Search
18,985 CVEs
CVEs (18,985, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 476–500 of 18,985 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↑ | Description |
|---|---|---|---|---|---|
| CVE-2026-32100 | MEDIUM | Patched | 5.3 | 2026-03-12 | Shopware is an open commerce platform. /api/_info/config route exposes information about active security fixes. This vulnerability is fixed in 2.0.16, 3.0.12, and 4.0.7. |
| CVE-2026-32116 | HIGH | Patched | 8.1 | 2026-03-12 | Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. From 0.21.0 to before 0.23.0, receiving a file (wormhole receive… |
| CVE-2026-32129 | NONE | — | 2026-03-12 | soroban-poseidon provides Poseidon and Poseidon2 cryptographic hash functions for Soroban smart contracts. Poseidon V1 (PoseidonSponge) accepts variable-length inputs witho… | |
| CVE-2026-32137 | HIGH | Patched | 8.8 | 2026-03-12 | Dataease is an open source data visualization analysis tool. Prior to 2.10.20, The table parameter for /de2api/datasource/previewData is directly concatenated into the SQL … |
| CVE-2026-32139 | MEDIUM | Patched | 5.4 | 2026-03-12 | Dataease is an open source data visualization analysis tool. In DataEase 2.10.19 and earlier, the static resource upload interface allows SVG uploads. However, backend vali… |
| CVE-2026-32140 | HIGH | Patched | 8.8 | 2026-03-12 | Dataease is an open source data visualization analysis tool. Prior to 2.10.20, By controlling the IniFile parameter, an attacker can force the JDBC driver to load an attack… |
| CVE-2026-32141 | HIGH | Patched | 7.5 | 2026-03-12 | flatted is a circular JSON parser. Prior to 3.4.0, flatted's parse() function uses a recursive revive() phase to resolve circular references in deserialized JSON. When give… |
| CVE-2026-3841 | HIGH | Patched | 8.8 | 2026-03-12 | A command injection vulnerability has been identified in the Telnet command-line interface (CLI) of TP-Link TL-MR6400 v5.3. This issue is caused by insufficient sanitizati… |
| CVE-2025-13913 | MEDIUM | Patched | 6.3 | 2026-03-12 | A privileged Ignition user, intentionally or otherwise, imports an external file with a specially crafted payload, which executes embedded malicious code. |
| CVE-2025-61154 | MEDIUM | Patched | 6.5 | 2026-03-12 | Heap buffer overflow vulnerability in LibreDWG versions v0.13.3.7571 up to v0.13.3.7835 allows a crafted DWG file to cause a Denial of Service (DoS) via the function decomp… |
| CVE-2025-66955 | MEDIUM | 6.5 | 2026-03-12 | Local File Inclusion in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote authenticated users to access files on the host via "path" paramet… | |
| CVE-2025-70245 | CRITICAL | 9.8 | 2026-03-12 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWizardSelectMode. | |
| CVE-2025-70873 | HIGH | Patched | 7.5 | 2026-03-12 | An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a… |
| CVE-2026-26793 | CRITICAL | 9.8 | 2026-03-12 | GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the set_config function. This vulnerability allows attackers to execute arbitrar… | |
| CVE-2026-2376 | MEDIUM | 4.9 | 2026-03-12 | A flaw was found in mirror-registry where an authenticated user can trick the system into accessing unintended internal or restricted systems by providing malicious web add… | |
| CVE-2026-32138 | HIGH | Patched | 8.2 | 2026-03-12 | NEXULEAN is a cybersecurity portfolio & service platform for an Ethical Hacker, AI Enthusiast, and Penetration Tester. Prior to 2.0.0, a security vulnerability was identifi… |
| CVE-2026-32142 | MEDIUM | Patched | 5.3 | 2026-03-12 | Shopware is an open commerce platform. /api/_info/config route exposes information about licenses. This vulnerability is fixed in 7.8.1 and 6.10.15. |
| CVE-2026-32230 | MEDIUM | Patched | 5.3 | 2026-03-12 | Uptime Kuma is an open source, self-hosted monitoring tool. From 2.0.0 to 2.1.3 , the GET /api/badge/:id/ping/:duration? endpoint in server/routers/api-router.js does not v… |
| CVE-2026-32231 | HIGH | Patched | 8.2 | 2026-03-12 | ZeptoClaw is a personal AI assistant. Prior to 0.7.6, the generic webhook channel trusts caller-supplied identity fields (sender, chat_id) from the request body and applies… |
| CVE-2026-32232 | CRITICAL | Patched | 9.8 | 2026-03-12 | ZeptoClaw is a personal AI assistant. Prior to 0.7.6, there is a Dangling Symlink Component Bypass, TOCTOU Between Validation and Use, and Hardlink Alias Bypass. This vulne… |
| CVE-2026-32235 | MEDIUM | Patched | 5.9 | 2026-03-12 | Backstage is an open framework for building developer portals. Prior to 0.27.1, the experimental OIDC provider in @backstage/plugin-auth-backend is vulnerable to a redirect… |
| CVE-2026-32236 | HIGH | Patched | 7.5 | 2026-03-12 | Backstage is an open framework for building developer portals. Prior to 0.27.1, a Server-Side Request Forgery (SSRF) vulnerability exists in @backstage/plugin-auth-backend … |
| CVE-2026-32237 | MEDIUM | Patched | 4.4 | 2026-03-12 | Backstage is an open framework for building developer portals. Prior to 3.1.5, authenticated users with permission to execute scaffolder dry-runs can gain access to server-… |
| CVE-2026-32242 | HIGH | Patched | 7.4 | 2026-03-12 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.11 and 8.6.37, Parse Server's built-in OAuth2 a… |
| CVE-2026-32245 | MEDIUM | Patched | 6.5 | 2026-03-12 | Tinyauth is an authentication and authorization server. Prior to 5.0.3, the OIDC token endpoint does not verify that the client exchanging an authorization code is the same… |