Export limit exceeded: 333298 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (333298 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-28509 | 1 Langbot | 1 Langbot | 2026-03-16 | 6.3 Medium |
| LangBot is a global IM bot platform designed for LLMs. Prior to version 4.8.7, LangBot’s web UI renders user-supplied raw HTML using rehypeRaw, which can lead to a cross-site scripting (XSS) vulnerability. This issue has been patched in version 4.8.7. | ||||
| CVE-2025-10461 | 1 Softing | 2 Smartlink Sw-ht, Smartlink Sw-pn | 2026-03-16 | N/A |
| Global file reads caused by improper URL checks in webserver in Softing Industrial Automation GmbH smartLinks on docker (filesystem modules) allows file access. This issue affects smartLink SW-HT: through 1.42 smartLink SW-PN: through 1.03. | ||||
| CVE-2026-3023 | 1 Wakyma | 1 Wakyma Application Web | 2026-03-16 | N/A |
| Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/pets/print-tags'. This vulnerability could allow an authenticated user to alter a POST request to the affected endpoint for the purpose of injecting NoSQL commands, allowing them to list both pets and owner names. | ||||
| CVE-2026-3024 | 1 Wakyma | 1 Wakyma Application Web | 2026-03-16 | N/A |
| Stored Cross-Site Scripting (XSS) vulnerability in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/configuracion/agenda/modelo-formulario-evento'. A user with permission to create personalized accounts could exploit this vulnerability simply by creating a malicious survey that would harm the entire veterinary team. At the same time, a user with low privileges could exploit this vulnerability to access unauthorized data and perform actions with elevated privileges. | ||||
| CVE-2026-20988 | 2026-03-16 | N/A | ||
| Improper verification of intent by broadcast receiver in Settings prior to SMR Mar-2026 Release 1 allows local attacker to launch arbitrary activity with Settings privilege. User interaction is required for triggering this vulnerability. | ||||
| CVE-2026-20989 | 2026-03-16 | N/A | ||
| Improper verification of cryptographic signature in Font Settings prior to SMR Mar-2026 Release 1 allows physical attackers to use custom font. | ||||
| CVE-2026-20990 | 2026-03-16 | N/A | ||
| Improper export of android application components in Secure Folder prior to SMR Mar-2026 Release 1 allows local attackers to launch arbitrary activity with Secure Folder privilege. | ||||
| CVE-2026-20991 | 2026-03-16 | N/A | ||
| Improper privilege management in ThemeManager prior to SMR Mar-2026 Release 1 allows local privileged attackers to reuse trial contents. | ||||
| CVE-2026-20992 | 2026-03-16 | N/A | ||
| Improper authorization in Settings prior to SMR Mar-2026 Release 1 allows local attacker to disable configuring the background data usage of application. | ||||
| CVE-2026-20993 | 2026-03-16 | N/A | ||
| Improper export of android application components in Samsung Assistant prior to version 9.3.10.7 allows local attacker to access saved information. | ||||
| CVE-2026-20994 | 2026-03-16 | N/A | ||
| URL redirection in Samsung Account prior to version 15.5.01.1 allows remote attackers to potentially get access token. | ||||
| CVE-2026-20995 | 2026-03-16 | N/A | ||
| Exposure of sensitive functionality to an unauthorized actor in Smart Switch prior to version 3.7.69.15 allows remote attackers to set a specific configuration. | ||||
| CVE-2026-20996 | 2026-03-16 | N/A | ||
| Use of a broken or risky cryptographic algorithm in Smart Switch prior to version 3.7.69.15 allows remote attackers to configure a downgraded scheme for authentication. | ||||
| CVE-2026-20997 | 2026-03-16 | N/A | ||
| Improper verification of cryptographic signature in Smart Switch prior to version 3.7.69.15 allows remote attackers to potentially bypass authentication. | ||||
| CVE-2026-20998 | 2026-03-16 | N/A | ||
| Improper authentication in Smart Switch prior to version 3.7.69.15 allows remote attackers to bypass authentication. | ||||
| CVE-2026-20999 | 2026-03-16 | N/A | ||
| Authentication bypass by replay in Smart Switch prior to version 3.7.69.15 allows remote attackers to trigger privileged functions. | ||||
| CVE-2026-21000 | 2026-03-16 | N/A | ||
| Improper access control in Galaxy Store prior to version 4.6.03.8 allows local attacker to create file with Galaxy Store privilege. | ||||
| CVE-2026-21004 | 2026-03-16 | N/A | ||
| Improper authentication in Smart Switch prior to version 3.7.69.15 allows adjacent attackers to trigger a denial of service. | ||||
| CVE-2026-21005 | 2026-03-16 | N/A | ||
| Path traversal in Smart Switch prior to version 3.7.69.15 allows adjacent attackers to overwrite arbitrary files with Smart Switch privilege. | ||||
| CVE-2025-10685 | 1 Softing | 2 Smartlink Sw-ht, Smartlink Sw-pn | 2026-03-16 | N/A |
| Heap-based buffer overflow vulnerability in Softing Industrial Automation GmbH smartLink SW-PN and smartLink SW-HT (Webserver modules) allows overflow buffers.This issue affects: smartLink SW-PN: through 1.03 smartLink SW-HT: through 1.42 | ||||