Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
9.8 CRITICAL
CVE-2026-27012 — Unauthenticated privilege escalation in OpenSTAManager via modules/utenti/actions.php

OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, a privilege escalation and authentication bypass vulnerability in OpenSTAManager all…

openstamanager | Remote | Authentication
Mar 03, 2026 Mar 03, 2026
Mar 03, 2026
Mar 03, 2026
9.6 CRITICAL
CVE-2026-25146 — OpenEMR's payments gateway_api_key secret rendered into client JS code

OpenEMR is a free and open source electronic health records and medical practice management application. From 5.0.2 to before 8.0.0, there are (at least) two paths where the gateway_api_key secret va…

openemr | Remote | Information Disclosure
Mar 03, 2026 Mar 03, 2026
Mar 03, 2026
Mar 03, 2026
10.0 CRITICAL
CVE-2026-24898 — OpenEMR has an Unauthenticated MedEx Token Disclosure

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0, an unauthenticated token disclosure vulnerability in the MedEx callback endpoi…

openemr | Remote | Information Disclosure
Mar 03, 2026 Mar 03, 2026
Mar 03, 2026
Mar 03, 2026
8.7 HIGH
CVE-2026-24848 — OpenEMR Arbitrary File Write leading to Remote Code Execution

OpenEMR is a free and open source electronic health records and medical practice management application. In 7.0.4 and earlier, the disposeDocument() method in EtherFaxActions.php allows authenticated…

openemr | Remote | Path Traversal
Mar 03, 2026 Mar 03, 2026
Mar 03, 2026
Mar 03, 2026
5.1 MEDIUM
CVE-2026-24415 — OpenSTAManager affected by reflected XSS in modifica_iva.php via righe parameter

OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contains Reflected XSS vulnerabilities in invoice/order/contract modific…

openstamanager | Remote | Cross-Site Scripting
Mar 03, 2026 Mar 03, 2026
Mar 03, 2026
Mar 03, 2026
5.1 MEDIUM
CVE-2026-21866 — Dify - Stored XSS in chat

Dify is an open-source LLM app development platform. Prior to 1.11.2, Dify is vulnerable to a stored XSS issue when rendering Mermaid diagrams within chats. This occurs because Dify’s default Mermaid…

dify | Remote | Cross-Site Scripting
Mar 03, 2026 Mar 03, 2026
Mar 03, 2026
Mar 03, 2026
8.8 HIGH
CVE-2026-1775 — Missing Authentication for Critical Function in Labkotec LID-3300IP

The Labkotec LID-3300IP has an existing vulnerability in the ice detector software that enables an unauthenticated attacker to alter device parameters and run operational commands when specially craf…

Remote | Authentication
Mar 03, 2026 Mar 03, 2026
Mar 03, 2026
Mar 03, 2026
5.8 MEDIUM
CVE-2026-3486 — itsourcecode College Management System student-fee.php sql injection

A vulnerability has been found in itsourcecode College Management System 1.0. This vulnerability affects unknown code of the file /admin/student-fee.php. Such manipulation of the argument roll_no lea…

college_management_system | Remote | Injection
Mar 03, 2026 Mar 03, 2026
Mar 03, 2026
Mar 03, 2026
10.0 HIGH
CVE-2026-3485 — D-Link DIR-868L SSDP Service sub_1BF84 os command injection

A flaw has been found in D-Link DIR-868L 110b03. This affects the function sub_1BF84 of the component SSDP Service. This manipulation of the argument ST causes os command injection. It is possible to…

dir-868l_firmware | Remote | Injection
Mar 03, 2026 Mar 03, 2026
Mar 03, 2026
Mar 03, 2026
7.3 HIGH
CVE-2026-25906 — Dell Optimizer Elevation of Privileges (Link Following)

Dell Optimizer, versions prior to 6.3.1, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit…

| Path Traversal
Mar 03, 2026 Mar 03, 2026
Mar 03, 2026
Mar 03, 2026
8.8 HIGH
CVE-2026-24502 — Dell Command | Intel vPro Out of Band Uncontrolled Search Path Element Elevation of Privi…

Dell Command | Intel vPro Out of Band, versions prior to 4.7.0, contain an Uncontrolled Search Path Element vulnerability. A low privileged attacker with local access could potentially exploit this v…

| Path Traversal
Mar 03, 2026 Mar 03, 2026
Mar 03, 2026
Mar 03, 2026
5.5 MEDIUM
CVE-2026-1713 — IBM MQ is affected by an authority vulnerablility

IBM MQ 9.1.0.0 through 9.1.0.33 LTS, 9.2.0.0 through 9.2.0.40 LTS, 9.3.0.0 through 9.3.0.36 LTS, 9.30.0 through 9.3.5.1 CD, 9.4.0.0 through 9.4.0.17 LTS, and 9.4.0.0 through 9.4.4.1 CD

mq
Mar 03, 2026 Mar 03, 2026
Mar 03, 2026
Mar 03, 2026
7.1 HIGH
CVE-2026-1567 — IBM InfoSphere Information Server is affected by an XML external entity injection (XXE) v…

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 An XML External Entity (XXE) vulnerability in IBM InfoSphere Information Server could allow attackers to retrieve sensitive information fro…

infosphere_information_server | Remote | XML External Entity
Mar 03, 2026 Mar 03, 2026
Mar 03, 2026
Mar 03, 2026
0.0 NA
CVE-2025-70240 — D-Link DIR-513 Stack Buffer Overflow

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard51.

| Memory Corruption
Mar 03, 2026 Mar 03, 2026
Mar 03, 2026
Mar 03, 2026
0.0 NA
CVE-2025-70239 — D-Link DIR-513 Stack Buffer Overflow Vulnerability

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard55.

| Memory Corruption
Mar 03, 2026 Mar 03, 2026
Mar 03, 2026
Mar 03, 2026
0.0 NA
CVE-2025-70234 — D-Link DIR-513 Stack Buffer Overflow Vulnerability

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetQoS.

| Memory Corruption
Mar 03, 2026 Mar 03, 2026
Mar 03, 2026
Mar 03, 2026
5.1 MEDIUM
CVE-2025-14480 — IBM Aspera faspio Gateway 1.3.7 has addressed a vulnerability affected by weak cryptograp…

IBM Aspera faspio Gateway 1.3.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information

aspera_faspio_gateway | Cryptography
Mar 03, 2026 Mar 03, 2026
Mar 03, 2026
Mar 03, 2026
5.9 MEDIUM
CVE-2025-14456 — IBM MQ Appliance uses weaker than expected cryptographic algorithms

IBM MQ Appliance 9.4 CD through 9.4.4.0 to 9.4.4.1

mq_appliance | Remote | Misconfiguration
Mar 03, 2026 Mar 03, 2026
Mar 03, 2026
Mar 03, 2026
8.8 HIGH
CVE-2025-13688 — DataStage on Cloud Pak for Data is vulnerable to arbitrary code injection due to runtime …

IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user su…

datastage_on_cloud_pak_for_data | Remote | Injection
Mar 03, 2026 Mar 04, 2026
Mar 03, 2026
Mar 04, 2026
8.8 HIGH
CVE-2025-13687 — DataStage on Cloud Pak for Data is vulnerable to arbitrary code injection due to runtime …

IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user su…

datastage_on_cloud_pak_for_data | Remote | Injection
Mar 03, 2026 Mar 04, 2026
Mar 03, 2026
Mar 04, 2026
Showing 20 of 4956 Results