Export limit exceeded: 337027 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 337027 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (337027 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-20694 | 1 Apple | 4 Ios And Ipados, Ipados, Iphone Os and 1 more | 2026-03-26 | 5.5 Medium |
| This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.4, macOS Sonoma 14.8.5, macOS Tahoe 26.3, macOS Tahoe 26.4. An app may be able to access user-sensitive data. | ||||
| CVE-2025-69358 | 2 Metagauss, Wordpress | 2 Eventprime, Wordpress | 2026-03-26 | 7.5 High |
| Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through <= 4.2.6.0. | ||||
| CVE-2023-7338 | 2026-03-26 | 7.5 High | ||
| Ruckus Unleashed contains a remote code execution vulnerability in the web-based management interface that allows authenticated remote attackers to execute arbitrary code on the system when gateway mode is enabled. Attackers can exploit this vulnerability by sending specially crafted requests through the management interface to achieve arbitrary code execution on affected systems. | ||||
| CVE-2021-4474 | 2026-03-26 | 4.9 Medium | ||
| Ruckus Access Point products contain an arbitrary file read vulnerability in the command-line interface that allows authenticated remote attackers with administrative privileges to read arbitrary files from the underlying filesystem. Attackers can exploit this vulnerability to access sensitive information including configuration files, credentials, and system data stored on the device. | ||||
| CVE-2026-20670 | 1 Apple | 1 Macos | 2026-03-26 | 5.5 Medium |
| An authorization issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.8.4, macOS Tahoe 26.3. An app may be able to access sensitive user data. | ||||
| CVE-2026-20692 | 1 Apple | 4 Ios And Ipados, Ipados, Iphone Os and 1 more | 2026-03-26 | 5.3 Medium |
| A privacy issue was addressed with improved handling of user preferences. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. "Hide IP Address" and "Block All Remote Content" may not apply to all mail content. | ||||
| CVE-2026-28831 | 1 Apple | 1 Macos | 2026-03-26 | 5.5 Medium |
| An authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access sensitive user data. | ||||
| CVE-2026-28855 | 1 Apple | 4 Ios And Ipados, Ipados, Iphone Os and 1 more | 2026-03-26 | 7.5 High |
| A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3. An app may be able to access protected user data. | ||||
| CVE-2026-28863 | 1 Apple | 6 Ios And Ipados, Ipados, Iphone Os and 3 more | 2026-03-26 | 6.5 Medium |
| A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.4 and iPadOS 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to fingerprint the user. | ||||
| CVE-2026-28870 | 1 Apple | 7 Ios And Ipados, Ipados, Iphone Os and 4 more | 2026-03-26 | 5.5 Medium |
| An information leakage was addressed with additional validation. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to access sensitive user data. | ||||
| CVE-2026-28874 | 1 Apple | 3 Ios And Ipados, Ipados, Iphone Os | 2026-03-26 | 7.5 High |
| The issue was addressed with improved checks. This issue is fixed in iOS 26.4 and iPadOS 26.4. A remote attacker may cause an unexpected app termination. | ||||
| CVE-2026-28892 | 1 Apple | 1 Macos | 2026-03-26 | 5.5 Medium |
| A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to modify protected parts of the file system. | ||||
| CVE-2025-55276 | 1 Hcltech | 1 Aftermarket Cloud | 2026-03-26 | 3.1 Low |
| HCL Aftermarket DPC is affected by Internal IP Disclosure vulnerability will give attackers a clearer map of the organization’s network layout. | ||||
| CVE-2025-55261 | 1 Hcltech | 1 Aftermarket Cloud | 2026-03-26 | 8.1 High |
| HCL Aftermarket DPC is affected by Missing Functional Level Access Control which will allow attacker to escalate his privileges and may compromise the application and may steal and manipulate the data. | ||||
| CVE-2025-55262 | 1 Hcltech | 1 Aftermarket Cloud | 2026-03-26 | 8.3 High |
| HCL Aftermarket DPC is affected by SQL Injection which allows attacker to exploit this vulnerability to retrieve sensitive information from the database. | ||||
| CVE-2025-55263 | 1 Hcltech | 1 Aftermarket Cloud | 2026-03-26 | 7.3 High |
| HCL Aftermarket DPC is affected by Hardcoded Sensitive Data which allows attacker to gain access to the source code or if it is stored in insecure repositories, they can easily retrieve these hardcoded secrets. | ||||
| CVE-2025-55264 | 1 Hcltech | 1 Aftermarket Cloud | 2026-03-26 | 5.5 Medium |
| HCL Aftermarket DPC is affected by Failure to Invalidate Session on Password Change will allow attacker to access to a session, then they can maintain control over the account despite the password change leading to account takeover. | ||||
| CVE-2026-33668 | 1 Go-vikunja | 1 Vikunja | 2026-03-26 | N/A |
| Vikunja is an open-source self-hosted task management platform. Starting in version 0.18.0 and prior to version 2.2.1, when a user account is disabled or locked, the status check is only enforced on the local login and JWT token refresh paths. Three other authentication paths — API tokens, CalDAV basic auth, and OpenID Connect — do not verify user status, allowing disabled or locked users to continue accessing the API and syncing data. Version 2.2.1 patches the issue. | ||||
| CVE-2026-33680 | 1 Go-vikunja | 1 Vikunja | 2026-03-26 | 7.5 High |
| Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.2, the `LinkSharing.ReadAll()` method allows link share authenticated users to list all link shares for a project, including their secret hashes. While `LinkSharing.CanRead()` correctly blocks link share users from reading individual shares via `ReadOne`, the `ReadAllWeb` handler bypasses this check by never calling `CanRead()`. An attacker with a read-only link share can retrieve hashes for write or admin link shares on the same project and authenticate with them, escalating to full admin access. Version 2.2.2 patches the issue. | ||||
| CVE-2026-33160 | 1 Craftcms | 2 Craft Cms, Craftcms | 2026-03-26 | 5.3 Medium |
| Craft CMS is a content management system (CMS). From version 4.0.0-RC1 to before version 4.17.8 and from version 5.0.0-RC1 to before version 5.9.14, an unauthenticated user can call assets/generate-transform with a private assetId, receive a valid transform URL, and fetch transformed image bytes. The endpoint is anonymous and does not enforce per-asset authorization before returning the transform URL. This issue has been patched in versions 4.17.8 and 5.9.14. | ||||