Search

Search Results (364878 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-23457 1 Zscaler 1 Client Connector 2026-03-02 7.8 High
The anti-tampering functionality of the Zscaler Client Connector can be disabled under certain conditions when an uninstall password is enforced. This affects Zscaler Client Connector on Windows prior to 4.2.0.209
CVE-2023-41971 1 Zscaler 1 Client Connector 2026-03-02 5.3 Medium
An Improper Link Resolution Before File Access ('Link Following') vulnerability in Zscaler Client Connector on Windows allows a system file to be overwritten.This issue affects Client Connector on Windows: before 3.7.
CVE-2025-0178 1 Watchguard 28 Firebox M270, Firebox M290, Firebox M370 and 25 more 2026-03-02 6.1 Medium
Improper Input Validation vulnerability in WatchGuard Fireware OS allows an attacker to manipulate the value of the HTTP Host header in requests sent to the Web UI. An attacker could exploit this vulnerability to redirect users to malicious websites, poison the web cache, or inject malicious JavaScript into responses sent by the Web UI. This issue affects Fireware OS: from 12.0 up to and including 12.11.
CVE-2025-1071 1 Watchguard 28 Firebox M270, Firebox M290, Firebox M370 and 25 more 2026-03-02 4.8 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the spamBlocker module. This vulnerability requires an authenticated administrator session to a locally managed Firebox.This issue affects Fireware OS: from 12.0 through 12.5.12+701324, from 12.6 through 12.11.
CVE-2025-62514 2 Parsec.cloud, Scille 2 Parsec, Parsec-cloud 2026-03-02 8.3 High
Parsec is a cloud-based application for cryptographically secure file sharing. In versions on the 3.x branch prior to 3.6.0, `libparsec_crypto`, a component of the Parsec application, does not check for weak order point of Curve25519 when compiled with its RustCrypto backend. In practice this means an attacker in a man-in-the-middle position would be able to provide weak order points to both parties in the Diffie-Hellman exchange, resulting in a high probability to for both parties to obtain the same shared key (hence leading to a successful SAS code exchange, misleading both parties into thinking no MITM has occurred) which is also known by the attacker. Note only Parsec web is impacted (as Parsec desktop uses `libparsec_crypto` with the libsodium backend). Version 3.6.0 of Parsec patches the issue.
CVE-2024-22021 1 Veeam 3 Availability Orchestrator, Disaster Recovery Orchestrator, Recovery Orchestrator 2026-03-02 4.3 Medium
Vulnerability CVE-2024-22021 allows a Veeam Recovery Orchestrator user with a low privileged role (Plan Author) to retrieve plans from a Scope other than the one they are assigned to.
CVE-2024-42056 1 Retool 1 Retool 2026-03-02 6.5 Medium
Retool (self-hosted enterprise) through 3.40.0 inserts resource authentication credentials into sent data. Credentials for users with "Use" permissions can be discovered (by an authenticated attacker) via the /api/resources endpoint. The earliest affected version is 3.18.1.
CVE-2023-26323 1 Mi 1 App Market 2026-03-02 7.6 High
A code execution vulnerability exists in the Xiaomi App market product. The vulnerability is caused by unsafe configuration and can be exploited by attackers to execute arbitrary code.
CVE-2023-42896 1 Apple 3 Ipados, Iphone Os, Macos 2026-03-02 5.5 Medium
An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Sonoma 14.2. An app may be able to modify protected parts of the file system.
CVE-2018-12653 1 Myadrenalin 1 Adrenalin 2026-03-02 N/A
A Reflected Cross Site Scripting (XSS) vulnerability exists in Adrenalin HRMS 5.4.0. An attacker can input malicious JavaScript code in /RPT/SSRSDynamicEditReports.aspx via 'ReportId' parameter.
CVE-2018-12652 1 Myadrenalin 1 Adrenalin 2026-03-02 N/A
A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Adrenalin 5.4 HRMS Software. The user supplied input containing JavaScript is echoed back in JavaScript code in an HTML response via the LeaveEmployeeSearch.aspx prntFrmName or prntDDLCntrlName parameter.
CVE-2024-9397 2 Mozilla, Redhat 9 Firefox, Firefox Esr, Thunderbird and 6 more 2026-03-02 6.1 Medium
A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjacking. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.
CVE-2023-5870 2 Postgresql, Redhat 22 Postgresql, Advanced Cluster Security, Codeready Linux Builder Eus and 19 more 2026-03-02 2.2 Low
A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack.
CVE-2025-3572 1 Intumit 1 Smartrobot 2026-03-02 7.5 High
SmartRobot from INTUMIT has a Server-Side Request Forgery vulnerability, allowing unauthenticated remote attackers to probe internal network and even access arbitrary local files on the server.
CVE-2018-12651 1 Myadrenalin 1 Human Resource Management Software 2026-03-02 N/A
A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Adrenalin 5.4 HRMS Software. The user supplied input containing JavaScript is echoed back in JavaScript code in an HTML response via the ShiftEmployeeSearch.aspx prntFrmName or prntDDLCntrlName parameter.
CVE-2018-12650 1 Myadrenalin 1 Human Resource Management Software 2026-03-02 N/A
Adrenalin HRMS version 5.4.0 contains a Reflected Cross Site Scripting (XSS) vulnerability in the ApplicationtEmployeeSearch page via 'prntDDLCntrlName' and 'prntFrmName'.
CVE-2018-12234 1 Myadrenalin 1 Adrenalin 2026-03-02 N/A
A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Adrenalin 5.4.0 HRMS Software. The user supplied input containing JavaScript is echoed back in JavaScript code in an HTML response via the flexiportal/GeneralInfo.aspx strAction parameter.
CVE-2024-12652 1 Intumit 1 Smartrobot 2026-03-02 8.8 High
A Improper Control of Generation of Code ('Code Injection') vulnerability in groovy script function in SmartRobot′s Conversational AI Platform before v7.2.0 allows remote authenticated users to perform arbitrary system commands via Groovy code.
CVE-2025-48023 2 Yokogawa, Yokogawa Electric Corporation 3 Centum Vp, Vnet\/ip Interface Package, Vnet/ip Interface Package 2026-03-02 6.5 Medium
A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated. The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier
CVE-2025-48020 2 Yokogawa, Yokogawa Electric Corporation 3 Centum Vp, Vnet\/ip Interface Package, Vnet/ip Interface Package 2026-03-02 6.5 Medium
A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated. The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier