Export limit exceeded: 366624 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366624 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-21359 1 Adobe 4 Adobe Commerce, Commerce, Commerce B2b and 1 more 2026-03-20 4.7 Medium
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and have limited impact to the integrity and availability of data. The exploit depends on conditions beyond the attacker's control. Exploitation of this issue does not require user interaction.
CVE-2026-21297 1 Adobe 4 Adobe Commerce, Commerce, Commerce B2b and 1 more 2026-03-20 4.3 Medium
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized access to a feature. Exploitation of this issue does not require user interaction.
CVE-2026-21284 1 Adobe 4 Adobe Commerce, Commerce, Commerce B2b and 1 more 2026-03-20 8.1 High
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue requires user interaction in that a victim must browse to the page containing the vulnerable field.
CVE-2026-21294 1 Adobe 4 Adobe Commerce, Commerce, Commerce B2b and 1 more 2026-03-20 5.5 Medium
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in a Security feature bypass. A high-privileged attacker could exploit this vulnerability to manipulate server-side requests and bypass security controls. Exploitation of this issue does not require user interaction.
CVE-2026-21286 1 Adobe 4 Adobe Commerce, Commerce, Commerce B2b and 1 more 2026-03-20 5.3 Medium
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized view access of data. Exploitation of this issue does not require user interaction.
CVE-2026-21282 1 Adobe 4 Adobe Commerce, Commerce, Commerce B2b and 1 more 2026-03-20 5.3 Medium
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Improper Input Validation vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability by providing specially crafted input, causing limited impact to application availability. Exploitation of this issue does not require user interaction.
CVE-2026-21293 1 Adobe 4 Adobe Commerce, Commerce, Commerce B2b and 1 more 2026-03-20 5.5 Medium
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in a Security feature bypass. A high-privileged attacker could exploit this vulnerability to manipulate server-side requests and access unauthorized resources. Exploitation of this issue does not require user interaction.
CVE-2026-21291 1 Adobe 4 Adobe Commerce, Commerce, Commerce B2b and 1 more 2026-03-20 4.8 Medium
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Exploitation of this issue requires user interaction in that a victim must browse to the page containing the vulnerable field.
CVE-2026-23814 1 Hpe 1 Arubaos-cx 2026-03-20 8.8 High
A vulnerability in the command parameters of a certain AOS-CX CLI command could allow a low-privilege authenticated remote attacker to inject malicious commands resulting in unwanted behavior.
CVE-2026-23815 1 Hpe 1 Arubaos-cx 2026-03-20 7.2 High
A vulnerability in a custom binary used in AOS-CX Switches' CLI could allow an authenticated remote attacker with high privileges to perform command injection. Successful exploitation could allow an attacker to execute unauthorized commands.
CVE-2026-23816 1 Hpe 1 Arubaos-cx 2026-03-20 7.2 High
A vulnerability in the command line interface of AOS-CX Switches could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.
CVE-2026-20892 1 Micro Research 2 Mr-gm5a-l1, Mr-gm5l-s1 2026-03-20 N/A
Code injection vulnerability exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker with administrative privileges to execute arbitrary commands.
CVE-2026-24448 1 Micro Research 2 Mr-gm5a-l1, Mr-gm5l-s1 2026-03-20 N/A
Use of hard-coded credentials issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to obtain administrative access.
CVE-2026-27842 1 Micro Research 2 Mr-gm5a-l1, Mr-gm5l-s1 2026-03-20 N/A
Authentication bypass issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to bypass authentication and change the device configuration.
CVE-2026-3824 1 Wellchoose 2 Iftop, Organization Portal System 2026-03-20 6.1 Medium
IFTOP developed by WellChoose has an Open redirect vulnerability, allowing authenticated remote attackers to craft a URL that tricks users into visiting malicious website.
CVE-2026-3825 1 Wellchoose 2 Iftop, Organization Portal System 2026-03-20 6.1 Medium
IFTOP developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing authenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.
CVE-2026-3826 1 Wellchoose 2 Iftop, Organization Portal System 2026-03-20 9.8 Critical
IFTOP developed by WellChoose has a Local File Inclusion vulnerability, allowing unauthenticated remote attackers to execute arbitrary code on the server.
CVE-2024-14024 2 Qnap, Qnap Systems 2 Video Station, Video Station 2026-03-20 6.7 Medium
An improper certificate validation vulnerability has been reported to affect Video Station. If an attacker gains local network access who have also gained an administrator account, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: Video Station 5.8.2 and later
CVE-2024-14025 2 Qnap, Qnap Systems 2 Video Station, Video Station 2026-03-20 6.7 Medium
An SQL injection vulnerability has been reported to affect Video Station. If an attacker gains local network access who have also gained an administrator account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Video Station 5.8.2 and later
CVE-2024-14026 2 Qnap, Qnap Systems 4 Qts, Quts Hero, Qts and 1 more 2026-03-20 7.8 High
A command injection vulnerability has been reported to affect several QNAP operating system versions. If an attacker gains local network access who have also gained a user account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.3.3006 build 20250108 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.3.3006 build 20250108 and later