Export limit exceeded: 366625 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366625 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-14026 2 Qnap, Qnap Systems 4 Qts, Quts Hero, Qts and 1 more 2026-03-20 7.8 High
A command injection vulnerability has been reported to affect several QNAP operating system versions. If an attacker gains local network access who have also gained a user account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.3.3006 build 20250108 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.3.3006 build 20250108 and later
CVE-2026-1965 2 Curl, Haxx 2 Curl, Curl 2026-03-20 6.5 Medium
libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criterion must first be met. Due to a logical error in the code, a request that was issued by an application could wrongfully reuse an existing connection to the same server that was authenticated using different credentials. One underlying reason being that Negotiate sometimes authenticates *connections* and not *requests*, contrary to how HTTP is designed to work. An application that allows Negotiate authentication to a server (that responds wanting Negotiate) with `user1:password1` and then does another operation to the same server also using Negotiate but with `user2:password2` (while the previous connection is still alive) - the second request wrongly reused the same connection and since it then sees that the Negotiate negotiation is already made, it just sends the request over that connection thinking it uses the user2 credentials when it is in fact still using the connection authenticated for user1... The set of authentication methods to use is set with `CURLOPT_HTTPAUTH`. Applications can disable libcurl's reuse of connections and thus mitigate this problem, by using one of the following libcurl options to alter how connections are or are not reused: `CURLOPT_FRESH_CONNECT`, `CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the curl_multi API).
CVE-2026-3783 2 Curl, Haxx 2 Curl, Curl 2026-03-20 5.3 Medium
When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the hostname that the first request is redirected to has information in the used .netrc file, with either of the `machine` or `default` keywords, curl would pass on the bearer token set for the first host also to the second one.
CVE-2026-3805 2 Curl, Haxx 2 Curl, Curl 2026-03-20 7.5 High
When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory.
CVE-2026-3944 2 Angeljudesuarez, Itsourcecode 2 University Management System, University Management System 2026-03-20 7.3 High
A vulnerability was determined in itsourcecode University Management System 1.0. This vulnerability affects unknown code of the file /att_add.php. This manipulation of the argument Name causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.
CVE-2026-32059 1 Openclaw 1 Openclaw 2026-03-20 8.8 High
OpenClaw version 2026.2.22-2 prior to 2026.2.23 tools.exec.safeBins validation for sort command fails to properly validate GNU long-option abbreviations, allowing attackers to bypass denied-flag checks via abbreviated options. Remote attackers can execute sort commands with abbreviated long options to skip approval requirements in allowlist mode.
CVE-2026-32061 1 Openclaw 1 Openclaw 2026-03-20 4.4 Medium
OpenClaw versions prior to 2026.2.17 contain a path traversal vulnerability in the $include directive resolution that allows reading arbitrary local files outside the config directory boundary. Attackers with config modification capabilities can exploit this by specifying absolute paths, traversal sequences, or symlinks to access sensitive files readable by the OpenClaw process user, including API keys and credentials.
CVE-2026-32063 1 Openclaw 1 Openclaw 2026-03-20 7.1 High
OpenClaw version 2026.2.19-2 prior to 2026.2.21 contains a command injection vulnerability in systemd unit file generation where attacker-controlled environment values are not validated for CR/LF characters, allowing newline injection to break out of Environment= lines and inject arbitrary systemd directives. An attacker who can influence config.env.vars and trigger service install or restart can execute arbitrary commands with the privileges of the OpenClaw gateway service user.
CVE-2026-30953 2 Kovah, Linkace 2 Linkace, Linkace 2026-03-20 7.7 High
LinkAce is a self-hosted archive to collect website links. When a user creates a link via POST /links, the server fetches HTML metadata from the provided URL (LinkRepository::create() calls HtmlMeta::getFromUrl()). The LinkStoreRequest validation rules do not include NoPrivateIpRule, allowing server-side requests to internal network addresses, Docker service hostnames, and cloud metadata endpoints. The project already has a NoPrivateIpRule class (app/Rules/NoPrivateIpRule.php) but it is only applied in FetchController.php (line 99), not in the primary link creation path.
