Export limit exceeded: 336242 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (336242 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-27012 | 1 Devcode | 1 Openstamanager | 2026-03-05 | 9.8 Critical |
| OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, a privilege escalation and authentication bypass vulnerability in OpenSTAManager allows any attacker to arbitrarily change a user's group (idgruppo) by directly calling modules/utenti/actions.php. This can promote an existing account (e.g. agent) into the Amministratori group as well as demote any user including existing administrators. | ||||
| CVE-2025-64736 | 2 Libbiosig Project, The Biosig Project | 2 Libbiosig, Libbiosig | 2026-03-05 | 6.1 Medium |
| An out-of-bounds read vulnerability exists in the ABF parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (5462afb0). A specially crafted .abf file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2026-20777 | 2 Libbiosig Project, The Biosig Project | 2 Libbiosig, Libbiosig | 2026-03-05 | 8.1 High |
| A heap-based buffer overflow vulnerability exists in the Nicolet WFT parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (db9a9a63). A specially crafted .wft file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2026-22891 | 2 Libbiosig Project, The Biosig Project | 2 Libbiosig, Libbiosig | 2026-03-05 | 9.8 Critical |
| A heap-based buffer overflow vulnerability exists in the Intan CLP parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (db9a9a63). A specially crafted Intan CLP file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2026-22285 | 1 Dell | 2 Device Management Agent, Device Management Agent (ddma) | 2026-03-05 | 4.4 Medium |
| Dell Device Management Agent (DDMA), versions prior to 26.02, contain a Plaintext Storage of Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized Access. | ||||
| CVE-2026-26478 | 1 Mobvoi | 3 Tichome Mini, Tichome Mini Firmware, Tichome Mini Smart Speaker | 2026-03-05 | 9.8 Critical |
| A shell command injection vulnerability in Mobvoi Tichome Mini smart speaker 012-18853 and 027-58389 allows remote attackers to send a specially crafted UDP datagram and execute arbitrary shell code as the root account. | ||||
| CVE-2026-26514 | 1 Xddxdd | 1 Bird-lg-go | 2026-03-05 | 7.5 High |
| An Argument Injection vulnerability exists in bird-lg-go before commit 6187a4e. The traceroute module uses shlex.Split to parse user input without validation, allowing remote attackers to inject arbitrary flags (e.g., -w, -q) via the q parameter. This can be exploited to cause a Denial of Service (DoS) by exhausting system resources. | ||||
| CVE-2026-26673 | 1 Dji | 8 Mavic Air, Mavic Mini, Mavic Mini Firmware and 5 more | 2026-03-05 | 7.5 High |
| An issue in DJI Mavic Mini, Spark, Mavic Air, Mini, Mini SE 0.1.00.0500 and below allows a remote attacker to cause a denial of service via the DJI Enhanced-WiFi transmission subsystem | ||||
| CVE-2026-3439 | 1 Sonicwall | 33 Nsa 2700, Nsa 2800, Nsa 3700 and 30 more | 2026-03-05 | 4.9 Medium |
| A post-authentication Stack-based Buffer Overflow vulnerability in SonicOS certificate handling allows a remote attacker to crash a firewall. | ||||
| CVE-2026-25554 | 1 Opensips | 1 Opensips | 2026-03-05 | 6.5 Medium |
| OpenSIPS versions 3.1 before 3.6.4 containing the auth_jwt module (prior to commit 3822d33) contain a SQL injection vulnerability in the jwt_db_authorize() function in modules/auth_jwt/authorize.c when db_mode is enabled and a SQL database backend is used. The function extracts the tag claim from a JWT without prior signature verification and incorporates the unescaped value directly into a SQL query. An attacker can supply a crafted JWT with a malicious tag claim to manipulate the query result and bypass JWT authentication, allowing impersonation of arbitrary identities. | ||||
| CVE-2026-26228 | 1 Videolan | 2 Vlc, Vlc For Android | 2026-03-05 | 4.9 Medium |
| VideoLAN VLC for Android prior to version 3.7.0 contains a path traversal vulnerability in the Remote Access Server routing for the authenticated endpoint GET /download. The file query parameter is concatenated into a filesystem path under the configured download directory without canonicalization or directory containment checks, allowing an authenticated attacker with network reachability to the Remote Access Server to request files outside the intended directory. The impact is bounded by the Android application sandbox and storage restrictions, typically limiting exposure to app-internal and app-specific external storage. | ||||
| CVE-2026-27932 | 2 Authlib, Hsiaoming | 2 Joserfc, Joserfc | 2026-03-05 | 7.5 High |
| joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption (JOSE) standards. In 1.6.2 and earlier, a resource exhaustion vulnerability in joserfc allows an unauthenticated attacker to cause a Denial of Service (DoS) via CPU exhaustion. When the library decrypts a JSON Web Encryption (JWE) token using Password-Based Encryption (PBES2) algorithms, it reads the p2c (PBES2 Count) parameter directly from the token's protected header. This parameter defines the number of iterations for the PBKDF2 key derivation function. Because joserfc does not validate or bound this value, an attacker can specify an extremely large iteration count (e.g., 2^31 - 1), forcing the server to expend massive CPU resources processing a single token. This vulnerability exists at the JWA layer and impacts all high-level JWE and JWT decryption interfaces if PBES2 algorithms are allowed by the application's policy. | ||||
| CVE-2026-27971 | 2 Qwik, Qwikdev | 2 Qwik, Qwik | 2026-03-05 | 9.8 Critical |
| Qwik is a performance focused javascript framework. qwik <=1.19.0 is vulnerable to RCE due to an unsafe deserialization vulnerability in the server$ RPC mechanism that allows any unauthenticated user to execute arbitrary code on the server with a single HTTP request. Affects any deployment where require() is available at runtime. This vulnerability is fixed in 1.19.1. | ||||
| CVE-2025-62879 | 1 Suse | 2 Rancher, Rancher Backup And Restore Operator | 2026-03-05 | 6.8 Medium |
| A vulnerability has been identified within the Rancher Backup Operator, resulting in the leakage of S3 tokens (both accessKey and secretKey) into the rancher-backup-operator pod's logs. | ||||
| CVE-2026-27981 | 1 Sysadminsmedia | 1 Homebox | 2026-03-05 | 7.4 High |
| HomeBox is a home inventory and organization system. Prior to 0.24.0, the authentication rate limiter (authRateLimiter) tracks failed attempts per client IP. It determines the client IP by reading, 1. X-Real-IP header, 2. First entry of X-Forwarded-For header, and 3. r.RemoteAddr (TCP connection address). These headers were read unconditionally. An attacker connecting directly to Homebox could forge any value in X-Real-IP, effectively getting a fresh rate limit identity per request. There is a TrustProxy option in the configuration (Options.TrustProxy, default false), but this option was never read by any middleware or rate limiter code. Additionally, chi's middleware.RealIP was applied unconditionally in main.go, overwriting r.RemoteAddr with the forged header value before it reaches any handler. This vulnerability is fixed in 0.24.0. | ||||
| CVE-2025-14532 | 2 Studio Fabryka, Studiofabryka | 2 Dobrycms, Dorbycms | 2026-03-05 | 9.8 Critical |
| DobryCMS's upload file functionality allows an unauthenticated remote attacker to upload files of any type and extension without restriction, which can result in Remote Code Execution. This issue was fixed in versions above 5.0. | ||||
| CVE-2026-27812 | 2 Sub2api, Wei-shaw | 2 Sub2api, Sub2api | 2026-03-05 | 9.1 Critical |
| Sub2API is an AI API gateway platform designed to distribute and manage API quotas from AI product subscriptions. A vulnerability in versions prior to 0.1.85 is a Password Reset Poisoning (Host Header / Forwarded Header trust issue), which allows attackers to manipulate the password reset link. Attackers can exploit this flaw to inject their own domain into the password reset link, leading to the potential for account takeover. The vulnerability has been fixed in version v0.1.85. If upgrading is not immediately possible, users can mitigate the vulnerability by disabling the "forgot password" feature until an upgrade to a patched version can be performed. This will prevent attackers from exploiting the vulnerability via the affected endpoint. | ||||
| CVE-2023-31324 | 1 Amd | 28 Instinct Mi210, Instinct Mi250, Instinct Mi300a and 25 more | 2026-03-05 | 7.8 High |
| A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to modify External Global Memory Interconnect Trusted Agent (XGMI TA) commands as they are processed potentially resulting in loss of confidentiality, integrity, or availability. | ||||
| CVE-2023-20548 | 1 Amd | 28 Instinct Mi210, Instinct Mi250, Instinct Mi300a and 25 more | 2026-03-05 | 7.8 High |
| A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to corrupt memory resulting in loss of integrity, confidentiality, or availability. | ||||
| CVE-2026-22256 | 2 Salvo, Salvo-rs | 2 Salvo, Salvo | 2026-03-05 | 8.8 High |
| Salvo is a Rust web backend framework. Prior to version 0.88.1, the function list_html generate an file view of a folder which include a render of the current path, in which its inserted in the HTML without proper sanitation, this leads to reflected XSS using the fact that request path is decoded and normalized in the matching stage but not is inserted raw in the html view (current.path), the only constraint here is for the root path (eg. /files in the PoC example) to have a sub directory (e.g common ones styles/scripts/etc…) so that the matching return the list HTML page instead of the Not Found page. This issue has been patched in version 0.88.1. | ||||