Export limit exceeded: 335508 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (335508 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-47375 | 2026-03-02 | 7.8 High | ||
| Memory corruption while handling different IOCTL calls from the user-space simultaneously. | ||||
| CVE-2025-47379 | 2026-03-02 | 7.8 High | ||
| Memory Corruption when concurrent access to shared buffer occurs due to improper synchronization between assignment and deallocation of buffer resources. | ||||
| CVE-2025-47385 | 2026-03-02 | 7.8 High | ||
| Memory Corruption when accessing trusted execution environment without proper privilege check. | ||||
| CVE-2025-47386 | 2026-03-02 | 7.8 High | ||
| Memory Corruption while invoking IOCTL calls when concurrent access to shared buffer occurs. | ||||
| CVE-2026-28357 | 2026-03-02 | N/A | ||
| NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, a stored XSS vulnerability exists in the Formula virtual cell. Formula results containing URI::() patterns are rendered via v-html without sanitization, allowing injected HTML to execute. This issue has been patched in version 0.301.3. | ||||
| CVE-2026-24105 | 2026-03-02 | N/A | ||
| An issue was discovered in goform/formsetUsbUnload in Tenda AC15V1.0 V15.03.05.18_multi. The value of `v1` was not checked, potentially leading to a command injection vulnerability if injected into doSystemCmd. | ||||
| CVE-2025-52564 | 2026-03-02 | N/A | ||
| Chamilo is a learning management system. Prior to version 1.11.30, the open parameter of help.php fails to properly sanitize user input. This allows an attacker to inject arbitrary HTML, such as underlined text, via a crafted URL. This issue has been patched in version 1.11.30. | ||||
| CVE-2026-26700 | 2026-03-02 | N/A | ||
| sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/edit_employee.php. | ||||
| CVE-2026-26708 | 2026-03-02 | N/A | ||
| sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_user.php. | ||||
| CVE-2025-52998 | 2026-03-02 | N/A | ||
| Chamilo is a learning management system. Prior to version 1.11.30, in the application, deserialization of data is performed, the data can be spoofed. An attacker can create objects of arbitrary classes, as well as fully control their properties, and thus modify the logic of the web application's operation. This issue has been patched in version 1.11.30. | ||||
| CVE-2025-59600 | 2026-03-02 | 7.8 High | ||
| Memory Corruption when adding user-supplied data without checking available buffer space. | ||||
| CVE-2026-23865 | 2026-03-02 | 5.3 Medium | ||
| An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2. | ||||
| CVE-2026-21385 | 2026-03-02 | 7.8 High | ||
| Memory corruption while using alignments for memory allocation. | ||||
| CVE-2026-28358 | 2026-03-02 | N/A | ||
| NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the password forgot endpoint returned different responses for registered and unregistered emails, allowing user enumeration. This issue has been patched in version 0.301.3. | ||||
| CVE-2026-26720 | 2026-03-02 | 9.8 Critical | ||
| An issue in Twenty CRM v1.15.0 and before allows a remote attacker to execute arbitrary code via the local.driver.ts module. | ||||
| CVE-2026-28360 | 2026-03-02 | N/A | ||
| NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, shared view passwords were stored in plaintext in the database and compared using direct string equality. This issue has been patched in version 0.301.3. | ||||
| CVE-2025-47376 | 2026-03-02 | 7.8 High | ||
| Memory Corruption when concurrent access to shared buffer occurs during IOCTL calls. | ||||
| CVE-2026-28361 | 2026-03-02 | N/A | ||
| NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the MCP token service did not validate token ownership, allowing a Creator within the same base to read, regenerate, or delete another user's MCP tokens if the token ID was known. This issue has been patched in version 0.301.3. | ||||
| CVE-2025-47378 | 2026-03-02 | 7.1 High | ||
| Cryptographic Issue when a shared VM reference allows HLOS to boot loader and access cert chain. | ||||
| CVE-2026-28396 | 2026-03-02 | N/A | ||
| NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the password reset flow did not revoke existing refresh tokens, allowing an attacker with a previously stolen refresh token to continue minting valid JWTs after the victim resets their password. This issue has been patched in version 0.301.3. | ||||