Export limit exceeded: 338740 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (338740 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-32587 | 2 Saad Iqbal, Wordpress | 2 Wp Easypay, Wordpress | 2026-03-17 | 5.4 Medium |
| Missing Authorization vulnerability in Saad Iqbal WP EasyPay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP EasyPay: from n/a through 4.2.11. | ||||
| CVE-2026-3634 | 2 Libsoup, Redhat | 2 Libsoup, Enterprise Linux | 2026-03-17 | 3.9 Low |
| A flaw was found in libsoup. An attacker controlling the value used to set the Content-Type header can inject a Carriage Return Line Feed (CRLF) sequence due to improper input sanitization in the `soup_message_headers_set_content_type()` function. This vulnerability allows for the injection of arbitrary header-value pairs, potentially leading to HTTP header injection and response splitting attacks. | ||||
| CVE-2026-4258 | 1 Bitwiseshiftleft | 1 Sjcl | 2026-03-17 | 7.5 High |
| All versions of the package sjcl are vulnerable to Improper Verification of Cryptographic Signature due to missing point-on-curve validation in sjcl.ecc.basicKey.publicKey(). An attacker can recover a victim's ECDH private key by sending crafted off-curve public keys and observing ECDH outputs. The dhJavaEc() function directly returns the raw x-coordinate of the scalar multiplication result (no hashing), providing a plaintext oracle without requiring any decryption feedback. | ||||
| CVE-2026-3059 | 2 Lmsys, Sglang | 2 Sglang, Sglang | 2026-03-17 | 9.8 Critical |
| SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, which deserializes untrusted data using pickle.loads() without authentication. | ||||
| CVE-2026-3839 | 1 Unraid | 1 Unraid | 2026-03-17 | N/A |
| Unraid Authentication Request Path Traversal Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Unraid. Authentication is not required to exploit this vulnerability. The specific flaw exists within the auth-request.php file. The issue results from the lack of proper validation of a user-supplied path prior to using it in authentications. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-28912. | ||||
| CVE-2026-3838 | 1 Unraid | 1 Unraid | 2026-03-17 | N/A |
| Unraid Update Request Path Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication is required to exploit this vulnerability. The specific flaw exists within the update.php file. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-28951. | ||||
| CVE-2022-50521 | 1 Linux | 1 Linux Kernel | 2026-03-17 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: platform/x86: mxm-wmi: fix memleak in mxm_wmi_call_mx[ds|mx]() The ACPI buffer memory (out.pointer) returned by wmi_evaluate_method() is not freed after the call, so it leads to memory leak. The method results in ACPI buffer is not used, so just pass NULL to wmi_evaluate_method() which fixes the memory leak. | ||||
| CVE-2025-30415 | 2026-03-17 | N/A | ||
| Denial of service due to improper handling of malformed input. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 40077, Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186. | ||||
| CVE-2026-32415 | 2 Bogdan Bendziukov, Wordpress | 2 Squeeze, Wordpress | 2026-03-17 | 5 Medium |
| Path Traversal: '.../...//' vulnerability in Bogdan Bendziukov Squeeze squeeze allows Path Traversal.This issue affects Squeeze: from n/a through <= 1.7.7. | ||||
| CVE-2026-32405 | 2 Wordpress, Xtemos | 2 Wordpress, Woodmart | 2026-03-17 | 5.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in xtemos WoodMart woodmart allows Retrieve Embedded Sensitive Data.This issue affects WoodMart: from n/a through <= 8.3.9. | ||||
| CVE-2026-32401 | 2 Boldgrid, Wordpress | 2 Client Invoicing By Sprout Invoices, Wordpress | 2026-03-17 | 7.2 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows PHP Local File Inclusion.This issue affects Client Invoicing by Sprout Invoices: from n/a through <= 20.8.9. | ||||
| CVE-2026-32393 | 2 Creatives Planet, Wordpress | 2 Greenly Theme Addons, Wordpress | 2026-03-17 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Creatives_Planet Greenly Theme Addons greenly-addons allows PHP Local File Inclusion.This issue affects Greenly Theme Addons: from n/a through < 8.2. | ||||
| CVE-2026-32384 | 2 Magepeopleteam, Wordpress | 2 Wpbookingly, Wordpress | 2026-03-17 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in magepeopleteam WpBookingly service-booking-manager allows PHP Local File Inclusion.This issue affects WpBookingly: from n/a through <= 1.2.9. | ||||
| CVE-2026-32372 | 2 Radiustheme, Wordpress | 2 Shopbuilder – Elementor Woocommerce Builder Addons, Wordpress | 2026-03-17 | 5.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RadiusTheme ShopBuilder – Elementor WooCommerce Builder Addons shopbuilder allows Retrieve Embedded Sensitive Data.This issue affects ShopBuilder – Elementor WooCommerce Builder Addons: from n/a through <= 3.2.4. | ||||
| CVE-2026-32364 | 2 Redqteam, Wordpress | 2 Turbo Manager, Wordpress | 2026-03-17 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in redqteam Turbo Manager turbo-manager allows PHP Local File Inclusion.This issue affects Turbo Manager: from n/a through < 4.0.8. | ||||
| CVE-2026-32344 | 2 Desertthemes, Wordpress | 2 Corpiva, Wordpress | 2026-03-17 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in desertthemes Corpiva corpiva allows Cross Site Request Forgery.This issue affects Corpiva: from n/a through <= 1.0.96. | ||||
| CVE-2026-31857 | 1 Craftcms | 2 Craft Cms, Craftcms | 2026-03-17 | 8.8 High |
| Craft is a content management system (CMS). Prior to 5.9.9 and 4.17.4, a Remote Code Execution vulnerability exists in the Craft CMS 5 conditions system. The BaseElementSelectConditionRule::getElementIds() method passes user-controlled string input through renderObjectTemplate() -- an unsandboxed Twig rendering function with escaping disabled. Any authenticated Control Panel user (including non-admin roles such as Author or Editor) can achieve full RCE by sending a crafted condition rule via standard element listing endpoints. This vulnerability requires no admin privileges, no special permissions beyond basic control panel access, and bypasses all production hardening settings (allowAdminChanges: false, devMode: false, enableTwigSandbox: true). Users should update to the patched 5.9.9 or 4.17.4 release to mitigate the issue. | ||||
| CVE-2022-50522 | 1 Linux | 1 Linux Kernel | 2026-03-17 | 3.3 Low |
| In the Linux kernel, the following vulnerability has been resolved: mcb: mcb-parse: fix error handing in chameleon_parse_gdd() If mcb_device_register() returns error in chameleon_parse_gdd(), the refcount of bus and device name are leaked. Fix this by calling put_device() to give up the reference, so they can be released in mcb_release_dev() and kobject_cleanup(). | ||||
| CVE-2022-50518 | 1 Linux | 1 Linux Kernel | 2026-03-17 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: parisc: Fix locking in pdc_iodc_print() firmware call Utilize pdc_lock spinlock to protect parallel modifications of the iodc_dbuf[] buffer, check length to prevent buffer overflow of iodc_dbuf[], drop the iodc_retbuf[] buffer and fix some wrong indentings. | ||||
| CVE-2025-22978 | 1 Eladmin | 1 Eladmin | 2026-03-17 | 9.8 Critical |
| eladmin <=2.7 is vulnerable to CSV Injection in the exception log download module. | ||||