Export limit exceeded: 333698 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (333698 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-32117 | 1 Ekacnet | 1 Grafanacubism-panel | 2026-03-17 | 7.6 High |
| The grafanacubism-panel plugin allows use of cubism.js in Grafana. In 0.1.2 and earlier, the panel's zoom-link handler passes a dashboard-editor-supplied URL directly to window.location.assign() / window.open() with no scheme validation. An attacker with dashboard Editor privileges can set the link to a javascript: URI; when any Viewer drag-zooms on the panel, the payload executes in the Grafana origin. | ||||
| CVE-2025-12697 | 1 Gitlab | 1 Gitlab | 2026-03-17 | 2.2 Low |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.5 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user with maintainer-role permissions to reveal Datadog API credentials under certain conditions. | ||||
| CVE-2025-12704 | 1 Gitlab | 1 Gitlab | 2026-03-17 | 3.5 Low |
| GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to access Virtual Registry data in groups where they are not members due to improper authorization under certain conditions. | ||||
| CVE-2026-0602 | 1 Gitlab | 1 Gitlab | 2026-03-17 | 4.3 Medium |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to disclose metadata from private issues, merge requests, epics, milestones, or commits due to improper filtering in the snippet rendering process under certain circumstances. | ||||
| CVE-2026-1230 | 1 Gitlab | 1 Gitlab | 2026-03-17 | 4.1 Medium |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 1.0 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to cause repository downloads to contain different code than displayed in the web interface due to incorrect validation of branch references under certain circumstances. | ||||
| CVE-2024-1132 | 1 Redhat | 23 Amq Broker, Build Keycloak, Build Of Keycloak and 20 more | 2026-03-17 | 8.1 High |
| A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field, and requires user interaction within the malicious URL. | ||||
| CVE-2026-31826 | 2 Py-pdf, Pypdf Project | 2 Pypdf, Pypdf | 2026-03-17 | 5.5 Medium |
| pypdf is a free and open-source pure-python PDF library. Prior to 6.8.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing a content stream with a rather large /Length value, regardless of the actual data length inside the stream. This vulnerability is fixed in 6.8.0. | ||||
| CVE-2026-28490 | 1 Authlib | 1 Authlib | 2026-03-17 | 6.5 Medium |
| Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a cryptographic padding oracle vulnerability was identified in the Authlib Python library concerning the implementation of the JSON Web Encryption (JWE) RSA1_5 key management algorithm. Authlib registers RSA1_5 in its default algorithm registry without requiring explicit opt-in, and actively destroys the constant-time Bleichenbacher mitigation that the underlying cryptography library implements correctly. This issue has been patched in version 1.6.9. | ||||
| CVE-2026-32981 | 2026-03-17 | 7.5 High | ||
| A path traversal vulnerability was identified in Ray Dashboard (default port 8265) in Ray versions prior to 2.8.1. Due to improper validation and sanitization of user-supplied paths in the static file handling mechanism, an attacker can use traversal sequences (e.g., ../) to access files outside the intended static directory, resulting in local file disclosure. | ||||
| CVE-2025-6969 | 2 Openatom, Openharmony | 2 Openharmony, Openharmony | 2026-03-17 | 5 Medium |
| in OpenHarmony v5.1.0 and prior versions allow a local attacker cause DOS through improper input. | ||||
| CVE-2023-2075 | 1 Campcodes | 1 Online Traffic Offense Management System | 2026-03-17 | 6.3 Medium |
| A vulnerability classified as critical has been found in Campcodes Online Traffic Offense Management System 1.0. This affects an unknown part of the file /admin/offenses/view_details.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226053 was assigned to this vulnerability. | ||||
| CVE-2023-2073 | 1 Campcodes | 1 Online Traffic Offense Management System | 2026-03-17 | 7.3 High |
| A vulnerability was found in Campcodes Online Traffic Offense Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /classes/Login.php. The manipulation of the argument password leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-226051. | ||||
| CVE-2025-52458 | 2 Openatom, Openharmony | 2 Openharmony, Openharmony | 2026-03-17 | 5.5 Medium |
| in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios. | ||||
| CVE-2023-2077 | 1 Campcodes | 1 Online Traffic Offense Management System | 2026-03-17 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in Campcodes Online Traffic Offense Management System 1.0. This issue affects some unknown processing of the file /admin/offenses/view_details.php. The manipulation of the argument id leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-226055. | ||||
| CVE-2025-41432 | 2 Openatom, Openharmony | 2 Openharmony, Openharmony | 2026-03-17 | 5.5 Medium |
| in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios. | ||||
| CVE-2023-2074 | 1 Campcodes | 1 Online Traffic Offense Management System | 2026-03-17 | 6.3 Medium |
| A vulnerability was found in Campcodes Online Traffic Offense Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /classes/Master.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226052. | ||||
| CVE-2019-25511 | 1 Jettweb | 2 Hazir Haber Sitesi Scripti, Php Stock News Site Script | 2026-03-17 | 8.2 High |
| Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the videoid parameter. Attackers can send GET requests to fonksiyonlar.php with malicious videoid values using UNION-based injection to extract sensitive database information. | ||||
| CVE-2023-2076 | 1 Campcodes | 1 Online Traffic Offense Management System | 2026-03-17 | 3.5 Low |
| A vulnerability classified as problematic was found in Campcodes Online Traffic Offense Management System 1.0. This vulnerability affects unknown code of the file /classes/Users.phpp. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-226054 is the identifier assigned to this vulnerability. | ||||
| CVE-2025-26474 | 2 Openatom, Openharmony | 2 Openharmony, Openharmony | 2026-03-17 | 3.3 Low |
| in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information improper input. This vulnerability can be exploited only in restricted scenarios. | ||||
| CVE-2025-25277 | 2 Openatom, Openharmony | 2 Openharmony, Openharmony | 2026-03-17 | 6.3 Medium |
| in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through using incompatible type. This vulnerability can be exploited only in restricted scenarios. | ||||