Export limit exceeded: 364647 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364647 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-10295 1 Redhat 2 3scale Api Management, Red Hat 3scale Amp 2026-03-20 7.5 High
A flaw was found in Gateway. Sending a non-base64 'basic' auth with special characters can cause APICast to incorrectly authenticate a request. A malformed basic authentication header containing special characters bypasses authentication and allows unauthorized access to the backend. This issue can occur due to a failure in the base64 decoding process, which causes APICast to skip the rest of the authentication checks and proceed with routing the request upstream.
CVE-2026-32765 2026-03-20 N/A
This repository is no longer public.
CVE-2026-32764 2026-03-20 N/A
This repository is no longer public.
CVE-2026-3948 2026-03-19 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2023-6816 4 Debian, Fedoraproject, Redhat and 1 more 13 Debian Linux, Fedora, Enterprise Linux and 10 more 2026-03-19 9.8 Critical
A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used.
CVE-2025-71220 1 Linux 1 Linux Kernel 2026-03-19 7.8 High
In the Linux kernel, the following vulnerability has been resolved: smb/server: call ksmbd_session_rpc_close() on error path in create_smb2_pipe() When ksmbd_iov_pin_rsp() fails, we should call ksmbd_session_rpc_close().
CVE-2025-71222 1 Linux 1 Linux Kernel 2026-03-19 5.5 Medium
In the Linux kernel, the following vulnerability has been resolved: wifi: wlcore: ensure skb headroom before skb_push This avoids occasional skb_under_panic Oops from wl1271_tx_work. In this case, headroom is less than needed (typically 110 - 94 = 16 bytes).
CVE-2024-9341 2 Containers, Redhat 5 Common, Enterprise Linux, Openshift and 2 more 2026-03-19 5.4 Medium
A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host directories inside a container. This issue also allows attackers to access critical host files, bypassing the intended isolation between containers and the host system.
CVE-2025-53711 1 Tp-link 5 Tl-wr841n, Tl-wr841n(eu), Tl-wr841n Firmware and 2 more 2026-03-19 7.5 High
A vulnerability has been found in TP-Link TL-WR841N v11, TL-WR842ND v2 and TL-WR494N v3. The vulnerability exists in the /userRpm/WlanNetworkRpm.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result in a denial-of-service (DoS) condition. The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2024-7557 1 Redhat 2 Openshift Ai, Openshift Data Science 2026-03-19 8.8 High
A vulnerability was found in OpenShift AI that allows for authentication bypass and privilege escalation across models within the same namespace. When deploying AI models, the UI provides the option to protect models with authentication. However, credentials from one model can be used to access other models and APIs within the same namespace. The exposed ServiceAccount tokens, visible in the UI, can be utilized with oc --token={token} to exploit the elevated view privileges associated with the ServiceAccount, leading to unauthorized access to additional resources.
CVE-2025-40943 1 Siemens 90 Simatic Drive Controller Cpu 1504d Tf, Simatic Drive Controller Cpu 1507d Tf, Simatic Et 200sp Open Controller Cpu 1515sp Pc2 (incl. Siplus Variants) V2 Cpus - Windows Os and 87 more 2026-03-19 9.6 Critical
Affected devices do not properly sanitize contents of trace files. This could allow an attacker to inject code through social engineering an authorized user, who has the function right "Read diagnostics", to import a specially crafted trace file. The malicious trace file is insufficiently sanitized and malicious code could be executed in the clients browser session and trigger PLC operations via the webserver that the legitimate user is authorized to perform.
CVE-2023-37287 1 Smartsoft 1 Smartbpm.net 2026-03-19 9.1 Critical
SmartBPM.NET has a vulnerability of using hard-coded authentication key. An unauthenticated remote attacker can exploit this vulnerability to access system with regular user privilege to read application data, and execute submission and approval processes.
CVE-2025-69650 1 Gnu 1 Binutils 2026-03-19 7.5 High
GNU Binutils thru 2.46 readelf contains a double free vulnerability when processing a crafted ELF binary with malformed relocation data. During GOT relocation handling, dump_relocations may return early without initializing the all_relocations array. As a result, process_got_section_contents() may pass an uninitialized r_symbol pointer to free(), leading to a double free and terminating the program with SIGABRT. No evidence of exploitable memory corruption or code execution was observed; the impact is limited to denial of service. NOTE: this is disputed by third parties because the observed behavior occurred only in pre-release code and did not affect any tagged version.
CVE-2025-66376 2 Synacor, Zimbra 2 Zimbra Collaboration Suite, Collaboration 2026-03-19 7.2 High
Zimbra Collaboration (ZCS) 10 before 10.0.18 and 10.1 before 10.1.13 allows Classic UI stored XSS via Cascading Style Sheets (CSS) @import directives in an HTML e-mail message.
CVE-2026-3181 2026-03-18 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-71227 1 Linux 1 Linux Kernel 2026-03-18 5.5 Medium
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: don't WARN for connections on invalid channels It's not clear (to me) how exactly syzbot managed to hit this, but it seems conceivable that e.g. regulatory changed and has disabled a channel between scanning (channel is checked to be usable by cfg80211_get_ies_channel_number) and connecting on the channel later. With one scenario that isn't covered elsewhere described above, the warning isn't good, replace it with a (more informative) error message.
CVE-2026-0866 2026-03-18 N/A
After the publication of the PoC by the researcher and further analysis, we have determined that this issue does not constitute a valid vulnerability. The technique described is an obfuscation method and does not bypass or impact any implicit or explicit security controls.
CVE-2026-31801 2 Project-zot, Zotregistry 2 Zot, Zot 2026-03-18 7.7 High
zot is ancontainer image/artifact registry based on the Open Container Initiative Distribution Specification. From 1.3.0 to 2.1.14, zot’s dist-spec authorization middleware infers the required action for PUT /v2/{name}/manifests/{reference} as create by default, and only switches to update when the tag already exists and reference != "latest". As a result, when latest already exists, a user who is allowed to create (but not allowed to update) can still pass the authorization check for an overwrite attempt of latest. This vulnerability is fixed in 2.1.15.
CVE-2018-25160 1 Tokuhirom 2 Http::session2, Http\ 2026-03-18 6.5 Medium
HTTP::Session2 versions through 1.09 for Perl does not validate the format of user provided session ids, enabling code injection or other impact depending on session backend. For example, if an application uses memcached for session storage, then it may be possible for a remote attacker to inject memcached commands in the session id value.
CVE-2025-70042 2 Opensourcelabs, Oslabs-beta 2 Thermakube, Thermakube 2026-03-18 9.8 Critical
An issue pertaining to CWE-918: Server-Side Request Forgery was discovered in oslabs-beta ThermaKube master.