CVE-2026-30954 2 Kovah, Linkace 2 Linkace, Linkace 2026-03-20 4.3 Medium
LinkAce is a self-hosted archive to collect website links. In 2.1.0 and earlier, the processTaxonomy() method in LinkRepository.php allows authenticated users to attach other users' private tags and lists to their own links by passing integer IDs.
CVE-2025-66956 1 Asseco 1 See Live 2026-03-20 9.9 Critical
Insecure Access Control in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote attackers to access and execute attachments via a computable URL.
CVE-2025-67034 1 Lantronix 7 Eds5000, Eds5008, Eds5008 Firmware and 4 more 2026-03-20 8.8 High
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "name" parameter when deleting SSL credentials through the management interface. Injected commands are executed with root privileges.
CVE-2025-67035 1 Lantronix 7 Eds5000, Eds5008, Eds5008 Firmware and 4 more 2026-03-20 9.8 Critical
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The SSH Client and SSH Server pages are affected by multiple OS injection vulnerabilities due to missing sanitization of input parameters. An attacker can inject arbitrary commands in delete actions of various objects, such as server keys, users, and known hosts. Commands are executed with root privileges.
CVE-2025-67036 1 Lantronix 7 Eds5000, Eds5008, Eds5008 Firmware and 4 more 2026-03-20 8.8 High
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The Log Info page allows users to see log files by specifying their names. Due to a missing sanitization in the file name parameter, an authenticated attacker can inject arbitrary OS commands that are executed with root privileges.
CVE-2025-67037 1 Lantronix 7 Eds5000, Eds5008, Eds5008 Firmware and 4 more 2026-03-20 8.8 High
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "tunnel" parameter when killing a tunnel connection. Injected commands are executed with root privileges.
CVE-2025-67039 1 Lantronix 5 Eds3000ps, Eds3008ps1ns, Eds3008ps1ns Firmware and 2 more 2026-03-20 9.1 Critical
An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The authentication on management pages can be bypassed by appending a specific suffix to the URL and by sending an Authorization header that uses "admin" as the username.
CVE-2025-67041 1 Lantronix 5 Eds3000ps, Eds3008ps1ns, Eds3008ps1ns Firmware and 2 more 2026-03-20 9.8 Critical
An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The host parameter of the TFTP client in the Filesystem Browser page is not properly sanitized. This can be exploited to escape from the original command and execute an arbitrary one with root privileges.
CVE-2025-68623 1 Microsoft 1 Directx End-user Runtime Web Installer 2026-03-20 8.8 High
In Microsoft DirectX End-User Runtime Web Installer 9.29.1974.0, a low-privilege user can replace an executable file during the installation process, which may result in unintended elevation of privileges. During installation, the installer runs with HIGH integrity and downloads executables and DLLs to the %TEMP% folder - writable by standard users. Subsequently, the installer executes the downloaded executable with HIGH integrity to complete the application installation. However, an attacker can replace the downloaded executable with a malicious, user-controlled executable. When the installer executes this replaced file, it runs the attacker's code with HIGH integrity. Since code running at HIGH integrity can escalate to SYSTEM level by registering and executing a service, this creates a complete privilege escalation chain from standard user to SYSTEM. NOTE: The Supplier disputes this record stating that they have determined this to be the behavior as designed.
CVE-2025-70024 1 Benkeen 1 Generatedata 2026-03-20 9.8 Critical
An issue pertaining to CWE-89: Improper Neutralization of Special Elements used in an SQL Command was discovered in benkeen generatedata 4.0.14.
CVE-2025-70082 1 Lantronix 5 Eds3000ps, Eds3008ps1ns, Eds3008ps1ns Firmware and 2 more 2026-03-20 9.8 Critical
An issue in Lantronix EDS3000PS v.3.1.0.0R2 allows an attacker to execute arbitrary code and obtain sensitive information via the ltrx_evo component