Export limit exceeded: 338005 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (338005 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-31946 | 2026-03-31 | 9.8 Critical | ||
| OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. From version 10.5.4 to before version 20.2.5, OpenOLAT's OpenID Connect implicit flow implementation does not verify JWT signatures. The JSONWebToken.parse() method silently discards the signature segment of the compact JWT (header.payload.signature), and the getAccessToken() methods in both OpenIdConnectApi and OpenIdConnectFullConfigurableApi only validate claim-level fields (issuer, audience, state, nonce) without any cryptographic signature verification against the Identity Provider's JWKS endpoint. This issue has been patched in version 20.2.5. | ||||
| CVE-2026-33982 | 2026-03-31 | 7.1 High | ||
| FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, there is a heap-buffer-overflow READ vulnerability at 24 bytes before the allocation, in winpr_aligned_offset_recalloc(). This issue has been patched in version 3.24.2. | ||||
| CVE-2026-33904 | 1 Ellanetworks | 1 Core | 2026-03-31 | 6.5 Medium |
| Ella Core is a 5G core designed for private networks. Prior to version 1.7.0, a deadlock in the AMF's SCTP notification handler causes the entire AMF control plane to hang until the process is restarted. An attacker with access to the N2 interface can cause Ella Core to hang, resulting in a denial of service for all subscribers. Version 1.7.0 adds deferred Radio cleanup in serveConn SCTP server so that every connection exit path removes the radio. Remove the stale-entry scan from SCTP Notification handling. | ||||
| CVE-2026-33894 | 1 Digitalbazaar | 1 Forge | 2026-03-31 | 7.5 High |
| Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, RSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low public exponent keys (e=3). Attackers can forge signatures by stuffing “garbage” bytes within the ASN structure in order to construct a signature that passes verification, enabling Bleichenbacher style forgery. This issue is similar to CVE-2022-24771, but adds bytes in an addition field within the ASN structure, rather than outside of it. Additionally, forge does not validate that signatures include a minimum of 8 bytes of padding as defined by the specification, providing attackers additional space to construct Bleichenbacher forgeries. Version 1.4.0 patches the issue. | ||||
| CVE-2026-5156 | 1 Tenda | 1 Ch22 Firmware | 2026-03-31 | 8.8 High |
| A vulnerability was determined in Tenda CH22 1.0.0.1. This impacts the function formQuickIndex of the file /goform/QuickIndex of the component Parameter Handler. This manipulation of the argument mit_linktype causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-4794 | 2026-03-31 | N/A | ||
| Multiple cross-site scripting (XSS) vulnerabilities in PaperCut NG/MF before 25.0.10 allow authenticated administrator users to inject arbitrary web script or HTML code via different UI fields. This could be used to compromise other admininistrator's sessions or perform unauthorized actions via the administrator's authenticated context (e.g. requires an active login session). | ||||
| CVE-2026-30879 | 2026-03-31 | N/A | ||
| baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a cross-site scripting vulnerability in blog posts. This issue has been patched in version 5.2.3. | ||||
| CVE-2026-33885 | 1 Statamic | 1 Cms | 2026-03-31 | 6.1 Medium |
| Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.16 and 6.7.2, the external URL detection used for redirect validation on unauthenticated endpoints could be bypassed, allowing users to be redirected to external URLs after actions like form submissions and authentication flows. This has been fixed in 5.73.16 and 6.7.2. | ||||
| CVE-2026-5115 | 2026-03-31 | N/A | ||
| The PaperCut NG/MF (specifically, the embedded application for Konica Minolta devices) is vulnerable to session hijacking. The PaperCut NG/MF Embedded application is a software interface that runs directly on the touch screen of a multi-function device. It was internally discovered that the communication channel between the embedded application and the server was insecure, which could leak data including sensitive information that may be used to mount an attack on the device. Such an attack could potentially be used to steal data or to perform a phishing attack on the end user. | ||||
| CVE-2026-3300 | 2026-03-31 | 9.8 Critical | ||
