Export limit exceeded: 364170 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364170 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-35779 | 1 Blueastral | 1 Page Builder\ | 2026-02-27 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Live Composer Team Page Builder: Live Composer allows Stored XSS.This issue affects Page Builder: Live Composer: from n/a through 1.5.42. | ||||
| CVE-2022-4669 | 1 Blueastral | 1 Page Builder\ | 2026-02-27 | 5.4 Medium |
| The Page Builder: Live Composer WordPress plugin before 1.5.23 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2023-34153 | 3 Fedoraproject, Imagemagick, Redhat | 4 Extra Packages For Enterprise Linux, Fedora, Imagemagick and 1 more | 2026-02-27 | 7.8 High |
| A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding. | ||||
| CVE-2024-48928 | 1 Piwigo | 1 Piwigo | 2026-02-27 | 7.5 High |
| Piwigo is an open source photo gallery application for the web. In versions on the 14.x branch, when installing, the secret_key configuration parameter is set to MD5(RAND()) in MySQL. However, RAND() only has 30 bits of randomness, making it feasible to brute-force the secret key. The CSRF token is constructed partially from the secret key, and this can be used to check if the brute force succeeded. Trying all possible values takes approximately one hour. The impact of this is limited. The auto login key uses the user's password on top of the secret key. The pwg token uses the user's session identifier on top of the secret key. It seems that values for get_ephemeral_key can be generated when one knows the secret key. Version 15.0.0 contains a fix for the issue. | ||||
| CVE-2025-62512 | 1 Piwigo | 1 Piwigo | 2026-02-27 | 5.3 Medium |
| Piwigo is an open source photo gallery application for the web. In version 15.5.0 and likely earlier 15.x releases, the password reset functionality in Piwigo allows an unauthenticated attacker to determine whether a given username or email address exists in the system. The endpoint at password.php?action=lost returns distinct messages for valid vs. invalid accounts, enabling user enumeration. As of time of publication, no known patches are available. | ||||
| CVE-2025-69207 | 1 Khoj | 1 Khoj | 2026-02-27 | 5.4 Medium |
| Khoj is a self-hostable artificial intelligence app. Prior to 2.0.0-beta.23, an IDOR in the Notion OAuth callback allows an attacker to hijack any user's Notion integration by manipulating the state parameter. The callback endpoint accepts any user UUID without verifying the OAuth flow was initiated by that user, allowing attackers to replace victims' Notion configurations with their own, resulting in data poisoning and unauthorized access to the victim's Khoj search index. This attack requires knowing the user's UUID which can be leaked through shared conversations where an AI generated image is present. This vulnerability is fixed in 2.0.0-beta.23. | ||||
| CVE-2025-64712 | 2 Unstructured, Unstructured-io | 2 Unstructured, Unstructured | 2026-02-27 | 9.8 Critical |
| The unstructured library provides open-source components for ingesting and pre-processing images and text documents, such as PDFs, HTML, Word docs, and many more. Prior to version 0.18.18, a path traversal vulnerability in the partition_msg function allows an attacker to write or overwrite arbitrary files on the filesystem when processing malicious MSG files with attachments. This issue has been patched in version 0.18.18. | ||||
| CVE-2026-27583 | 2026-02-27 | N/A | ||
| Further research determined the situation described is not a vulnerability. | ||||
| CVE-2026-27582 | 2026-02-27 | N/A | ||
| Further research determined the situation described is not a vulnerability. | ||||
| CVE-2026-27581 | 2026-02-27 | N/A | ||
| Further research determined the situation described is not a vulnerability. | ||||
| CVE-2026-27580 | 2026-02-27 | N/A | ||
| Further research determined the situation described is not a vulnerability. | ||||
| CVE-2026-27573 | 2026-02-27 | N/A | ||
| Further research determined the situation described is not a vulnerability. | ||||
| CVE-2026-27501 | 2026-02-27 | N/A | ||
| Further research determined the situation described is not a vulnerability. | ||||
| CVE-2026-27500 | 2026-02-27 | N/A | ||
| Further research determined the situation described is not a vulnerability. | ||||
| CVE-2026-27201 | 2026-02-27 | N/A | ||
| Further research determined the situation described is not a vulnerability. | ||||
| CVE-2026-27200 | 2026-02-27 | N/A | ||
| Further research determined the situation described is not a vulnerability. | ||||
| CVE-2025-33179 | 1 Nvidia | 5 Cumulus Linux, Dgx Gb200, Gb300 Nvl72 and 2 more | 2026-02-27 | 8 High |
| NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could run an unauthorized command. A successful exploit of this vulnerability might lead to escalation of privileges. | ||||
| CVE-2025-33180 | 1 Nvidia | 5 Cumulus Linux, Dgx Gb200, Gb300 Nvl72 and 2 more | 2026-02-27 | 8 High |
| NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful exploit of this vulnerability might lead to escalation of privileges. | ||||
| CVE-2025-33181 | 1 Nvidia | 5 Cumulus Linux, Dgx Gb200, Gb300 Nvl72 and 2 more | 2026-02-27 | 7.3 High |
| NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful exploit of this vulnerability might lead to escalation of privileges. | ||||
| CVE-2025-61684 | 2 H20, H2o | 2 Quickly, Quicly | 2026-02-27 | 7.5 High |
| Quicly, an IETF QUIC protocol implementation, is susceptible to a denial-of-service attack prior to commit d9d3df6a8530a102b57d840e39b0311ce5c9e14e. A remote attacker can exploit these bugs to trigger an assertion failure that crashes process using Quicly. Commit d9d3df6a8530a102b57d840e39b0311ce5c9e14e fixes the issue. | ||||