Export limit exceeded: 364661 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364661 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-32059 1 Openclaw 1 Openclaw 2026-03-20 8.8 High
OpenClaw version 2026.2.22-2 prior to 2026.2.23 tools.exec.safeBins validation for sort command fails to properly validate GNU long-option abbreviations, allowing attackers to bypass denied-flag checks via abbreviated options. Remote attackers can execute sort commands with abbreviated long options to skip approval requirements in allowlist mode.
CVE-2026-32061 1 Openclaw 1 Openclaw 2026-03-20 4.4 Medium
OpenClaw versions prior to 2026.2.17 contain a path traversal vulnerability in the $include directive resolution that allows reading arbitrary local files outside the config directory boundary. Attackers with config modification capabilities can exploit this by specifying absolute paths, traversal sequences, or symlinks to access sensitive files readable by the OpenClaw process user, including API keys and credentials.
CVE-2026-32063 1 Openclaw 1 Openclaw 2026-03-20 7.1 High
OpenClaw version 2026.2.19-2 prior to 2026.2.21 contains a command injection vulnerability in systemd unit file generation where attacker-controlled environment values are not validated for CR/LF characters, allowing newline injection to break out of Environment= lines and inject arbitrary systemd directives. An attacker who can influence config.env.vars and trigger service install or restart can execute arbitrary commands with the privileges of the OpenClaw gateway service user.
CVE-2026-30953 2 Kovah, Linkace 2 Linkace, Linkace 2026-03-20 7.7 High
LinkAce is a self-hosted archive to collect website links. When a user creates a link via POST /links, the server fetches HTML metadata from the provided URL (LinkRepository::create() calls HtmlMeta::getFromUrl()). The LinkStoreRequest validation rules do not include NoPrivateIpRule, allowing server-side requests to internal network addresses, Docker service hostnames, and cloud metadata endpoints. The project already has a NoPrivateIpRule class (app/Rules/NoPrivateIpRule.php) but it is only applied in FetchController.php (line 99), not in the primary link creation path.
CVE-2026-30954 2 Kovah, Linkace 2 Linkace, Linkace 2026-03-20 4.3 Medium
LinkAce is a self-hosted archive to collect website links. In 2.1.0 and earlier, the processTaxonomy() method in LinkRepository.php allows authenticated users to attach other users' private tags and lists to their own links by passing integer IDs.
CVE-2025-66956 1 Asseco 1 See Live 2026-03-20 9.9 Critical
Insecure Access Control in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote attackers to access and execute attachments via a computable URL.
CVE-2025-67034 1 Lantronix 7 Eds5000, Eds5008, Eds5008 Firmware and 4 more 2026-03-20 8.8 High
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "name" parameter when deleting SSL credentials through the management interface. Injected commands are executed with root privileges.
CVE-2025-67035 1 Lantronix 7 Eds5000, Eds5008, Eds5008 Firmware and 4 more 2026-03-20 9.8 Critical
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The SSH Client and SSH Server pages are affected by multiple OS injection vulnerabilities due to missing sanitization of input parameters. An attacker can inject arbitrary commands in delete actions of various objects, such as server keys, users, and known hosts. Commands are executed with root privileges.
CVE-2025-67036 1 Lantronix 7 Eds5000, Eds5008, Eds5008 Firmware and 4 more 2026-03-20 8.8 High
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The Log Info page allows users to see log files by specifying their names. Due to a missing sanitization in the file name parameter, an authenticated attacker can inject arbitrary OS commands that are executed with root privileges.
CVE-2025-67037 1 Lantronix 7 Eds5000, Eds5008, Eds5008 Firmware and 4 more 2026-03-20 8.8 High
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "tunnel" parameter when killing a tunnel connection. Injected commands are executed with root privileges.
CVE-2025-67039 1 Lantronix 5 Eds3000ps, Eds3008ps1ns, Eds3008ps1ns Firmware and 2 more 2026-03-20 9.1 Critical
An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The authentication on management pages can be bypassed by appending a specific suffix to the URL and by sending an Authorization header that uses "admin" as the username.
CVE-2025-67041 1 Lantronix 5 Eds3000ps, Eds3008ps1ns, Eds3008ps1ns Firmware and 2 more 2026-03-20 9.8 Critical
An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The host parameter of the TFTP client in the Filesystem Browser page is not properly sanitized. This can be exploited to escape from the original command and execute an arbitrary one with root privileges.
CVE-2025-68623 1 Microsoft 1 Directx End-user Runtime Web Installer 2026-03-20 8.8 High
In Microsoft DirectX End-User Runtime Web Installer 9.29.1974.0, a low-privilege user can replace an executable file during the installation process, which may result in unintended elevation of privileges. During installation, the installer runs with HIGH integrity and downloads executables and DLLs to the %TEMP% folder - writable by standard users. Subsequently, the installer executes the downloaded executable with HIGH integrity to complete the application installation. However, an attacker can replace the downloaded executable with a malicious, user-controlled executable. When the installer executes this replaced file, it runs the attacker's code with HIGH integrity. Since code running at HIGH integrity can escalate to SYSTEM level by registering and executing a service, this creates a complete privilege escalation chain from standard user to SYSTEM. NOTE: The Supplier disputes this record stating that they have determined this to be the behavior as designed.
CVE-2025-70024 1 Benkeen 1 Generatedata 2026-03-20 9.8 Critical
An issue pertaining to CWE-89: Improper Neutralization of Special Elements used in an SQL Command was discovered in benkeen generatedata 4.0.14.
CVE-2025-70082 1 Lantronix 5 Eds3000ps, Eds3008ps1ns, Eds3008ps1ns Firmware and 2 more 2026-03-20 9.8 Critical
An issue in Lantronix EDS3000PS v.3.1.0.0R2 allows an attacker to execute arbitrary code and obtain sensitive information via the ltrx_evo component
CVE-2025-70330 1 Easy 1 Grade Pro 2026-03-20 3.3 Low
Easy Grade Pro 4.1.0.2 contains a file parsing logic flaw in the handling of proprietary .EGP gradebook files. By modifying specific fields at precise offsets within an otherwise valid .EGP file, an attacker can trigger an out-of-bounds memory read during parsing. This results in an unhandled access violation and application crash, leading to a local denial-of-service condition when the crafted file is opened by a user.
CVE-2026-30741 1 Openclaw 2 Agent Platform, Openclaw 2026-03-20 9.8 Critical
A remote code execution (RCE) vulnerability in OpenClaw Agent Platform v2026.2.6 allows attackers to execute arbitrary code via a Request-Side prompt injection attack.
CVE-2026-27224 1 Adobe 2 Adobe Experience Manager, Experience Manager 2026-03-20 5.4 Medium
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2026-27248 1 Adobe 2 Adobe Experience Manager, Experience Manager 2026-03-20 5.4 Medium
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2026-27228 1 Adobe 2 Adobe Experience Manager, Experience Manager 2026-03-20 5.4 Medium
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.