| The Everest Forms Pro plugin for WordPress is vulnerable to Remote Code Execution via PHP Code Injection in all versions up to, and including, 1.9.12. This is due to the Calculation Addon's process_filter() function concatenating user-submitted form field values into a PHP code string without proper escaping before passing it to eval(). The sanitize_text_field() function applied to input does not escape single quotes or other PHP code context characters. This makes it possible for unauthenticated attackers to inject and execute arbitrary PHP code on the server by submitting a crafted value in any string-type form field (text, email, URL, select, radio) when a form uses the "Complex Calculation" feature. | ||||
| CVE-2026-32970 | 1 Openclaw | 1 Openclaw | 2026-03-31 | 2.5 Low |
| OpenClaw before 2026.3.11 contains a credential fallback vulnerability where unavailable local gateway.auth.token and gateway.auth.password SecretRefs are treated as unset, allowing fallback to remote credentials in local mode. Attackers can exploit misconfigured local auth references to cause CLI and helper paths to select incorrect credential sources, potentially bypassing intended local authentication boundaries. | ||||
| CVE-2026-34043 | 2026-03-31 | 5.9 Medium | ||
| Serialize JavaScript to a superset of JSON that includes regular expressions and functions. Prior to version 7.0.5, there is a Denial of Service (DoS) vulnerability caused by CPU exhaustion. When serializing a specially crafted "array-like" object (an object that inherits from Array.prototype but has a very large length property), the process enters an intensive loop that consumes 100% CPU and hangs indefinitely. This issue has been patched in version 7.0.5. | ||||
| CVE-2026-33870 | 1 Netty | 1 Netty | 2026-03-31 | 7.5 High |
| Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling attacks. Versions 4.1.132.Final and 4.2.10.Final fix the issue. | ||||
| CVE-2026-4974 | 1 Tenda | 2 Ac7, Ac7 Firmware | 2026-03-31 | 8.8 High |
| A flaw has been found in Tenda AC7 15.03.06.44. Affected by this issue is the function fromSetSysTime of the file /goform/SetSysTimeCfg of the component POST Request Handler. Executing a manipulation of the argument Time can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used. | ||||
| CVE-2026-33014 | 2 Everest, Linuxfoundation | 2 Everest-core, Everest | 2026-03-31 | 5.2 Medium |
| EVerest is an EV charging software stack. Prior to version 2026.02.0, during RemoteStop processing, a delayed authorization response restores `authorized` back to true, defeating the `stop_transaction()` call condition on PowerOff events. As a result, the transaction can remain open even after a remote stop. Version 2026.02.0 contains a patch. | ||||
| CVE-2026-34073 | 2026-03-31 | N/A | ||
| cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.6, DNS name constraints were only validated against SANs within child certificates, and not the "peer name" presented during each validation. Consequently, cryptography would allow a peer named bar.example.com to validate against a wildcard leaf certificate for *.example.com, even if the leaf's parent certificate (or upwards) contained an excluded subtree constraint for bar.example.com. This issue has been patched in version 46.0.6. | ||||
| CVE-2026-22593 | 2 Everest, Linuxfoundation | 2 Everest-core, Everest | 2026-03-31 | 8.4 High |
| EVerest is an EV charging software stack. Prior to version 2026.02.0, an off-by-one check in IsoMux certificate filename handling causes a stack-based buffer overflow when a filename length equals `MAX_FILE_NAME_LENGTH` (100). A crafted filename in the certificate directory can overflow `file_names[idx]`, corrupting stack state and enabling potential code execution. Version 2026.02.0 contains a patch. | ||||
| CVE-2026-22790 | 2 Everest, Linuxfoundation | 2 Everest-core, Everest | 2026-03-31 | 8.8 High |
| EVerest is an EV charging software stack. Prior to version 2026.02.0, `HomeplugMessage::setup_payload` trusts `len` after an `assert`; in release builds the check is removed, so oversized SLAC payloads are `memcpy`'d into a ~1497-byte stack buffer, corrupting the stack and enabling remote code execution from network-provided frames. Version 2026.02.0 contains a patch. | ||||
| CVE-2026-34714 | 1 Vim | 1 Vim | 2026-03-31 | 9.2 Critical |
| Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %{expr} injection occurs with tabpanel lacking P_MLE. | ||||
| CVE-2026-23995 | 2 Everest, Linuxfoundation | 2 Everest-core, Everest | 2026-03-31 | 8.4 High |
| EVerest is an EV charging software stack. Prior to version 2026.02.0, stack-based buffer overflow in CAN interface initialization: passing an interface name longer than IFNAMSIZ (16) to CAN open routines overflows `ifreq.ifr_name`, corrupting adjacent stack data and enabling potential code execution. A malicious or misconfigured interface name can trigger this before any privilege checks. Version 2026.02.0 contains a patch. | ||||