Export limit exceeded: 330359 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (330359 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-24713 | 1 Apache | 1 Iotdb | 2026-03-10 | 9.8 Critical |
| Improper Input Validation vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.7 or 2.0.7, which fixes the issue. | ||||
| CVE-2026-24015 | 1 Apache | 1 Iotdb | 2026-03-10 | 9.8 Critical |
| A vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.7 or 2.0.7, which fixes the issue. | ||||
| CVE-2026-26801 | 2026-03-10 | N/A | ||
| Server-Side Request Forgery (SSRF) vulnerability in pdfmake versions 0.3.0-beta.2 through 0.3.5 allows a remote attacker to obtain sensitive information via the src/URLResolver.js component. The fix was released in version 0.3.6 which introduces the setUrlAccessPolicy() method allowing server operators to define URL access rules. A warning is now logged when pdfmake is used server-side without a policy configured. | ||||
| CVE-2026-27627 | 2 Karakeep, Localhostlabs | 2 Karakeep, Karakeep | 2026-03-10 | 8.2 High |
| Karakeep is a elf-hostable bookmark-everything app. In version 0.30.0, when the Reddit metascraper plugin returns `readableContentHtml`, the HTML parsing subprocess uses it directly without running it through DOMPurify. Every other content source in the crawler goes through Readability + DOMPurify, but the Reddit path skips both. Since this content ends up in `dangerouslySetInnerHTML` in the reader view, any malicious HTML in the Reddit response gets executed in the user's browser. Version 0.31.0 contains a patch for this issue. | ||||
| CVE-2026-26741 | 2026-03-10 | N/A | ||
| PX4 Autopilot versions 1.12.x through 1.15.x contain a logic flaw in the mode switching mechanism. When switching from Auto mode to Manual mode while the drone is in the "ARMED" state (after landing and before the automatic disarm triggered by the COM_DISARM_LAND parameter), the system lacks a throttle threshold safety check for the physical throttle stick. This flaw can directly cause the drone to lose control, experience rapid uncontrolled ascent (flyaway), and result in property damage | ||||
| CVE-2026-26417 | 1 Tcs | 2 Cognix Platform, Cognix Recon Client | 2026-03-10 | 8.1 High |
| A broken access control vulnerability in the password reset functionality of Tata Consultancy Services Cognix Recon Client v3.0 allows authenticated users to reset passwords of arbitrary user accounts via crafted requests. | ||||
| CVE-2025-56422 | 2026-03-10 | N/A | ||
| A deserialization vulnerability in LimeSurvey before v6.15.0+250623 allows a remote attacker to execute arbitrary code on the server. | ||||
| CVE-2025-23368 | 1 Redhat | 10 Build Keycloak, Data Grid, Integration and 7 more | 2026-03-10 | 8.1 High |
| A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI. | ||||
| CVE-2026-27218 | 2026-03-10 | 5.5 Medium | ||
| Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-27219 | 2026-03-10 | 5.5 Medium | ||
| Substance3D - Painter versions 11.1.2 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-27214 | 2026-03-10 | 5.5 Medium | ||
| Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-21364 | 2026-03-10 | 5.5 Medium | ||
| Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-21365 | 2026-03-10 | 5.5 Medium | ||
| Substance3D - Painter versions 11.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-27217 | 2026-03-10 | 5.5 Medium | ||
| Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to its availability. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-21262 | 1 Microsoft | 5 Sql Server 2016, Sql Server 2017, Sql Server 2019 and 2 more | 2026-03-10 | 8.8 High |
| Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-23667 | 1 Microsoft | 7 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 4 more | 2026-03-10 | 7 High |
| Use after free in Broadcast DVR allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-23672 | 1 Microsoft | 15 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 12 more | 2026-03-10 | 7.8 High |
| Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability | ||||
| CVE-2026-24283 | 1 Microsoft | 5 Windows 11 24h2, Windows 11 25h2, Windows 11 26h1 and 2 more | 2026-03-10 | 8.8 High |
| Heap-based buffer overflow in Windows File Server allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-24289 | 1 Microsoft | 15 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 12 more | 2026-03-10 | 7.8 High |
| Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-24293 | 1 Microsoft | 9 Windows 10 21h2, Windows 10 22h2, Windows 11 23h2 and 6 more | 2026-03-10 | 7.8 High |
| Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||||