Export limit exceeded: 364232 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364232 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-59603 1 Qualcomm 59 Cologne, Cologne Firmware, Fastconnect 6900 and 56 more 2026-03-04 7.8 High
Memory Corruption when processing invalid user address with nonstandard buffer address.
CVE-2025-48545 1 Google 1 Android 2026-03-04 7.1 High
In isSystemUid of AccountManagerService.java, there is a possible way for an app to access privileged APIs due to a confused deputy. This could lead to local privilege escalation with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-13120 1 Mruby 1 Mruby 2026-03-04 5.3 Medium
A vulnerability has been found in mruby up to 3.4.0. This vulnerability affects the function sort_cmp of the file src/array.c. Such manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The name of the patch is eb398971bfb43c38db3e04528b68ac9a7ce509bc. It is advisable to implement a patch to correct this issue.
CVE-2025-59600 1 Qualcomm 329 Ar8031, Ar8031 Firmware, Ar8035 and 326 more 2026-03-04 7.8 High
Memory Corruption when adding user-supplied data without checking available buffer space.
CVE-2025-69765 1 Tenda 2 Ax3, Ax3 Firmware 2026-03-04 7.5 High
Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formGetIptv function and the list parameter, which can cause memory corruption and enable remote code execution.
CVE-2025-47147 1 Gallagher 1 Command Centre Mobile Client 2026-03-04 5.7 Medium
Cleartext Storage of Sensitive Information (CWE-312) in the Command Centre Mobile Client on Android and iOS could allow an attacker with access to a logged-in Operator's mobile device to extract the session token and exploit access for a limited duration. This issue affects Command Centre Mobile Client versions prior to 9.40.123.
CVE-2025-13688 1 Ibm 1 Datastage On Cloud Pak For Data 2026-03-04 6.3 Medium
IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the wrapped command component.
CVE-2025-13687 1 Ibm 1 Datastage On Cloud Pak For Data 2026-03-04 6.3 Medium
IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the user-defined function component.
CVE-2025-13686 1 Ibm 1 Datastage On Cloud Pak For Data 2026-03-04 6.3 Medium
IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the job subroutine component.
CVE-2024-58041 1 Wonko 1 Smolder 2026-03-04 9.1 Critical
Smolder versions through 1.51 for Perl uses insecure rand() function for cryptographic functions. Smolder 1.51 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Smolder::DB::Developer uses the Data::Random library which specifically states that it is "Useful mostly for test programs". Data::Random uses the rand() function.
CVE-2026-3076 2026-03-03 N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-2363. Reason: This candidate is a reservation duplicate of CVE-2026-2363. Notes: All CVE users should reference CVE-2026-2363 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2021-4456 1 Mrsam 2 Net::cidr, Net\ 2026-03-03 6.5 Medium
Net::CIDR versions before 0.24 for Perl mishandle leading zeros in IP CIDR addresses, which may have unspecified impact. The functions `addr2cidr` and `cidrlookup` may return leading zeros in a CIDR string, which may in turn be parsed as octal numbers by subsequent users. In some cases an attacker may be able to leverage this to bypass access controls based on IP addresses. The documentation advises validating untrusted CIDR strings with the `cidrvalidate` function. However, this mitigation is optional and not enforced by default. In practice, users may call `addr2cidr` or `cidrlookup` with untrusted input and without validation, incorrectly assuming that this is safe.
CVE-2025-50198 1 Chamilo 1 Chamilo Lms 2026-03-03 4.9 Medium
Chamilo is a learning management system. Prior to version 1.11.30, Chamilo is vulnerable to deserialization of untrusted data in /plugin/vchamilo/views/import.php via POST configuration_file; POST course_path; POST home_path parameters. This issue has been patched in version 1.11.30.
CVE-2025-40932 1 Grichter 2 Apache::sessionx, Apache\ 2026-03-03 8.2 High
Apache::SessionX versions through 2.01 for Perl create insecure session id. Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with the built-in rand() function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. Predicable session ids could allow an attacker to gain access to systems.
CVE-2023-31068 1 Tsplus 1 Tsplus Remote Work 2026-03-03 9.8 Critical
An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permissions for Everyone on some directories under %PROGRAMFILES(X86)%\TSplus\UserDesktop\themes.
CVE-2023-31069 1 Tsplus 1 Tsplus Remote Work 2026-03-03 9.8 Critical
An issue was discovered in TSplus Remote Access through 16.0.2.14. Credentials are stored as cleartext within the HTML source code of the login page.
CVE-2025-50190 1 Chamilo 1 Chamilo Lms 2026-03-03 9.8 Critical
Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via the GET openid.assoc_handle parameter with the /index.php script. This issue has been patched in version 1.11.30.
CVE-2025-50191 1 Chamilo 1 Chamilo Lms 2026-03-03 7.2 High
Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via POST userFile with the /main/exercise/hotpotatoes.php script. This issue has been patched in version 1.11.30.
CVE-2025-52482 1 Chamilo 1 Chamilo Lms 2026-03-03 8.3 High
Chamilo is a learning management system. Prior to version 1.11.30, a Stored XSS vulnerability exists in the glossary function, enabling all users with the Teachers role to inject JavaScript malicious code against the administrator. This issue has been patched in version 1.11.30.
CVE-2025-50192 1 Chamilo 1 Chamilo Lms 2026-03-03 9.8 Critical
Chamilo is a learning management system. Prior to version 1.11.30, there is a time-based SQL Injection in found in /main/webservices/registration.soap.php. This issue has been patched in version 1.11.30.