Search

Search Results (364158 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-27501 2026-02-27 N/A
Further research determined the situation described is not a vulnerability.
CVE-2026-27500 2026-02-27 N/A
Further research determined the situation described is not a vulnerability.
CVE-2026-27201 2026-02-27 N/A
Further research determined the situation described is not a vulnerability.
CVE-2026-27200 2026-02-27 N/A
Further research determined the situation described is not a vulnerability.
CVE-2025-33179 1 Nvidia 5 Cumulus Linux, Dgx Gb200, Gb300 Nvl72 and 2 more 2026-02-27 8 High
NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could run an unauthorized command. A successful exploit of this vulnerability might lead to escalation of privileges.
CVE-2025-33180 1 Nvidia 5 Cumulus Linux, Dgx Gb200, Gb300 Nvl72 and 2 more 2026-02-27 8 High
NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful exploit of this vulnerability might lead to escalation of privileges.
CVE-2025-33181 1 Nvidia 5 Cumulus Linux, Dgx Gb200, Gb300 Nvl72 and 2 more 2026-02-27 7.3 High
NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful exploit of this vulnerability might lead to escalation of privileges.
CVE-2025-61684 2 H20, H2o 2 Quickly, Quicly 2026-02-27 7.5 High
Quicly, an IETF QUIC protocol implementation, is susceptible to a denial-of-service attack prior to commit d9d3df6a8530a102b57d840e39b0311ce5c9e14e. A remote attacker can exploit these bugs to trigger an assertion failure that crashes process using Quicly. Commit d9d3df6a8530a102b57d840e39b0311ce5c9e14e fixes the issue.
CVE-2025-67445 1 Totolink 2 X5000r, X5000r Firmware 2026-02-27 6.5 Medium
TOTOLINK X5000R V9.1.0cu.2415_B20250515 contains a denial-of-service vulnerability in /cgi-bin/cstecgi.cgi. The CGI reads the CONTENT_LENGTH environment variable and allocates memory using malloc (CONTENT_LENGTH + 1) without sufficient bounds checking. When lighttpd s request size limit is not enforced, a crafted large POST request can cause memory exhaustion or a segmentation fault, leading to a crash of the management CGI and loss of availability of the web interface.
CVE-2025-0976 3 Hitachi, Linux, Microsoft 4 Configuration Manager, Ops Center Api Configuration Manager, Linux Kernel and 1 more 2026-02-27 4.7 Medium
Information Exposure Vulnerability in Hitachi Ops Center API Configuration Manager, Hitachi Configuration Manager.This issue affects Hitachi Ops Center API Configuration Manager: from 10.0.0-00 before 11.0.4-00; Hitachi Configuration Manager: from 8.6.1-00 before 11.0.5-00.
CVE-2023-5769 1 Hitachienergy 8 Rtu520, Rtu520 Firmware, Rtu530 and 5 more 2026-02-27 5.4 Medium
A vulnerability exists in the webserver that affects the RTU500 series product versions listed below. A malicious actor could perform cross-site scripting on the webserver due to user input being improperly sanitized.
CVE-2025-50180 2 Esm, Esm-dev 2 Esm.sh, Esmsh 2026-02-27 7.5 High
esm.sh is a no-build content delivery network (CDN) for web development. In version 136, esm.sh is vulnerable to a full-response SSRF, allowing an attacker to retrieve information from internal websites through the vulnerability. Version 137 fixes the vulnerability.
CVE-2025-69929 1 N3uron 1 Web User Interface 2026-02-27 9.8 Critical
An issue in N3uron Web User Interface v.1.21.7-240207.1047 allows a remote attacker to escalate privileges via the password hashing on the client side using the MD5 algorithm over a predictable string format
CVE-2022-46764 2 Microsoft, Trueconf 2 Windows, Server 2026-02-27 9.8 Critical
A SQL injection issue in the web API in TrueConf Server 5.2.0.10225 (fixed in 5.2.6.10025) allows remote unauthenticated attackers to execute arbitrary SQL commands, ultimately leading to remote code execution.
CVE-2025-67491 2 Open-emr, Openemr 2 Openemr, Openemr 2026-02-27 5.4 Medium
OpenEMR is a free and open source electronic health records and medical practice management application. Versions 5.0.0.5 through 7.0.3.4 have a stored cross-site scripting vulnerability in the ub04 helper of the billing interface. The variable `$data` is passed in a click event handler enclosed in single quotes without proper sanitization. Thus, despite `json_encode` a malicious user can still inject a payload such as ` ac' ><img src=x onerror=alert(document.cookie)> ` to trigger the bug. This vulnerability allows low privileged users to embed malicious JS payloads on the server and perform stored XSS attack. This, in turn makes it possible for malicious users to steal the session cookies and perform unauthorized actions impersonating administrators. Version 7.0.4 patches the issue.
CVE-2025-67752 2 Open-emr, Openemr 2 Openemr, Openemr 2026-02-27 8.1 High
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 7.0.4, OpenEMR's HTTP client wrapper (`oeHttp`/`oeHttpRequest`) disables SSL/TLS certificate verification by default (`verify: false`), making all external HTTPS connections vulnerable to man-in-the-middle (MITM) attacks. This affects communication with government healthcare APIs and user-configurable external services, potentially exposing Protected Health Information (PHI). Version 7.0.4 fixes the issue.
CVE-2025-68277 2 Open-emr, Openemr 2 Openemr, Openemr 2026-02-27 5.0 Medium
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 7.0.4, when a link is sent via Secure Messaging, clicking the link opens the website within the OpenEMR/Portal site. This behavior could be exploited for phishing. Version 7.0.4 patches the issue.
CVE-2025-69231 2 Open-emr, Openemr 2 Openemr, Openemr 2026-02-27 8.7 High
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, a stored cross-site scripting vulnerability in the GAD-7 anxiety assessment form allows authenticated users with clinician privileges to inject malicious JavaScript that executes when other users view the form. This enables session hijacking, account takeover, and privilege escalation from clinician to administrator. Version 8.0.0 fixes the issue.
CVE-2025-5198 2 Redhat, Stackrox 2 Advanced Cluster Security, Stackrox 2026-02-27 5 Medium
A flaw was found in Stackrox, where it is vulnerable to Cross-site scripting (XSS) if the script code is included in a small subset of table cells. The only known potential exploit is if the script is included in the name of a Kubernetes “Role” object* that is applied to a secured cluster. This object can be used by a user with access to the cluster or through a compromised third-party product.
CVE-2024-5692 2 Microsoft, Mozilla 3 Windows, Firefox, Thunderbird 2026-02-27 6.5 Medium
On Windows 10, when using the 'Save As' functionality, an attacker could have tricked the browser into saving the file with a disallowed extension such as `.url` by including an invalid character in the extension. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.