Search
18,985 CVEs
CVEs (18,985, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 51–75 of 18,985 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↑ | Description |
|---|---|---|---|---|---|
| CVE-2026-21293 | MEDIUM | Patched | 5.5 | 2026-03-11 | Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability tha… |
| CVE-2026-21294 | MEDIUM | Patched | 5.5 | 2026-03-11 | Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability tha… |
| CVE-2026-21295 | LOW | Patched | 3.1 | 2026-03-11 | Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a URL Redirection to Untrusted Site ('Open Redirect') … |
| CVE-2026-21296 | MEDIUM | Patched | 4.3 | 2026-03-11 | Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could re… |
| CVE-2026-21297 | MEDIUM | Patched | 4.3 | 2026-03-11 | Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could re… |
| CVE-2026-21309 | HIGH | Patched | 7.5 | 2026-03-11 | Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could re… |
| CVE-2026-21310 | MEDIUM | Patched | 5.3 | 2026-03-11 | Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Improper Input Validation vulnerability that could … |
| CVE-2026-21311 | HIGH | Patched | 8.0 | 2026-03-11 | Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that… |
| CVE-2026-21359 | MEDIUM | Patched | 4.7 | 2026-03-11 | Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could re… |
| CVE-2026-21360 | MEDIUM | Patched | 6.8 | 2026-03-11 | Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Improper Limitation of a Pathname to a Restricted D… |
| CVE-2026-21361 | HIGH | Patched | 8.1 | 2026-03-11 | Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting (XSS) vvulnerability tha… |
| CVE-2026-3453 | HIGH | 8.1 | 2026-03-11 | The ProfilePress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.16.11. This is due to missing ownership vali… | |
| CVE-2026-23813 | CRITICAL | 9.8 | 2026-03-11 | A vulnerability has been identified in the web-based management interface of AOS-CX switches that could potentially allow an unauthenticated remote actor to circumvent exis… | |
| CVE-2026-23814 | HIGH | 8.8 | 2026-03-11 | A vulnerability in the command parameters of a certain AOS-CX CLI command could allow a low-privilege authenticated remote attacker to inject malicious commands resulting i… | |
| CVE-2026-23815 | HIGH | 7.2 | 2026-03-11 | A vulnerability in a custom binary used in AOS-CX Switches' CLI could allow an authenticated remote attacker with high privileges to perform command injection. Successful e… | |
| CVE-2026-23816 | HIGH | 7.2 | 2026-03-11 | A vulnerability in the command line interface of AOS-CX Switches could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system. | |
| CVE-2026-23817 | MEDIUM | Patched | 6.5 | 2026-03-11 | A vulnerability in the web-based management interface of AOS-CX Switches could allow an unauthenticated remote attacker to redirect users to an arbitrary URL. |
| CVE-2026-29515 | CRITICAL | 9.8 | 2026-03-11 | MiCode FileExplorer contains an authentication bypass vulnerability in the embedded SwiFTP FTP server component that allows network attackers to log in without valid creden… | |
| CVE-2025-13067 | HIGH | 8.8 | 2026-03-11 | The Royal Addons for Elementor plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 1.7.1049. This is due to insufficient file … | |
| CVE-2026-2413 | HIGH | 7.5 | 2026-03-11 | The Ally – Web Accessibility & Usability plugin for WordPress is vulnerable to SQL Injection via the URL path in all versions up to, and including, 4.0.3. This is due to in… | |
| CVE-2023-27573 | CRITICAL | Patched | 9.0 | 2026-03-11 | netbox-docker before 2.5.0 has a superuser account with default credentials (admin password for the admin account, and 0123456789abcdef0123456789abcdef01234567 value for SU… |
| CVE-2026-1753 | MEDIUM | Patched | 6.8 | 2026-03-11 | The Gutena Forms WordPress plugin before 1.6.1 does not validate option to be updated, which could allow contributors and above role to update arbitrary boolean and array … |
| CVE-2026-1867 | MEDIUM | Patched | 5.9 | 2026-03-11 | The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.6 allows passing a URL parameter to regenerate a .json file based on demo data that it init… |
| CVE-2026-20892 | HIGH | 7.2 | 2026-03-11 | Code injection vulnerability exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker with administrative privileges to execute arbitrary commands. | |
| CVE-2026-24448 | CRITICAL | 9.8 | 2026-03-11 | Use of hard-coded credentials issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to obtain administrative access. |