Export limit exceeded: 335695 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (335695 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-20801 | 2026-03-03 | 5.6 Medium | ||
| Cleartext Transmission of Sensitive Information (CWE-319) in a component used in the Gallagher Hanwha VMS and Gallagher NxWitness VMS integrations allows unprivileged users with local network access to view live video streams. This issue affects all versions of Gallagher NxWitness VMS integration prior to 9.10.017 and Gallagher Hanwha VMS integration prior to 9.10.025. | ||||
| CVE-2025-62817 | 2026-03-03 | N/A | ||
| An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400, 1580, and 2500. A NULL pointer dereference of session->ncp_hdr_buf in __pilot_parsing_ncp() causes a denial of service. | ||||
| CVE-2026-26886 | 2026-03-03 | N/A | ||
| Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /admin/services/manage_service.php. | ||||
| CVE-2025-62816 | 2026-03-03 | N/A | ||
| An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400, 1580, and 2500. Unvalidated VS4L_VERTEXIOC_BOOTUP input leads to a denial of service. | ||||
| CVE-2026-26885 | 2026-03-03 | 2.7 Low | ||
| Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /classes/Master.php?f=delete_service. | ||||
| CVE-2026-25673 | 2026-03-03 | 7.5 High | ||
| An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. `URLField.to_python()` in Django calls `urllib.parse.urlsplit()`, which performs NFKC normalization on Windows that is disproportionately slow for certain Unicode characters, allowing a remote attacker to cause denial of service via large URL inputs containing these characters. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Seokchan Yoon for reporting this issue. | ||||
| CVE-2026-2448 | 2026-03-03 | 8.8 High | ||
| The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.33.5 via the locate_template() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | ||||
| CVE-2026-1487 | 2026-03-03 | 6.5 Medium | ||
| The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to SQL Injection via the JSON Import in all versions up to, and including, 5.2.7 due to insufficient validation on the user-supplied JSON data. This makes it possible for authenticated attackers, with Administrator-level access and above, to execute arbitrary SQL queries on the database that can be used to extract information via time-based techniques, drop tables, or modify data. | ||||
| CVE-2026-3465 | 2026-03-03 | 3.1 Low | ||
| A vulnerability was determined in Tuya App and SDK 24.07.11 on Android. Affected by this vulnerability is an unknown functionality of the component JSON Data Point Handler. This manipulation of the argument cruise_time causes denial of service. Remote exploitation of the attack is possible. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been publicly disclosed and may be utilized. There is ongoing doubt regarding the real existence of this vulnerability. The vendor disagrees with the conclusion of the finding: "The described vulnerability fails to prove its feasibility or exploitability by attackers. The issue essentially does not constitute a security vulnerability, aligning more closely with abnormal product functionality." These considerations are properly reflected within the CVSS vector. | ||||
| CVE-2025-66363 | 2026-03-03 | N/A | ||
| An issue was discovered in LBS in Samsung Mobile Processor Exynos 2200. There was no check for memory initialization within DL NAS Transport messages. | ||||
| CVE-2025-64736 | 2026-03-03 | 6.1 Medium | ||
| An out-of-bounds read vulnerability exists in the ABF parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (5462afb0). A specially crafted .abf file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2025-66680 | 2026-03-03 | N/A | ||
| An issue in the WiseDelfile64.sys component of WiseCleaner Wise Force Deleter 7.3.2 and earlier allows attackers to delete arbitrary files via a crafted request. | ||||
| CVE-2026-20777 | 2026-03-03 | 8.1 High | ||
| A heap-based buffer overflow vulnerability exists in the Nicolet WFT parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (db9a9a63). A specially crafted .wft file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2025-70821 | 2026-03-03 | N/A | ||
| renren-secuity before v5.5.0 is vulnerable to SQL Injection in the BaseServiceImpl.java component | ||||
| CVE-2025-52365 | 2026-03-03 | 7.8 High | ||
| A command injection vulnerability in the szc script of the ccurtsinger/stabilizer repository allows remote attackers to execute arbitrary system commands via unsanitized user input passed to os.system(). The vulnerability arises from improper input handling where command-line arguments are directly concatenated into shell commands without validation | ||||
| CVE-2026-2637 | 1 Iboysoft | 1 Iboysoft Ntfs | 2026-03-03 | N/A |
| iBoysoft NTFS for Mac contains a local privilege escalation vulnerability in its privileged helper daemon ntfshelperd. The daemon exposes an NSConnection service that runs as root without implementing any authentication or authorization checks. This issue affects iBoysoft NTFS: 8.0.0. | ||||
| CVE-2026-24103 | 2026-03-03 | N/A | ||
| A buffer overflow vulnerability was discovered in goform/formSetMacFilterCfg in Tenda AC15V1.0 V15.03.05.18_multi. | ||||
| CVE-2026-22886 | 2026-03-03 | 9.8 Critical | ||
| OpenMQ exposes a TCP-based management service (imqbrokerd) that by default requires authentication. However, the product ships with a default administrative account (admin/ admin) and does not enforce a mandatory password change on first use. After the first successful login, the server continues to accept the default password indefinitely without warning or enforcement. In real-world deployments, this service is often left enabled without changing the default credentials. As a result, a remote attacker with access to the service port could authenticate as an administrator and gain full control of the protocol’s administrative features. | ||||
| CVE-2025-57622 | 2026-03-03 | N/A | ||
| An issue in Step-Video-T2V allows a remote attacker to execute arbitrary code via the /vae-api , /caption-api , feature = pickle.loads(request.get_data()) component | ||||
| CVE-2026-3344 | 1 Watchguard | 1 Fireware Os | 2026-03-03 | N/A |
| A vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS filesystem integrity check and maintain limited persistence via a maliciously-crafted firmware update package.This issue affects Fireware OS 12.0 up to and including 12.11.7, 12.5.9 up to and including 12.5.16, and 2025.1 up to and including 2026.1.1. | ||||