Total
34933 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-24510 | 1 Dell | 1 Alienware Command Center | 2026-03-16 | N/A | 6.7 MEDIUM |
| Dell Alienware Command Center (AWCC), versions prior to 6.12.24.0, contain an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges. | |||||
| CVE-2026-31900 | 1 Python | 1 Black | 2026-03-16 | N/A | 9.8 CRITICAL |
| Black is the uncompromising Python code formatter. Black provides a GitHub action for formatting code. This action supports an option, use_pyproject: true, for reading the version of Black to use from the repository pyproject.toml. A malicious pull request could edit pyproject.toml to use a direct URL reference to a malicious repository. This could lead to arbitrary code execution in the context of the GitHub Action. Attackers could then gain access to secrets or permissions available in the context of the action. Version 26.3.0 fixes this vulnerability. | |||||
| CVE-2026-3494 | 2 Amazon, Mariadb | 3 Aurora Mysql, Relational Database Service, Mariadb | 2026-03-16 | N/A | 4.3 MEDIUM |
| In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_events variable configured with QUERY_DCL, QUERY_DDL, or QUERY_DML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen (—) or hash (#) style comments, the statement is not logged. | |||||
| CVE-2026-3935 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-03-16 | N/A | 6.5 MEDIUM |
| Incorrect security UI in WebAppInstalls in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2026-3937 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-03-16 | N/A | 6.5 MEDIUM |
| Incorrect security UI in Downloads in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2026-3938 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-03-16 | N/A | 4.3 MEDIUM |
| Insufficient policy enforcement in Clipboard in Google Chrome prior to 146.0.7680.71 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2025-9290 | 1 Tp-link | 111 Beam Bridge 5 Ur, Beam Bridge 5 Ur Firmware, Dr3220v-4g and 108 more | 2026-03-16 | N/A | 5.9 MEDIUM |
| An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device adoption due to improper handling of random values. Exploitation requires advanced network positioning and allows an attacker to intercept adoption traffic and forge valid authentication through offline precomputation, potentially exposing sensitive information and compromising confidentiality. | |||||
| CVE-2026-32094 | 1 Shescape Project | 1 Shescape | 2026-03-16 | N/A | 6.5 MEDIUM |
| Shescape is a simple shell escape library for JavaScript. Prior to 2.1.10, Shescape#escape() does not escape square-bracket glob syntax for Bash, BusyBox sh, and Dash. Applications that interpolate the return value directly into a shell command string can cause an attacker-controlled value like secret[12] to expand into multiple filesystem matches instead of a single literal argument, turning one argument into multiple trusted-pathname matches. This vulnerability is fixed in 2.1.10. | |||||
| CVE-2026-2861 | 1 Foswiki | 1 Foswiki | 2026-03-16 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was detected in Foswiki up to 2.1.10. The affected element is an unknown function of the component Changes/Viewfile/Oops. The manipulation results in information disclosure. It is possible to launch the attack remotely. The exploit is now public and may be used. Upgrading to version 2.1.11 is sufficient to fix this issue. The patch is identified as 31aeecb58b64/d8ed86b10e46. Upgrading the affected component is recommended. | |||||
| CVE-2026-21536 | 1 Microsoft | 1 Devices Pricing Program | 2026-03-16 | N/A | 9.8 CRITICAL |
| Microsoft Devices Pricing Program Remote Code Execution Vulnerability | |||||
| CVE-2026-26125 | 1 Microsoft | 1 Payment Orchestrator Service | 2026-03-16 | N/A | 8.6 HIGH |
| Payment Orchestrator Service Elevation of Privilege Vulnerability | |||||
| CVE-2026-3940 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-03-16 | N/A | 5.3 MEDIUM |
| Insufficient policy enforcement in DevTools in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2026-3939 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-03-16 | N/A | 5.3 MEDIUM |
| Insufficient policy enforcement in PDF in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted PDF file. (Chromium security severity: Low) | |||||
| CVE-2026-3934 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-03-16 | N/A | 6.5 MEDIUM |
| Insufficient policy enforcement in ChromeDriver in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2026-3932 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-03-16 | N/A | 7.5 HIGH |
| Insufficient policy enforcement in PDF in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2026-3930 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-03-16 | N/A | 5.3 MEDIUM |
| Unsafe navigation in Navigation in Google Chrome on iOS prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2026-23654 | 1 Microsoft | 1 Zero-shot-scfoundation | 2026-03-13 | N/A | 8.8 HIGH |
| Dependency on vulnerable third-party component in GitHub Repo: zero-shot-scfoundation allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2026-26123 | 1 Microsoft | 1 Authenticator | 2026-03-13 | N/A | 5.5 MEDIUM |
| Cwe is not in rca categories in Microsoft Authenticator allows an unauthorized attacker to disclose information locally. | |||||
| CVE-2026-32136 | 1 Adguard | 1 Adguardhome | 2026-03-13 | N/A | 9.8 CRITICAL |
| AdGuard Home is a network-wide software for blocking ads and tracking. Prior to 0.107.73, an unauthenticated remote attacker can bypass all authentication in AdGuardHome by sending an HTTP/1.1 request that requests an upgrade to HTTP/2 cleartext (h2c). Once the upgrade is accepted, the resulting HTTP/2 connection is handled by the inner mux, which has no authentication middleware attached. All subsequent HTTP/2 requests on that connection are processed as fully authenticated, regardless of whether any credentials were provided. This vulnerability is fixed in 0.107.73. | |||||
| CVE-2025-69618 | 1 Coto.world | 1 Coto | 2026-03-13 | N/A | 6.5 MEDIUM |
| An arbitrary file overwrite vulnerability in the file import process of Tarot, Astro & Healing v11.4.0 allows attackers to overwrite critical internal files, potentially leading to arbitrary code execution or exposure of sensitive information. | |||||