Export limit exceeded: 326342 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (326342 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-50195 | 2026-03-02 | N/A | ||
| Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/manage.controller.php. This issue has been patched in version 1.11.30. | ||||
| CVE-2026-26709 | 2026-03-02 | N/A | ||
| code-projects Simple Gym Management System v1.0 is vulnerable to SQL Injection in /gym/trainer_search.php. | ||||
| CVE-2025-47373 | 2026-03-02 | 7.8 High | ||
| Memory Corruption when accessing buffers with invalid length during TA invocation. | ||||
| CVE-2025-47371 | 2026-03-02 | 6.5 Medium | ||
| Transient DOS when an LTE RLC packet with invalid TB is received by UE. | ||||
| CVE-2026-28412 | 2026-03-02 | 6.5 Medium | ||
| Textream is a free macOS teleprompter app. Prior to version 1.5.1, the `DirectorServer` WebSocket server imposes no limit on concurrent connections. Combined with a broadcast timer that sends state to all connected clients every 100 ms, an attacker can exhaust CPU and memory by flooding the server with connections, causing the Textream application to freeze and crash during a live session. Version 1.5.1 fixes the issue. | ||||
| CVE-2026-25884 | 2026-03-02 | N/A | ||
| Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found. The vulnerability is in the CRW image parser. This issue has been patched in version 0.28.8. | ||||
| CVE-2025-30042 | 2026-03-02 | N/A | ||
| The CGM CLININET system provides smart card authentication; however, authentication is conducted locally on the client device, and, in reality, only the certificate number is used for access verification. As a result, possession of the certificate number alone is sufficient for authentication, regardless of the actual presence of the smart card or ownership of the private key. | ||||
| CVE-2025-30044 | 2026-03-02 | N/A | ||
| In the endpoints "/cgi-bin/CliniNET.prd/utils/usrlogstat_simple.pl", "/cgi-bin/CliniNET.prd/utils/usrlogstat.pl", "/cgi-bin/CliniNET.prd/utils/userlogstat2.pl", and "/cgi-bin/CliniNET.prd/utils/dblogstat.pl", the parameters are not sufficiently normalized, which enables code injection. | ||||
| CVE-2025-30062 | 2026-03-02 | N/A | ||
| In the "CheckUnitCodeAndKey.pl" service, the "validateOrgUnit" function is vulnerable to SQL injection. | ||||
| CVE-2025-58107 | 2026-03-02 | 7.5 High | ||
| In Microsoft Exchange through 2019, Exchange ActiveSync (EAS) configurations on on-premises servers may transmit sensitive data from Samsung mobile devices in cleartext, including the user's name, e-mail address, device ID, bearer token, and base64-encoded password. | ||||
| CVE-2025-58402 | 2026-03-02 | N/A | ||
| The CGM CLININET application uses direct, sequential object identifiers "MessageID" without proper authorization checks. By modifying the parameter in the GET request, an attacker can access messages and attachments belonging to other users. | ||||
| CVE-2025-58405 | 2026-03-02 | N/A | ||
| The CGM CLININET application does not implement any mechanisms that prevent clickjacking attacks, neither HTTP security headers nor HTML-based frame‑busting protections were detected. As a result, an attacker can embed the application inside a maliciously crafted IFRAME and trick users into performing unintended actions, including potentially bypassing CSRF/XSRF defenses. | ||||
| CVE-2026-0995 | 2026-03-02 | 3.6 Low | ||
| An issue has been identified in Arm C1-Pro before r1p2-50eac0, where, under certain conditions, a TLBI+DSB might fail to ensure the completion of memory accesses related to SME. | ||||
| CVE-2026-24101 | 2026-03-02 | 9.8 Critical | ||
| An issue was discovered in goform/formSetIptv in Tenda AC15V1.0 V15.03.05.18_multi. When the condition is met, `s1_1` will be passed into sub_B0488, concatenated into `doSystemCmd`. The value of s1_1 is not validated, potentially leading to a command injection vulnerability. | ||||
| CVE-2026-26703 | 2026-03-02 | N/A | ||
| sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/advance_search.php. | ||||
| CVE-2026-3422 | 2026-03-02 | 9.8 Critical | ||
| U-Office Force developed by e-Excellence has a Insecure Deserialization vulnerability, allowing unauthenticated remote attackers to execute arbitrary code on the server by sending maliciously crafted serialized content. | ||||
| CVE-2025-66880 | 2026-03-02 | 6.1 Medium | ||
| Cross Site Scripting vulnerability in Wethink Technology Inc 720yun pano-sdk 0.5.877 allows a remote attacker to execute arbitrary code via the LoginComp (Module 2093) and SignupComp (Module 2094) modules. | ||||
| CVE-2025-10350 | 2026-03-02 | N/A | ||
| SQL Injection vulnerability in "imageserver" module when processing C-FIND queries in CGM NETRAAD software allows attacker connected to PACS gaining access to database, including data processed by GCM CLININET software.This issue affects CGM NETRAAD with imageserver module in versions before 7.9.0. | ||||
| CVE-2025-47384 | 2026-03-02 | 6.5 Medium | ||
| Transient DOS when MAC configures config id greater than supported maximum value. | ||||
| CVE-2026-2999 | 2026-03-02 | 9.8 Critical | ||
| IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability, allowing unauthenticated remote attackers to force the system to download arbitrary executable files from a remote source and execute them. | ||||