Export limit exceeded: 336677 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (336677 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-33347 | 1 Thephpleague | 1 Commonmark | 2026-03-25 | N/A |
| league/commonmark is a PHP Markdown parser. From version 2.3.0 to before version 2.8.2, the DomainFilteringAdapter in the Embed extension is vulnerable to an allowlist bypass due to a missing hostname boundary assertion in the domain-matching regex. An attacker-controlled domain like youtube.com.evil passes the allowlist check when youtube.com is an allowed domain. This issue has been patched in version 2.8.2. | ||||
| CVE-2026-33345 | 1 Solidtime-io | 1 Solidtime | 2026-03-25 | 6.5 Medium |
| solidtime is an open-source time-tracking app. Prior to version 0.11.6, the project detail endpoint GET /api/v1/organizations/{org}/projects/{project} allows any authenticated Employee to access any project in the organization by UUID, including private projects they are not a member of. The index() endpoint correctly applies the visibleByEmployee() scope, but show() does not. This issue has been patched in version 0.11.6. | ||||
| CVE-2026-33349 | 1 Naturalintelligence | 1 Fast-xml-parser | 2026-03-25 | 5.9 Medium |
| fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. From version 4.0.0-beta.3 to before version 5.5.7, the DocTypeReader in fast-xml-parser uses JavaScript truthy checks to evaluate maxEntityCount and maxEntitySize configuration limits. When a developer explicitly sets either limit to 0 — intending to disallow all entities or restrict entity size to zero bytes — the falsy nature of 0 in JavaScript causes the guard conditions to short-circuit, completely bypassing the limits. An attacker who can supply XML input to such an application can trigger unbounded entity expansion, leading to memory exhaustion and denial of service. This issue has been patched in version 5.5.7. | ||||
| CVE-2026-21783 | 1 Hcltech | 1 Traveler | 2026-03-25 | 4.3 Medium |
| HCL Traveler is affected by sensitive information disclosure. The application generates some error messages that provide detailed information about errors and failures, such as internal paths, file names, sensitive tokens, credentials, error codes, or stack traces. Attackers could exploit this information to gain insights into the system's architecture and potentially launch targeted attacks. | ||||
| CVE-2026-21790 | 1 Hcltech | 1 Traveler | 2026-03-25 | 6.3 Medium |
| HCL Traveler is susceptible to a weak default HTTP header validation vulnerability, which could allow an attacker to bypass additional authentication checks. | ||||
| CVE-2025-33215 | 1 Nvidia | 1 Snap-4 Container | 2026-03-25 | 6.8 Medium |
| NVIDIA SNAP-4 Container contains a vulnerability in the VIRTIO-BLK component where a malicious guest VM may cause use of out-of-range pointer offset by sending crafted messages. A successful exploit of this vulnerability may lead to a denial of service of the DPA and impact the availability of storage to other VMs. | ||||
| CVE-2025-33216 | 1 Nvidia | 1 Snap-4 Container | 2026-03-25 | 6.8 Medium |
| NVIDIA SNAP-4 Container contains a vulnerability in the configuration interface where an attacker on a VM may cause an incorrect calculation of buffer size by sending crafted configurations. A successful exploit of this vulnerability may lead to crash of the SNAP service, causing denial of service of the storage service to the host. | ||||
| CVE-2025-33242 | 1 Nvidia | 2 Dgx B300, Hgx B300 | 2026-03-25 | 5.9 Medium |
| NVIDIA B300 MCU contains a vulnerability in the CX8 MCU that could allow a malicious actor to modify unsupported registries, causing a bad state. A successful exploit of this vulnerability might lead to denial of service and data tampering. | ||||
| CVE-2025-33244 | 1 Nvidia | 1 Apex | 2026-03-25 | 9 Critical |
| NVIDIA APEX for Linux contains a vulnerability where an unauthorized attacker could cause a deserialization of untrusted data. This vulnerability affects environments that use PyTorch versions earlier than 2.6. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, data tampering, and information disclosure. | ||||
