Export limit exceeded: 335542 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (335542 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-1628 | 2026-03-02 | 4.6 Medium | ||
| Mattermost Desktop App versions <=5.13.3 fail to attach listeners restricting navigation to external sites within the Mattermost app which allows a malicious server to expose preload script functionality to untrusted servers via having a user open an external link in their Mattermost server. Mattermost Advisory ID: MMSA-2026-00596 | ||||
| CVE-2024-47886 | 2026-03-02 | N/A | ||
| Chamilo is a learning management system. Chamillo is affected by a post-authentication phar unserialize which leads to a remote code execution (RCE) within versions 1.11.12 to 1.11.26. By abusing multiple supported features from the virtualization plugin vchamilo, the vulnerability allows an administrator to execute arbitrary code on the server. This issue has been patched in version 1.11.26. | ||||
| CVE-2024-50337 | 2026-03-02 | 5.3 Medium | ||
| Chamilo is a learning management system. Prior to version 1.11.28, the OpenId function allows anyone to send requests to any URL on server's behalf, which results in unauthenticated blind SSRF. This issue has been patched in version 1.11.28. | ||||
| CVE-2025-14532 | 2026-03-02 | N/A | ||
| DobryCMS's upload file functionality allows an unauthenticated remote attacker to upload files of any type and extension without restriction, which can result in Remote Code Execution. This issue was fixed in versions above 5.0. | ||||
| CVE-2026-24115 | 2026-03-02 | N/A | ||
| An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate the sizes of `gstup` and `gstdwn` before concatenating them into `gstruleQos` may lead to buffer overflow. | ||||
| CVE-2026-24109 | 2026-03-02 | N/A | ||
| An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `picName`. When this value is used in `sprintf` without validating variable sizes, it could lead to a buffer overflow vulnerability. | ||||
| CVE-2026-24113 | 2026-03-02 | N/A | ||
| An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `nptr`. When this value is passed into the `getMibPrefix` function and concatenated using `sprintf` without proper size validation, it could lead to a buffer overflow vulnerability. | ||||
| CVE-2025-52482 | 2026-03-02 | 8.3 High | ||
| Chamilo is a learning management system. Prior to version 1.11.30, a Stored XSS vulnerability exists in the glossary function, enabling all users with the Teachers role to inject JavaScript malicious code against the administrator. This issue has been patched in version 1.11.30. | ||||
| CVE-2026-26695 | 2026-03-02 | N/A | ||
| code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/recordstudent_edit.php. | ||||
| CVE-2026-26703 | 2026-03-02 | N/A | ||
| sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/advance_search.php. | ||||
| CVE-2026-3000 | 2026-03-02 | 9.8 Critical | ||
| IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability, allowing unauthenticated remote attackers to force the system to download arbitrary DLL files from a remote source and execute them. | ||||
| CVE-2026-24112 | 2026-03-02 | N/A | ||
| An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by specifying the value of `userInfo`. When `userInfo` is passed into the `addWewifiWhiteUser` function and processed by `sscanf` without size validation, it could lead to a buffer overflow vulnerability. | ||||
| CVE-2026-26696 | 2026-03-02 | N/A | ||
| code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/recordteacher_edit.php. | ||||
| CVE-2026-26702 | 2026-03-02 | N/A | ||
| sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/myitem_reuse.php. | ||||
| CVE-2025-47371 | 2026-03-02 | 6.5 Medium | ||
| Transient DOS when an LTE RLC packet with invalid TB is received by UE. | ||||
| CVE-2025-50199 | 2026-03-02 | N/A | ||
| Chamilo is a learning management system. Prior to version 1.11.30, there is a blind SSRF vulnerability in /index.php via the POST openid_url parameter. This issue has been patched in version 1.11.30. | ||||
| CVE-2026-24105 | 2026-03-02 | N/A | ||
| An issue was discovered in goform/formsetUsbUnload in Tenda AC15V1.0 V15.03.05.18_multi. The value of `v1` was not checked, potentially leading to a command injection vulnerability if injected into doSystemCmd. | ||||
| CVE-2026-26700 | 2026-03-02 | N/A | ||
| sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/edit_employee.php. | ||||
| CVE-2026-28360 | 2026-03-02 | N/A | ||
| NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, shared view passwords were stored in plaintext in the database and compared using direct string equality. This issue has been patched in version 0.301.3. | ||||
| CVE-2026-28396 | 2026-03-02 | N/A | ||
| NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the password reset flow did not revoke existing refresh tokens, allowing an attacker with a previously stolen refresh token to continue minting valid JWTs after the victim resets their password. This issue has been patched in version 0.301.3. | ||||