Export limit exceeded: 366631 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366631 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-21788 1 Hcltech 1 Connections 2026-03-20 5.4 Medium
HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user which leads to executing malicious script code.  This may allow the attacker steal cookie-based authentication credentials and comprise user's account then launch other attacks.
CVE-2025-14716 1 Secomea 1 Gatemanager 2026-03-20 6.5 Medium
Improper Authentication vulnerability in Secomea GateManager (webserver modules) allows Authentication Bypass.This issue affects GateManager: 11.4;0.
CVE-2026-3511 1 Slovensko.digital 1 Autogram 2026-03-20 8.6 High
Improper Restriction of XML External Entity Reference vulnerability in XMLUtils.java in Slovensko.Digital Autogram allows remote unauthenticated attacker to conduct SSRF (Server Side Request Forgery) attacks and obtain unauthorized access to local files on filesystems running the vulnerable application. Successful exploitation requires the victim to visit a specially crafted website that sends request containing a specially crafted XML document to /sign endpoint of the local HTTP server run by the application.
CVE-2026-22558 1 Ubiquiti 1 Unifi Network Application 2026-03-20 7.7 High
An Authenticated NoSQL Injection vulnerability found in UniFi Network Application could allow a malicious actor with authenticated access to the network to escalate privileges.
CVE-2026-26931 1 Elastic 1 Metricbeat 2026-03-20 5.7 Medium
Memory Allocation with Excessive Size Value (CWE-789) in the Prometheus remote_write HTTP handler in Metricbeat can lead Denial of Service via Excessive Allocation (CAPEC-130).
CVE-2024-9671 1 Redhat 2 3scale Api Management Platform, Red Hat 3scale Amp 2026-03-20 5.3 Medium
A vulnerability was found in 3Scale. There is no auth mechanism to see a PDF invoice of a Developer user if the URL is known. Anyone can see the invoice if the URL is known or guessed.
CVE-2024-10295 1 Redhat 2 3scale Api Management, Red Hat 3scale Amp 2026-03-20 7.5 High
A flaw was found in Gateway. Sending a non-base64 'basic' auth with special characters can cause APICast to incorrectly authenticate a request. A malformed basic authentication header containing special characters bypasses authentication and allows unauthorized access to the backend. This issue can occur due to a failure in the base64 decoding process, which causes APICast to skip the rest of the authentication checks and proceed with routing the request upstream.
CVE-2026-32765 2026-03-20 N/A
This repository is no longer public.
CVE-2026-32764 2026-03-20 N/A
This repository is no longer public.
CVE-2026-3948 2026-03-19 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2023-6816 4 Debian, Fedoraproject, Redhat and 1 more 13 Debian Linux, Fedora, Enterprise Linux and 10 more 2026-03-19 9.8 Critical
A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used.
CVE-2025-71220 1 Linux 1 Linux Kernel 2026-03-19 7.8 High
In the Linux kernel, the following vulnerability has been resolved: smb/server: call ksmbd_session_rpc_close() on error path in create_smb2_pipe() When ksmbd_iov_pin_rsp() fails, we should call ksmbd_session_rpc_close().
CVE-2025-71222 1 Linux 1 Linux Kernel 2026-03-19 5.5 Medium
In the Linux kernel, the following vulnerability has been resolved: wifi: wlcore: ensure skb headroom before skb_push This avoids occasional skb_under_panic Oops from wl1271_tx_work. In this case, headroom is less than needed (typically 110 - 94 = 16 bytes).
CVE-2024-9341 2 Containers, Redhat 5 Common, Enterprise Linux, Openshift and 2 more 2026-03-19 5.4 Medium
A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host directories inside a container. This issue also allows attackers to access critical host files, bypassing the intended isolation between containers and the host system.
CVE-2025-53711 1 Tp-link 5 Tl-wr841n, Tl-wr841n(eu), Tl-wr841n Firmware and 2 more 2026-03-19 7.5 High
A vulnerability has been found in TP-Link TL-WR841N v11, TL-WR842ND v2 and TL-WR494N v3. The vulnerability exists in the /userRpm/WlanNetworkRpm.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result in a denial-of-service (DoS) condition. The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2024-7557 1 Redhat 2 Openshift Ai, Openshift Data Science 2026-03-19 8.8 High
A vulnerability was found in OpenShift AI that allows for authentication bypass and privilege escalation across models within the same namespace. When deploying AI models, the UI provides the option to protect models with authentication. However, credentials from one model can be used to access other models and APIs within the same namespace. The exposed ServiceAccount tokens, visible in the UI, can be utilized with oc --token={token} to exploit the elevated view privileges associated with the ServiceAccount, leading to unauthorized access to additional resources.
CVE-2025-40943 1 Siemens 90 Simatic Drive Controller Cpu 1504d Tf, Simatic Drive Controller Cpu 1507d Tf, Simatic Et 200sp Open Controller Cpu 1515sp Pc2 (incl. Siplus Variants) V2 Cpus - Windows Os and 87 more 2026-03-19 9.6 Critical
Affected devices do not properly sanitize contents of trace files. This could allow an attacker to inject code through social engineering an authorized user, who has the function right "Read diagnostics", to import a specially crafted trace file. The malicious trace file is insufficiently sanitized and malicious code could be executed in the clients browser session and trigger PLC operations via the webserver that the legitimate user is authorized to perform.
CVE-2023-37287 1 Smartsoft 1 Smartbpm.net 2026-03-19 9.1 Critical
SmartBPM.NET has a vulnerability of using hard-coded authentication key. An unauthenticated remote attacker can exploit this vulnerability to access system with regular user privilege to read application data, and execute submission and approval processes.
CVE-2025-69650 1 Gnu 1 Binutils 2026-03-19 7.5 High
GNU Binutils thru 2.46 readelf contains a double free vulnerability when processing a crafted ELF binary with malformed relocation data. During GOT relocation handling, dump_relocations may return early without initializing the all_relocations array. As a result, process_got_section_contents() may pass an uninitialized r_symbol pointer to free(), leading to a double free and terminating the program with SIGABRT. No evidence of exploitable memory corruption or code execution was observed; the impact is limited to denial of service. NOTE: this is disputed by third parties because the observed behavior occurred only in pre-release code and did not affect any tagged version.
CVE-2025-66376 2 Synacor, Zimbra 2 Zimbra Collaboration Suite, Collaboration 2026-03-19 7.2 High
Zimbra Collaboration (ZCS) 10 before 10.0.18 and 10.1 before 10.1.13 allows Classic UI stored XSS via Cascading Style Sheets (CSS) @import directives in an HTML e-mail message.