Export limit exceeded: 330333 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (330333 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-26377 | 2 Koha, Koha-community | 2 Koha, Koha | 2026-03-10 | 5.4 Medium |
| Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via the News function. | ||||
| CVE-2026-3010 | 1 Microchip | 1 Timepictra | 2026-03-10 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip TimePictra allows Query System for Information.This issue affects TimePictra: from 11.0 through 11.3 SP2. | ||||
| CVE-2026-28448 | 1 Openclaw | 1 Openclaw | 2026-03-10 | 7.3 High |
| OpenClaw versions 2026.1.29 prior to 2026.2.1 contain a vulnerability in the Twitch plugin (must be installed and enabled) in which it fails to enforce the allowFrom allowlist when allowedRoles is unset or empty, allowing unauthorized Twitch users to trigger agent dispatch. Remote attackers can mention the bot in Twitch chat to bypass access control and invoke the agent pipeline, potentially causing unintended actions or resource exhaustion. | ||||
| CVE-2026-3815 | 1 Utt | 3 810g, 810g Firmware, Hiper 810g | 2026-03-10 | 8.8 High |
| A weakness has been identified in UTT HiPER 810G up to 1.7.7-1711. This affects the function strcpy of the file /goform/formApMail. Executing a manipulation can lead to buffer overflow. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2026-28686 | 1 Imagemagick | 1 Imagemagick | 2026-03-10 | 6.8 Medium |
| ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, A heap-buffer-overflow vulnerability exists in the PCL encode due to an undersized output buffer allocation. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41. | ||||
| CVE-2026-3710 | 2 Carmelo, Code-projects | 2 Simple Flight Ticket Booking System, Simple Flight Ticket Booking System | 2026-03-10 | 4.7 Medium |
| A security vulnerability has been detected in code-projects Simple Flight Ticket Booking System 1.0. This impacts an unknown function of the file /Adminadd.php. The manipulation of the argument flightno/airplaneid/departure/dtime/arrival/atime/ec/ep/bc/bp leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2026-3385 | 2 Wren, Wren-lang | 2 Wren, Wren | 2026-03-10 | 3.3 Low |
| A vulnerability was detected in wren-lang wren up to 0.4.0. Affected is the function resolveLocal of the file src/vm/wren_compiler.c. The manipulation results in uncontrolled recursion. Attacking locally is a requirement. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-3709 | 2 Carmelo, Code-projects | 2 Simple Flight Ticket Booking System, Simple Flight Ticket Booking System | 2026-03-10 | 7.3 High |
| A weakness has been identified in code-projects Simple Flight Ticket Booking System 1.0. This affects an unknown function of the file /register.php. Executing a manipulation of the argument Username can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2026-3708 | 2 Carmelo, Code-projects | 2 Simple Flight Ticket Booking System, Simple Flight Ticket Booking System | 2026-03-10 | 7.3 High |
| A security flaw has been discovered in code-projects Simple Flight Ticket Booking System 1.0. The impacted element is an unknown function of the file /login.php. Performing a manipulation of the argument Username results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2025-70033 | 1 Sunbird-ed | 1 Sunbirded-portal | 2026-03-10 | 5.4 Medium |
| An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. | ||||
| CVE-2025-70034 | 1 Mscdex | 1 Ssh2 | 2026-03-10 | 6.5 Medium |
| An issue pertaining to CWE-1333: Inefficient Regular Expression Complexity (4.19) was discovered in mscdex ssh2 v1.17.0. | ||||
| CVE-2025-70038 | 1 Linagora | 1 Twake | 2026-03-10 | N/A |
| An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in linagora Twake v2023.Q1.1223. This allows attackers to execute arbitrary code. | ||||
| CVE-2025-70039 | 1 Linagora | 1 Twake | 2026-03-10 | N/A |
| An issue pertaining to CWE-78: Improper Neutralization of Special Elements used in an OS Command was discovered in linagora Twake v2023.Q1.1223. | ||||
| CVE-2025-70037 | 1 Linagora | 1 Twake | 2026-03-10 | N/A |
| An issue pertaining to CWE-601: URL Redirection to Untrusted Site was discovered in linagora Twake v2023.Q1.1223. This allows attackers to obtain sensitive information and execute arbitrary code. | ||||
| CVE-2025-70040 | 1 Lupinlin1 | 1 Jimeng-web-mcp | 2026-03-10 | 5.3 Medium |
| An issue pertaining to CWE-532: Insertion of Sensitive Information into Log File was discovered in LupinLin1 jimeng-web-mcp v2.1.2. This allows an attacker to obtain sensitive information. | ||||
| CVE-2025-70060 | 1 Ymfe | 1 Yapi | 2026-03-10 | 5.4 Medium |
| An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in YMFE yapi v1.12.0. | ||||
| CVE-2025-70042 | 1 Oslabs-beta | 1 Thermakube | 2026-03-10 | N/A |
| An issue pertaining to CWE-918: Server-Side Request Forgery was discovered in oslabs-beta ThermaKube master. | ||||
| CVE-2025-70046 | 1 Miazzy | 1 Oa Front Service | 2026-03-10 | N/A |
| An issue pertaining to CWE-829: Inclusion of Functionality from Untrusted Control Sphere was discovered in Miazzy oa-front-service master. | ||||
| CVE-2025-70050 | 1 Lesspass | 1 Lesspass | 2026-03-10 | N/A |
| An issue pertaining to CWE-312: Cleartext Storage of Sensitive Information was discovered in lesspass lesspass v9.6.9 which allows attackers to obtain sensitive information. | ||||
| CVE-2025-70047 | 1 Nexusoft | 1 Nexusinterface | 2026-03-10 | 7.5 High |
| An issue pertaining to CWE-400: Uncontrolled Resource Consumption was discovered in Nexusoft NexusInterface v3.2.0-beta.2. | ||||