Export limit exceeded: 333462 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (333462 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-68971 | 1 Forgejo | 1 Forgejo | 2026-03-17 | N/A |
| In Forgejo through 13.0.3, the attachment component allows a denial of service by uploading a multi-gigabyte file attachment (e.g., to be associated with an issue or a release). | ||||
| CVE-2025-69902 | 1 Rohitg00 | 1 Kubectl-mcp-server | 2026-03-17 | N/A |
| A command injection vulnerability in the minimal_wrapper.py component of kubectl-mcp-server v1.2.0 allows attackers to execute arbitrary commands via injecting arbitrary shell metacharacters. | ||||
| CVE-2026-4199 | 1 Bazinga012 | 1 Mcp Code Executor | 2026-03-17 | 5.3 Medium |
| A vulnerability was identified in bazinga012 mcp_code_executor up to 0.3.0. Affected by this issue is the function installDependencies of the file src/index.ts. Such manipulation leads to command injection. The attack can only be performed from a local environment. The exploit is publicly available and might be used. It is best practice to apply a patch to resolve this issue. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-4200 | 1 Glowxq | 1 Glowxq-oj | 2026-03-17 | 7.3 High |
| A security flaw has been discovered in glowxq glowxq-oj up to 6f7c723090472057252040fd2bbbdaa1b5ed2393. This affects the function uploadTestcaseZipUrl of the file business/business-oj/src/main/java/com/glowxq/oj/problem/controller/ProblemCaseController.java. Performing a manipulation results in server-side request forgery. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-4201 | 1 Glowxq | 1 Glowxq-oj | 2026-03-17 | 7.3 High |
| A weakness has been identified in glowxq glowxq-oj up to 6f7c723090472057252040fd2bbbdaa1b5ed2393. This vulnerability affects the function Upload of the file business/business-system/src/main/java/com/glowxq/system/admin/controller/SysFileController.java. Executing a manipulation can lead to unrestricted upload. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-4205 | 1 D-link | 20 Dnr-202l, Dnr-322l, Dnr-326 and 17 more | 2026-03-17 | 6.3 Medium |
| A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. The impacted element is the function cgi_refresh_db/FTP_Server_BlockIP_Add/FTP_Server_BlockIP_Del of the file /cgi-bin/app_mgr.cgi. Such manipulation leads to command injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-4211 | 1 D-link | 20 Dnr-202l, Dnr-322l, Dnr-326 and 17 more | 2026-03-17 | 8.8 High |
| A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected by this issue is the function Local_Backup_Info of the file /cgi-bin/local_backup_mgr.cgi. This manipulation of the argument f_idx causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2026-4213 | 1 D-link | 20 Dnr-202l, Dnr-322l, Dnr-326 and 17 more | 2026-03-17 | 8.8 High |
| A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This vulnerability affects the function cgi_myfavorite_del_user/cgi_myfavorite_verify of the file /cgi-bin/gui_mgr.cgi. Performing a manipulation results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used. | ||||
| CVE-2026-20988 | 1 Samsung Mobile | 1 Samsung Mobile Devices | 2026-03-17 | N/A |
| Improper verification of intent by broadcast receiver in Settings prior to SMR Mar-2026 Release 1 allows local attacker to launch arbitrary activity with Settings privilege. User interaction is required for triggering this vulnerability. | ||||
| CVE-2026-20989 | 1 Samsung Mobile | 1 Samsung Mobile Devices | 2026-03-17 | N/A |
| Improper verification of cryptographic signature in Font Settings prior to SMR Mar-2026 Release 1 allows physical attackers to use custom font. | ||||
| CVE-2026-20990 | 1 Samsung Mobile | 1 Samsung Mobile Devices | 2026-03-17 | N/A |
| Improper export of android application components in Secure Folder prior to SMR Mar-2026 Release 1 allows local attackers to launch arbitrary activity with Secure Folder privilege. | ||||
| CVE-2026-20991 | 1 Samsung Mobile | 1 Samsung Mobile Devices | 2026-03-17 | N/A |
| Improper privilege management in ThemeManager prior to SMR Mar-2026 Release 1 allows local privileged attackers to reuse trial contents. | ||||
| CVE-2026-20992 | 1 Samsung Mobile | 1 Samsung Mobile Devices | 2026-03-17 | N/A |
| Improper authorization in Settings prior to SMR Mar-2026 Release 1 allows local attacker to disable configuring the background data usage of application. | ||||
| CVE-2026-20993 | 1 Samsung | 1 Samsung Assistant | 2026-03-17 | N/A |
| Improper export of android application components in Samsung Assistant prior to version 9.3.10.7 allows local attacker to access saved information. | ||||
| CVE-2026-20994 | 1 Samsung | 1 Account | 2026-03-17 | N/A |
| URL redirection in Samsung Account prior to version 15.5.01.1 allows remote attackers to potentially get access token. | ||||
| CVE-2026-20995 | 1 Samsung | 1 Smart Switch | 2026-03-17 | N/A |
| Exposure of sensitive functionality to an unauthorized actor in Smart Switch prior to version 3.7.69.15 allows remote attackers to set a specific configuration. | ||||
| CVE-2026-20996 | 1 Samsung | 1 Smart Switch | 2026-03-17 | N/A |
| Use of a broken or risky cryptographic algorithm in Smart Switch prior to version 3.7.69.15 allows remote attackers to configure a downgraded scheme for authentication. | ||||
| CVE-2026-20997 | 1 Samsung | 1 Smart Switch | 2026-03-17 | N/A |
| Improper verification of cryptographic signature in Smart Switch prior to version 3.7.69.15 allows remote attackers to potentially bypass authentication. | ||||
| CVE-2026-20998 | 1 Samsung | 1 Smart Switch | 2026-03-17 | N/A |
| Improper authentication in Smart Switch prior to version 3.7.69.15 allows remote attackers to bypass authentication. | ||||
| CVE-2026-20999 | 1 Samsung | 1 Smart Switch | 2026-03-17 | N/A |
| Authentication bypass by replay in Smart Switch prior to version 3.7.69.15 allows remote attackers to trigger privileged functions. | ||||