Export limit exceeded: 364396 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364396 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-70231 1 Dlink 2 Dir-513, Dir-513 Firmware 2026-03-06 9.8 Critical
D-Link DIR-513 version 1.10 contains a critical-level vulnerability. When processing POST requests related to verification codes in /goform/formLogin, it enters /goform/getAuthCode but fails to filter the value of the FILECODE parameter, resulting in a path traversal vulnerability.
CVE-2025-70232 1 Dlink 2 Dir-513, Dir-513 Firmware 2026-03-06 9.8 Critical
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetMACFilter.
CVE-2025-70233 1 Dlink 2 Dir-513, Dir-513 Firmware 2026-03-06 9.8 Critical
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetEnableWizard.
CVE-2026-28484 1 Openclaw 1 Openclaw 2026-03-06 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2026-27123 2026-03-06 N/A
Reason: This candidate was issued in error.
CVE-2025-12107 1 Wso2 2 Identity Server, Wso2 Identity Server 2026-03-06 8.4 High
Due to the use of a vulnerable third-party Velocity template engine, a malicious actor with admin privilege may inject and execute arbitrary template syntax within server-side templates. Successful exploitation of this vulnerability could allow a malicious actor with admin privilege to inject and execute arbitrary template code on the server, potentially leading to remote code execution, data manipulation, or unauthorized access to sensitive information.
CVE-2025-36018 2 Ibm, Linux 2 Concert, Linux Kernel 2026-03-06 6.5 Medium
IBM Concert 1.0.0 through 2.1.0 for Z hub component is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
CVE-2025-33089 1 Ibm 1 Concert 2026-03-06 6.5 Medium
IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information or perform unauthorized actions due to the use of hard coded user credentials.
CVE-2025-66490 1 Traefik 1 Traefik 2026-03-06 6.5 Medium
Traefik is an HTTP reverse proxy and load balancer. For versions prior to 2.11.32 and 2.11.31 through 3.6.2, requests using PathPrefix, Path or PathRegex matchers can bypass path normalization. When Traefik uses path-based routing, requests containing URL-encoded restricted characters (/, \, Null, ;, ?, #) can bypass the middleware chain and reach unintended backends. For example, a request to http://mydomain.example.com/admin%2F could reach service-a without triggering my-security-middleware, bypassing security controls for the /admin/ path. This issue is fixed in versions 2.11.32 and 3.6.3.
CVE-2020-9321 1 Traefik 2 Traefik, Traefik Enterprise 2026-03-06 7.5 High
configurationwatcher.go in Traefik 2.x before 2.1.4 and TraefikEE 2.0.0 mishandles the purging of certificate contents from providers before logging.
CVE-2025-47379 1 Qualcomm 357 5g Fixed Wireless Access Platform, 5g Fixed Wireless Access Platform Firmware, Ar8031 and 354 more 2026-03-06 7.8 High
Memory Corruption when concurrent access to shared buffer occurs due to improper synchronization between assignment and deallocation of buffer resources.
CVE-2026-1799 2026-03-06 N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate has been determined not to be a valid vulnerability. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2025-66319 1 Huawei 1 Harmonyos 2026-03-06 3.3 Low
Permission control vulnerability in the resource scheduling module. Impact: Successful exploitation of this vulnerability may affect service integrity.
CVE-2022-4947 2026-03-06 N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-32111. Reason: This candidate is a reservation duplicate of CVE-2024-32111. Notes: All CVE users should reference CVE-2024-32111 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2021-30952 6 Apple, Debian, Fedoraproject and 3 more 12 Ipados, Iphone Os, Macos and 9 more 2026-03-06 8.8 High
An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2021-22681 1 Rockwellautomation 20 Compact Guardlogix 5370, Compact Guardlogix 5380, Compactlogix 1768 and 17 more 2026-03-06 9.8 Critical
Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800. Rockwell Automation Studio 5000 Logix Designer Versions 21 and later and RSLogix 5000: Versions 16 through 20 are vulnerable because an unauthenticated attacker could bypass this verification mechanism and authenticate with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800.
CVE-2025-13590 1 Wso2 10 Api Control Plane, Api Manager, Org.wso2.carbon.apimgt:org.wso2.carbon.apimgt.impl and 7 more 2026-03-06 9.1 Critical
A malicious actor with administrative privileges can upload an arbitrary file to a user-controlled location within the deployment via a system REST API. Successful uploads may lead to remote code execution. By leveraging the vulnerability, a malicious actor may perform Remote Code Execution by uploading a specially crafted payload.
CVE-2025-48654 1 Google 1 Android 2026-03-06 7.8 High
In onStart of CompanionDeviceManagerService.java, there is a possible confused deputy due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-48653 1 Google 1 Android 2026-03-06 8.4 High
In loadDataAndPostValue of multiple files, there is a possible way to obscure permission usage due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-48650 1 Google 1 Android 2026-03-06 8.4 High
In multiple locations, there is a possible information disclosure due to SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.