Search
19,079 CVEs
CVEs (19,079, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 176–200 of 19,079 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↑ | Description |
|---|---|---|---|---|---|
| CVE-2026-30239 | MEDIUM | Patched | 6.5 | 2026-03-11 | OpenProject is an open-source, web-based project management software. Prior to 17.2.0, when budgets are deleted, the work packages that were assigned to this budget need to… |
| CVE-2026-30868 | MEDIUM | Patched | 6.3 | 2026-03-11 | OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.4, multiple OPNsense MVC API endpoints perform state‑changing operations but are accessible via HTT… |
| CVE-2026-31813 | MEDIUM | Patched | 4.8 | 2026-03-11 | Supabase Auth is a JWT based API for managing users and issuing JWT tokens. Prior to 2.185.0, a vulnerability has been identified that allows an attacker to issue sessions … |
| CVE-2026-31839 | HIGH | Patched | 8.2 | 2026-03-11 | Striae is a firearms examiner's comparison companion. A high-severity integrity bypass vulnerability existed in Striae's digital confirmation workflow prior to v3.0.0. Hash… |
| CVE-2026-31840 | CRITICAL | Patched | 9.8 | 2026-03-11 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.2 and 8.6.28, an attacker can use a dot-notatio… |
| CVE-2026-31852 | CRITICAL | 10.0 | 2026-03-11 | Jellyfin is an open-source media system. The code-quality.yml GitHub Actions workflow in jellyfin/jellyfin-ios is vulnerable to arbitrary code execution via pull requests f… | |
| CVE-2026-31853 | MEDIUM | Patched | 5.7 | 2026-03-11 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-16 and 6.9.13-41, an overflow on 32-bit systems can cause a cr… |
| CVE-2026-31854 | HIGH | Patched | 8.8 | 2026-03-11 | Cursor is a code editor built for programming with AI. Prior to 2.0 ,if a visited website contains maliciously crafted instructions, the model may attempt to follow them in… |
| CVE-2026-3429 | MEDIUM | 4.2 | 2026-03-11 | A flaw was identified in the Account REST API of Keycloak that allows a user authenticated at a lower security level to perform sensitive actions intended only for higher-a… | |
| CVE-2026-0230 | NONE | — | 2026-03-11 | A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on macOS allows a local administrator to disable the agent. This issue could be leveraged b… | |
| CVE-2026-0231 | NONE | — | 2026-03-11 | An information disclosure vulnerability in Palo Alto Networks Cortex XDR® Broker VM allows an authenticated user to obtain and modify sensitive information by triggering li… | |
| CVE-2026-30226 | HIGH | Patched | 7.5 | 2026-03-11 | Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. In devalue v5.6.3 and earlier, devalue.parse an… |
| CVE-2026-31856 | CRITICAL | Patched | 9.8 | 2026-03-11 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A SQL injection vulnerability exists in the PostgreSQL storage adapt… |
| CVE-2026-31857 | HIGH | Patched | 8.8 | 2026-03-11 | Craft is a content management system (CMS). Prior to 5.9.9 and 4.17.4, a Remote Code Execution vulnerability exists in the Craft CMS 5 conditions system. The BaseElementSel… |
| CVE-2026-31858 | HIGH | Patched | 8.8 | 2026-03-11 | Craft is a content management system (CMS). The ElementSearchController::actionSearch() endpoint is missing the unset() protection that was added to ElementIndexesControlle… |
| CVE-2026-31859 | MEDIUM | Patched | 6.1 | 2026-03-11 | Craft is a content management system (CMS). The fix for CVE-2025-35939 in craftcms/cms introduced a strip_tags() call in src/web/User.php to sanitize return URLs before the… |
| CVE-2026-31861 | HIGH | Patched | 8.8 | 2026-03-11 | Cloud CLI (aka Claude Code UI) is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1.24.0, The /api/user/git-config endpoint constructs … |
| CVE-2026-31862 | CRITICAL | Patched | 9.1 | 2026-03-11 | Cloud CLI (aka Claude Code UI) is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1.24.0, multiple Git-related API endpoints use execAs… |
| CVE-2026-31863 | LOW | Patched | 3.6 | 2026-03-11 | Anytype Heart is the middleware library for Anytype. The challenge-based authentication for the local gRPC client API can be bypassed, allowing an attacker to gain access w… |
| CVE-2026-31866 | HIGH | Patched | 7.5 | 2026-03-11 | flagd is a feature flag daemon with a Unix philosophy. Prior to 0.14.2, flagd exposes OFREP (/ofrep/v1/evaluate/...) and gRPC (evaluation.v1, evaluation.v2) endpoints for f… |
| CVE-2026-31867 | MEDIUM | Patched | 4.8 | 2026-03-11 | Craft Commerce is an ecommerce platform for Craft CMS. Prior to 4.11.0 and 5.6.0, An Insecure Direct Object Reference (IDOR) vulnerability exists in Craft Commerce’s cart f… |
| CVE-2026-31868 | MEDIUM | Patched | 6.1 | 2026-03-11 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.4 and 8.6.30, an attacker can upload a file wit… |
| CVE-2026-31870 | HIGH | Patched | 7.5 | 2026-03-11 | cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.1, when a cpp-httplib client uses the streaming API (httplib::stream::Get, h… |
| CVE-2026-31871 | CRITICAL | Patched | 9.8 | 2026-03-11 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.5 and 8.6.31, a SQL injection vulnerability exi… |
| CVE-2026-31872 | HIGH | Patched | 7.5 | 2026-03-11 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.6 and 8.6.32, the protectedFields class-level p… |