Export limit exceeded: 364491 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364491 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-53608 1 Fortinet 1 Fortisandbox 2026-03-12 4.6 Medium
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated privileged attacker to execute code via crafted requests.
CVE-2025-54820 1 Fortinet 1 Fortimanager 2026-03-12 7 High
A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiManager 7.4.0 through 7.4.2, FortiManager 7.2.0 through 7.2.10, FortiManager 6.4 all versions may allow a remote unauthenticated attacker to execute unauthorized commands via crafted requests, if the service is enabled. The success of the attack depends on the ability to bypass the stack protection mechanisms.
CVE-2025-55717 1 Fortinet 3 Fortimail, Fortirecorder, Fortivoice 2026-03-12 3.8 Low
A cleartext storage of sensitive information vulnerability [CWE-312] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0 all versions, FortiRecorder 6.4 all versions, FortiVoice 7.2.0, FortiVoice 7.0.0 through 7.0.6 may allow an authenticated malicious administrator to obtain user's secrets via CLI commands. Practical exploitability is limited by conditions out of the control of the attacker: An admin must log in to the targeted device.
CVE-2025-66178 1 Fortinet 1 Fortiweb 2026-03-12 6.7 Medium
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.11, FortiWeb 7.2.0 through 7.2.12, FortiWeb 7.0.0 through 7.0.12 may allow an authenticated attacked to execute arbitrary commands via a specialy crafted HTTP request.
CVE-2025-68482 1 Fortinet 6 Fortianalyzer, Fortianalyzer Cloud, Fortianalyzercloud and 3 more 2026-03-12 6.3 Medium
A improper certificate validation vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager 6.4 all versions may allow a remote unauthenticated attacker to view confidential information via a man in the middle [MiTM] attack.
CVE-2025-14631 1 Tp-link 2 Archer Be400, Archer Be400 Firmware 2026-03-12 6.5 Medium
A NULL Pointer Dereference vulnerability in TP-Link Archer BE400 V1(802.11 modules) allows  an adjacent attacker to cause a denial-of-service (DoS) by triggering a device reboot. This issue affects Archer BE400: xi 1.1.0 Build 20250710 rel.14914.
CVE-2025-66315 1 Zte 3 Mf258, Mf258k Pro, Mf258k Pro Firmware 2026-03-12 4.3 Medium
There is a configuration defect vulnerability in the version server of ZTE MF258K Pro products. Due to improper directory permission settings, an attacker can execute write permissions in a specific directory.
CVE-2019-25311 1 Kostasmitroglou 1 Thesystem 2026-03-12 6.4 Medium
thesystem version 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple server data input fields. Attackers can submit crafted script payloads in operating_system, system_owner, system_username, system_password, system_description, and server_name parameters to execute arbitrary JavaScript in victim browsers.
CVE-2020-37057 2 Nayem-howlader, Sunnygkp10 3 Online Exam System, Online-exam-system, Online-exam-system- 2026-03-12 8.2 High
Online-Exam-System 2015 contains a SQL injection vulnerability in the feedback module that allows attackers to manipulate database queries through the 'fid' parameter. Attackers can inject malicious SQL code into the 'fid' parameter to potentially extract, modify, or delete database information.
CVE-2020-37051 2 Nayem-howlader, Sunnygkp10 3 Online Exam System, Online-exam-system, Online-exam-system- 2026-03-12 8.2 High
Online-Exam-System 2015 contains a time-based blind SQL injection vulnerability in the feedback form that allows attackers to extract database password hashes. Attackers can exploit the 'feed.php' endpoint by crafting malicious payload requests that use time delays to systematically enumerate user password characters.
CVE-2025-30412 3 Acronis, Linux, Microsoft 5 Acronis Cyber Protect 15, Acronis Cyber Protect 16, Cyber Protect and 2 more 2026-03-12 N/A
Sensitive data disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938, Acronis Cyber Protect 15 (Linux, Windows) before build 41800.
CVE-2025-30416 3 Acronis, Linux, Microsoft 5 Acronis Cyber Protect 15, Acronis Cyber Protect 16, Cyber Protect and 2 more 2026-03-12 N/A
Sensitive data disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938, Acronis Cyber Protect 15 (Linux, Windows) before build 41800.
CVE-2025-30411 3 Acronis, Linux, Microsoft 5 Acronis Cyber Protect 15, Acronis Cyber Protect 16, Cyber Protect and 2 more 2026-03-12 N/A
Sensitive data disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938, Acronis Cyber Protect 15 (Linux, Windows) before build 41800.
CVE-2025-66292 2 Donknap, Dpanel 2 Dpanel, Dpanel 2026-03-12 8.1 High
DPanel is an open source server management panel written in Go. Prior to 1.9.2, DPanel has an arbitrary file deletion vulnerability in the /api/common/attach/delete interface. Authenticated users can delete arbitrary files on the server via path traversal. When a user logs into the administrative backend, this interface can be used to delete files. The vulnerability lies in the Delete function within the app/common/http/controller/attach.go file. The path parameter submitted by the user is directly passed to storage.Local{}.GetSaveRealPath and subsequently to os.Remove without proper sanitization or checking for path traversal characters (../). And the helper function in common/service/storage/local.go uses filepath.Join, which resolves ../ but does not enforce a chroot/jail. This vulnerability is fixed in 1.9.2.
CVE-2025-45809 1 Litellm 1 Litellm 2026-03-12 5.4 Medium
SQL Injection vulnerability in BerriAI LiteLLM before 1.81.0 allows attackers to execute arbitrary commands via the key parameter to the "/key/block" and "/key/unblock" API endpoints.
CVE-2025-13219 2 Ibm, Linux 2 Aspera Orchestrator, Linux Kernel 2026-03-12 5.9 Medium
IBM Aspera Orchestrator 3.0.0 through 4.1.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history.
CVE-2025-57622 1 Stepfun-ai 1 Step-video-t2v 2026-03-12 9.8 Critical
An issue in Step-Video-T2V allows a remote attacker to execute arbitrary code via the /vae-api , /caption-api , feature = pickle.loads(request.get_data()) component
CVE-2025-36226 2 Ibm, Linux 3 Aspera Faspex, Aspera Faspex 5, Linux Kernel 2026-03-12 5.4 Medium
IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2025-36227 2 Ibm, Linux 3 Aspera Faspex, Aspera Faspex 5, Linux Kernel 2026-03-12 5.4 Medium
IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.  This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.
CVE-2025-13213 2 Ibm, Linux 2 Aspera Orchestrator, Linux Kernel 2026-03-12 5.4 Medium
IBM Aspera Orchestrator 3.0.0 through 4.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking