Export limit exceeded: 336921 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (336921 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-41760 | 2026-03-09 | 4.9 Medium | ||
| An administrator may attempt to block all traffic by configuring a pass filter with an empty table. However, in UBR, an empty list does not enforce any restrictions and allows all network traffic to pass unfiltered. | ||||
| CVE-2025-41761 | 2026-03-09 | 7.8 High | ||
| A low‑privileged local attacker who gains access to the UBR service account (e.g., via SSH) can escalate privileges to obtain full system access. This is due to the service account being permitted to execute certain binaries (e.g., tcpdump and ip) with sudo. | ||||
| CVE-2025-41762 | 2026-03-09 | 6.2 Medium | ||
| An unauthenticated attacker can abuse the weak hash of the backup generated by the wwwdnload.cgi endpoint to gain unauthorized access to sensitive data, including password hashes and certificates. | ||||
| CVE-2025-41763 | 2026-03-09 | 6.5 Medium | ||
| A low‑privileged remote attacker can directly interact with the wwwdnload.cgi endpoint to download any resource available to administrators, including system backups and certificate request files. | ||||
| CVE-2025-41764 | 2026-03-09 | 9.1 Critical | ||
| Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupdate.cgi endpoint to upload and apply arbitrary updates. | ||||
| CVE-2025-41765 | 2026-03-09 | 9.1 Critical | ||
| Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupload.cgi endpoint to upload and apply arbitrary data. This includes, but is not limited to, contact images, HTTPS certificates, system backups for restoration, server peer configurations, and BACnet/SC server certificates and keys. | ||||
| CVE-2025-41766 | 2026-03-09 | 8.8 High | ||
| A low-privileged remote attacker can trigger a stack-based buffer overflow via a crafted HTTP POST request using the ubr-network method resulting in full device compromise. | ||||
| CVE-2026-29784 | 1 Ghost | 1 Ghost | 2026-03-09 | 7.5 High |
| Ghost is a Node.js content management system. From version 5.101.6 to 6.19.2, incomplete CSRF protections around /session/verify made it possible to use OTCs in login sessions different from the requesting session. In some scenarios this might have made it easier for phishers to take over a Ghost site. This issue has been patched in version 6.19.3. | ||||
| CVE-2025-40638 | 1 Eventobot | 1 Eventobot | 2026-03-09 | N/A |
| A reflected Cross-Site Scripting (XSS) vulnerability has been found in Eventobot. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL using the 'name' parameter in '/search-results'. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user. | ||||
| CVE-2025-40639 | 1 Eventobot | 1 Eventobot | 2026-03-09 | N/A |
| A SQL injection vulnerability has been found in Eventobot. This vulnerability allows an attacker to retrieve, create, update and delete databases through the 'promo_send' parameter in the '/assets/php/calculate_discount.php'. | ||||
| CVE-2026-29073 | 1 Siyuan | 1 Siyuan | 2026-03-09 | N/A |
| SiYuan is a personal knowledge management system. Prior to version 3.6.0, the /api/query/sql lets a user run sql directly, but it only checks basic auth, not admin rights, any logged-in user, even readers, can run any sql query on the database. This issue has been patched in version 3.6.0. | ||||
| CVE-2026-29062 | 1 Fasterxml | 1 Jackson | 2026-03-09 | 7.5 High |
| jackson-core contains core low-level incremental ("streaming") parser and generator abstractions used by Jackson Data Processor. From version 3.0.0 to before version 3.1.0, the UTF8DataInputJsonParser, which is used when parsing from a java.io.DataInput source, bypasses the maxNestingDepth constraint (default: 500) defined in StreamReadConstraints. A similar issue was found in ReaderBasedJsonParser. This allows a user to supply a JSON document with excessive nesting, which can cause a StackOverflowError when the structure is processed, leading to a Denial of Service (DoS). This issue has been patched in version 3.1.0. | ||||
| CVE-2026-29059 | 1 Windmill-labs | 1 Windmill | 2026-03-09 | N/A |
| Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Prior to version 1.603.3, an unauthenticated path traversal vulnerability exists in Windmill's get_log_file endpoint "(/api/w/{workspace}/jobs_u/get_log_file/{filename})". The filename parameter is concatenated into a file path without sanitization, allowing an attacker to read arbitrary files on the server using ../ sequences. This issue has been patched in version 1.603.3. | ||||
| CVE-2026-24517 | 1 Copeland | 9 Copeland Xweb 300d Pro, Copeland Xweb 500b Pro, Copeland Xweb 500d Pro and 6 more | 2026-03-09 | 8 High |
| An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into requests sent to the firmware update route. | ||||
| CVE-2025-59903 | 1 Kubysoft | 1 Kubysoft | 2026-03-09 | 5.4 Medium |
| Stored Cross-Site Scripting (XSS) vulnerability in Kubysoft, where uploaded SVG images are not properly sanitized. This allows attackers to embed malicious scripts within SVG files as visual content, which are then stored on the server and executed in the context of any user accessing the compromised resource. | ||||
| CVE-2026-29058 | 1 Wwbn | 1 Avideo-encoder | 2026-03-09 | 9.8 Critical |
| AVideo is a video-sharing Platform software. Prior to version 7.0, an unauthenticated attacker can execute arbitrary OS commands on the server by injecting shell command substitution into the base64Url GET parameter. This can lead to full server compromise, data exfiltration (e.g., configuration secrets, internal keys, credentials), and service disruption. This issue has been patched in version 7.0. | ||||
| CVE-2026-29049 | 1 Chainguard-dev | 1 Melange | 2026-03-09 | 4.3 Medium |
| melange allows users to build apk packages using declarative pipelines. In version 0.40.5 and prior, melange update-cache downloads URIs from build configs via io.Copy without any size limit or HTTP client timeout (pkg/renovate/cache/cache.go). An attacker-controlled URI in a melange config can cause unbounded disk writes, exhausting disk on the build runne. There is no known patch publicly available. | ||||
| CVE-2026-29065 | 1 Dgtlmoon | 1 Changedetection.io | 2026-03-09 | N/A |
| changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, a Zip Slip vulnerability in the backup restore functionality allows arbitrary file overwrite via path traversal in uploaded ZIP archives. This issue has been patched in version 0.54.4. | ||||
| CVE-2026-29039 | 1 Dgtlmoon | 1 Changedetection.io | 2026-03-09 | N/A |
| changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, the changedetection.io application allows users to specify XPath expressions as content filters via the include_filters field. These XPath expressions are processed using the elementpath library which implements XPath 3.0/3.1 specification. XPath 3.0 includes the unparsed-text() function which can read arbitrary files from the filesystem. The application does not validate or sanitize XPath expressions to block dangerous functions, allowing an attacker to read any file accessible to the application process. This issue has been patched in version 0.54.4. | ||||
| CVE-2026-24663 | 1 Copeland | 9 Copeland Xweb 300d Pro, Copeland Xweb 500b Pro, Copeland Xweb 500d Pro and 6 more | 2026-03-09 | 9 Critical |
| An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an unauthenticated attacker to achieve remote code execution on the system by sending a crafted request to the libraries installation route and injecting malicious input into the request body. | ||||