Search
18,985 CVEs
CVEs (18,985, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 101–125 of 18,985 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↑ | Description |
|---|---|---|---|---|---|
| CVE-2026-3492 | MEDIUM | 6.4 | 2026-03-11 | The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.9.28.1. This is due to a compound failure involv… | |
| CVE-2026-3906 | MEDIUM | 4.3 | 2026-03-11 | WordPress core is vulnerable to unauthorized access in versions 6.9 through 6.9.1. The Notes feature (block-level collaboration annotations) was introduced in WordPress 6.9… | |
| CVE-2026-1965 | MEDIUM | Patched | 6.5 | 2026-03-11 | libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connectio… |
| CVE-2026-3783 | MEDIUM | Patched | 5.3 | 2026-03-11 | When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under … |
| CVE-2026-3784 | MEDIUM | Patched | 6.5 | 2026-03-11 | curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper beha… |
| CVE-2026-3805 | HIGH | Patched | 7.5 | 2026-03-11 | When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory. |
| CVE-2026-3178 | HIGH | Patched | 7.2 | 2026-03-11 | The Name Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name_directory_name' parameter in all versions up to, and including, 1.32.1 du… |
| CVE-2026-3943 | HIGH | 7.3 | 2026-03-11 | A vulnerability was found in H3C ACG1000-AK230 up to 20260227. This affects an unknown part of the file /webui/?aaa_portal_auth_local_submit. The manipulation of the argume… | |
| CVE-2026-3944 | HIGH | 7.3 | 2026-03-11 | A vulnerability was determined in itsourcecode University Management System 1.0. This vulnerability affects unknown code of the file /att_add.php. This manipulation of the … | |
| CVE-2026-32059 | HIGH | Patched | 8.8 | 2026-03-11 | OpenClaw version 2026.2.22-2 prior to 2026.2.23 tools.exec.safeBins validation for sort command fails to properly validate GNU long-option abbreviations, allowing attackers… |
| CVE-2026-32060 | HIGH | Patched | 8.8 | 2026-03-11 | OpenClaw versions prior to 2026.2.14 contain a path traversal vulnerability in apply_patch that allows attackers to write or delete files outside the configured workspace d… |
| CVE-2026-32061 | MEDIUM | Patched | 4.4 | 2026-03-11 | OpenClaw versions prior to 2026.2.17 contain a path traversal vulnerability in the $include directive resolution that allows reading arbitrary local files outside the confi… |
| CVE-2026-32062 | HIGH | Patched | 7.5 | 2026-03-11 | OpenClaw versions 2026.2.21-2 up to, but not including, 2026.2.22, and @openclaw/voice-call versions 2026.2.21 up to, but not including, 2026.2.22 accept media-stream WebSo… |
| CVE-2026-32063 | HIGH | Patched | 7.1 | 2026-03-11 | OpenClaw version 2026.2.19-2 prior to 2026.2.21 contains a command injection vulnerability in systemd unit file generation where attacker-controlled environment values are … |
| CVE-2026-3496 | HIGH | 7.5 | 2026-03-11 | The JetBooking plugin for WordPress is vulnerable to SQL Injection via the 'check_in_date' parameter in all versions up to, and including, 4.0.3. This is due to insufficien… | |
| CVE-2026-3904 | MEDIUM | Patched | 6.2 | 2026-03-11 | Calling NSS-backed functions that support caching via nscd may call the nscd client side code and in the GNU C Library version 2.36 under high load on x86_64 systems, the… |
| CVE-2025-67298 | HIGH | Patched | 8.1 | 2026-03-11 | An issue in ClasroomIO before v.0.2.6 allows a remote attacker to escalate privileges via the endpoints /api/verify and /rest/v1/profile |
| CVE-2025-70027 | HIGH | 7.5 | 2026-03-11 | An issue pertaining to CWE-918: Server-Side Request Forgery was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. This allows attackers to obtain sensitive information | |
| CVE-2025-70330 | LOW | 3.3 | 2026-03-11 | Easy Grade Pro 4.1.0.2 contains a file parsing logic flaw in the handling of proprietary .EGP gradebook files. By modifying specific fields at precise offsets within an oth… | |
| CVE-2026-30900 | HIGH | Patched | 7.8 | 2026-03-11 | Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via loca… |
| CVE-2026-30901 | HIGH | Patched | 7.0 | 2026-03-11 | Improper Input Validation in Zoom Rooms for Windows before 6.6.5 in Kiosk Mode may allow an authenticated user to conduct an escalation of privilege via local access. |
| CVE-2026-30902 | HIGH | Patched | 7.8 | 2026-03-11 | Improper Privilege Management in certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access. |
| CVE-2026-30903 | CRITICAL | Patched | 9.6 | 2026-03-11 | External Control of File Name or Path in the Mail feature of Zoom Workplace for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege… |
| CVE-2026-32229 | MEDIUM | Patched | 6.8 | 2026-03-11 | In JetBrains Hub before 2026.1 possible on sign-in account mismatch with non-SSO auth and 2FA disabled |
| CVE-2026-3013 | NONE | Patched | — | 2026-03-11 | Coppermine Photo Gallery in versions 1.6.09 through 1.6.27 is vulnerable to path traversal. Unauthenticated remote attacker is able to exploit a vulnerable endpoint and con… |