Search

Search Results (364353 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-43766 1 Google 1 Android 2026-03-06 6.5 Medium
In multiple functions of btm_ble_sec.cc, there is a possible unencrypted communication due to Invalid error handling. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-31328 1 Google 1 Android 2026-03-06 8.8 High
In broadcastIntentLockedTraced of BroadcastController.java, there is a possible way to launch arbitrary activities from the background on the paired companion phone due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-45243 4 Acronis, Apple, Linux and 1 more 4 Agent, Macos, Linux Kernel and 1 more 2026-03-06 5.5 Medium
Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35739, Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186.
CVE-2023-45242 4 Acronis, Apple, Linux and 1 more 4 Agent, Macos, Linux Kernel and 1 more 2026-03-06 5.5 Medium
Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35739, Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186.
CVE-2023-44210 4 Acronis, Apple, Linux and 1 more 4 Agent, Macos, Linux Kernel and 1 more 2026-03-06 5.5 Medium
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 29258, Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186.
CVE-2023-44209 4 Acronis, Apple, Linux and 1 more 4 Agent, Macos, Linux Kernel and 1 more 2026-03-06 7.8 High
Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 29051, Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186.
CVE-2023-52972 1 Huawei 2 Yutufz-5651s1, Yutufz-5651s1 Senaryaudio 2026-03-05 5.5 Medium
Huawei PCs have a vulnerability that allows low-privilege users to bypass SDDL permission checks . Successful exploitation this vulnerability could lead to termination of some system processes.
CVE-2021-35485 1 Nokia 1 Impact 2026-03-05 8 High
The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload server-side executable files via the /ui/rest-proxy/application fileupload parameter. This can occur during the adding of a new application, or during the editing of an existing one.
CVE-2021-35484 1 Nokia 1 Impact 2026-03-05 8.2 High
Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authenticated user to perform a Time-based Boolean Blind SQL Injection attack on the endpoint /ui/rest-proxy/campaign/statistic (for the View Campaign page) via the sortColumn HTTP GET parameter. This allows an attacker to access sensitive data from the database and obtain access to the database user, database name, and database version information.
CVE-2025-15598 2 Dataease, Fit2cloud 2 Sqlbot, Sqlbot 2026-03-05 3.7 Low
A vulnerability was found in Dataease SQLBot up to 1.5.1. This impacts the function validateEmbedded of the file backend/apps/system/middleware/auth.py of the component JWT Token Handler. Performing a manipulation results in improper verification of cryptographic signature. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is said to be difficult. The exploit has been made public and could be used. A comment in the source code warns users about using this feature. The vendor was contacted early about this disclosure.
CVE-2021-35483 1 Nokia 1 Impact 2026-03-05 4.1 Medium
The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload JavaScript files via the /ui/rest-proxy/application fileupload parameter. This can occur during the adding of a new application, or during the editing of an existing one. If an authenticated user visits the web page where the file is published, the JavaScript code is executed.
CVE-2025-66680 1 Wisecleaner 1 Wise Force Deleter 2026-03-05 7.1 High
An issue in the WiseDelfile64.sys component of WiseCleaner Wise Force Deleter 7.3.2 and earlier allows attackers to delete arbitrary files via a crafted request.
CVE-2025-70821 2 Renren, Renrenio 2 Renren-security, Renren-security 2026-03-05 9.8 Critical
renren-secuity before v5.5.0 is vulnerable to SQL Injection in the BaseServiceImpl.java component
CVE-2025-14480 1 Ibm 1 Aspera Faspio Gateway 2026-03-05 5.1 Medium
IBM Aspera faspio Gateway 1.3.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information
CVE-2025-14456 1 Ibm 1 Mq Appliance 2026-03-05 5.9 Medium
IBM MQ Appliance 9.4 CD through 9.4.4.0 to 9.4.4.1
CVE-2025-67847 1 Moodle 1 Moodle 2026-03-05 8.8 High
A flaw was found in Moodle. An attacker with access to the restore interface could trigger server-side execution of arbitrary code. This is due to insufficient validation of restore input, which leads to unintended interpretation by core restore routines. Successful exploitation could result in a full compromise of the Moodle application.
CVE-2025-47378 1 Qualcomm 149 Cologne, Cologne Firmware, Fastconnect 6700 and 146 more 2026-03-05 7.1 High
Cryptographic Issue when a shared VM reference allows HLOS to boot loader and access cert chain.
CVE-2025-47384 1 Qualcomm 87 5g Fixed Wireless Access Platform, 5g Fixed Wireless Access Platform Firmware, Fastconnect 6200 and 84 more 2026-03-05 6.5 Medium
Transient DOS when MAC configures config id greater than supported maximum value.
CVE-2025-47385 1 Qualcomm 189 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 186 more 2026-03-05 7.8 High
Memory Corruption when accessing trusted execution environment without proper privilege check.
CVE-2025-69195 1 Gnu 2 Wget, Wget2 2026-03-05 7.6 High
A flaw was found in GNU Wget2. This vulnerability, a stack-based buffer overflow, occurs in the filename sanitization logic when processing attacker-controlled URL paths, particularly when filename restriction options are active. A remote attacker can exploit this by providing a specially crafted URL, which, upon user interaction with wget2, can lead to memory corruption. This can cause the application to crash and potentially allow for further malicious activities.