Export limit exceeded: 336488 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (336488 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-20129 | 1 Cisco | 1 Catalyst Sd-wan Manager | 2026-03-04 | 9.8 Critical |
| A vulnerability in the API user authentication of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain access to an affected system as a user who has the netadmin role. The vulnerability is due to improper authentication for requests that are sent to the API. An attacker could exploit this vulnerability by sending a crafted request to the API of an affected system. A successful exploit could allow the attacker to execute commands with the privileges of the netadmin role. Note: Cisco Catalyst SD-WAN Manager releases 20.18 and later are not affected by this vulnerability. | ||||
| CVE-2025-70241 | 2 D-link, Dlink | 3 Dir-513, Dir-513, Dir-513 Firmware | 2026-03-04 | 9.8 Critical |
| Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWANType_Wizard5. | ||||
| CVE-2025-70239 | 2 D-link, Dlink | 3 Dir-513, Dir-513, Dir-513 Firmware | 2026-03-04 | 9.8 Critical |
| Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard55. | ||||
| CVE-2025-70237 | 2 D-link, Dlink | 3 Dir-513, Dir-513, Dir-513 Firmware | 2026-03-04 | 9.8 Critical |
| Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetPortTr. | ||||
| CVE-2025-70236 | 2 D-link, Dlink | 3 Dir-513, Dir-513, Dir-513 Firmware | 2026-03-04 | 5.3 Medium |
| Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetDomainFilter. | ||||
| CVE-2025-70234 | 2 D-link, Dlink | 3 Dir-513, Dir-513, Dir-513 Firmware | 2026-03-04 | 9.8 Critical |
| Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetQoS. | ||||
| CVE-2025-13616 | 1 Ibm | 1 Datastage On Cloud Pak For Data | 2026-03-04 | 6.5 Medium |
| IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used in further attacks against the system. | ||||
| CVE-2025-13734 | 1 Ibm | 1 Engineering Requirements Management Doors Next | 2026-03-04 | 5.4 Medium |
| IBM Engineering Requirements Management DOORS Next 7.1, and 7.2 could allow an authenticated user to view and edit data beyond their authorized access permissions. | ||||
| CVE-2025-14923 | 1 Ibm | 2 Websphere Application Server, Websphere Application Server Liberty | 2026-03-04 | 4.7 Medium |
| IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.2 IBM WebSphere Application Server Liberty could provide weaker than expected security when using the Security Utility when administering security settings. | ||||
| CVE-2026-27818 | 2 Terria, Terriajs | 2 Terriajs-server, Terriajs-server | 2026-03-04 | 7.5 High |
| TerriaJS-Server is a NodeJS Express server for TerriaJS, a library for building web-based geospatial data explorers. A validation bug in versions prior to 4.0.3 allows an attacker to proxy domains not explicitly allowed in the `proxyableDomains` configuration. Version 4.0.3 fixes the issue. | ||||
| CVE-2025-36364 | 1 Ibm | 1 Devops Plan | 2026-03-04 | 6.2 Medium |
| IBM DevOps Plan 3.0.0 through 3.0.5 allows web page cache to be stored locally which can be read by another user on the system. | ||||
| CVE-2026-1265 | 1 Ibm | 1 Infosphere Information Server | 2026-03-04 | 4.3 Medium |
| IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to writing of sensitive Information in a log file. | ||||
| CVE-2025-36363 | 1 Ibm | 1 Devops Plan | 2026-03-04 | 5.9 Medium |
| IBM DevOps Plan 3.0.0 through 3.0.5 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | ||||
| CVE-2026-3196 | 1 Qemu | 1 Qemu | 2026-03-04 | 5.5 Medium |
| An integer overflow vulnerability was found in the virtio-snd device via PCM_INFO requests from the guest. A malicious guest can provide out-of-bounds stream counts, potentially leading to unbounded memory allocation on the host and a denial of service condition. | ||||
| CVE-2026-2376 | 1 Mirror-registry | 1 Quay | 2026-03-04 | 4.9 Medium |
| No description is available for this CVE. | ||||
| CVE-2026-20435 | 6 Google, Linuxfoundation, Mediatek and 3 more | 40 Android, Yocto, Mt2737 and 37 more | 2026-03-04 | 4.6 Medium |
| In preloader, there is a possible read of device unique identifiers due to a logic error. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS10607099; Issue ID: MSV-6118. | ||||
| CVE-2026-20444 | 2 Google, Mediatek | 47 Android, Mt6739, Mt6761 and 44 more | 2026-03-04 | 6.7 Medium |
| In display, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10436995; Issue ID: MSV-5721. | ||||
| CVE-2025-47371 | 1 Qualcomm | 251 5g Fixed Wireless Access Platform, 5g Fixed Wireless Access Platform Firmware, Ar8035 and 248 more | 2026-03-04 | 6.5 Medium |
| Transient DOS when an LTE RLC packet with invalid TB is received by UE. | ||||
| CVE-2025-52365 | 1 Ccurtsinger | 1 Stabilizer | 2026-03-04 | 7.8 High |
| A command injection vulnerability in the szc script of the ccurtsinger/stabilizer repository allows remote attackers to execute arbitrary system commands via unsanitized user input passed to os.system(). The vulnerability arises from improper input handling where command-line arguments are directly concatenated into shell commands without validation | ||||
| CVE-2025-57622 | 1 Stepfun-ai | 1 Step-video-t2v | 2026-03-04 | N/A |
| An issue in Step-Video-T2V allows a remote attacker to execute arbitrary code via the /vae-api , /caption-api , feature = pickle.loads(request.get_data()) component | ||||