CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (343523 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-28559	2 Gvectors, Wordpress	2 Wpforo Forum, Wordpress	2026-03-06	5.3 Medium
wpForo Forum 2.4.14 contains an information disclosure vulnerability that allows unauthenticated users to retrieve private and unapproved forum topics via the global RSS feed endpoint. Attackers request the RSS feed without a forum ID parameter, bypassing the privacy and status WHERE clauses that are only applied when a specific forum ID is present in the query.
CVE-2026-28560	2 Gvectors, Wordpress	2 Wpforo Forum, Wordpress	2026-03-06	5.5 Medium
wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows script injection via forum URL data output into an inline script block using json_encode without the JSON_HEX_TAG flag. Attackers set a forum slug containing a closing script tag or unescaped single quote to break out of the JavaScript string context and execute arbitrary script in all visitors' browsers.
CVE-2026-28561	2 Gvectors, Wordpress	2 Wpforo Forum, Wordpress	2026-03-06	5.5 Medium
wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows administrators to inject persistent JavaScript via forum description fields echoed without output escaping across multiple theme template files. On multisite installations or with a compromised admin account, attackers set a forum description containing HTML event handlers that execute when any user views the forum listing.
CVE-2026-28562	2 Gvectors, Wordpress	2 Wpforo Forum, Wordpress	2026-03-06	8.2 High
wpForo 2.4.14 contains an unauthenticated SQL injection vulnerability in Topics::get_topics() where the ORDER BY clause relies on ineffective esc_sql() sanitization on unquoted identifiers. Attackers exploit the wpfob parameter with CASE WHEN payloads to perform blind boolean extraction of credentials from the WordPress database.
CVE-2026-3376	1 Tenda	2 F453, F453 Firmware	2026-03-06	8.8 High
A security vulnerability has been detected in Tenda F453 1.0.0.3. Affected by this vulnerability is the function fromSafeMacFilter of the file /goform/SafeMacFilter. Such manipulation of the argument page leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.
CVE-2026-28537	1 Huawei	1 Harmonyos	2026-03-06	5.1 Medium
Double free vulnerability in the window module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-28544	1 Huawei	1 Harmonyos	2026-03-06	6.2 Medium
Race condition vulnerability in the printing module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-28545	1 Huawei	1 Harmonyos	2026-03-06	5.9 Medium
Race condition vulnerability in the printing module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-28550	1 Huawei	1 Harmonyos	2026-03-06	4 Medium
Race condition vulnerability in the security control module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-28552	1 Huawei	2 Emui, Harmonyos	2026-03-06	6.5 Medium
Out-of-bounds write vulnerability in the IMS module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-66319	1 Huawei	1 Harmonyos	2026-03-06	3.3 Low
Permission control vulnerability in the resource scheduling module. Impact: Successful exploitation of this vulnerability may affect service integrity.
CVE-2026-28538	1 Huawei	1 Harmonyos	2026-03-06	5.9 Medium
Path traversal vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-28539	1 Huawei	1 Harmonyos	2026-03-06	6.2 Medium
Data processing vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2026-28540	1 Huawei	1 Harmonyos	2026-03-06	4 Medium
Out-of-bounds character read vulnerability in Bluetooth. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2026-28541	1 Huawei	1 Harmonyos	2026-03-06	4 Medium
Permission control vulnerability in the cellular_data module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-28543	1 Huawei	1 Harmonyos	2026-03-06	4.4 Medium
Race condition vulnerability in the maintenance and diagnostics module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-28546	1 Huawei	1 Harmonyos	2026-03-06	5.9 Medium
Buffer overflow vulnerability in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-28547	1 Huawei	1 Harmonyos	2026-03-06	6.8 Medium
Vulnerability of uninitialized pointer access in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-28549	1 Huawei	1 Harmonyos	2026-03-06	6.6 Medium
Race condition vulnerability in the permission management service. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-28551	1 Huawei	1 Harmonyos	2026-03-06	4.7 Medium
Race condition vulnerability in the device security management module. Impact: Successful exploitation of this vulnerability may affect availability.

« first previous Page 1477 of 17177. next last »