Export limit exceeded: 335240 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (335240 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-27417 | 2 Seventhqueen, Wordpress | 2 Sweet Date, Wordpress | 2026-03-06 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in SeventhQueen Sweet Date sweetdate allows Object Injection.This issue affects Sweet Date: from n/a through < 4.0.1. | ||||
| CVE-2026-27385 | 2 Designthemes, Wordpress | 2 Designthemes Portfolio, Wordpress | 2026-03-06 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes DesignThemes Portfolio designthemes-portfolio allows Reflected XSS.This issue affects DesignThemes Portfolio: from n/a through <= 1.3. | ||||
| CVE-2026-27381 | 2 Thembay, Wordpress | 2 Aora, Wordpress | 2026-03-06 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Aora aora allows PHP Local File Inclusion.This issue affects Aora: from n/a through <= 1.3.15. | ||||
| CVE-2026-27376 | 2 Janstudio, Wordpress | 2 Claue - Clean, Minimal Elementor Woocommerce Theme, Wordpress | 2026-03-06 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JanStudio Claue - Clean, Minimal Elementor WooCommerce Theme claue allows Reflected XSS.This issue affects Claue - Clean, Minimal Elementor WooCommerce Theme: from n/a through <= 2.2.7. | ||||
| CVE-2026-27374 | 2 Vanquish, Wordpress | 2 Woocommerce Order Details, Wordpress | 2026-03-06 | 7.5 High |
| Missing Authorization vulnerability in vanquish WooCommerce Order Details woocommerce-order-details allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Order Details: from n/a through <= 3.1. | ||||
| CVE-2026-27370 | 2 Premio, Wordpress | 2 Chaty, Wordpress | 2026-03-06 | 7.5 High |
| Insertion of Sensitive Information Into Sent Data vulnerability in Premio Chaty chaty allows Retrieve Embedded Sensitive Data.This issue affects Chaty: from n/a through <= 3.5.1. | ||||
| CVE-2026-27367 | 2 Themegoods, Wordpress | 2 Musico, Wordpress | 2026-03-06 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Musico musico allows Reflected XSS.This issue affects Musico: from n/a through <= 3.2.4. | ||||
| CVE-2026-27362 | 2 Kamleshyadav, Wordpress | 2 Wp Bakery Autoresponder Addon, Wordpress | 2026-03-06 | 6.5 Medium |
| Missing Authorization vulnerability in kamleshyadav WP Bakery Autoresponder Addon vc-autoresponder-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Bakery Autoresponder Addon: from n/a through <= 1.0.6. | ||||
| CVE-2026-27359 | 2 Fox-themes, Wordpress | 2 Awa Plugins, Wordpress | 2026-03-06 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fox-themes Awa Plugins awa-plugins allows Reflected XSS.This issue affects Awa Plugins: from n/a through <= 1.4.4. | ||||
| CVE-2026-28364 | 1 Ocaml | 1 Ocaml | 2026-03-06 | 7.9 High |
| In OCaml before 4.14.3 and 5.x before 5.4.1, a buffer over-read in Marshal deserialization (runtime/intern.c) enables remote code execution through a multi-phase attack chain. The vulnerability stems from missing bounds validation in the readblock() function, which performs unbounded memcpy() operations using attacker-controlled lengths from crafted Marshal data. | ||||
| CVE-2024-43178 | 2 Ibm, Linux | 2 Concert, Linux Kernel | 2026-03-06 | 5.9 Medium |
| IBM Concert 1.0.0 through 2.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | ||||
| CVE-2025-33101 | 1 Ibm | 1 Concert | 2026-03-06 | 5.9 Medium |
| IBM Concert 1.0.0 through 2.1.0 could allow an attacker to obtain sensitive information using man in the middle techniques due to improper clearing of heap memory. | ||||
| CVE-2025-36597 | 2 Dell, Emc | 3 Avamar Server, Powerprotect Dp Series Appliance (idpa), Avamar Virtual Edition | 2026-03-06 | 4.7 Medium |
| Dell Avamar, versions prior to 19.12 with patch 338905, contains an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Security. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to information disclosure. | ||||
| CVE-2025-27898 | 1 Ibm | 2 Db2 Recovery Expert, Db2 Recovery Expert For Luw | 2026-03-06 | 6.3 Medium |
| IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 does not invalidate session after a timeout which could allow an authenticated user to impersonate another user on the system. | ||||
| CVE-2025-27899 | 1 Ibm | 2 Db2 Recovery Expert, Db2 Recovery Expert For Luw | 2026-03-06 | 5.3 Medium |
| IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 discloses sensitive information in an environment variable that could aid in further attacks against the system. | ||||
| CVE-2025-27900 | 1 Ibm | 2 Db2 Recovery Expert, Db2 Recovery Expert For Luw | 2026-03-06 | 6.8 Medium |
| IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. | ||||
| CVE-2026-26357 | 1 Dell | 2 Unisphere For Powermax, Unisphere For Powermax Virtual Appliance | 2026-03-06 | 5.4 Medium |
| Dell Unisphere for PowerMax, version(s) 9.2.4.x, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. | ||||
| CVE-2026-0980 | 3 Logicminds, Red Hat, Redhat | 3 Rubyipmi, Red Hat Satellite 6, Satellite | 2026-03-06 | 8.3 High |
| A flaw was found in rubyipmi, a gem used in the Baseboard Management Controller (BMC) component of Red Hat Satellite. An authenticated attacker with host creation or update permissions could exploit this vulnerability by crafting a malicious username for the BMC interface. This could lead to remote code execution (RCE) on the system. | ||||
| CVE-2024-52959 | 2 Galaxy Software Services Corporation, Gss | 2 Iota C.ai Conversational Platform, Iota C.ai | 2026-03-06 | 7.2 High |
| A Improper Control of Generation of Code ('Code Injection') vulnerability in plugin management in iota C.ai Conversational Platform from 1.0.0 through 2.1.3 allows remote authenticated users to perform arbitrary system commands via a DLL file. | ||||
| CVE-2025-12150 | 1 Redhat | 3 Build Keycloak, Build Of Keycloak, Keycloak | 2026-03-06 | 3.1 Low |
| A flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: "none", even when the realm is configured to require direct attestation. This can lead to weakened authentication integrity and unauthorized authenticator registration. | ||||