Export limit exceeded: 336977 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (336977 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-20664 | 1 Apple | 6 Ios And Ipados, Ipados, Iphone Os and 3 more | 2026-03-25 | 4.3 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Processing maliciously crafted web content may lead to an unexpected process crash. | ||||
| CVE-2026-28833 | 1 Apple | 5 Ios And Ipados, Ipados, Iphone Os and 2 more | 2026-03-25 | 6.2 Medium |
| A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. An app may be able to enumerate a user's installed apps. | ||||
| CVE-2026-20691 | 1 Apple | 7 Ios And Ipados, Ipados, Iphone Os and 4 more | 2026-03-25 | 4.3 Medium |
| An authorization issue was addressed with improved state management. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4, watchOS 26.4. A maliciously crafted webpage may be able to fingerprint the user. | ||||
| CVE-2026-28864 | 1 Apple | 6 Ios And Ipados, Ipados, Iphone Os and 3 more | 2026-03-25 | 3.3 Low |
| This issue was addressed with improved permissions checking. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, visionOS 26.4, watchOS 26.4. A local attacker may gain access to user's Keychain items. | ||||
| CVE-2026-1166 | 1 Hitachi | 1 Ops Center Administrator | 2026-03-25 | 4.3 Medium |
| Open Redirect vulnerability in Hitachi Ops Center Administrator.This issue affects Hitachi Ops Center Administrator: from 10.2.0 before 11.0.8. | ||||
| CVE-2026-2072 | 1 Hitachi | 2 Infrastructure Analytics Advisor, Ops Center Analyzer | 2026-03-25 | 8.2 High |
| Cross-Site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor (Analytics probe component), Hitachi Ops Center Analyzer.This issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.5-00. | ||||
| CVE-2026-33253 | 1 Sanyo Denki | 2 Sanups Software, Sanups Software Standalone | 2026-03-25 | N/A |
| SANUPS SOFTWARE provided by SANYO DENKI CO., LTD. registers Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege. | ||||
| CVE-2026-26306 | 1 Om Digital Solutions Corporation | 1 Om Workspace (windows Edition) | 2026-03-25 | N/A |
| The installer for OM Workspace (Windows Edition) Ver 2.4 and earlier insecurely loads Dynamic Link Libraries (DLLs), which could allow an attacker to execute arbitrary code with the privileges of the user invoking the installer. | ||||
| CVE-2026-32326 | 1 Sharp | 8 5g Mobile Router Sh-u01, Home 5g Hr01, Home 5g Hr02 and 5 more | 2026-03-25 | N/A |
| SHARP routers do not perform authentication for some web APIs. The device information may be retrieved without authentication. If the administrative password of the device is left as the initial one, the device may be taken over. | ||||
| CVE-2026-33322 | 1 Minio | 1 Minio | 2026-03-25 | N/A |
| MinIO is a high-performance object storage system. From RELEASE.2022-11-08T05-27-07Z to before RELEASE.2026-03-17T21-25-16Z, a JWT algorithm confusion vulnerability in MinIO's OpenID Connect authentication allows an attacker who knows the OIDC ClientSecret to forge arbitrary identity tokens and obtain S3 credentials with any policy, including consoleAdmin. This issue has been patched in RELEASE.2026-03-17T21-25-16Z. | ||||
| CVE-2026-33419 | 1 Minio | 1 Minio | 2026-03-25 | N/A |
| MinIO is a high-performance object storage system. Prior to RELEASE.2026-03-17T21-25-16Z, MinIO AIStor's STS (Security Token Service) AssumeRoleWithLDAPIdentity endpoint is vulnerable to LDAP credential brute-forcing due to two combined weaknesses: (1) distinguishable error responses that enable username enumeration, and (2) absence of rate limiting on authentication attempts. An unauthenticated network attacker can enumerate valid LDAP usernames and then perform unlimited password guessing to obtain temporary AWS-style STS credentials, gaining access to the victim's S3 buckets and objects. This issue has been patched in RELEASE.2026-03-17T21-25-16Z. | ||||
| CVE-2026-22559 | 1 Ubiquiti | 1 Unifi Network Server | 2026-03-25 | 8.8 High |
| An Improper Input Validation vulnerability in UniFi Network Server may allow unauthorized access to an account if the account owner is socially engineered into clicking a malicious link. Affected Products: UniFi Network Server (Version 10.1.85 and earlier) Mitigation: Update UniFi Network Server to Version 10.1.89 or later. | ||||
| CVE-2026-33326 | 1 Keystonejs | 1 Keystone | 2026-03-25 | 4.3 Medium |
| Keystone is a content management system for Node.js. Prior to version 6.5.2, {field}.isFilterable access control can be bypassed in findMany queries by passing a cursor. This can be used to confirm the existence of records by protected field values. The fix for CVE-2025-46720 (field-level isFilterable bypass for update and delete mutations) added checks to the where parameter in update and delete mutations however the cursor parameter in findMany was not patched and accepts the same UniqueWhere input type. This issue has been patched in version 6.5.2. | ||||
| CVE-2026-21783 | 1 Hcltech | 1 Traveler | 2026-03-25 | 4.3 Medium |
| HCL Traveler is affected by sensitive information disclosure. The application generates some error messages that provide detailed information about errors and failures, such as internal paths, file names, sensitive tokens, credentials, error codes, or stack traces. Attackers could exploit this information to gain insights into the system's architecture and potentially launch targeted attacks. | ||||
| CVE-2026-21790 | 1 Hcltech | 1 Traveler | 2026-03-25 | 6.3 Medium |
| HCL Traveler is susceptible to a weak default HTTP header validation vulnerability, which could allow an attacker to bypass additional authentication checks. | ||||
| CVE-2025-33215 | 1 Nvidia | 1 Snap-4 Container | 2026-03-25 | 6.8 Medium |
| NVIDIA SNAP-4 Container contains a vulnerability in the VIRTIO-BLK component where a malicious guest VM may cause use of out-of-range pointer offset by sending crafted messages. A successful exploit of this vulnerability may lead to a denial of service of the DPA and impact the availability of storage to other VMs. | ||||
| CVE-2025-33216 | 1 Nvidia | 1 Snap-4 Container | 2026-03-25 | 6.8 Medium |
| NVIDIA SNAP-4 Container contains a vulnerability in the configuration interface where an attacker on a VM may cause an incorrect calculation of buffer size by sending crafted configurations. A successful exploit of this vulnerability may lead to crash of the SNAP service, causing denial of service of the storage service to the host. | ||||
| CVE-2025-33242 | 1 Nvidia | 2 Dgx B300, Hgx B300 | 2026-03-25 | 5.9 Medium |
| NVIDIA B300 MCU contains a vulnerability in the CX8 MCU that could allow a malicious actor to modify unsupported registries, causing a bad state. A successful exploit of this vulnerability might lead to denial of service and data tampering. | ||||
| CVE-2025-33244 | 1 Nvidia | 1 Apex | 2026-03-25 | 9 Critical |
| NVIDIA APEX for Linux contains a vulnerability where an unauthorized attacker could cause a deserialization of untrusted data. This vulnerability affects environments that use PyTorch versions earlier than 2.6. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, data tampering, and information disclosure. | ||||
| CVE-2025-33238 | 1 Nvidia | 1 Triton Inference Server | 2026-03-25 | 7.5 High |
| NVIDIA Triton Inference Server Sagemaker HTTP server contains a vulnerability where an attacker may cause an exception. A successful exploit of this vulnerability may lead to denial of service. | ||||