Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
9.3 CRITICAL
CVE-2026-3437 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Portwell Engin…

An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Portwell Engineering Toolkits version 4.8.2 could allow a local authenticated attacker to read and write to…

| Memory Corruption
Mar 03, 2026 Mar 03, 2026
Mar 03, 2026
Mar 03, 2026
0.0 NA
CVE-2026-26890 — Sourcecodester Pharmacy Point of Sale System SQL Injection Vulnerability

Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_product.php.

| Injection
Mar 03, 2026 Mar 03, 2026
Mar 03, 2026
Mar 03, 2026
6.1 MEDIUM
CVE-2026-0540 — DOMPurify XSS via Missing Rawtext Elements in SAFE_FOR_XML

DOMPurify 3.1.3 through 3.3.1 and 2.5.3 through 2.5.8, fixed in commit 729097f, contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting five …

Remote | Cross-Site Scripting
Mar 03, 2026 Mar 03, 2026
Mar 03, 2026
Mar 03, 2026
0.0 NA
CVE-2025-69765 — Tenda AX3 Stack Overflow Vulnerability

Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formGetIptv function and the list parameter, which can cause memory corruption and enable remote code execution.

| Memory Corruption
Mar 03, 2026 Mar 03, 2026
Mar 03, 2026
Mar 03, 2026
7.2 HIGH
CVE-2025-67840 — Cohesity TranZman OS Command Injection Vulnerability

Multiple authenticated OS command injection vulnerabilities exist in the Cohesity (formerly Stone Ram) TranZman 4.0 Build 14614 through TZM_1757588060_SEP2025_FULL.depot web application API endpoints…

Remote | Injection
Mar 03, 2026 Mar 03, 2026
Mar 03, 2026
Mar 03, 2026
0.0 NA
CVE-2025-63912 — Cohesity TranZman Migration Appliance Weak Cryptography Vulnerability

Cohesity TranZman Migration Appliance Release 4.0 Build 14614 was discovered to use a weak cryptography algorithm for data encryption, allowing attackers to trivially reverse the encyption and expose…

| Cryptography
Mar 03, 2026 Mar 03, 2026
Mar 03, 2026
Mar 03, 2026
7.2 HIGH
CVE-2025-63911 — Cohesity TranZman Migration Appliance Command Injection Vulnerability

Cohesity TranZman Migration Appliance Release 4.0 Build 14614 was discovered to contain an authenticated command injection vulnerability.

Remote | Injection
Mar 03, 2026 Mar 03, 2026
Mar 03, 2026
Mar 03, 2026
7.2 HIGH
CVE-2025-63910 — Cohesity TranZman Migration Appliance File Upload Code Execution Vulnerability

An authenticated arbitrary file upload vulnerability in Cohesity TranZman Migration Appliance Release 4.0 Build 14614 allows attackers with Administrator privileges to execute arbitrary code via uplo…

Remote | Authentication
Mar 03, 2026 Mar 03, 2026
Mar 03, 2026
Mar 03, 2026
7.2 HIGH
CVE-2025-63909 — Cohesity TranZman Migration Appliance Privilege Escalation (Arbitrary File Access)

Incorrect access control in the component /opt/SRLtzm/bin/TapeDumper of Cohesity TranZman Migration Appliance Release 4.0 Build 14614 allows attackers to escalate privileges to root and read and writ…

Remote | Authorization
Mar 03, 2026 Mar 03, 2026
Mar 03, 2026
Mar 03, 2026
6.1 MEDIUM
CVE-2025-15599 — DOMPurify XSS via Textarea Rawtext Bypass in SAFE_FOR_XML

DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting missing textarea rawtext elemen…

Remote | Cross-Site Scripting
Mar 03, 2026 Mar 03, 2026
Mar 03, 2026
Mar 03, 2026
2.0 LOW
CVE-2023-31044 — Nokia Impact Cross-Site Scripting (XSS) Vulnerability

An issue was discovered in Nokia Impact before Mobile 23_FP1. In Impact DM 19.11 onwards, a remote authenticated user, using the Add Campaign functionality, can inject a malicious payload within the …

Remote | Injection
Mar 03, 2026 Mar 03, 2026
Mar 03, 2026
Mar 03, 2026
0.0 NA
CVE-2021-35486 — Nokia IMPACT CSRF Vulnerability Allows Remote Configuration Overwrite

A Cross-Site Request Forgery (CSRF) vulnerability in Nokia IMPACT through 19.11.2.10-20210118042150283 allows a remote attacker to import and overwrite the entire application configuration. Specifica…

| Cross-Site Request Forgery
Mar 03, 2026 Mar 03, 2026
Mar 03, 2026
Mar 03, 2026
0.0 NA
CVE-2021-35485 — Nokia IMPACT Remote File Upload Vulnerability

The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload server-side executable files via the /ui/rest-proxy/applicat…

| Authentication
Mar 03, 2026 Mar 03, 2026
Mar 03, 2026
Mar 03, 2026
0.0 NA
CVE-2021-35484 — Nokia IMPACT Time-based Boolean Blind SQL Injection

Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authenticated user to perform a Time-based Boolean Blind SQL Injection attack on the endpoint /ui/rest-proxy/campaign/statistic (for the Vi…

| Injection
Mar 03, 2026 Mar 03, 2026
Mar 03, 2026
Mar 03, 2026
0.0 NA
CVE-2021-35483 — Nokia IMPACT Cross-Site Scripting (XSS) Vulnerability

The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload JavaScript files via the /ui/rest-proxy/application fileuplo…

| Cross-Site Scripting
Mar 03, 2026 Mar 03, 2026
Mar 03, 2026
Mar 03, 2026
5.3 MEDIUM
CVE-2026-3494 — MariaDB Server Audit Plugin Comment Handling Bypass

In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_events variable configured with QUERY_DCL, QUERY_DDL, or QUERY_DML filtering, if an authenticated datab…

Remote | Information Disclosure
Mar 03, 2026 Mar 03, 2026
Mar 03, 2026
Mar 03, 2026
8.6 HIGH
CVE-2026-3136 — Google Cloud Build Comment Control Bypass

An improper authorization vulnerability in GitHub Trigger Comment Control in Google Cloud Build prior to 2026-1-26 allows a remote attacker to execute arbitrary code in the build environment. This v…

Remote | Authorization
Mar 03, 2026 Mar 03, 2026
Mar 03, 2026
Mar 03, 2026
0.0 NA
CVE-2026-26886 — Sourcecodester Simple Online Men's Salon Management System SQL Injection

Sourcecodester Simple Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /admin/services/manage_service.php.

| Injection
Mar 03, 2026 Mar 03, 2026
Mar 03, 2026
Mar 03, 2026
0.0 NA
CVE-2026-26885 — Sourcecodester Simple Online Men's Salon Management System SQL Injection

Sourcecodester Simple Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /classes/Master.php?f=delete_service.

| Injection
Mar 03, 2026 Mar 03, 2026
Mar 03, 2026
Mar 03, 2026
0.0 NA
CVE-2026-26884 — Sourcecodester Simple Online Men's Salon Management System SQL Injection

Sourcecodester Simple Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /msms/admin/appointments/view_appointment.php.

| Injection
Mar 03, 2026 Mar 03, 2026
Mar 03, 2026
Mar 03, 2026
Showing 20 of 4907 Results