Export limit exceeded: 330481 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (330481 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-69339 | 2 Don-themes, Wordpress | 2 Molla, Wordpress | 2026-03-10 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in don-themes Molla molla allows PHP Local File Inclusion.This issue affects Molla: from n/a through <= 1.5.16. | ||||
| CVE-2025-69090 | 2 Ovatheme, Wordpress | 2 Remons, Wordpress | 2026-03-10 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme Remons remons allows PHP Local File Inclusion.This issue affects Remons: from n/a through <= 1.3.4. | ||||
| CVE-2025-68648 | 1 Fortinet | 4 Fortianalyzer, Fortianalyzercloud, Fortimanager and 1 more | 2026-03-10 | 6.5 Medium |
| A use of externally-controlled format string vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4.0 through 7.4.7, FortiAnalyzer Cloud 7.2 all versions, FortiAnalyzer Cloud 7.0 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager Cloud 7.6.0 through 7.6.4, FortiManager Cloud 7.4.0 through 7.4.7, FortiManager Cloud 7.2 all versions, FortiManager Cloud 7.0 all versions may allow an attacker to escalate its privileges via specially crafted requests. | ||||
| CVE-2025-68554 | 2 Wordpress, Zozothemes | 2 Wordpress, Keenarch | 2026-03-10 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Keenarch keenarch allows Using Malicious Files.This issue affects Keenarch: from n/a through < 2.0.1. | ||||
| CVE-2025-68515 | 2 Roland Murg, Wordpress | 2 Wp Booking System, Wordpress | 2026-03-10 | 5.8 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in Roland Murg WP Booking System wp-booking-system allows Retrieve Embedded Sensitive Data.This issue affects WP Booking System: from n/a through <= 2.0.19.12. | ||||
| CVE-2025-68482 | 1 Fortinet | 4 Fortianalyzer, Fortianalyzercloud, Fortimanager and 1 more | 2026-03-10 | 6.3 Medium |
| A improper certificate validation vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager 6.4 all versions may allow a remote unauthenticated attacker to view confidential information via a man in the middle [MiTM] attack. | ||||
| CVE-2025-67078 | 1 Agora-project | 1 Agora-project | 2026-03-10 | 6.1 Medium |
| Cross site scripting (XSS) vulnerability in Omnispace Agora Project before 25.10 allowing attackers to execute arbitrary code via the notify parameter of the file controller used to display errors. | ||||
| CVE-2025-62817 | 1 Samsung | 15 Exynos, Exynos 1280, Exynos 1280 Firmware and 12 more | 2026-03-10 | 7.5 High |
| An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400, 1580, and 2500. A NULL pointer dereference of session->ncp_hdr_buf in __pilot_parsing_ncp() causes a denial of service. | ||||
| CVE-2025-54659 | 1 Fortinet | 1 Fortisoaragentcommunicationbridge | 2026-03-10 | 5.5 Medium |
| An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] vulnerability in Fortinet FortiSOAR Agent Communication Bridge 1.1.0, FortiSOAR Agent Communication Bridge 1.0 all versions may allow an unauthenticated attacker to read files accessible to the fortisoar user on a system where the agent is deployed, via sending a crafted request to the agent port. | ||||
| CVE-2025-53706 | 2026-03-10 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2025. Notes: none. | ||||
| CVE-2025-53608 | 1 Fortinet | 1 Fortisandbox | 2026-03-10 | 4.6 Medium |
| An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated privileged attacker to execute code via crafted requests. | ||||
| CVE-2025-53335 | 2 Themerex, Wordpress | 2 Berger, Wordpress | 2026-03-10 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Berger berger allows PHP Local File Inclusion.This issue affects Berger: from n/a through <= 1.1.1. | ||||
| CVE-2025-48840 | 1 Fortinet | 1 Fortiweb | 2026-03-10 | 5 Medium |
| An authentication bypass by spoofing vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWeb 7.4.0 through 7.4.8, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow a remote unauthenticated attacker to bypass hostname restrictions via a specially crafted request. | ||||
| CVE-2025-41712 | 2026-03-10 | 6.5 Medium | ||
| An unauthenticated remote attacker who tricks a user to upload a manipulated HTML file can get access to sensitive information on the device. This is a result of incorrect permission assignment for the web server. | ||||
| CVE-2025-41711 | 2026-03-10 | 5.3 Medium | ||
| An unauthenticated remote attacker can use firmware images to extract password hashes and brute force plaintext passwords of accounts with limited access. | ||||
| CVE-2025-41710 | 2026-03-10 | 6.5 Medium | ||
| An unauthenticated remote attacker may use hardcodes credentials to get access to the previously activated FTP Server with limited read and write privileges. | ||||
| CVE-2025-41709 | 2026-03-10 | 9.8 Critical | ||
| [PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATFORMS] allows [ATTACKER] to [IMPACT] via [VECTOR] | ||||
| CVE-2025-40943 | 2026-03-10 | 9.6 Critical | ||
| Affected devices do not properly sanitize contents of trace files. This could allow an attacker to inject code through social engineering a legitimate user to import a specially crafted trace file | ||||
| CVE-2025-40801 | 1 Siemens | 8 Comos, Nx, Simcenter 3d and 5 more | 2026-03-10 | 8.1 High |
| A vulnerability has been identified in COMOS V10.6 (All versions < V10.6.1), COMOS V10.6 (All versions < V10.6.1), JT Bi-Directional Translator for STEP (All versions), NX V2412 (All versions < V2412.8900 with Cloud Entitlement (bundled as NX X)), NX V2506 (All versions < V2506.6000 with Cloud Entitlement (bundled as NX X)), Simcenter 3D (All versions < V2506.6000 with Cloud Entitlement (bundled as Simcenter X Mechanical)), Simcenter Femap (All versions < V2506.0002 with Cloud Entitlement (bundled as Simcenter X Mechanical)), Simcenter Studio (All versions < V2506.0001), Simcenter System Architect (All versions < V2506.0001), Tecnomatix Plant Simulation (All versions < V2504.0007). The SALT SDK is missing server certificate validation while establishing TLS connections to the authorization server. This could allow an attacker to perform a man-in-the-middle attack. | ||||
| CVE-2025-40800 | 1 Siemens | 6 Comos, Nx, Simcenter 3d and 3 more | 2026-03-10 | 7.4 High |
| A vulnerability has been identified in COMOS V10.6 (All versions < V10.6.1), COMOS V10.6 (All versions < V10.6.1), NX V2412 (All versions < V2412.8700), NX V2506 (All versions < V2506.6000), Simcenter 3D (All versions < V2506.6000), Simcenter Femap (All versions < V2506.0002), Solid Edge SE2025 (All versions < V225.0 Update 10), Solid Edge SE2026 (All versions < V226.0 Update 1). The IAM client in affected products is missing server certificate validation while establishing TLS connections to the authorization server. This could allow an attacker to perform a man-in-the-middle attack. | ||||