Export limit exceeded: 334648 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 334648 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (334648 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-2798 | 2026-02-24 | 8.8 High | ||
| Use-after-free in the DOM: Core & HTML component. This vulnerability affects Firefox < 148 and Thunderbird < 148. | ||||
| CVE-2026-25603 | 2026-02-24 | 6.6 Medium | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Linksys MR9600, Linksys MX4200 allows that contents of a USB drive partition can be mounted in an arbitrary location of the file system. This may result in the execution of shell scripts in the context of a root user.This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200. | ||||
| CVE-2026-23984 | 2026-02-24 | N/A | ||
| An Improper Input Validation vulnerability exists in Apache Superset that allows an authenticated user with SQLLab access to bypass the read-only verification check when using a PostgreSQL database connection. While the system effectively blocks standard Data Manipulation Language (DML) statements (e.g., INSERT, UPDATE, DELETE) on read-only connections, it fails to detect them in specially crafted SQL statements. This issue affects Apache Superset: before 6.0.0. Users are recommended to upgrade to version 6.0.0, which fixes the issue. | ||||
| CVE-2026-23983 | 2026-02-24 | N/A | ||
| A Sensitive Data Exposure vulnerability exists in Apache Superset allowing authenticated users to retrieve sensitive user information. The Tag endpoint (disabled by default) allows users to retrieve a list of objects associated with a specific tag. When these associated objects include Users, the API response improperly serializes and returns sensitive fields, including password hashes (pbkdf2), email addresses, and login statistics. This vulnerability allows authenticated users with low privileges (e.g., Gamma role) to view sensitive authentication data This issue affects Apache Superset: before 6.0.0. Users are recommended to upgrade to version 6.0.0, which fixes the issue or make sure TAGGING_SYSTEM is False (Apache Superset current default) | ||||
| CVE-2026-23982 | 2026-02-24 | N/A | ||
| An Improper Authorization vulnerability exists in Apache Superset that allows a low-privileged user to bypass data access controls. When creating a dataset, Superset enforces permission checks to prevent users from querying unauthorized data. However, an authenticated attacker with permissions to write datasets and read charts can bypass these checks by overwriting the SQL query of an existing dataset. This issue affects Apache Superset: before 6.0.0. Users are recommended to upgrade to version 6.0.0, which fixes the issue. | ||||
| CVE-2026-23980 | 2026-02-24 | N/A | ||
| Improper Neutralization of Special Elements used in a SQL Command ('SQL Injection') vulnerability in Apache Superset allows an authenticated user with read access to conduct error-based SQL injection via the sqlExpression or where parameters. This issue affects Apache Superset: before 6.0.0. Users are recommended to upgrade to version 6.0.0, which fixes the issue. | ||||
| CVE-2026-23969 | 2026-02-24 | N/A | ||
| Apache Superset utilizes a configurable dictionary, DISALLOWED_SQL_FUNCTIONS, to restrict the execution of potentially sensitive SQL functions within SQL Lab and charts. While this feature included restrictions for engines like PostgreSQL, a vulnerability was reported where the default list for the ClickHouse engine was incomplete. This issue affects Apache Superset: before 4.1.2. Users are recommended to upgrade to version 4.1.2, which fixes the issue. | ||||
| CVE-2026-23693 | 2 Roxnor, Wordpress | 2 Elementskit Lite, Wordpress | 2026-02-24 | 10 Critical |
| ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor (elementskit-lite) WordPress plugin versions prior to 3.7.9 expose the REST endpoint /wp-json/elementskit/v1/widget/mailchimp/subscribe without authentication. The endpoint accepts client-supplied Mailchimp API credentials and insufficiently validates certain parameters, including the list parameter, when constructing upstream Mailchimp API requests. An unauthenticated attacker can abuse the endpoint as an open proxy to Mailchimp, potentially triggering unauthorized API calls, manipulating subscription data, exhausting API quotas, or causing resource consumption on the affected WordPress site. | ||||
| CVE-2026-22381 | 2 Mikado-themes, Wordpress | 2 Pawfriends - Pet Shop And Veterinary Wordpress Theme, Wordpress | 2026-02-24 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes PawFriends - Pet Shop and Veterinary WordPress Theme pawfriends allows PHP Local File Inclusion.This issue affects PawFriends - Pet Shop and Veterinary WordPress Theme: from n/a through <= 1.3. | ||||
| CVE-2026-22365 | 2 Axiomthemes, Wordpress | 2 Soleng, Wordpress | 2026-02-24 | 9.8 Critical |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Soleng soleng allows PHP Local File Inclusion.This issue affects Soleng: from n/a through <= 1.0.5. | ||||
| CVE-2022-0762 | 1 Microweber | 1 Microweber | 2026-02-24 | 5.5 Medium |
| Incorrect Authorization in GitHub repository microweber/microweber prior to 1.3. | ||||
| CVE-2022-0611 | 1 Snipeitapp | 1 Snipe-it | 2026-02-24 | 6.3 Medium |
| Missing Authorization in Packagist snipe/snipe-it prior to 5.3.11. | ||||
| CVE-2022-0588 | 1 Librenms | 1 Librenms | 2026-02-24 | 7.1 High |
| Missing Authorization in Packagist librenms/librenms prior to 22.2.0. | ||||
| CVE-2022-0580 | 1 Librenms | 1 Librenms | 2026-02-24 | 7.1 High |
| Incorrect Authorization in Packagist librenms/librenms prior to 22.2.0. | ||||
| CVE-2022-0579 | 1 Snipeitapp | 1 Snipe-it | 2026-02-24 | 6.5 Medium |
| Missing Authorization in Packagist snipe/snipe-it prior to 5.3.9. | ||||
| CVE-2022-0569 | 1 Snipeitapp | 1 Snipe-it | 2026-02-24 | 5.3 Medium |
| Observable Discrepancy in Packagist snipe/snipe-it prior to v5.3.9. | ||||
| CVE-2022-0565 | 1 Pimcore | 1 Pimcore | 2026-02-24 | 7.6 High |
| Cross-site Scripting in Packagist pimcore/pimcore prior to 10.3.1. | ||||
| CVE-2022-0536 | 2 Follow-redirects Project, Redhat | 7 Follow-redirects, Acm, Openshift Data Foundation and 4 more | 2026-02-24 | 2.6 Low |
| Improper Removal of Sensitive Information Before Storage or Transfer in NPM follow-redirects prior to 1.14.8. | ||||
| CVE-2022-0528 | 1 Transloadit | 1 Uppy | 2026-02-24 | 6.5 Medium |
| Server-Side Request Forgery (SSRF) in GitHub repository transloadit/uppy prior to 3.3.1. | ||||
| CVE-2022-0355 | 1 Simple-get Project | 1 Simple-get | 2026-02-24 | 8.8 High |
| Improper Removal of Sensitive Information Before Storage or Transfer in NPM simple-get prior to 4.0.1. | ||||