Total
34896 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-14915 | 4 Apple, Ibm, Linux and 1 more | 7 Macos, Aix, I and 4 more | 2026-03-30 | N/A | 6.5 MEDIUM |
| IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is affected by privilege escalation. A privileged user could gain additional access to the application server. | |||||
| CVE-2020-28466 | 1 Linuxfoundation | 1 Nats-server | 2026-03-30 | 5.0 MEDIUM | 7.5 HIGH |
| This affects all versions of package github.com/nats-io/nats-server/server. Untrusted accounts are able to crash the server using configs that represent a service export/import cycles. Disclaimer from the maintainers: Running a NATS service which is exposed to untrusted users presents a heightened risk. Any remote execution flaw or equivalent seriousness, or denial-of-service by unauthenticated users, will lead to prompt releases by the NATS maintainers. Fixes for denial of service issues with no threat of remote execution, when limited to account holders, are likely to just be committed to the main development branch with no special attention. Those who are running such services are encouraged to build regularly from git. | |||||
| CVE-2026-28867 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2026-03-27 | N/A | 6.2 MEDIUM |
| This issue was addressed with improved authentication. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to leak sensitive kernel state. | |||||
| CVE-2026-28893 | 1 Apple | 1 Macos | 2026-03-27 | N/A | 3.3 LOW |
| A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Tahoe 26.4. A document may be written to a temporary file when using print preview. | |||||
| CVE-2026-28892 | 1 Apple | 1 Macos | 2026-03-27 | N/A | 5.5 MEDIUM |
| A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to modify protected parts of the file system. | |||||
| CVE-2026-28870 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2026-03-27 | N/A | 5.5 MEDIUM |
| An information leakage was addressed with additional validation. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to access sensitive user data. | |||||
| CVE-2026-28831 | 1 Apple | 1 Macos | 2026-03-27 | N/A | 5.5 MEDIUM |
| An authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access sensitive user data. | |||||
| CVE-2026-20692 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2026-03-27 | N/A | 5.3 MEDIUM |
| A privacy issue was addressed with improved handling of user preferences. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. "Hide IP Address" and "Block All Remote Content" may not apply to all mail content. | |||||
| CVE-2026-20670 | 1 Apple | 1 Macos | 2026-03-27 | N/A | 5.5 MEDIUM |
| An authorization issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.8.4, macOS Tahoe 26.3. An app may be able to access sensitive user data. | |||||
| CVE-2026-33062 | 1 Free5gc | 1 Free5gc | 2026-03-27 | N/A | 7.5 HIGH |
| free5GC is an open source 5G core network. free5GC NRF prior to version 1.4.2 has an Improper Input Validation vulnerability leading to Denial of Service. All deployments of free5GC using the NRF discovery service are affected. The `EncodeGroupId` function attempts to access array indices [0], [1], [2] without validating the length of the split data. When the parameter contains insufficient separator characters, the code panics with "index out of range". A remote attacker can cause the NRF service to panic and crash by sending a crafted HTTP GET request with a malformed `group-id-list` parameter. This results in complete denial of service for the NRF discovery service. free5GC NRF version 1.4.2 fixes the issue. There is no direct workaround at the application level. The recommendation is to apply the provided patch or restrict access to the NRF API to trusted sources only. | |||||
| CVE-2026-33473 | 1 Vikunja | 1 Vikunja | 2026-03-27 | N/A | 5.7 MEDIUM |
| Vikunja is an open-source self-hosted task management platform. Starting in version 0.13 and prior to version 2.2.1, any user that has enabled 2FA can have their TOTP reused during the standard 30 second validity window. Version 2.2.1 patches the issue. | |||||
| CVE-2026-33677 | 1 Vikunja | 1 Vikunja | 2026-03-27 | N/A | 6.5 MEDIUM |
| Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.1, the `GET /api/v1/projects/:project/webhooks` endpoint returns webhook BasicAuth credentials (`basic_auth_user` and `basic_auth_password`) in plaintext to any user with read access to the project. While the existing code correctly masks the HMAC `secret` field, the BasicAuth fields added in a later migration were not given the same treatment. This allows read-only collaborators to steal credentials intended for authenticating against external webhook receivers. Version 2.2.1 patches the issue. | |||||
| CVE-2026-33509 | 2 Pyload, Pyload-ng Project | 2 Pyload, Pyload-ng | 2026-03-26 | N/A | 7.5 HIGH |
| pyLoad is a free and open-source download manager written in Python. From version 0.4.0 to before version 0.5.0b3.dev97, the set_config_value() API endpoint allows users with the non-admin SETTINGS permission to modify any configuration option without restriction. The reconnect.script config option controls a file path that is passed directly to subprocess.run() in the thread manager's reconnect logic. A SETTINGS user can set this to any executable file on the system, achieving Remote Code Execution. The only validation in set_config_value() is a hardcoded check for general.storage_folder — all other security-critical settings including reconnect.script are writable without any allowlist or path restriction. This issue has been patched in version 0.5.0b3.dev97. | |||||
| CVE-2026-28877 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2026-03-26 | N/A | 5.5 MEDIUM |
| An authorization issue was addressed with improved state management. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Tahoe 26.4, visionOS 26.4, watchOS 26.4. An app may be able to access sensitive user data. | |||||
| CVE-2026-28820 | 1 Apple | 1 Macos | 2026-03-26 | N/A | 5.3 MEDIUM |
| This issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.4. An app may be able to access sensitive user data. | |||||
| CVE-2026-28863 | 1 Apple | 5 Ipados, Iphone Os, Tvos and 2 more | 2026-03-26 | N/A | 6.5 MEDIUM |
| A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.4 and iPadOS 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to fingerprint the user. | |||||
| CVE-2026-4710 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-03-26 | N/A | 9.8 CRITICAL |
| Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. | |||||
| CVE-2026-4755 | 1 Molotovcherry | 1 Android-imagemagick7 | 2026-03-26 | N/A | 9.8 CRITICAL |
| CWE-20 vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11. | |||||
| CVE-2026-28882 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2026-03-26 | N/A | 4.0 MEDIUM |
| This issue was addressed with improved checks. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to enumerate a user's installed apps. | |||||
| CVE-2026-20695 | 1 Apple | 1 Macos | 2026-03-26 | N/A | 6.2 MEDIUM |
| An information disclosure issue was addressed with improved memory management. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to determine kernel memory layout. | |||||