Search

Search Results (364448 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-47553 1 Siemens 1 Sinec Security Monitor 2026-03-10 9.9 Critical
A vulnerability has been identified in SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly validate user input to the ```ssmctl-client``` command. This could allow an authenticated, lowly privileged remote attacker to execute arbitrary code with root privileges on the underlying OS.
CVE-2022-4977 2026-03-10 N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2025-15549 1 Fluentcms 1 Fluentcms 2026-03-10 4.8 Medium
FluentCMS 2026 contains a stored cross-site scripting vulnerability that allows authenticated administrators to upload SVG files with embedded JavaScript via the File Management module. Attackers can upload malicious SVG files that execute JavaScript in the browser of any user accessing the uploaded file URL.
CVE-2025-36243 1 Ibm 1 Concert 2026-03-10 5.4 Medium
IBM Concert 1.0.0 through 2.1.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
CVE-2025-40905 1 Dbook 2 Www::oauth, Www\ 2026-03-10 7.3 High
WWW::OAuth 1.000 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.
CVE-2025-15444 2 Iamb, Perl 2 Crypt\, Crypt::sodium::xs 2026-03-10 9.8 Critical
Crypt::Sodium::XS module versions prior to 0.000042, for Perl, include a vulnerable version of libsodium libsodium <= 1.0.20 or a version of libsodium released before December 30, 2025 contains a vulnerability documented as CVE-2025-69277  https://www.cve.org/CVERecord?id=CVE-2025-69277 . The libsodium vulnerability states: In atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group. 0.000042 includes a version of libsodium updated to 1.0.20-stable, released January 3, 2026, which includes a fix for the vulnerability.
CVE-2025-10097 2 Sim, Simstudioai 2 Sim, Sim 2026-03-10 6.3 Medium
A vulnerability was identified in SimStudioAI sim up to 1.0.0. This impacts an unknown function of the file apps/sim/app/api/function/execute/route.ts. The manipulation of the argument code leads to code injection. The attack is possible to be carried out remotely.
CVE-2025-15578 1 Teejay 1 Maypole 2026-03-10 9.8 Critical
Maypole versions from 2.10 through 2.13 for Perl generates session ids insecurely. The session id is seeded with the system time (which is available from HTTP response headers), a call to the built-in rand() function, and the PID.
CVE-2025-61611 2 Linuxfoundation, Unisoc 2 Yocto, Udx710 2026-03-10 7.5 High
In modem, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed..
CVE-2025-61612 2 Google, Unisoc 6 Android, T7300, T8100 and 3 more 2026-03-10 7.5 High
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
CVE-2025-61613 2 Google, Unisoc 5 Android, T8100, T8200 and 2 more 2026-03-10 7.5 High
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
CVE-2025-61614 2 Google, Unisoc 6 Android, T7300, T8100 and 3 more 2026-03-10 7.5 High
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
CVE-2025-61615 2 Google, Unisoc 5 Android, T8100, T8200 and 2 more 2026-03-10 7.5 High
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
CVE-2025-61616 2 Google, Unisoc 5 Android, T8100, T8200 and 2 more 2026-03-10 7.5 High
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
CVE-2025-69278 2 Google, Unisoc 6 Android, T7300, T8100 and 3 more 2026-03-10 7.5 High
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
CVE-2025-69279 2 Google, Unisoc 5 Android, T8100, T8200 and 2 more 2026-03-10 7.5 High
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
CVE-2025-26399 1 Solarwinds 1 Web Help Desk 2026-03-10 9.8 Critical
SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986.
CVE-2025-65945 1 Auth0 1 Node-jws 2026-03-09 7.5 High
auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jws has an improper signature verification vulnerability when using the HS256 algorithm under specific conditions. Applications are affected when they use the jws.createVerify() function for HMAC algorithms and use user-provided data from the JSON Web Signature protected header or payload in HMAC secret lookup routines, which can allow attackers to bypass signature verification. This issue has been patched in versions 3.2.3 and 4.0.1.
CVE-2025-41257 1 Supremainc 1 Biostar 2 2026-03-09 4.8 Medium
Suprema’s BioStar 2 in version 2.9.11.6 allows users to set new password without providing the current one. Exploiting this flaw combined with other vulnerabilities can lead to unauthorized account access and potential system compromise.
CVE-2025-59905 1 Kubysoft 1 Kubysoft 2026-03-09 6.1 Medium
Cross-Site Scripting (XSS) vulnerability reflected in Kubysoft, which occurs through multiple parameters within the endpoint ‘/node/kudaby/nodeFN/procedure’. This flaw allows the injection of arbitrary client-side scripts, which are immediately reflected in the HTTP response and executed in the victim's browser.