Export limit exceeded: 337027 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (337027 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-32510 | 2 Edge-themes, Wordpress | 2 Kamperen, Wordpress | 2026-03-26 | N/A |
| Deserialization of Untrusted Data vulnerability in Edge-Themes Kamperen kamperen allows Object Injection.This issue affects Kamperen: from n/a through < 1.3. | ||||
| CVE-2026-24981 | 2 Nootheme, Wordpress | 2 Visionary Core, Wordpress | 2026-03-26 | N/A |
| Deserialization of Untrusted Data vulnerability in NooTheme Visionary Core noo-visionary-core allows Object Injection.This issue affects Visionary Core: from n/a through <= 1.4.9. | ||||
| CVE-2026-22500 | 2 Axiomthemes, Wordpress | 2 M2 | Construction And Tools Store, Wordpress | 2026-03-26 | N/A |
| Deserialization of Untrusted Data vulnerability in axiomthemes m2 | Construction and Tools Store m2-ce allows Object Injection.This issue affects m2 | Construction and Tools Store: from n/a through <= 1.1.2. | ||||
| CVE-2026-22507 | 2 Ancorathemes, Wordpress | 2 Beelove, Wordpress | 2026-03-26 | N/A |
| Deserialization of Untrusted Data vulnerability in AncoraThemes Beelove beelove allows Object Injection.This issue affects Beelove: from n/a through <= 1.2.6. | ||||
| CVE-2026-25029 | 2 Park Of Ideas, Wordpress | 2 Kidz, Wordpress | 2026-03-26 | N/A |
| Deserialization of Untrusted Data vulnerability in park_of_ideas KIDZ kidz allows Object Injection.This issue affects KIDZ: from n/a through <= 5.24. | ||||
| CVE-2026-25031 | 2 Park Of Ideas, Wordpress | 2 Tasty Daily, Wordpress | 2026-03-26 | N/A |
| Deserialization of Untrusted Data vulnerability in park_of_ideas Tasty Daily tastydaily allows Object Injection.This issue affects Tasty Daily: from n/a through < 1.27. | ||||
| CVE-2026-25414 | 2 Iqonicdesign, Wordpress | 2 Wpbookit Pro, Wordpress | 2026-03-26 | N/A |
| Incorrect Privilege Assignment vulnerability in iqonicdesign WPBookit Pro wpbookit-pro allows Privilege Escalation.This issue affects WPBookit Pro: from n/a through <= 1.6.18. | ||||
| CVE-2026-22480 | 2 Webtoffee, Wordpress | 2 Product Feed For Woocommerce, Wordpress | 2026-03-26 | N/A |
| Deserialization of Untrusted Data vulnerability in WebToffee Product Feed for WooCommerce webtoffee-product-feed allows Object Injection.This issue affects Product Feed for WooCommerce: from n/a through <= 2.3.3. | ||||
| CVE-2026-25359 | 2 Rascals, Wordpress | 2 Pendulum, Wordpress | 2026-03-26 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in rascals Pendulum pendulum allows Object Injection.This issue affects Pendulum: from n/a through < 3.1.5. | ||||
| CVE-2026-33211 | 2 Linuxfoundation, Tektoncd | 2 Tekton Pipelines, Pipeline | 2026-03-26 | 9.6 Critical |
| Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.1, 1.3.3, 1.6.1, 1.9.2, and 1.10.2, the Tekton Pipelines git resolver is vulnerable to path traversal via the `pathInRepo` parameter. A tenant with permission to create `ResolutionRequests` (e.g. by creating `TaskRuns` or `PipelineRuns` that use the git resolver) can read arbitrary files from the resolver pod's filesystem, including ServiceAccount tokens. The file contents are returned base64-encoded in `resolutionrequest.status.data`. Versions 1.0.1, 1.3.3, 1.6.1, 1.9.2, and 1.10.2 contain a patch. | ||||
| CVE-2026-33218 | 1 Nats | 1 Nats Server | 2026-03-26 | 7.5 High |
| NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, a client which can connect to the leafnode port can crash the nats-server with a certain malformed message pre-authentication. Versions 2.11.15 and 2.12.6 contain a fix. As a workaround, disable leafnode support if not needed or restrict network connections to the leafnode port, if plausible without compromising the service offered. | ||||
| CVE-2025-14790 | 1 Ibm | 1 Infosphere Information Server | 2026-03-26 | 6.5 Medium |
| IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information due to insufficiently protected credentials. | ||||
| CVE-2026-1561 | 1 Ibm | 1 Websphere Application Server | 2026-03-26 | 5.4 Medium |
| IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery (SSRF). This may allow remote attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | ||||
| CVE-2026-30007 | 2 Xnsoft, Xnview | 2 Nconvert, Nconvert | 2026-03-26 | 6.2 Medium |
| XnSoft NConvert 7.230 is vulnerable to Use-After-Free via a crafted .tiff file | ||||
| CVE-2026-30006 | 1 Xnview | 1 Nconvert | 2026-03-26 | 6.2 Medium |
| XnSoft NConvert 7.230 is vulnerable to Stack Buffer Overrun via a crafted .tiff file. | ||||
| CVE-2026-33222 | 1 Nats | 1 Nats Server | 2026-03-26 | 4.9 Medium |
| NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, users with JetStream admin API access to restore one stream could restore to other stream names, impacting data which should have been protected against them. Versions 2.11.15 and 2.12.6 contain a fix. As a workaround, if developers have configured users to have limited JetStream restore permissions, temporarily remove those permissions. | ||||
| CVE-2025-14915 | 1 Ibm | 1 Websphere Application Server Liberty | 2026-03-26 | 6.5 Medium |
| IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is affected by privilege escalation. A privileged user could gain additional access to the application server. | ||||
| CVE-2025-14807 | 1 Ibm | 1 Infosphere Information Server | 2026-03-26 | 6.5 Medium |
| IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. | ||||
| CVE-2026-30975 | 1 Sonarr | 1 Sonarr | 2026-03-26 | 8.1 High |
| Sonarr is a PVR for Usenet and BitTorrent users. Versions prior to 4.0.16.2942 have an authentication bypass that affected users that had disabled authentication for local addresses (Authentication Required set to: `Disabled for Local Addresses`) without a reverse proxy running in front of Sonarr that didn't not pass through the invalid header. Patches are available in version 4.0.16.2942 in the nightly/develop branch and version 4.0.16.2944 for stable/main releases. Some workarounds are available. Make sure Sonarr's Authentication Required setting is set to `Enabled`, run Sonarr behind a reverse proxy, and/or do not expose Sonarr directly to the internet and instead rely on accessing it through a VPN, Tailscale or a similar solution. | ||||
| CVE-2026-4897 | 1 Redhat | 2 Enterprise Linux, Openshift | 2026-03-26 | 5.5 Medium |
| A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the `polkit-agent-helper-1` setuid binary via standard input (stdin). This unbounded input can lead to an out-of-memory (OOM) condition, resulting in a Denial of Service (DoS) for the system. | ||||