |
| CVE-2026-31873 | NONE | Patched | 0.0 | 2026-03-12 | Unhead is a document head and template manager. Prior to 2.1.11, The link.href check in makeTagSafe (safe.ts) uses String.includes(), which is case-sensitive. Browsers trea… |
| CVE-2026-31890 | MEDIUM | Patched | 5.5 | 2026-03-12 | Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. Prior to 0.50.1, in a situatio… |