Export limit exceeded: 329851 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (329851 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-33022 | 2026-03-09 | N/A | ||
| The reporter agreed to not assign CVE ID | ||||
| CVE-2026-2603 | 2 Keycloak, Redhat | 2 Keycloak, Build Keycloak | 2026-03-09 | 8.1 High |
| No description is available for this CVE. | ||||
| CVE-2026-3632 | 1 Libsoup | 1 Libsoup | 2026-03-09 | 3.9 Low |
| No description is available for this CVE. | ||||
| CVE-2026-3633 | 1 Libsoup | 1 Libsoup | 2026-03-09 | 3.9 Low |
| No description is available for this CVE. | ||||
| CVE-2026-3634 | 1 Libsoup | 1 Libsoup | 2026-03-09 | 3.9 Low |
| No description is available for this CVE. | ||||
| CVE-2025-47373 | 1 Qualcomm | 377 Ar8035, Ar8035 Firmware, Cologne and 374 more | 2026-03-09 | 7.8 High |
| Memory Corruption when accessing buffers with invalid length during TA invocation. | ||||
| CVE-2025-47375 | 1 Qualcomm | 339 Ar8031, Ar8031 Firmware, Ar8035 and 336 more | 2026-03-09 | 7.8 High |
| Memory corruption while handling different IOCTL calls from the user-space simultaneously. | ||||
| CVE-2025-47386 | 1 Qualcomm | 341 Ar8031, Ar8031 Firmware, Ar8035 and 338 more | 2026-03-09 | 7.8 High |
| Memory Corruption while invoking IOCTL calls when concurrent access to shared buffer occurs. | ||||
| CVE-2025-69653 | 1 Bellard | 1 Quickjs | 2026-03-09 | N/A |
| A crafted JavaScript input can trigger an internal assertion failure in QuickJS release 2025-09-13, fixed in commit 1dbba8a88eaa40d15a8a9b70bb1a0b8fb5b552e6 (2025-12-11), in file gc_decref_child in quickjs.c, when executed with the qjs interpreter using the -m option. This leads to an abort (SIGABRT) during garbage collection and causes a denial-of-service. | ||||
| CVE-2025-69650 | 1 Gnu | 1 Binutils | 2026-03-09 | 3.3 Low |
| GNU Binutils thru 2.46 readelf contains a double free vulnerability when processing a crafted ELF binary with malformed relocation data. During GOT relocation handling, dump_relocations may return early without initializing the all_relocations array. As a result, process_got_section_contents() may pass an uninitialized r_symbol pointer to free(), leading to a double free and terminating the program with SIGABRT. No evidence of exploitable memory corruption or code execution was observed; the impact is limited to denial of service. | ||||
| CVE-2025-69654 | 1 Bellard | 1 Quickjs | 2026-03-09 | N/A |
| A crafted JavaScript input executed with the QuickJS release 2025-09-13, fixed in commit fcd33c1afa7b3028531f53cd1190a3877454f6b3 (2025-12-11),`qjs` interpreter using the `-m` option and a low memory limit can cause an out-of-memory condition followed by an assertion failure in JS_FreeRuntime (list_empty(&rt->gc_obj_list)) during runtime cleanup. Although the engine reports an OOM error, it subsequently aborts with SIGABRT because the GC object list is not fully released. This results in a denial of service. | ||||
| CVE-2026-29068 | 1 Pjsip | 1 Pjproject | 2026-03-09 | 9.8 Critical |
| PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, there is a stack buffer overflow vulnerability when pjmedia-codec parses an RTP payload contain more frames than the caller-provided frames can hold. This issue has been patched in version 2.17. | ||||
| CVE-2026-28799 | 1 Pjsip | 1 Pjproject | 2026-03-09 | 7.5 High |
| PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, a heap use-after-free vulnerability exists in PJSIP's event subscription framework (evsub.c) that is triggered during presence unsubscription (SUBSCRIBE with Expires=0). This issue has been patched in version 2.17. | ||||
| CVE-2026-28800 | 1 Natroteam | 1 Natromacro | 2026-03-09 | 6.4 Medium |
| Natro Macro is an open-source Bee Swarm Simulator macro written in AutoHotkey. Prior to version 1.1.0, anyone with Discord Remote Control set up in a non-private channel gives access to any user with the permission to send message in said channel access to do anything on their computer. This includes keyboard and mouse inputs and full file access. This issue has been patched in version 1.1.0. | ||||
| CVE-2026-28801 | 1 Natroteam | 1 Natromacro | 2026-03-09 | 6.6 Medium |
| Natro Macro is an open-source Bee Swarm Simulator macro written in AutoHotkey. Prior to version 1.1.0, any ahk code contained inside of a pattern or path file is executed by the macro. Since users commonly share path/pattern files, an attacker could share a file containing malicious code, which is then executed by the program. This code can operate in silence alongside the pattern, running in the background to do whatever the attacker pleases. This issue has been patched in version 1.1.0. | ||||
| CVE-2026-29059 | 1 Windmill-labs | 1 Windmill | 2026-03-09 | N/A |
| Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Prior to version 1.603.3, an unauthenticated path traversal vulnerability exists in Windmill's get_log_file endpoint "(/api/w/{workspace}/jobs_u/get_log_file/{filename})". The filename parameter is concatenated into a file path without sanitization, allowing an attacker to read arbitrary files on the server using ../ sequences. This issue has been patched in version 1.603.3. | ||||
| CVE-2026-3589 | 2 Automattic, Wordpress | 2 Woocommerce, Wordpress | 2026-03-09 | 7.5 High |
| The WooCommerce WordPress plugin from versions 5.4.0 to 10.5.2 does not properly handle batch requests, which could allow unauthenticated users to make a logged in admin call non store/WC REST endpoints, and create arbitrary admin users via a CSRF attack for example. | ||||
| CVE-2024-35644 | 2 Pascal Birchler, Wordpress | 2 Preferred Languages, Wordpress | 2026-03-09 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pascal Birchler Preferred Languages allows DOM-Based XSS.This issue affects Preferred Languages: from n/a through 2.2.2. | ||||
| CVE-2026-28106 | 2 Kings Plugins, Wordpress | 2 B2bking Premium, Wordpress | 2026-03-09 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Kings Plugins B2BKing Premium allows Phishing.This issue affects B2BKing Premium: from n/a before 5.4.20. | ||||
| CVE-2026-28080 | 2 Rank Math Seo, Wordpress | 2 Rank Math Seo, Wordpress | 2026-03-09 | 4.3 Medium |
| Missing Authorization vulnerability in Rank Math Rank Math SEO PRO allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rank Math SEO PRO: from n/a through 3.0.95. | ||||