Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
14247
Total
958
Critical
4177
High
4519
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-32734 | HIGH | 7.1 | baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has DOM-based cross-site scripting in tag creation. This issue has been patched in version … | Mar 31, 2026 |
| CVE-2026-30940 | HIGH | 7.2 | baserCMS is a website development framework. Prior to version 5.2.3, a path traversal vulnerability exists in the theme file management API (/baser/api/admin/bc-theme-file/theme_files/add.json) that allows arbitrary … | Mar 31, 2026 |
| CVE-2026-30880 | UNKNOWN | — | baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has an OS command injection vulnerability in the installer. This issue has been patched … | Mar 31, 2026 |
| CVE-2026-30879 | UNKNOWN | — | baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a cross-site scripting vulnerability in blog posts. This issue has been patched in … | Mar 31, 2026 |
| CVE-2026-30878 | MEDIUM | 5.3 | baserCMS is a website development framework. Prior to version 5.2.3, a public mail submission API allows unauthenticated users to submit mail form entries even when … | Mar 31, 2026 |
| CVE-2026-30877 | CRITICAL | 9.1 | baserCMS is a website development framework. Prior to version 5.2.3, there is an OS command injection vulnerability in the update functionality. Due to this issue, … | Mar 31, 2026 |
| CVE-2026-27697 | UNKNOWN | — | baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a SQL injection vulnerability in blog posts. This issue has been patched in … | Mar 31, 2026 |
| CVE-2026-21861 | CRITICAL | 9.1 | baserCMS is a website development framework. Prior to version 5.2.3, baserCMS contains an OS command injection vulnerability in the core update functionality. An authenticated administrator … | Mar 31, 2026 |
| CVE-2025-32957 | HIGH | 8.7 | baserCMS is a website development framework. Prior to version 5.2.3, the application's restore function allows users to upload a .zip file, which is then automatically … | Mar 31, 2026 |
| CVE-2026-5157 | MEDIUM | 4.3 | A vulnerability was identified in code-projects Online Food Ordering System 1.0. Affected is an unknown function of the file /form/order.php of the component Order Module. … | Mar 31, 2026 |
| CVE-2026-5156 | HIGH | 8.8 | A vulnerability was determined in Tenda CH22 1.0.0.1. This impacts the function formQuickIndex of the file /goform/QuickIndex of the component Parameter Handler. This manipulation of … | Mar 31, 2026 |
| CVE-2026-5155 | HIGH | 8.8 | A vulnerability was found in Tenda CH22 1.0.0.1. This affects the function fromAdvSetWan of the file /goform/AdvSetWan of the component Parameter Handler. The manipulation of … | Mar 30, 2026 |
| CVE-2026-5154 | HIGH | 8.8 | A vulnerability has been found in Tenda CH22 1.0.0.1/1.If. The impacted element is the function fromSetCfm of the file /goform/setcfm of the component Parameter Handler. … | Mar 30, 2026 |
| CVE-2026-5130 | HIGH | 8.8 | The Debugger & Troubleshooter plugin for WordPress was vulnerable to Unauthenticated Privilege Escalation in versions up to and including 1.3.2. This was due to the … | Mar 30, 2026 |
| CVE-2026-5153 | MEDIUM | 6.3 | A flaw has been found in Tenda CH22 1.0.0.1. The affected element is the function FormWriteFacMac of the file /goform/WriteFacMac. Executing a manipulation of the … | Mar 30, 2026 |
| CVE-2026-4257 | CRITICAL | 9.8 | The Contact Form by Supsystic plugin for WordPress is vulnerable to Server-Side Template Injection (SSTI) leading to Remote Code Execution (RCE) in all versions up … | Mar 30, 2026 |
| CVE-2026-33995 | MEDIUM | 5.3 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a double-free vulnerability in kerberos_AcceptSecurityContext() and kerberos_InitializeSecurityContextA() (WinPR, winpr/libwinpr/sspi/Kerberos/kerberos.c) can cause … | Mar 30, 2026 |
| CVE-2026-33987 | HIGH | 7.1 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in persistent_cache_read_entry_v3() in libfreerdp/cache/persistent.c, persistent->bmpSize is updated before winpr_aligned_recalloc(). If realloc … | Mar 30, 2026 |
| CVE-2026-33986 | HIGH | 7.5 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in yuv_ensure_buffer() in libfreerdp/codec/h264.c, h264->width and h264->height are updated before the … | Mar 30, 2026 |
| CVE-2026-33985 | MEDIUM | 5.9 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, pixel data from adjacent heap memory is rendered to screen, potentially … | Mar 30, 2026 |
| CVE-2026-33984 | HIGH | 7.5 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in resize_vbar_entry() in libfreerdp/codec/clear.c, vBarEntry->size is updated to vBarEntry->count before the … | Mar 30, 2026 |
| CVE-2026-33983 | MEDIUM | 6.5 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, progressive_decompress_tile_upgrade() detects a mismatch via progressive_rfx_quant_cmp_equal() but only emits WLog_WARN, execution … | Mar 30, 2026 |
| CVE-2026-33982 | HIGH | 7.1 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, there is a heap-buffer-overflow READ vulnerability at 24 bytes before the … | Mar 30, 2026 |
| CVE-2026-33977 | UNKNOWN | — | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a malicious RDP server can crash the FreeRDP client by sending … | Mar 30, 2026 |
| CVE-2026-33952 | UNKNOWN | — | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, an unvalidated auth_length field read from the network triggers a WINPR_ASSERT() … | Mar 30, 2026 |