Export limit exceeded: 336322 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (336322 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-27154 | 1 Discourse | 1 Discourse | 2026-03-02 | 6.1 Medium |
| Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, a user full name can be evaluated as raw HTML when the following settings are set: `display_name_on_posts` => true; and `prioritize_username_in_ux` => false. Editing a post of a malicious user would trigger an XSS. Versions 2025.12.2, 2026.1.1, and 2026.2.0 patch the issue. No known workarounds are available. | ||||
| CVE-2026-27153 | 1 Discourse | 1 Discourse | 2026-03-02 | 2.7 Low |
| Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, moderators could export user Chat DMs via the CSV export endpoint by exploiting an overly permissive allowlist in `can_export_entity?`. The method allowed moderators to export any entity not explicitly blocked instead of restricting to an explicit allowlist. Versions 2025.12.2, 2026.1.1, and 2026.2.0 patch the issue. No known workarounds are available. | ||||
| CVE-2026-27638 | 1 Actualbudget | 1 Actual | 2026-03-02 | 7.1 High |
| Actual is a local-first personal finance tool. Prior to version 26.2.1, in multi-user mode (OpenID), the sync API endpoints (`/sync/*`) don't verify that the authenticated user owns or has access to the file being operated on. Any authenticated user can read, modify, and overwrite any other user's budget files by providing their file ID. Version 26.2.1 patches the issue. | ||||
| CVE-2026-28215 | 1 Hoppscotch | 1 Hoppscotch | 2026-03-02 | 9.1 Critical |
| hoppscotch is an open source API development ecosystem. Prior to version 2026.2.0, an unauthenticated attacker can overwrite the entire infrastructure configuration of a self-hosted Hoppscotch instance including OAuth provider credentials and SMTP settings by sending a single HTTP POST request with no authentication. The endpoint POST /v1/onboarding/config has no authentication guard and performs no check on whether onboarding was already completed. A successful exploit allows the attacker to replace the instance's Google/GitHub/Microsoft OAuth application credentials with their own, causing all subsequent user logins via SSO to authenticate against the attacker's OAuth app. The attacker captures OAuth tokens and email addresses of every user who logs in after the exploit. Additionally, the endpoint returns a recovery token that can be used to read all stored secrets in plaintext, including SMTP passwords and any other configured credentials. Version 2026.2.0 fixes the issue. | ||||
| CVE-2026-28280 | 1 Jmpsec | 1 Osctrl | 2026-03-02 | 6.1 Medium |
| osctrl is an osquery management solution. Prior to version 0.5.0, a stored cross-site scripting (XSS) vulnerability exists in the `osctrl-admin` on-demand query list. A user with query-level permissions can inject arbitrary JavaScript via the query parameter when running an on-demand query. The payload is stored and executes in the browser of any user (including administrators) who visits the query list page. This can be chained with CSRF token extraction to escalate privileges and take actions as the logged in user. An attacker with query-level permissions (the lowest privilege tier) can execute arbitrary JavaScript in the browsers of all users who view the query list. Depending on their level of access, it can lead to full platform compromise if an administrator executes the payload. The issue is fixed in osctrl `v0.5.0`. As a workaround, restrict query-level permissions to trusted users, monitor query list for suspicious payloads, and/or review osctrl user accounts for unauthorized administrators. | ||||
| CVE-2026-27129 | 1 Craftcms | 2 Craft Cms, Craftcms | 2026-03-02 | 6.5 Medium |
| Craft is a content management system (CMS). In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, the SSRF validation in Craft CMS’s GraphQL Asset mutation uses `gethostbyname()`, which only resolves IPv4 addresses. When a hostname has only AAAA (IPv6) records, the function returns the hostname string itself, causing the blocklist comparison to always fail and completely bypassing SSRF protection. This is a bypass of the security fix for CVE-2025-68437. Exploitation requires GraphQL schema permissions for editing assets in the `<VolumeName>` volume and creating assets in the `<VolumeName>` volume. These permissions may be granted to authenticated users with appropriate GraphQL schema access and/or Public Schema (if misconfigured with write permissions). Versions 4.16.19 and 5.8.23 patch the issue. | ||||
| CVE-2026-2749 | 1 Centreon | 1 Open Tickets | 2026-03-02 | 9.9 Critical |
| Vulnerability in Centreon Centreon Open Tickets on Central Server on Linux (Centroen Open Ticket modules).This issue affects Centreon Open Tickets on Central Server: from all before 25.10.3, 24.10.8, 24.04.7. | ||||
| CVE-2026-2359 | 1 Expressjs | 1 Multer | 2026-03-02 | 7.5 High |
| Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of Service (DoS) by dropping connection during file upload, potentially causing resource exhaustion. Users should upgrade to version 2.1.0 to receive a patch. No known workarounds are available. | ||||
| CVE-2026-22717 | 1 Vmware | 1 Workstation | 2026-03-02 | 2.7 Low |
| Out-of-bound read vulnerability in VMware Workstation 25H1 and below on any platform allows an actor with non-administrative privileges on a guest VM to obtain limited information disclosure from the machine where VMware Workstation is installed. | ||||
| CVE-2026-22716 | 1 Vmware | 1 Workstation | 2026-03-02 | 5 Medium |
| Out-of-bound write vulnerability in VMware Workstation 25H1 and below on any platform allows an actor with non-administrative privileges on a guest VM to terminate certain Workstation processes. | ||||
| CVE-2026-21619 | 2 Erlang, Hexpm | 3 Rebar3, Hex, Hex Core | 2026-03-02 | N/A |
| Uncontrolled Resource Consumption, Deserialization of Untrusted Data vulnerability in hexpm hex_core (hex_api modules), hexpm hex (mix_hex_api modules), erlang rebar3 (r3_hex_api modules) allows Object Injection, Excessive Allocation. This vulnerability is associated with program files src/hex_api.erl, src/mix_hex_api.erl, apps/rebar/src/vendored/r3_hex_api.erl and program routines hex_core:request/4, mix_hex_api:request/4, r3_hex_api:request/4. This issue affects hex_core: from 0.1.0 before 0.12.1; hex: from 2.3.0 before 2.3.2; rebar3: from 3.9.1 before 3.27.0. | ||||
| CVE-2025-15498 | 1 Pro3w | 1 Pro3w Cms | 2026-03-02 | N/A |
| Pro3W CMS if vulnerable to SQL injection attacks. Improper neutralization of input provided into a login form allows an unauthenticated attacker to bypass authentication and gain administrative privileges. This issue was identified in version 1.2.0 of this software. Due to lack of response from the vendor exact version range could not be determined, but the vulnerability should be eliminated in versions released in January 2026 and later. | ||||
| CVE-2025-10990 | 1 Redhat | 4 Rhel Satellite Client, Satellite, Satellite Capsule and 1 more | 2026-03-02 | 7.5 High |
| A flaw was found in REXML. A remote attacker could exploit inefficient regular expression (regex) parsing when processing hex numeric character references (&#x...;) in XML documents. This could lead to a Regular Expression Denial of Service (ReDoS), impacting the availability of the affected component. This issue is the result of an incomplete fix for CVE-2024-49761. | ||||
| CVE-2019-25494 | 1 Doditsolutions | 1 Homey Bnb (airbnb Clone Script) | 2026-03-02 | 8.2 High |
| Homey BNB V4 contains an SQL injection vulnerability in the administration panel login that allows unauthenticated attackers to bypass authentication by injecting SQL syntax into username and password fields. Attackers can submit SQL operators like '=' 'or' in both credentials to manipulate the authentication query and gain unauthorized access to the admin panel. | ||||
| CVE-2019-25493 | 1 Doditsolutions | 1 Homey Bnb (airbnb Clone Script) | 2026-03-02 | 8.2 High |
| Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'val' parameter. Attackers can send GET requests to the admin/getrecord.php endpoint with malicious 'val' values to extract sensitive database information. | ||||
| CVE-2019-25492 | 1 Doditsolutions | 1 Homey Bnb (airbnb Clone Script) | 2026-03-02 | 8.2 High |
| Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'pt' parameter. Attackers can send GET requests to the admin/getcmsdata.php endpoint with malicious 'pt' values to extract sensitive database information. | ||||
| CVE-2019-25491 | 1 Doditsolutions | 1 Homey Bnb (airbnb Clone Script) | 2026-03-02 | 8.2 High |
| Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the catid parameter. Attackers can send GET requests to the admin/cms_getpagetitle.php endpoint with malicious catid values to extract sensitive database information. | ||||
| CVE-2019-25490 | 1 Doditsolutions | 1 Homey Bnb (airbnb Clone Script) | 2026-03-02 | 8.2 High |
| Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'id' parameter. Attackers can send GET requests to the admin/edit.php endpoint with time-based SQL injection payloads to extract sensitive database information. | ||||
| CVE-2019-25489 | 1 Doditsolutions | 1 Homey Bnb (airbnb Clone Script) | 2026-03-02 | 8.2 High |
| Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the hosting_id parameter. Attackers can send GET requests to the rooms/ajax_refresh_subtotal endpoint with malicious hosting_id values to extract sensitive database information or cause denial of service. | ||||
| CVE-2026-3304 | 1 Expressjs | 1 Multer | 2026-03-02 | 7.5 High |
| Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of Service (DoS) by sending malformed requests, potentially causing resource exhaustion. Users should upgrade to version 2.1.0 to receive a patch. No known workarounds are available. | ||||