Export limit exceeded: 366859 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366859 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-0121 1 Hoppscotch 1 Hoppscotch 2026-02-24 8 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hoppscotch hoppscotch/hoppscotch.This issue affects hoppscotch/hoppscotch before 2.1.1.
CVE-2024-38882 1 Horizoncloud 1 Caterease 2026-02-24 9.8 Critical
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform command line execution through SQL Injection due to improper neutralization of special elements used in an OS command.
CVE-2024-38881 1 Horizoncloud 1 Caterease 2026-02-24 7.5 High
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Rainbow Table Password cracking attack due to the use of one-way hashes without salts when storing user passwords.
CVE-2024-38891 1 Horizoncloud 1 Caterease 2026-02-24 9.1 Critical
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Sniffing Network Traffic attack due to the cleartext transmission of sensitive information.
CVE-2024-38886 1 Horizoncloud 1 Caterease 2026-02-24 9.8 Critical
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Traffic Injection attack due to improper verification of the source of a communication channel.
CVE-2025-2149 1 Linuxfoundation 1 Pytorch 2026-02-24 2.5 Low
A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by this issue is the function nnq_Sigmoid of the component Quantized Sigmoid Module. The manipulation of the argument scale/zero_point leads to improper initialization. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.
CVE-2025-9862 1 Ghost 1 Ghost 2026-02-24 6.5 Medium
Server-Side Request Forgery (SSRF) vulnerability in Ghost allows an attacker to access internal resources.This issue affects Ghost: from 6.0.0 through 6.0.8, from 5.99.0 through 5.130.3.
CVE-2025-21015 2 Samsung, Samsung Mobile 3 Android, Samsung Mobile Devices, Samsung Mobile Devices 2026-02-24 4 Medium
Path Traversal in Document scanner prior to SMR Aug-2025 Release 1 allows local attackers to delete file with Document scanner's privilege.
CVE-2021-42306 1 Microsoft 4 Azure Active Directory, Azure Active Site Recovery, Azure Automation and 1 more 2026-02-24 8.1 High
An information disclosure vulnerability manifests when a user or an application uploads unprotected private key data as part of an authentication certificate keyCredential  on an Azure AD Application or Service Principal (which is not recommended). This vulnerability allows a user or service in the tenant with application read access to read the private key data that was added to the application. Azure AD addressed this vulnerability by preventing disclosure of any private key values added to the application. Microsoft has identified services that could manifest this vulnerability, and steps that customers should take to be protected. Refer to the FAQ section for more information. For more details on this issue, please refer to the MSRC Blog Entry.
CVE-2025-54158 1 Synology 2 Beedrive, Beedrive For Desktop 2026-02-24 7.8 High
Missing authentication for critical function vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.2-13960 allows local users to execute arbitrary code via unspecified vectors.
CVE-2021-41372 1 Microsoft 1 Power Bi Report Server 2026-02-24 7.6 High
A Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exists when Power BI Report Server Template file (pbix) containing HTML files is uploaded to the server and HTML files are accessed directly by the victim. Combining these 2 vulnerabilities together, an attacker is able to upload malicious Power BI templates files to the server using the victim's session and run scripts in the security context of the user and perform privilege escalation in case the victim has admin privileges when the victim access one of the HTML files present in the malicious Power BI template uploaded. The security update addresses the vulnerability by helping to ensure that Power BI Report Server properly sanitize file uploads.
CVE-2021-40032 1 Huawei 1 Harmonyos 2026-02-24 7.5 High
The bone voice ID TA has a vulnerability in information management,Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2021-40027 1 Huawei 1 Harmonyos 2026-02-24 7.5 High
The bone voice ID TA has a vulnerability in calculating the buffer length,Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2021-40014 1 Huawei 1 Harmonyos 2026-02-24 7.5 High
The bone voice ID trusted application (TA) has a heap overflow vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2021-40006 1 Huawei 1 Harmonyos 2026-02-24 4.6 Medium
Vulnerability of design defects in the security algorithm component. Successful exploitation of this vulnerability may affect confidentiality.
CVE-2025-59472 1 Vercel 1 Next.js 2026-02-24 5.9 Medium
A denial of service vulnerability exists in Next.js versions with Partial Prerendering (PPR) enabled when running in minimal mode. The PPR resume endpoint accepts unauthenticated POST requests with the `Next-Resume: 1` header and processes attacker-controlled postponed state data. Two closely related vulnerabilities allow an attacker to crash the server process through memory exhaustion: 1. **Unbounded request body buffering**: The server buffers the entire POST request body into memory using `Buffer.concat()` without enforcing any size limit, allowing arbitrarily large payloads to exhaust available memory. 2. **Unbounded decompression (zipbomb)**: The resume data cache is decompressed using `inflateSync()` without limiting the decompressed output size. A small compressed payload can expand to hundreds of megabytes or gigabytes, causing memory exhaustion. Both attack vectors result in a fatal V8 out-of-memory error (`FATAL ERROR: Reached heap limit Allocation failed - JavaScript heap out of memory`) causing the Node.js process to terminate. The zipbomb variant is particularly dangerous as it can bypass reverse proxy request size limits while still causing large memory allocation on the server. To be affected you must have an application running with `experimental.ppr: true` or `cacheComponents: true` configured along with the NEXT_PRIVATE_MINIMAL_MODE=1 environment variable. Strongly consider upgrading to 15.6.0-canary.61 or 16.1.5 to reduce risk and prevent availability issues in Next applications.
CVE-2021-39298 1 Hp 374 260 G3 Desktop Mini Pc, 260 G3 Desktop Mini Pc Firmware, Elite Dragonfly and 371 more 2026-02-24 8.8 High
A potential vulnerability in AMD System Management Mode (SMM) interrupt handler may allow an attacker with high privileges to access the SMM resulting in arbitrary code execution which could be used by malicious actors to bypass security mechanisms provided in the UEFI firmware.
CVE-2021-38180 1 Sap 1 Business One 2026-02-24 9.8 Critical
SAP Business One - version 10.0, allows an attacker to inject formulas when exporting data to Excel (CSV injection) due to improper sanitation during the data export. An attacker could thereby execute arbitrary commands on the victim's computer but only if the victim allows to execute macros while opening the file and the security settings of Excel allow for command execution.
CVE-2021-38162 1 Sap 1 Web Dispatcher 2026-02-24 8.9 High
SAP Web Dispatcher versions - 7.49, 7.53, 7.77, 7.81, KRNL64NUC - 7.22, 7.22EXT, 7.49, KRNL64UC -7.22, 7.22EXT, 7.49, 7.53, KERNEL - 7.22, 7.49, 7.53, 7.77, 7.81, 7.83 processes allow an unauthenticated attacker to submit a malicious crafted request over a network to a front-end server which may, over several attempts, result in a back-end server confusing the boundaries of malicious and legitimate messages. This can result in the back-end server executing a malicious payload which can be used to read or modify any information on the server or consume server resources making it temporarily unavailable.
CVE-2021-36958 1 Microsoft 18 Windows, Windows 10 1507, Windows 10 1607 and 15 more 2026-02-24 7.8 High
<p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p>