Export limit exceeded: 366296 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366296 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-11595 1 Wireshark 1 Wireshark 2026-03-27 7.8 High
FiveCo RAP dissector infinite loop in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file
CVE-2024-0211 1 Wireshark 1 Wireshark 2026-03-27 7.8 High
DOCSIS dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file
CVE-2024-0210 1 Wireshark 1 Wireshark 2026-03-27 7.8 High
Zigbee TLV dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file
CVE-2024-0209 1 Wireshark 1 Wireshark 2026-03-27 7.8 High
IEEE 1609.2 dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file
CVE-2024-0208 1 Wireshark 1 Wireshark 2026-03-27 7.8 High
GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file
CVE-2024-0207 1 Wireshark 1 Wireshark 2026-03-27 7.8 High
HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file
CVE-2023-6175 1 Wireshark 1 Wireshark 2026-03-27 7.8 High
NetScreen file parser crash in Wireshark 4.0.0 to 4.0.10 and 3.6.0 to 3.6.18 allows denial of service via crafted capture file
CVE-2023-6174 2 Debian, Wireshark 2 Debian Linux, Wireshark 2026-03-27 6.3 Medium
SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of service via packet injection or crafted capture file
CVE-2023-5371 1 Wireshark 1 Wireshark 2026-03-27 5.3 Medium
RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3.6.16 allows denial of service via packet injection or crafted capture file
CVE-2023-4513 1 Wireshark 1 Wireshark 2026-03-27 5.3 Medium
BT SDP dissector memory leak in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file
CVE-2023-4512 1 Wireshark 1 Wireshark 2026-03-27 5.3 Medium
CBOR dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file
CVE-2023-4511 1 Wireshark 1 Wireshark 2026-03-27 5.3 Medium
BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file
CVE-2026-4340 2026-03-27 N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2026-4816 1 Schiocco 1 Support Board 2026-03-27 5.4 Medium
A Reflected Cross Site Scripting (XSS) vulnerability has been found in Support Board v3.7.7. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the 'search' parameter in '/supportboard/include/articles.php'. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user.
CVE-2026-4815 1 Schiocco 1 Support Board 2026-03-27 8.8 High
A SQL Injection vulnerability has been found in Support Board v3.7.7. This vulnerability allows an attacker to retrieve, create, update and delete database via 'calls[0][message_ids][]' parameter in '/supportboard/include/ajax.php' endpoint.
CVE-2026-4363 1 Gitlab 1 Gitlab 2026-03-27 3.7 Low
GitLab has remediated an issue in GitLab EE affecting all versions from 18.1 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that under certain conditions could have allowed an authenticated user to gain unauthorized access to resources due to improper caching of authorization decisions.
CVE-2026-20104 1 Cisco 1 Ios Xe Software 2026-03-27 6.1 Medium
A vulnerability in the bootloader of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches, Cisco Catalyst ESS9300 Embedded Series Switches, Cisco Catalyst IE9310 and IE9320 Rugged Series Switches, and Cisco IE3500 and IE3505 Rugged Series Switches could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to an affected device to execute arbitrary code at boot time and break the chain of trust. This vulnerability is due to insufficient validation of software at boot time. An attacker could exploit this vulnerability by manipulating the loaded binaries on an affected device to bypass some of the integrity checks that are performed during the boot process. A successful exploit could allow the attacker to execute code that bypasses the requirement to run Cisco-signed images. Cisco has assigned this security advisory a Security Impact Rating (SIR) of High rather than Medium as the score indicates because this vulnerability allows an attacker to bypass a major security feature of a device.
CVE-2026-27656 1 Mattermost 2 Mattermost, Mattermost Server 2026-03-27 5.7 Medium
Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail to properly validate user identity in the OpenID {{IsSameUser()}} comparison logic, which allows an attacker to take over arbitrary user accounts via an overly permissive substring matching flaw in the user discovery flow.. Mattermost Advisory ID: MMSA-2026-00590
CVE-2026-20719 1 Mattermost 2 Mattermost, Mattermost Server 2026-03-27 4.3 Medium
Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail to prevent rendering of external SVGs on link embeds which allows unauthenticated users to crash the Mattermost webapp and desktop app via creating an issue or PR on GitHub.. Mattermost Advisory ID: MMSA-2026-00595
CVE-2026-27659 1 Mattermost 2 Mattermost, Mattermost Server 2026-03-27 4.6 Medium
Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 11.4.0, 11.3.x <= 11.3.1 fail to properly validate CSRF tokens in the /api/v4/access_control_policies/{policy_id}/activate endpoint, which allows an attacker to trick an admin into changing access control policy active status via a crafted request.. Mattermost Advisory ID: MMSA-2026-00578