Export limit exceeded: 364910 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364910 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-62328 1 Hcltech 1 Nomad Server On Domino 2026-03-20 3.7 Low
HCL Nomad server on Domino did not configure the frame-ancestors directive in the Content-Security-Policy header by default which could allow an attacker to obtain sensitive information via unspecified vectors.
CVE-2026-3932 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2026-03-20 6.5 Medium
Insufficient policy enforcement in PDF in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-3936 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2026-03-20 8.8 High
Use after free in WebView in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-3937 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2026-03-20 6.5 Medium
Incorrect security UI in Downloads in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
CVE-2025-70245 2 D-link, Dlink 3 Dir-513, Dir-513, Dir-513 Firmware 2026-03-20 7.5 High
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWizardSelectMode.
CVE-2026-25817 1 Hms-networks 2 Ewon Cosy, Ewon Flexy 2026-03-20 8.8 High
HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 have improper neutralization of special elements used in an OS command allowing remote code execution by attackers with low privilege access on the gateway, provided the attacker has credentials.
CVE-2026-25818 1 Hms-networks 2 Ewon Cosy, Ewon Flexy 2026-03-20 9.1 Critical
HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 have weak entropy for authentication cookies, allowing an attacker with a stolen session cookie to find the user password by brute-forcing an encryption parameter.
CVE-2026-25819 1 Hms-networks 2 Ewon Cosy, Ewon Flexy 2026-03-20 7.5 High
HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 allows unauthenticated attackers to cause a Denial of Service by using a specially crafted HTTP request that leads to a reboot of the device, provided they have access to the device's GUI.
CVE-2026-25823 1 Hms-networks 2 Ewon Cosy, Ewon Flexy 2026-03-20 9.8 Critical
HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 have a stack buffer overflow that leads to a Denial of Service, which can also be exploited to achieve Unauthenticated Remote Code Execution.
CVE-2026-26794 1 Gl-inet 3 Ar300m16, Ar300m16 Firmware, Gl-ar300m16 2026-03-20 8.8 High
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a SQL injection vulnerability via the add_group() function. This vulnerability allows attackers to execute arbitrary SQL database operations via a crafted HTTP request.
CVE-2026-1182 1 Gitlab 1 Gitlab 2026-03-20 4.3 Medium
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.14 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to gain unauthorized access to confidential issue title created in public projects under certain circumstances.
CVE-2025-59388 2 Qnap, Qnap Systems 2 Hyper Data Protector, Hyper Data Protector 2026-03-20 9.8 Critical
A use of hard-coded password vulnerability has been reported to affect Hyper Data Protector. The remote attackers can then exploit the vulnerability to gain unauthorized access. We have already fixed the vulnerability in the following version: Hyper Data Protector 2.3.1.455 and later
CVE-2025-15037 1 Asus 1 Asus Business System Control Interface 2026-03-20 N/A
An Incorrect Permission Assignment vulnerability exists in the ASUS Business System Control Interface driver. This vulnerability can be triggered by an unprivileged local user sending a specially crafted IOCTL request, potentially leading to unauthorized access to sensitive hardware resources and kernel information disclosure. Refer to the "ASUS Business System Control Interface" section on the ASUS Security Advisory for more information.
CVE-2026-1878 1 Asus 2 Driver Headset , Driver Keyboard Mouse 2026-03-20 N/A
An Insufficient Integrity Verification vulnerability in the ASUS ROG peripheral driver installation process allows privilege escalation to SYSTEM. The vulnerability is due to improper access control on the installation directory, which enables the exploitation of a race condition where the legitimate installer is substituted with an unexpected payload immediately after download, resulting in arbitrary code execution. Refer to the "Security Update for ASUS ROG peripheral driver" section on the ASUS Security Advisory for more information.
CVE-2025-15038 1 Asus 1 Asus Business System Control Interface 2026-03-20 N/A
An Out-of-Bounds Read vulnerability exists in the ASUS Business System Control Interface driver. This vulnerability can be triggered by an unprivileged local user sending a specially crafted IOCTL  request, potentially leading to a disclosure of kernel information or a system crash. Refer to the "Security Update for ASUS  Business System Control Interface" section on the ASUS Security Advisory for more information.
CVE-2026-3978 2 D-link, Dlink 3 Dir-513, Dir-513, Dir-513 Firmware 2026-03-20 8.8 High
A vulnerability was detected in D-Link DIR-513 1.10. The impacted element is an unknown function of the file /goform/formEasySetupWizard3. The manipulation of the argument wan_connected results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used.
CVE-2026-3980 2 Sourcecodester, Unguardable 2 Doctor Appointment System, Online Doctor Appointment System 2026-03-20 7.3 High
A vulnerability has been found in itsourcecode Online Doctor Appointment System 1.0. This impacts an unknown function of the file /admin/patient_action.php. Such manipulation of the argument patient_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2026-3981 2 Sourcecodester, Unguardable 2 Doctor Appointment System, Online Doctor Appointment System 2026-03-20 7.3 High
A vulnerability was found in itsourcecode Online Doctor Appointment System 1.0. Affected is an unknown function of the file /admin/doctor_action.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used.
CVE-2026-28803 2 Maykinmedia, Open-formulieren 2 Open Forms, Open-forms 2026-03-20 6.5 Medium
Open Forms allows users create and publish smart forms. Prior to 3.3.13 and 3.4.5, to be able to cosign, the cosigner receives an e-mail with instructions or a deep-link to start the cosign flow. The submission reference is communicated so that the user can retrieve the submission to be cosigned. Attackers can guess a code or modify the received code to look up arbitrary submissions, after logging in (with DigiD/eHerkenning/... depending on form configuration). This vulnerability is fixed in 3.3.13 and 3.4.5.
CVE-2026-29777 1 Traefik 1 Traefik 2026-03-20 6.5 Medium
Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.10, A tenant with write access to an HTTPRoute resource can inject backtick-delimited rule tokens into Traefik's router rule language via unsanitized header or query parameter match values. In shared gateway deployments, this can bypass listener hostname constraints and redirect traffic for victim hostnames to attacker-controlled backends. This vulnerability is fixed in 3.6.10.