Export limit exceeded: 335250 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 335250 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (335250 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-59482 | 1 Tp-link | 2 Archer Ax53, Archer Ax53 Firmware | 2026-03-16 | 8.0 High |
| Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a field whose length exceeds the maximum expected value.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. | ||||
| CVE-2025-58455 | 1 Tp-link | 2 Archer Ax53, Archer Ax53 Firmware | 2026-03-16 | 8.0 High |
| Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet whose length exceeds the maximum expected value.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. | ||||
| CVE-2025-58077 | 1 Tp-link | 2 Archer Ax53, Archer Ax53 Firmware | 2026-03-16 | 8.0 High |
| Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted set of network packets containing an excessive number of host entries This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. | ||||
| CVE-2025-54758 | 2026-03-16 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2025. Notes: none. | ||||
| CVE-2025-53815 | 2026-03-16 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2025. Notes: none. | ||||
| CVE-2025-53517 | 2026-03-16 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2025. Notes: none. | ||||
| CVE-2026-26954 | 1 Nyariv | 1 Sandboxjs | 2026-03-16 | 10 Critical |
| SandboxJS is a JavaScript sandboxing library. Prior to 0.8.34, it is possible to obtain arrays containing Function, which allows escaping the sandbox. Given an array containing Function, and Object.fromEntries, it is possible to construct {[p]: Function} where p is any constructible property. This vulnerability is fixed in 0.8.34. | ||||
| CVE-2026-29078 | 1 Lexbor | 1 Lexbor | 2026-03-16 | N/A |
| Lexbor is a web browser engine library. Prior to 2.7.0, the ISO‑2022‑JP encoder in Lexbor fails to reset the temporary size variable between iterations. The statement ctx->buffer_used -= size with a stale size = 3 causes an integer underflow that wraps to SIZE_MAX. Afterwards, memcpy is called with a negative length, leading to an out‑of‑bounds read from the stack and an out‑of‑bounds write to the heap. The source data is partially controllable via the contents of the DOM tree. This vulnerability is fixed in 2.7.0. | ||||
| CVE-2026-29079 | 1 Lexbor | 1 Lexbor | 2026-03-16 | N/A |
| Lexbor is a web browser engine library. Prior to 2.7.0, a type‑confusion vulnerability exists in Lexbor’s HTML fragment parser. When ns = UNDEF, a comment is created using the “unknown element” constructor. The comment’s data are written into the element’s fields via an unsafe cast, corrupting the qualified_name field. That corrupted value is later used as a pointer and dereferenced near the zero page. This vulnerability is fixed in 2.7.0. | ||||
| CVE-2026-32772 | 1 Gnu | 1 Inetutils | 2026-03-16 | 3.4 Low |
| telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEW_ENVIRON SEND USERVAR. | ||||
| CVE-2026-32616 | 1 Kasuganosoras | 1 Pigeon | 2026-03-16 | 8.2 High |
| Pigeon is a message board/notepad/social system/blog. Prior to 1.0.201, the application uses $_SERVER['HTTP_HOST'] without validation to construct email verification URLs in the register and resendmail flows. An attacker can manipulate the Host header in the HTTP request, causing the verification link sent to the user's email to point to an attacker-controlled domain. This can lead to account takeover by stealing the email verification token. This vulnerability is fixed in 1.0.201. | ||||
| CVE-2026-32720 | 1 Ctfer-io | 1 Monitoring | 2026-03-16 | N/A |
| The CTFer.io Monitoring component is in charge of the collection, process and storage of various signals (i.e. logs, metrics and distributed traces). Prior to 0.2.1, due to a mis-written NetworkPolicy, a malicious actor can pivot from a component to any other namespace. This breaks the security-by-default property expected as part of the deployment program, leading to a potential lateral movement. This vulnerability is fixed in 0.2.1. | ||||
| CVE-2026-4231 | 2026-03-16 | 7.3 High | ||
| A vulnerability was found in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is the function update_sql/run_sql of the file src/vanna/legacy/flask/__init__.py of the component Endpoint. Performing a manipulation results in server-side request forgery. The attack may be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-15587 | 2026-03-16 | N/A | ||
| Tinycontrol devices such as tcPDU and LAN Controllers LK3.5, LK3.9 and LK4 allow a low privileged user to read an administrator's password by directly accessing a specific resource inaccessible via a graphical interface. This issue has been fixed in firmware versions: 1.36 (for tcPDU), 1.67 (for LK3.5 - hardware versions: 3.5, 3.6, 3.7 and 3.8), 1.75 (for LK3.9 - hardware version 3.9) and 1.38 (for LK4 - hardware version 4.0). | ||||
| CVE-2025-11500 | 2026-03-16 | N/A | ||
| Tinycontrol devices such as tcPDU and LAN Controllers LK3.5, LK3.9 and LK4 have two separate authentication mechanisms - one solely for interface management and one for protecting all other server resources. When the latter is turned off (which is a default setting), an unauthenticated attacker on the local network can obtain usernames and encoded passwords for interface management portal by inspecting the HTTP response of the server when visiting the login page, which contains a JSON file with these details. Both normal and admin users credentials are exposed. This issue has been fixed in firmware versions: 1.36 (for tcPDU), 1.67 (for LK3.5 - hardware versions: 3.5, 3.6, 3.7 and 3.8), 1.75 (for LK3.9 - hardware version 3.9) and 1.38 (for LK4 - hardware version 4.0). | ||||
| CVE-2026-4232 | 2026-03-16 | 7.3 High | ||
| A vulnerability was determined in Tiandy Integrated Management Platform 7.17.0. Affected by this issue is some unknown functionality of the file /rest/user/getAuthorityByUserId. Executing a manipulation of the argument userId can lead to sql injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-32394 | 2 Publishpress, Wordpress | 2 Publishpress Capabilities, Wordpress | 2026-03-16 | 4.3 Medium |
| Missing Authorization vulnerability in PublishPress PublishPress Capabilities capability-manager-enhanced allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PublishPress Capabilities: from n/a through <= 2.31.0. | ||||
| CVE-2026-32392 | 2 Creatives Planet, Wordpress | 2 Greenly, Wordpress | 2026-03-16 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Creatives_Planet Greenly greenly allows PHP Local File Inclusion.This issue affects Greenly: from n/a through <= 8.1. | ||||
| CVE-2026-32390 | 2 Linethemes, Wordpress | 2 Nanosoft, Wordpress | 2026-03-16 | 5.4 Medium |
| Missing Authorization vulnerability in linethemes Nanosoft nanosoft allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nanosoft: from n/a through < 1.3.2. | ||||
| CVE-2026-32385 | 2 Metagauss, Wordpress | 2 Registrationmagic, Wordpress | 2026-03-16 | 5.4 Medium |
| Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through <= 6.0.7.6. | ||||