Export limit exceeded: 335509 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (335509 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-52998 | 2026-03-02 | N/A | ||
| Chamilo is a learning management system. Prior to version 1.11.30, in the application, deserialization of data is performed, the data can be spoofed. An attacker can create objects of arbitrary classes, as well as fully control their properties, and thus modify the logic of the web application's operation. This issue has been patched in version 1.11.30. | ||||
| CVE-2025-59600 | 2026-03-02 | 7.8 High | ||
| Memory Corruption when adding user-supplied data without checking available buffer space. | ||||
| CVE-2026-23865 | 2026-03-02 | 5.3 Medium | ||
| An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2. | ||||
| CVE-2026-21385 | 2026-03-02 | 7.8 High | ||
| Memory corruption while using alignments for memory allocation. | ||||
| CVE-2026-28358 | 2026-03-02 | N/A | ||
| NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the password forgot endpoint returned different responses for registered and unregistered emails, allowing user enumeration. This issue has been patched in version 0.301.3. | ||||
| CVE-2026-26720 | 2026-03-02 | 9.8 Critical | ||
| An issue in Twenty CRM v1.15.0 and before allows a remote attacker to execute arbitrary code via the local.driver.ts module. | ||||
| CVE-2026-28360 | 2026-03-02 | N/A | ||
| NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, shared view passwords were stored in plaintext in the database and compared using direct string equality. This issue has been patched in version 0.301.3. | ||||
| CVE-2025-47376 | 2026-03-02 | 7.8 High | ||
| Memory Corruption when concurrent access to shared buffer occurs during IOCTL calls. | ||||
| CVE-2026-28361 | 2026-03-02 | N/A | ||
| NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the MCP token service did not validate token ownership, allowing a Creator within the same base to read, regenerate, or delete another user's MCP tokens if the token ID was known. This issue has been patched in version 0.301.3. | ||||
| CVE-2025-47378 | 2026-03-02 | 7.1 High | ||
| Cryptographic Issue when a shared VM reference allows HLOS to boot loader and access cert chain. | ||||
| CVE-2026-28396 | 2026-03-02 | N/A | ||
| NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the password reset flow did not revoke existing refresh tokens, allowing an attacker with a previously stolen refresh token to continue minting valid JWTs after the victim resets their password. This issue has been patched in version 0.301.3. | ||||
| CVE-2025-47383 | 2026-03-02 | 7.2 High | ||
| Weak configuration may lead to cryptographic issue when a VoWiFi call is triggered from UE. | ||||
| CVE-2026-24101 | 2026-03-02 | 9.8 Critical | ||
| An issue was discovered in goform/formSetIptv in Tenda AC15V1.0 V15.03.05.18_multi. When the condition is met, `s1_1` will be passed into sub_B0488, concatenated into `doSystemCmd`. The value of s1_1 is not validated, potentially leading to a command injection vulnerability. | ||||
| CVE-2026-28359 | 2026-03-02 | N/A | ||
| NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, an authenticated user with Editor role can inject arbitrary HTML into Rich Text cells by bypassing the TipTap editor and sending raw HTML via the API. This issue has been patched in version 0.301.3. | ||||
| CVE-2026-28397 | 2026-03-02 | N/A | ||
| NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, comments rendered via v-html without sanitization enable stored XSS. This issue has been patched in version 0.301.3. | ||||
| CVE-2026-28399 | 2026-03-02 | N/A | ||
| NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, an authenticated user with Creator role can inject arbitrary SQL via the DATEADD formula's unit parameter. This issue has been patched in version 0.301.3. | ||||
| CVE-2026-26707 | 2026-03-02 | N/A | ||
| sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/view_supplier.php. | ||||
| CVE-2026-0655 | 2026-03-02 | N/A | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in TP-Link Deco BE25 v1.0 (web modules) allows authenticated adjacent attacker to read arbitrary files or cause denial of service. This issue affects Deco BE25 v1.0: through 1.1.1 Build 20250822. | ||||
| CVE-2026-26704 | 2026-03-02 | N/A | ||
| sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/view_category.php. | ||||
| CVE-2026-26705 | 2026-03-02 | N/A | ||
| sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/view_product.php. | ||||