Search

Search Results (364918 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-14516 1 Yalantis 1 Ucrop 2026-03-05 6.3 Medium
A vulnerability was found in Yalantis uCrop 2.2.11. Affected by this issue is the function downloadFile of the file com.yalantis.ucrop.task.BitmapLoadTask.java of the component URL Handler. Performing manipulation results in server-side request forgery. The attack may be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-59787 1 2n 1 Access Commander 2026-03-05 6.5 Medium
2N Access Commander application version 3.4.2 and prior returns HTTP 500 Internal Server Error responses when receiving malformed or manipulated requests, indicating improper handling of invalid input and potential security or availability impacts.
CVE-2025-15015 1 Ragic 1 Enterprise Cloud Database 2026-03-05 7.5 High
Enterprise Cloud Database developed by Ragic has a Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files.
CVE-2025-15016 1 Ragic 1 Enterprise Cloud Database 2026-03-05 9.8 Critical
Enterprise Cloud Database developed by Ragic has a Hard-coded Cryptographic Key vulnerability, allowing unauthenticated remote attackers to exploit the fixed key to generate verification information and log into the system as any user.
CVE-2018-5383 4 Apple, Google, Redhat and 1 more 5 Iphone Os, Mac Os X, Android and 2 more 2026-03-05 6.8 Medium
Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.
CVE-2025-40895 2 Nozomi Networks, Nozominetworks 2 Cmc, Cmc 2026-03-05 4.8 Medium
A Stored HTML Injection vulnerability was discovered in the CMC's Sensor Map functionality due to improper validation on connected Guardians' properties. A malicious authenticated user with administrator privileges on a Guardian connected to a CMC can edit the Guardian's properties to inject HTML tags. If the Sensor Map functionality is enabled in the CMC, when a victim CMC user interacts with it, then the injected HTML may render in their browser, enabling phishing and possibly open redirect attacks. Full XSS exploitation and direct information disclosure are prevented by the existing input validation and Content Security Policy configuration.
CVE-2025-40896 2 Nozomi Networks, Nozominetworks 2 Arc, Arc 2026-03-05 6.5 Medium
The server certificate was not verified when an Arc agent connected to a Guardian or CMC. A malicious actor could perform a man-in-the-middle attack and intercept the communication between the Arc agent and the Guardian or CMC. This could result in theft of the client token and sensitive information (such as assets and alerts), impersonation of the server, or injection of spoofed data (such as false asset information or vulnerabilities) into the Guardian or CMC.
CVE-2025-70341 1 App-auto-patch 1 App-auto-patch 2026-03-05 7.8 High
Insecure permissions in App-Auto-Patch v3.4.2 create a race condition which allows attackers to write arbitrary files.
CVE-2025-64736 2 Libbiosig Project, The Biosig Project 2 Libbiosig, Libbiosig 2026-03-05 6.1 Medium
An out-of-bounds read vulnerability exists in the ABF parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (5462afb0). A specially crafted .abf file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2025-62879 1 Suse 2 Rancher, Rancher Backup And Restore Operator 2026-03-05 6.8 Medium
A vulnerability has been identified within the Rancher Backup Operator, resulting in the leakage of S3 tokens (both accessKey and secretKey) into the rancher-backup-operator pod's logs.
CVE-2025-14532 2 Studio Fabryka, Studiofabryka 2 Dobrycms, Dorbycms 2026-03-05 9.8 Critical
DobryCMS's upload file functionality allows an unauthenticated remote attacker to upload files of any type and extension without restriction, which can result in Remote Code Execution. This issue was fixed in versions above 5.0.
CVE-2023-31324 1 Amd 28 Instinct Mi210, Instinct Mi250, Instinct Mi300a and 25 more 2026-03-05 7.8 High
A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to modify External Global Memory Interconnect Trusted Agent (XGMI TA) commands as they are processed potentially resulting in loss of confidentiality, integrity, or availability.
CVE-2023-20548 1 Amd 28 Instinct Mi210, Instinct Mi250, Instinct Mi300a and 25 more 2026-03-05 7.8 High
A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to corrupt memory resulting in loss of integrity, confidentiality, or availability.
CVE-2025-64427 2 Icewhaletech, Zimaspace 2 Zimaos, Zimaos 2026-03-05 7.1 High
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.0 and prior, due to insufficient validation or restriction of target URLs, an authenticated local user can craft requests that target internal IP addresses (e.g., 127.0.0.1, localhost, or private network ranges). This allows the attacker to interact with internal HTTP/HTTPS services that are not intended to be exposed externally or to local users. No known patch is publicly available.
CVE-2025-59783 1 2n 1 Access Commander 2026-03-05 7.2 High
API endpoint for user synchronization in 2N Access Commander version 3.4.1 did not have a sufficient input validation allowing for OS command injection. This vulnerability can only be exploited after authenticating with administrator privileges.
CVE-2025-59784 1 2n 1 Access Commander 2026-03-05 7.2 High
2N Access Commander version 3.4.1 and prior is vulnerable to log pollution. Certain parameters sent over API may be included in the logs without prior validation or sanitisation. This vulnerability can only be exploited after authenticating with administrator privileges.
CVE-2025-59785 1 2n 1 Access Commander 2026-03-05 7.2 High
Improper validation of API end-point in 2N Access Commander version 3.4.2 and prior allows attacker to bypass password policy for backup file encryption. This vulnerability can only be exploited after authenticating with administrator privileges.
CVE-2025-59786 1 2n 1 Access Commander 2026-03-05 9.8 Critical
2N Access Commander version 3.4.2 and prior improperly invalidates session tokens, allowing multiple session cookies to remain active after logout in web application.
CVE-2025-59059 1 Apache 1 Ranger 2026-03-05 9.8 Critical
Remote Code Execution Vulnerability in NashornScriptEngineCreator is reported in Apache Ranger versions <= 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue.
CVE-2025-59060 1 Apache 1 Ranger 2026-03-05 5.3 Medium
Hostname verification bypass issue in Apache Ranger NiFiRegistryClient/NiFiClient is reported in Apache Ranger versions <= 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue.