Search Results (363801 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-0639 2 Openatom, Openharmony 2 Openharmony, Openharmony 2026-03-24 3.3 Low
in OpenHarmony v6.0 and prior versions allow a local attacker case DOS through missing release of memory.
CVE-2025-12736 2 Openatom, Openharmony 2 Openharmony, Openharmony 2026-03-24 6.5 Medium
in OpenHarmony v5.0.3 and prior versions allow a local attacker case sensitive information leak through use of uninitialized resource.
CVE-2025-25277 2 Openatom, Openharmony 2 Openharmony, Openharmony 2026-03-24 6.3 Medium
in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through using incompatible type. This vulnerability can be exploited only in restricted scenarios.
CVE-2025-41432 2 Openatom, Openharmony 2 Openharmony, Openharmony 2026-03-24 5.5 Medium
in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios.
CVE-2025-52458 2 Openatom, Openharmony 2 Openharmony, Openharmony 2026-03-24 5.5 Medium
in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios.
CVE-2025-26474 2 Openatom, Openharmony 2 Openharmony, Openharmony 2026-03-24 3.3 Low
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information improper input. This vulnerability can be exploited only in restricted scenarios.
CVE-2025-6969 2 Openatom, Openharmony 2 Openharmony, Openharmony 2026-03-24 5 Medium
in OpenHarmony v5.1.0 and prior versions allow a local attacker cause DOS through improper input.
CVE-2026-4226 1 Lb-link 2 Bl-wr9000, Bl-wr9000 Firmware 2026-03-24 8.8 High
A weakness has been identified in LB-LINK BL-WR9000 2.4.9. The affected element is the function sub_44E8D0 of the file /goform/get_virtual_cfg. Executing a manipulation can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2026-4227 1 Lb-link 2 Bl-wr9000, Bl-wr9000 Firmware 2026-03-24 8.8 High
A security vulnerability has been detected in LB-LINK BL-WR9000 2.4.9. The impacted element is the function sub_44D844 of the file /goform/get_hidessid_cfg. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2026-4228 1 Lb-link 2 Bl-wr9000, Bl-wr9000 Firmware 2026-03-24 6.3 Medium
A vulnerability was detected in LB-LINK BL-WR9000 2.4.9. This affects the function sub_458754 of the file /goform/set_wifi. The manipulation results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2026-25780 1 Mattermost 2 Mattermost, Mattermost Server 2026-03-24 4.3 Medium
Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to bound memory allocation when processing DOC files which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted DOC file.. Mattermost Advisory ID: MMSA-2026-00581
CVE-2026-4240 1 Open5gs 1 Open5gs 2026-03-24 5.3 Medium
A vulnerability was determined in Open5GS up to 2.7.6. The affected element is the function smf_gx_cca_cb/smf_gy_cca_cb/smf_s6b_aaa_cb/smf_s6b_sta_cb of the component CCA Handler. This manipulation causes denial of service. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 2.7.7 is sufficient to fix this issue. Patch name: 80eb484a6ab32968e755e628b70d1a9c64f012ec. Upgrading the affected component is recommended.
CVE-2025-52644 1 Hcltech 1 Aion 2026-03-24 5.8 Medium
HCL AION is affected by a vulnerability where certain user actions are not adequately audited or logged. The absence of proper auditing mechanisms may reduce traceability of user activities and could potentially impact monitoring, accountability, or incident investigation processes.
CVE-2025-52646 1 Hcltech 1 Aion 2026-03-24 2.2 Low
HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific conditions.
CVE-2025-52642 1 Hcltech 1 Aion 2026-03-24 3.3 Low
HCL AION is affected by a vulnerability where internal filesystem paths may be exposed through application responses or system behaviour. Exposure of internal paths may reveal environment structure details which could potentially aid in further targeted attacks or information disclosure.
CVE-2026-21386 1 Mattermost 2 Mattermost, Mattermost Server 2026-03-24 4.3 Medium
Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to use consistent error responses when handling the /mute command which allows an authenticated team member to enumerate private channels they are not authorized to know about via differing error messages for nonexistent versus private channels. Mattermost Advisory ID: MMSA-2026-00588
CVE-2026-2455 1 Mattermost 2 Mattermost, Mattermost Server 2026-03-24 4.3 Medium
Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to canonicalize IPv4-mapped IPv6 addresses before reserved IP validation which allows an attacker to perform SSRF attacks against internal services via IPv4-mapped IPv6 literals (e.g., [::ffff:127.0.0.1]).. Mattermost Advisory ID: MMSA-2026-00585
CVE-2026-22545 1 Mattermost 2 Mattermost, Mattermost Server 2026-03-24 3.1 Low
Mattermost versions 10.11.x <= 10.11.10 fail to validate user's authentication method when processing account auth type switch which allows an authenticated attacker to change account password without confirmation via falsely claiming a different auth provider.. Mattermost Advisory ID: MMSA-2026-00583
CVE-2026-31974 2 Openproject, Opf 2 Openproject, Openproject 2026-03-24 3 Low
OpenProject is an open-source, web-based project management software. Prior to 17.2.0, OpenProject SMTP test endpoint (POST /admin/settings/mail_notifications) accepts arbitrary host and port values and exhibits measurable differences in response behaviour depending on whether the target IP exists and whether the port is open. An attacker with access can use these timing and error distinctions to map internal hosts and identify which services/ports are reachable. Similarly, you can create webhooks in OpenProject and point them to arbitrary IPs, resulting in the same kind of SSRF issue which allows attackers to scan the internal network. This vulnerability is fixed in 17.2.0.
CVE-2019-25521 1 Xooscripts 1 Xoogallery 2026-03-24 8.2 High
XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the gal_id parameter. Attackers can send GET requests to gal.php with malicious gal_id values to extract sensitive database information or modify database contents.