Export limit exceeded: 335648 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (335648 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-66680 | 2026-03-03 | N/A | ||
| An issue in the WiseDelfile64.sys component of WiseCleaner Wise Force Deleter 7.3.2 and earlier allows attackers to delete arbitrary files via a crafted request. | ||||
| CVE-2026-20777 | 2026-03-03 | 8.1 High | ||
| A heap-based buffer overflow vulnerability exists in the Nicolet WFT parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (db9a9a63). A specially crafted .wft file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2025-70821 | 2026-03-03 | N/A | ||
| renren-secuity before v5.5.0 is vulnerable to SQL Injection in the BaseServiceImpl.java component | ||||
| CVE-2025-52365 | 2026-03-03 | 7.8 High | ||
| A command injection vulnerability in the szc script of the ccurtsinger/stabilizer repository allows remote attackers to execute arbitrary system commands via unsanitized user input passed to os.system(). The vulnerability arises from improper input handling where command-line arguments are directly concatenated into shell commands without validation | ||||
| CVE-2026-2637 | 1 Iboysoft | 1 Iboysoft Ntfs | 2026-03-03 | N/A |
| iBoysoft NTFS for Mac contains a local privilege escalation vulnerability in its privileged helper daemon ntfshelperd. The daemon exposes an NSConnection service that runs as root without implementing any authentication or authorization checks. This issue affects iBoysoft NTFS: 8.0.0. | ||||
| CVE-2026-24103 | 2026-03-03 | N/A | ||
| A buffer overflow vulnerability was discovered in goform/formSetMacFilterCfg in Tenda AC15V1.0 V15.03.05.18_multi. | ||||
| CVE-2026-22886 | 2026-03-03 | 9.8 Critical | ||
| OpenMQ exposes a TCP-based management service (imqbrokerd) that by default requires authentication. However, the product ships with a default administrative account (admin/ admin) and does not enforce a mandatory password change on first use. After the first successful login, the server continues to accept the default password indefinitely without warning or enforcement. In real-world deployments, this service is often left enabled without changing the default credentials. As a result, a remote attacker with access to the service port could authenticate as an administrator and gain full control of the protocol’s administrative features. | ||||
| CVE-2026-1874 | 2026-03-03 | N/A | ||
| Always-Incorrect Control Flow Implementation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP versions 1.106 and prior and Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP all versions allows a remote attacker to cause a denial-of-service (DoS) condition on the products by continuously sending UDP packets to the products. A system reset of the product is required for recovery. | ||||
| CVE-2025-57622 | 2026-03-03 | N/A | ||
| An issue in Step-Video-T2V allows a remote attacker to execute arbitrary code via the /vae-api , /caption-api , feature = pickle.loads(request.get_data()) component | ||||
| CVE-2026-3344 | 1 Watchguard | 1 Fireware Os | 2026-03-03 | N/A |
| A vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS filesystem integrity check and maintain limited persistence via a maliciously-crafted firmware update package.This issue affects Fireware OS 12.0 up to and including 12.11.7, 12.5.9 up to and including 12.5.16, and 2025.1 up to and including 2026.1.1. | ||||
| CVE-2026-3337 | 2026-03-03 | 5.9 Medium | ||
| Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an unauthenticated user to potentially determine authentication tag validity via timing analysis. The impacted implementations are through the EVP CIPHER API: EVP_aes_128_ccm, EVP_aes_192_ccm, and EVP_aes_256_ccm. Customers of AWS services do not need to take action. Applications using AWS-LC should upgrade to AWS-LC version 1.69.0. | ||||
| CVE-2026-3336 | 2026-03-03 | 7.5 High | ||
| Improper certificate validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the final signer. Customers of AWS services do not need to take action. Applications using AWS-LC should upgrade to AWS-LC version 1.69.0. | ||||
| CVE-2025-59059 | 2026-03-03 | 9.8 Critical | ||
| Remote Code Execution Vulnerability in NashornScriptEngineCreator is reported in Apache Ranger versions <= 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue. | ||||
| CVE-2025-47147 | 2026-03-03 | 5.7 Medium | ||
| Cleartext Storage of Sensitive Information (CWE-312) in the Command Centre Mobile Client on Android and iOS could allow an attacker with access to a logged-in Operator's mobile device to extract the session token and exploit access for a limited duration. This issue affects Command Centre Mobile Client versions prior to 9.40.123. | ||||
| CVE-2026-3486 | 2026-03-03 | 4.7 Medium | ||
| A vulnerability has been found in itsourcecode College Management System 1.0. This vulnerability affects unknown code of the file /admin/student-fee.php. Such manipulation of the argument roll_no leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-3485 | 2026-03-03 | 9.8 Critical | ||
| A flaw has been found in D-Link DIR-868L 110b03. This affects the function sub_1BF84 of the component SSDP Service. This manipulation of the argument ST causes os command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2026-25906 | 2026-03-03 | 7.3 High | ||
| Dell Optimizer, versions prior to 6.3.1, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges. | ||||
| CVE-2025-13688 | 1 Ibm | 1 Datastage On Cloud Pak For Data | 2026-03-03 | 6.3 Medium |
| IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the wrapped command component. | ||||
| CVE-2025-13687 | 1 Ibm | 1 Datastage On Cloud Pak For Data | 2026-03-03 | 6.3 Medium |
| IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the user-defined function component. | ||||
| CVE-2025-13686 | 1 Ibm | 1 Datastage On Cloud Pak For Data | 2026-03-03 | 6.3 Medium |
| IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the job subroutine component. | ||||