| CVE-2025-33238 | 1 Nvidia | 1 Triton Inference Server | 2026-03-25 | 7.5 High |
| NVIDIA Triton Inference Server Sagemaker HTTP server contains a vulnerability where an attacker may cause an exception. A successful exploit of this vulnerability may lead to denial of service. | ||||
| CVE-2025-33254 | 1 Nvidia | 1 Triton Inference Server | 2026-03-25 | 7.5 High |
| NVIDIA Triton Inference Server contains a vulnerability where an attacker may cause internal state corruption. A successful exploit of this vulnerability may lead to a denial of service. | ||||
| CVE-2026-24158 | 1 Nvidia | 1 Triton Inference Server | 2026-03-25 | 7.5 High |
| NVIDIA Triton Inference Server contains a vulnerability in the HTTP endpoint where an attacker may cause a denial of service by providing a large compressed payload. A successful exploit of this vulnerability may lead to denial of service. | ||||
| CVE-2026-24141 | 1 Nvidia | 1 Nvidia Model Optimizer | 2026-03-25 | 7.8 High |
| NVIDIA Model Optimizer for Windows and Linux contains a vulnerability in the ONNX quantization feature, where a user could cause unsafe deserialization by providing a specially crafted input file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure. | ||||
| CVE-2026-24157 | 1 Nvidia | 1 Nemo Framework | 2026-03-25 | 7.8 High |
| NVIDIA NeMo Framework contains a vulnerability in checkpoint loading where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure and data tampering. | ||||
| CVE-2026-4371 | 1 Mozilla | 1 Thunderbird | 2026-03-25 | 7.4 High |
| A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were compromised, an attacker could cause the parser to malfunction, potentially crashing Thunderbird or leaking sensitive data. This vulnerability affects Thunderbird < 149 and Thunderbird < 140.9. | ||||
| CVE-2026-24159 | 1 Nvidia | 1 Nemo Framework | 2026-03-25 | 7.8 High |
| NVIDIA NeMo Framework contains a vulnerability where an attacker may cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure and data tampering. | ||||
| CVE-2026-28425 | 1 Statamic | 2 Cms, Statamic | 2026-03-25 | 8 High |
| Statmatic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.16 and 6.7.2, an authenticated control panel user with access to Antlers-enabled inputs may be able to achieve remote code execution in the application context. That can lead to full compromise of the application, including access to sensitive configuration, modification or exfiltration of data, and potential impact on availability. Exploitation is only possible where Antlers runs on user-controlled content—for example, content fields with Antlers explicitly enabled (requiring permission to configure fields and to edit entries), built-in config that supports Antlers such as Forms email notification settings (requiring configuration permission), or third-party addons that add Antlers-enabled fields to entries (for example, the SEO Pro addon). In each case the attacker must have the relevant control panel permissions. This has been fixed in 5.73.16 and 6.7.2. Users of addons that depend on Statamic should ensure that after updating they are running a patched Statamic version. | ||||
| CVE-2026-33215 | 1 Nats | 1 Nats Server | 2026-03-25 | 6.5 Medium |
| NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server provides an MQTT client interface. Prior to versions 2.11.15 and 2.12.5, Sessions and Messages can by hijacked via MQTT Client ID malfeasance. Versions 2.11.15 and 2.12.5 patch the issue. No known workarounds are available. | ||||
| CVE-2024-51346 | 2026-03-25 | 7.7 High | ||
| An issue in Eufy Homebase 2 version 3.3.4.1h allows a local attacker to obtain sensitive information via the cryptographic scheme. | ||||
| CVE-2024-51347 | 2026-03-25 | 7.2 High | ||
| A buffer overflow vulnerability in the dgiot binary in LSC Smart Indoor IP Camera V7.6.32. The flaw exists in the handling of the Time Zone (TZ) parameter within the ONVIF configuration interface. The time zone (TZ) parameter does not have its length properly validated before being copied into a fixed-size buffer using the insecure strcpy function. | ||||