Search Results (367103 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-20079 2 Google, Mediatek 30 Android, Mt6761, Mt6765 and 27 more 2026-02-26 9.8 Critical
In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08044040; Issue ID: MSV-1491.
CVE-2024-22795 1 Forescout 1 Secureconnector 2026-02-26 7 High
Insecure Permissions vulnerability in Forescout SecureConnector v.11.3.06.0063 allows a local attacker to escalate privileges via the Recheck Compliance Status component.
CVE-2024-25399 1 Intelliants 1 Subrion Cms 2026-02-26 6.1 Medium
Subrion CMS 4.2.1 is vulnerable to Cross Site Scripting (XSS) via adminer.php.
CVE-2019-25363 2 Allok Soft, Alloksoft 2 Wmv To Avi Mpeg Dvd Wmv Convertor, Wmv To Avi Mpeg Dvd Wmv Convertor 2026-02-26 7.5 High
WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer overflow vulnerability that allows attackers to crash the application by providing an oversized license input. Attackers can generate a 6000-byte payload and paste it into the 'License Name and License Code' field to trigger an application crash.
CVE-2025-27377 1 Altium 1 Designer 2026-02-26 5.3 Medium
Altium Designer version 24.9.0 does not validate self-signed server certificates for cloud connections. An attacker capable of performing a man-in-the-middle (MITM) attack could exploit this issue to intercept or manipulate network traffic, potentially exposing authentication credentials or sensitive design data.
CVE-2025-70833 2 Lkw199711, Pocketmanga 2 Smanga, Smanga 2026-02-26 9.4 Critical
An Authentication Bypass vulnerability in Smanga 3.2.7 allows an unauthenticated attacker to reset the password of any user (including the administrator) and fully takeover the account by manipulating POST parameters. The issue stems from insecure permission validation in check-power.php.
CVE-2025-70831 2 Lkw199711, Pocketmanga 2 Smanga, Smanga 2026-02-26 9.8 Critical
A Remote Code Execution (RCE) vulnerability was found in Smanga 3.2.7 in the /php/path/rescan.php interface. The application fails to properly sanitize user-supplied input in the mediaId parameter before using it in a system shell command. This allows an unauthenticated attacker to inject arbitrary operating system commands, leading to complete server compromise.
CVE-2025-27378 1 Altium 2 Aes, On-prem Enterprise Server 2026-02-26 8.6 High
AES contains a SQL injection vulnerability due to an inactive configuration that prevents the latest SQL parsing logic from being applied. When this configuration is not enabled, crafted input may be improperly handled, allowing attackers to inject and execute arbitrary SQL queries.
CVE-2025-27379 1 Altium 2 Aes, On-prem Enterprise Server 2026-02-26 6.8 Medium
A stored cross-site scripting (XSS) vulnerability in the BOM Viewer in Altium AES 7.0.3 allows an authenticated attacker to inject arbitrary JavaScript into the Description field of a schematic, which is executed when the BOM Viewer renders the affected content.
CVE-2024-26477 1 Statping-ng 1 Statping-ng 2026-02-26 7.5 High
An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the api parameter of the oauth, amazon_sns, export endpoints.
CVE-2025-27380 1 Altium 2 Aes, On-prem Enterprise Server 2026-02-26 7.6 High
HTML injection in Project Release in Altium Enterprise Server (AES) 7.0.3 on all platforms allows an authenticated attacker to execute arbitrary JavaScript in the victim’s browser via crafted HTML content.
CVE-2024-26478 1 Statping-ng 1 Statping-ng 2026-02-26 5.3 Medium
An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the /api/users endpoint.
CVE-2024-26479 1 Statping-ng 1 Statping-ng 2026-02-26 5.3 Medium
An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the Command execution function.
CVE-2024-47265 1 Synology 3 Active Backup For Business, Active Backup For Business Agent, Diskstation Manager 2026-02-26 6.5 Medium
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in encrypted share umount functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234 and 2.7.1-3234 allows remote authenticated users to write specific files via unspecified vectors.
CVE-2024-47266 1 Synology 3 Active Backup For Business, Active Backup For Business Agent, Diskstation Manager 2026-02-26 2.7 Low
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in share file list functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234 and 2.7.1-3234 allows remote authenticated users with administrator privileges to read specific files containing non-sensitive information via unspecified vectors.
CVE-2023-6681 3 Fedoraproject, Latchset, Redhat 7 Fedora, Jwcrypto, Ansible Automation Platform and 4 more 2026-02-26 5.3 Medium
A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service (DoS) attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result in a large amount of computational consumption, causing a denial of service attack.
CVE-2025-71155 1 Linux 1 Linux Kernel 2026-02-26 7.8 High
In the Linux kernel, the following vulnerability has been resolved: KVM: s390: Fix gmap_helper_zap_one_page() again A few checks were missing in gmap_helper_zap_one_page(), which can lead to memory corruption in the guest under specific circumstances. Add the missing checks.
CVE-2025-11384 2026-02-26 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-11383 2026-02-26 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-11382 2026-02-26 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.