Latest CVE Vulnerabilities

0.0 NA

CVE-2026-3213 — Anti-Spam by CleanTalk - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-014

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Anti-Spam by CleanTalk allows Cross-Site Scripting (XSS).This issue affects Anti-Spam by C…

| Cross-Site Scripting

Mar 25, 2026 Mar 25, 2026

Mar 25, 2026

0.0 NA

CVE-2026-3212 — Tagify - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-013

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Tagify allows Cross-Site Scripting (XSS).This issue affects Tagify: from 0.0.0 before 1.2.…

| Cross-Site Scripting

Mar 25, 2026 Mar 25, 2026

Mar 25, 2026

0.0 NA

CVE-2026-3211 — Theme Negotiation by Rules - Moderately critical - Cross-site request forgery - SA-CONTRI…

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Theme Negotiation by Rules allows Cross Site Request Forgery.This issue affects Theme Negotiation by Rules: from 0.0.0 before 1.2.1.

| Cross-Site Request Forgery

Mar 25, 2026 Mar 25, 2026

Mar 25, 2026

0.0 NA

CVE-2026-3210 — Material Icons - Moderately critical - Access bypass - SA-CONTRIB-2026-011

Incorrect Authorization vulnerability in Drupal Material Icons allows Forceful Browsing.This issue affects Material Icons: from 0.0.0 before 2.0.4.

| Authorization

Mar 25, 2026 Mar 25, 2026

Mar 25, 2026

0.0 NA

CVE-2026-2349 — UI Icons - Critical - Cross-site Scripting - SA-CONTRIB-2026-010

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal UI Icons allows Cross-Site Scripting (XSS).This issue affects UI Icons: from 0.0.0 before …

| Cross-Site Scripting

Mar 25, 2026 Mar 25, 2026

Mar 25, 2026

0.0 NA

CVE-2026-2348 — Quick Edit - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-009

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Quick Edit allows Cross-Site Scripting (XSS).This issue affects Quick Edit: from 0.0.0 bef…

| Cross-Site Scripting

Mar 25, 2026 Mar 25, 2026

Mar 25, 2026

0.0 NA

CVE-2026-26833 — Thumbler Command Injection Vulnerability

thumbler through 1.1.2 allows OS command injection via the input, output, time, or size parameter in the thumbnail() function because user input is concatenated into a shell command string passed to …

| Injection

Mar 25, 2026 Mar 25, 2026

Mar 25, 2026

9.8 CRITICAL

CVE-2026-26832 — Node-Tesseract-OCR OS Command Injection Vulnerability

node-tesseract-ocr is an npm package that provides a Node.js wrapper for Tesseract OCR. In all versions through 2.2.1, the recognize() function in src/index.js is vulnerable to OS Command Injection. …

Remote | Injection

Mar 25, 2026 Mar 25, 2026

Mar 25, 2026

0.0 NA

CVE-2026-26831 — Textract OS Command Injection

textract through 2.5.0 is vulnerable to OS Command Injection via the file path parameter in multiple extractors. When processing files with malicious filenames, the filePath is passed directly to chi…

| Injection

Mar 25, 2026 Mar 25, 2026

Mar 25, 2026

7.6 HIGH

CVE-2026-24750 — Kiteworks Secure Data Forms vulnerable to Cross-site Scripting

Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, an authenticated attacker could exploit an Improper Neutralization of Input During Web Page Generatio…

Remote | Cross-Site Scripting

Mar 25, 2026 Mar 25, 2026

Mar 25, 2026

7.7 HIGH

CVE-2026-20125 — Cisco HTTP Server Remote Authentication Bypass Denial of Service Vulnerability

A vulnerability in the HTTP Server feature of Cisco IOS Software and Cisco IOS XE Software Release 3E could allow an authenticated, remote attacker to cause an affected device to reload unexpectedly,…

Remote | Denial of Service

Mar 25, 2026 Mar 25, 2026

Mar 25, 2026

6.1 MEDIUM

CVE-2026-20115 — Cisco Meraki Cisco IOS XE Software Insecure Configuration Upload Vulnerability

A vulnerability in Cisco IOS XE Software for Cisco Meraki could allow a remote, unauthenticated attacker to view confidential device information. This vulnerability is due to a device configuratio…

Remote | Information Disclosure

Mar 25, 2026 Mar 25, 2026

Mar 25, 2026

5.4 MEDIUM

CVE-2026-20114 — "Cisco Lobby Ambassador Privilege Escalation Vulnerability"

A vulnerability in the Lobby Ambassador web-based management API of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate their privileges and access management APIs that wou…

Remote | Authorization

Mar 25, 2026 Mar 25, 2026

Mar 25, 2026

5.3 MEDIUM

CVE-2026-20113 — Cisco IOx Web-Based Application CRLF Injection Vulnerability

A vulnerability in the web-based Cisco IOx application hosting environment management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a carriage return l…

Remote | Injection

Mar 25, 2026 Mar 25, 2026

Mar 25, 2026

4.8 MEDIUM

CVE-2026-20112 — "Cisco IOx Web-Based Management Interface Stored XSS Vulnerability"

A vulnerability in the web-based Cisco IOx application hosting environment management interface of Cisco IOS XE Software could allow an authenticated, remote attacker to conduct a stored cross-site s…

Remote | Cross-Site Scripting

Mar 25, 2026 Mar 25, 2026

Mar 25, 2026

6.5 MEDIUM

CVE-2026-20110 — Cisco IOS XE Software CLI Privilege Escalation Denial of Service Vulnerability

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists becau…

| Denial of Service

Mar 25, 2026 Mar 25, 2026

Mar 25, 2026

5.4 MEDIUM

CVE-2026-20108 — Cisco Catalyst SD-WAN Manager Cross-Site Scripting (XSS) Vulnerability

A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of t…

Remote | Cross-Site Scripting

Mar 25, 2026 Mar 25, 2026

Mar 25, 2026

6.1 MEDIUM

CVE-2026-20104 — "Cisco IOS XE Bootloader Insufficient Validation Arbitrary Code Execution Vulnerability"

A vulnerability in the bootloader of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches, Cisco Catalyst ESS9300 Embedded Series Switches, Cisco Catalyst IE9310 and IE9320 Rugged Series Swi…

| Authentication

Mar 25, 2026 Mar 25, 2026

Mar 25, 2026

8.6 HIGH

CVE-2026-20086 — Cisco Catalyst CW9800 CAPWAP Packet Processing Denial of Service Vulnerability

A vulnerability in the processing of Control and Provisioning of Wireless Access Points (CAPWAP) packets of Cisco IOS XE Wireless Controller Software for the Catalyst CW9800 Family could allow an una…

Remote | Denial of Service

Mar 25, 2026 Mar 25, 2026

Mar 25, 2026

8.6 HIGH

CVE-2026-20084 — Cisco Catalyst 9000 Series Switches BOOTP VLAN Leakage and Denial of Service Vulnerability

A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause BOOTP packets to be forwarded between VLANs, resulting in a denial of se…

Remote | Denial of Service

Mar 25, 2026 Mar 25, 2026

Mar 25, 2026

Browse by Apps

Latest CVE Feed

Cookie Preferences