Export limit exceeded: 340792 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 340792 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (340792 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-25357 | 2 Azzaroco, Wordpress | 2 Ultimate Membership Pro, Wordpress | 2026-03-26 | 8.1 High |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in azzaroco Ultimate Membership Pro indeed-membership-pro allows Authentication Abuse.This issue affects Ultimate Membership Pro: from n/a through <= 13.7. | ||||
| CVE-2026-25344 | 2 Radiustheme, Wordpress | 2 Review Schema, Wordpress | 2026-03-26 | 6.5 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RadiusTheme Review Schema review-schema allows Retrieve Embedded Sensitive Data.This issue affects Review Schema: from n/a through <= 2.2.6. | ||||
| CVE-2026-25339 | 2 Syed Balkhi, Wordpress | 2 Contact Form By Wpforms, Wordpress | 2026-03-26 | 6.5 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Retrieve Embedded Sensitive Data.This issue affects Contact Form by WPForms: from n/a through <= 1.9.8.7. | ||||
| CVE-2026-25328 | 2 Add-ons.org, Wordpress | 2 Product File Upload For Woocommerce, Wordpress | 2026-03-26 | 6.8 Medium |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in add-ons.org Product File Upload for WooCommerce products-file-upload-for-woocommerce allows Path Traversal.This issue affects Product File Upload for WooCommerce: from n/a through <= 2.2.4. | ||||
| CVE-2026-25035 | 2 Wasiliy Strecker / Contestgallery Developer, Wordpress | 2 Contest Gallery, Wordpress | 2026-03-26 | 9.8 Critical |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Authentication Abuse.This issue affects Contest Gallery: from n/a through <= 28.1.2.2. | ||||
| CVE-2026-25017 | 2 Stmcan, Wordpress | 2 Naturalife Extensions, Wordpress | 2026-03-26 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in stmcan NaturaLife Extensions naturalife-extensions allows PHP Local File Inclusion.This issue affects NaturaLife Extensions: from n/a through <= 2.1. | ||||
| CVE-2026-1015 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2026-03-26 | 5.4 Medium |
| IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | ||||
| CVE-2026-1262 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2026-03-26 | 4.3 Medium |
| IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability. | ||||
| CVE-2026-2483 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2026-03-26 | 5.4 Medium |
| IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session | ||||
| CVE-2025-36438 | 1 Ibm | 1 Concert | 2026-03-26 | 5.1 Medium |
| IBM Concert 1.0.0 through 2.2.0 could allow a privileged user to perform unauthorized actions due to improper restriction of channel communication to intended endpoints. | ||||
| CVE-2026-33934 | 2 Open-emr, Openemr | 2 Openemr, Openemr | 2026-03-26 | 4.3 Medium |
| OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 have a missing authorization check in `portal/sign/lib/show-signature.php` that allows any authenticated patient portal user to retrieve the drawn signature image of any staff member by supplying an arbitrary `user` value in the POST body. The companion write endpoint (`save-signature.php`) was already hardened against this same issue, but the read endpoint was not updated to match. Version 8.0.0.3 patches the issue. | ||||
| CVE-2026-33918 | 2 Open-emr, Openemr | 2 Openemr, Openemr | 2026-03-26 | 7.6 High |
| OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the billing file-download endpoint `interface/billing/get_claim_file.php` only verifies that the caller has a valid session and CSRF token, but does not check any ACL permissions. This allows any authenticated OpenEMR user — regardless of whether they have billing privileges — to download and permanently delete electronic claim batch files containing protected health information (PHI). Version 8.0.0.3 patches the issue. | ||||
| CVE-2026-33913 | 2 Open-emr, Openemr | 2 Openemr, Openemr | 2026-03-26 | 7.7 High |
| OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an authenticated user with access to the Carecoordination module can upload a crafted CCDA document containing `<xi:include href="file:///etc/passwd" parse="text"/>` to read arbitrary files from the server. Version 8.0.0.3 patches the issue. | ||||
| CVE-2026-2484 | 1 Ibm | 1 Infosphere Information Server | 2026-03-26 | 4.3 Medium |
| IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information exposure vulnerability caused by overly verbose error messages | ||||
| CVE-2026-2485 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2026-03-26 | 4.8 Medium |
| IBM Infosphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2026-32120 | 2 Open-emr, Openemr | 2 Openemr, Openemr | 2026-03-26 | 6.5 Medium |
| OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct Object Reference (IDOR) vulnerability in the fee sheet product save logic (`library/FeeSheet.class.php`) allows any authenticated user with fee sheet ACL access to delete, modify, or read `drug_sales` records belonging to arbitrary patients by manipulating the hidden `prod[][sale_id]` form field. The `save()` method uses the user-supplied `sale_id` in five SQL queries (SELECT, UPDATE, DELETE) without verifying that the record belongs to the current patient and encounter. Version 8.0.0.3 contains a patch. | ||||
| CVE-2020-37131 | 2 Nsasoft, Nsauditor | 2 Product Key Explorer, Product Key Explorer | 2026-03-26 | 6.2 Medium |
| Nsauditor Product Key Explorer 4.2.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by inputting a specially crafted registration key. Attackers can generate a payload of 1000 bytes of repeated characters and paste it into the 'Key' input field to trigger the application crash. | ||||
| CVE-2026-33348 | 2 Open-emr, Openemr | 2 Openemr, Openemr | 2026-03-26 | 8.7 High |
| OpenEMR is a free and open source electronic health records and medical practice management application. Users with the `Notes - my encounters` role can fill Eye Exam forms in patient encounters. The answers to the form are displayed on the encounter page and in the visit history for the users with the same role. Versions prior to 8.0.0.3 have a stored cross-site scripting (XSS) vulnerability in the function to display the form answers, allowing any authenticated attacker with the specific role to insert arbitrary JavaScript into the system by entering malicious payloads to the form answers. The JavaScript code is later executed by any user with the form role when viewing the form answers in the patient encounter pages or visit history. Version 8.0.0.3 contains a patch. | ||||
| CVE-2026-33909 | 2 Open-emr, Openemr | 2 Openemr, Openemr | 2026-03-26 | 5.9 Medium |
| OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, several variables in the MedEx recall/reminder processing code are concatenated directly into SQL queries without parameterization or type casting, enabling SQL injection. Version 8.0.0.3 contains a patch. | ||||
| CVE-2025-13651 | 2 Microcom, Microcom360 | 2 Zeusweb, Zeusweb | 2026-03-26 | 7.5 High |
| Exposure of Sensitive System Information to an Unauthorized Actor vulnerability in Microcom ZeusWeb allows Web Application Fingerprinting of sensitive data. This issue affects ZeusWeb: 6.1.31. | ||||