Export limit exceeded: 333385 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (333385 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-4218 | 2026-03-16 | 2.5 Low | ||
| A vulnerability was detected in myAEDES App up to 1.18.4 on Android. Affected is an unknown function of the file aedes/me/beta/utils/EngageBayUtils.java of the component aedes.me.beta. Performing a manipulation of the argument AUTH_KEY results in information disclosure. The attack is only possible with local access. The attack's complexity is rated as high. The exploitability is told to be difficult. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-3020 | 1 Wakyma | 1 Wakyma Application Web | 2026-03-16 | N/A |
| Identity based authorization bypass vulnerability (IDOR) that allows an attacker to modify the data of a legitimate user account, such as changing the victim's email address, validating the new email address, and requesting a new password. This could allow them to take complete control of other users' legitimate accounts | ||||
| CVE-2026-4219 | 2026-03-16 | 3.3 Low | ||
| A flaw has been found in INDEX Conferences & Exhibitions Organization YWF BPOF APGCS App up to 1.0.2 on Android. Affected by this vulnerability is an unknown functionality of the file com/index/event/BuildConfig.java of the component ae.index.apgcs. Executing a manipulation of the argument ACCESS_KEY/HASH_KEY can lead to hard-coded credentials. The attack is restricted to local execution. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-3021 | 1 Wakyma | 1 Wakyma Application Web | 2026-03-16 | N/A |
| Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/centro/equipo/empleado'. This vulnerability could allow an authenticated user to alter a GET request to the affected endpoint for the purpose of injecting special NoSQL commands. This would lead to the enumeration of sensitive employee data. | ||||
| CVE-2026-3022 | 1 Wakyma | 1 Wakyma Application Web | 2026-03-16 | N/A |
| Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/hospitalization/generate-hospitalization-summary'. This vulnerability could allow an authenticated user to alter a POST request to the affected endpoint for the purpose of injecting special NoSQL commands, resulting in the attacker being able to obtain customer reports. | ||||
| CVE-2026-4220 | 2026-03-16 | 7.3 High | ||
| A vulnerability has been found in Technologies Integrated Management Platform 7.17.0. Affected by this issue is some unknown functionality of the file /SetWebpagePic.jsp. The manipulation of the argument targetPath/Suffix leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-4221 | 2026-03-16 | 7.3 High | ||
| A vulnerability was found in Tiandy Easy7 Integrated Management Platform 7.17.0. This affects an unknown part of the file /rest/file/uploadLedImage of the component Endpoint. The manipulation of the argument File results in unrestricted upload. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-4222 | 1 Sscms | 1 Sscms | 2026-03-16 | 3.8 Low |
| A vulnerability was determined in SSCMS up to 7.4.0. This vulnerability affects the function PathUtils.RemoveParentPath of the file /api/admin/plugins/install/actions/download. This manipulation of the argument path causes path traversal. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-52649 | 2026-03-16 | 1.8 Low | ||
| HCL AION is affected by a vulnerability where certain identifiers may be predictable in nature. Predictable identifiers may allow an attacker to infer or guess system-generated values, potentially leading to limited information disclosure or unintended access under specific conditions. | ||||
| CVE-2025-52648 | 2026-03-16 | 4.8 Medium | ||
| HCL AION is affected by a vulnerability where offering images are not digitally signed. Lack of image signing may allow the use of unverified or tampered images, potentially leading to security risks such as integrity compromise or unintended behavior in the system | ||||
| CVE-2025-52646 | 2026-03-16 | 2.2 Low | ||
| HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific conditions. | ||||
| CVE-2025-52645 | 2026-03-16 | 1.9 Low | ||
| HCL AION is affected by a vulnerability where model packaging and distribution mechanisms may not include sufficient authenticity verification. This may allow the possibility of unverified or modified model artifacts being used, potentially leading to integrity concerns or unintended behaviour. | ||||
| CVE-2025-52644 | 2026-03-16 | 5.8 Medium | ||
| HCL AION is affected by a vulnerability where certain user actions are not adequately audited or logged. The absence of proper auditing mechanisms may reduce traceability of user activities and could potentially impact monitoring, accountability, or incident investigation processes. | ||||
| CVE-2025-52643 | 2026-03-16 | 4.7 Medium | ||
| HCL AION is affected by a vulnerability where untrusted file parsing operations are not executed within a properly isolated sandbox environment. This may expose the application to potential security risks, including unintended behaviour or integrity impact when processing specially crafted files. | ||||
| CVE-2025-52642 | 2026-03-16 | 3.3 Low | ||
| HCL AION is affected by a vulnerability where internal filesystem paths may be exposed through application responses or system behaviour. Exposure of internal paths may reveal environment structure details which could potentially aid in further targeted attacks or information disclosure. | ||||
| CVE-2025-52638 | 2026-03-16 | 5.6 Medium | ||
| HCL AION is affected by a vulnerability where container base images are not properly authenticated. This may expose the system to potential security risks such as usage of untrusted container images, which could lead to unintended behaviour or security impact. | ||||
| CVE-2025-52637 | 2026-03-16 | 4.5 Medium | ||
| HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific conditions. | ||||
| CVE-2025-52636 | 2026-03-16 | 1.8 Low | ||
| HCL AION is affected by a vulnerability related to the handling of upload size limits. Improper control or validation of upload sizes may allow excessive resource consumption, which could potentially lead to service degradation or denial-of-service conditions under certain scenarios. | ||||
| CVE-2025-2274 | 2026-03-16 | N/A | ||
| Improper Neutralization of Input During Web Page Generation in Forcepoint Web Security (On-Prem) on Windows allows Stored XSS.This issue affects Web Security through 8.5.6. | ||||
| CVE-2026-32385 | 2 Metagauss, Wordpress | 2 Registrationmagic, Wordpress | 2026-03-16 | 5.4 Medium |
| Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through <= 6.0.7.6. | ||||