Search

Search Results (364156 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-12343 1 Ffmpeg 1 Ffmpeg 2026-02-26 3.3 Low
A flaw was found in FFmpeg’s TensorFlow backend within the libavfilter/dnn_backend_tf.c source file. The issue occurs in the dnn_execute_model_tf() function, where a task object is freed multiple times in certain error-handling paths. This redundant memory deallocation can lead to a double-free condition, potentially causing FFmpeg or any application using it to crash when processing TensorFlow-based DNN models. This results in a denial-of-service scenario but does not allow arbitrary code execution under normal conditions.
CVE-2026-1707 1 Pgadmin 1 Pgadmin 4 2026-02-26 7.4 High
pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can observe an active restore operation, extract the `\restrict` key in real time, and race the restore process by overwriting the restore script with a payload that re-enables meta-commands using `\unrestrict <key>`. This results in reliable command execution on the pgAdmin host during the restore operation.
CVE-2025-67856 1 Moodle 1 Moodle 2026-02-26 5.4 Medium
A flaw was found in Moodle. An authorization logic flaw, specifically due to incomplete role checks during the badge awarding process, allowed badges to be granted without proper verification. This could enable unauthorized users to obtain badges they are not entitled to, potentially leading to privilege escalation or unauthorized access to certain features.
CVE-2025-10258 1 Nokia 1 Infinera Dna 2026-02-26 6.3 Medium
Infinera DNA is vulnerable to a time-based SQL injection vulnerability due to insufficient input validation, which may result in leaking of sensitive information.
CVE-2022-45179 1 Liveboxcloud 1 Vdesk 2026-02-26 5.4 Medium
An issue was discovered in LIVEBOX Collaboration vDesk through v031. A basic XSS vulnerability exists under the /api/v1/vdeskintegration/todo/createorupdate endpoint via the title parameter and /dashboard/reminders. A remote user (authenticated to the product) can store arbitrary HTML code in the reminder section title in order to corrupt the web page (for example, by creating phishing sections to exfiltrate victims' credentials).
CVE-2024-27218 1 Google 1 Android 2026-02-26 6.2 Medium
In update_freq_data of , there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-32902 1 Google 1 Android 2026-02-26 7.5 High
Remote prevention of access to cellular service with no user interaction (for example, crashing the cellular radio service with a malformed packet)
CVE-2024-20079 2 Google, Mediatek 30 Android, Mt6761, Mt6765 and 27 more 2026-02-26 9.8 Critical
In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08044040; Issue ID: MSV-1491.
CVE-2024-22795 1 Forescout 1 Secureconnector 2026-02-26 7 High
Insecure Permissions vulnerability in Forescout SecureConnector v.11.3.06.0063 allows a local attacker to escalate privileges via the Recheck Compliance Status component.
CVE-2024-25399 1 Intelliants 1 Subrion Cms 2026-02-26 6.1 Medium
Subrion CMS 4.2.1 is vulnerable to Cross Site Scripting (XSS) via adminer.php.
CVE-2019-25363 2 Allok Soft, Alloksoft 2 Wmv To Avi Mpeg Dvd Wmv Convertor, Wmv To Avi Mpeg Dvd Wmv Convertor 2026-02-26 7.5 High
WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer overflow vulnerability that allows attackers to crash the application by providing an oversized license input. Attackers can generate a 6000-byte payload and paste it into the 'License Name and License Code' field to trigger an application crash.
CVE-2025-27377 1 Altium 1 Designer 2026-02-26 5.3 Medium
Altium Designer version 24.9.0 does not validate self-signed server certificates for cloud connections. An attacker capable of performing a man-in-the-middle (MITM) attack could exploit this issue to intercept or manipulate network traffic, potentially exposing authentication credentials or sensitive design data.
CVE-2025-70833 2 Lkw199711, Pocketmanga 2 Smanga, Smanga 2026-02-26 9.4 Critical
An Authentication Bypass vulnerability in Smanga 3.2.7 allows an unauthenticated attacker to reset the password of any user (including the administrator) and fully takeover the account by manipulating POST parameters. The issue stems from insecure permission validation in check-power.php.
CVE-2025-70831 2 Lkw199711, Pocketmanga 2 Smanga, Smanga 2026-02-26 9.8 Critical
A Remote Code Execution (RCE) vulnerability was found in Smanga 3.2.7 in the /php/path/rescan.php interface. The application fails to properly sanitize user-supplied input in the mediaId parameter before using it in a system shell command. This allows an unauthenticated attacker to inject arbitrary operating system commands, leading to complete server compromise.
CVE-2025-27378 1 Altium 2 Aes, On-prem Enterprise Server 2026-02-26 8.6 High
AES contains a SQL injection vulnerability due to an inactive configuration that prevents the latest SQL parsing logic from being applied. When this configuration is not enabled, crafted input may be improperly handled, allowing attackers to inject and execute arbitrary SQL queries.
CVE-2025-27379 1 Altium 2 Aes, On-prem Enterprise Server 2026-02-26 6.8 Medium
A stored cross-site scripting (XSS) vulnerability in the BOM Viewer in Altium AES 7.0.3 allows an authenticated attacker to inject arbitrary JavaScript into the Description field of a schematic, which is executed when the BOM Viewer renders the affected content.
CVE-2024-26477 1 Statping-ng 1 Statping-ng 2026-02-26 7.5 High
An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the api parameter of the oauth, amazon_sns, export endpoints.
CVE-2025-27380 1 Altium 2 Aes, On-prem Enterprise Server 2026-02-26 7.6 High
HTML injection in Project Release in Altium Enterprise Server (AES) 7.0.3 on all platforms allows an authenticated attacker to execute arbitrary JavaScript in the victim’s browser via crafted HTML content.
CVE-2024-26478 1 Statping-ng 1 Statping-ng 2026-02-26 5.3 Medium
An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the /api/users endpoint.
CVE-2024-26479 1 Statping-ng 1 Statping-ng 2026-02-26 5.3 Medium
An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the Command execution function.