Export limit exceeded: 326177 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 326177 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 326177 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (326177 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-14577 | 1 Slican | 19 Ipl, Ipl-256.3u, Ipl-256.wm and 16 more | 2026-03-02 | 9.8 Critical |
| Slican NCP/IPL/IPM/IPU devices are vulnerable to PHP Function Injection. An unauthenticated remote attacker is able to execute arbitrary PHP commands by sending specially crafted requests to /webcti/session_ajax.php endpoint. This issue was fixed in version 1.24.0190 (Slican NCP) and 6.61.0010 (Slican IPL/IPM/IPU). | ||||
| CVE-2026-1618 | 2 Uni-yaz, Universal Software Inc. | 2 Flexcity, Flexcity/kiosk | 2026-03-02 | 8.8 High |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Universal Software Inc. FlexCity/Kiosk allows Privilege Escalation.This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36. | ||||
| CVE-2026-1619 | 2 Uni-yaz, Universal Software Inc. | 2 Flexcity, Flexcity/kiosk | 2026-03-02 | 8.3 High |
| Authorization Bypass Through User-Controlled Key vulnerability in Universal Software Inc. FlexCity/Kiosk allows Exploitation of Trusted Identifiers.This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36. | ||||
| CVE-2025-14349 | 2 Uni-yaz, Universal Software Inc. | 2 Flexcity, Flexcity/kiosk | 2026-03-02 | 8.8 High |
| Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability in Universal Software Inc. FlexCity/Kiosk allows Accessing Functionality Not Properly Constrained by ACLs, Privilege Escalation.This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36. | ||||
| CVE-2026-27190 | 1 Deno | 1 Deno | 2026-03-02 | 8.1 High |
| Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.6.8, a command injection vulnerability exists in Deno's node:child_process implementation. This vulnerability is fixed in 2.6.8. | ||||
| CVE-2026-27120 | 1 Vapor | 1 Leafkit | 2026-03-02 | 6.1 Medium |
| Leafkit is a templating language with Swift-inspired syntax. Prior to 1.4.1, htmlEscaped in leaf-kit will only escape html special characters if the extended grapheme clusters match, which allows bypassing escaping by using an extended grapheme cluster containing both the special html character and some additional characters. In the case of html attributes, this can lead to XSS if there is a leaf variable in the attribute that is user controlled. This vulnerability is fixed in 1.4.1. | ||||
| CVE-2026-23597 | 1 Hpe | 1 Aruba Networking Private 5g Core | 2026-03-02 | 6.5 Medium |
| Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could allow an unauthenticated remote attacker to obtain sensitive information. Successful exploitation could allow an attacker to access details such as user accounts, roles, and system configuration, as well as to gain insight into internal services and workflows, increasing the risk of unauthorized access and elevated privileges when combined with other vulnerabilities. | ||||
| CVE-2026-27168 | 2 Happyseafox, Sail | 2 Sail, Sail | 2026-03-02 | 8.8 High |
| SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. All versions are vulnerable to Heap-based Buffer Overflow through the XWD parser's use of the bytes_per_line value. The value os read directly from the file as the read size in io->strict_read(), and is never compared to the actual size of the destination buffer. An attacker can provide an XWD file with an arbitrarily large bytes_per_line, causing a massive write operation beyond the buffer heap allocated for the image pixels. The issue did not have a fix at the time of publication. | ||||
| CVE-2025-64999 | 1 Checkmk | 1 Checkmk | 2026-03-02 | 5.4 Medium |
| Improper neutralization of input in Checkmk versions 2.4.0 before 2.4.0p22, and 2.3.0 before 2.3.0p43 allows an attacker that can manipulate a host's check output to inject malicious JavaScript into the Synthetic Monitoring HTML logs, which can then be accessed via a crafted phishing link. | ||||
| CVE-2022-20775 | 1 Cisco | 84 1100-4g Integrated Services Router, 1100-4p Integrated Services Router, 1100-6g Integrated Services Router and 81 more | 2026-03-02 | 7.8 High |
| A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. This vulnerability is due to improper access controls on commands within the application CLI. An attacker could exploit this vulnerability by running a maliciously crafted command on the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-priv-E6e8tEdF | ||||
| CVE-2023-39417 | 3 Debian, Postgresql, Redhat | 10 Debian Linux, Postgresql, Advanced Cluster Security and 7 more | 2026-03-02 | 7.5 High |
| IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser. | ||||
| CVE-2026-24452 | 1 Copeland | 9 Copeland Xweb 300d Pro, Copeland Xweb 500b Pro, Copeland Xweb 500d Pro and 6 more | 2026-03-02 | 8 High |
| An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by supplying a crafted template file to the devices route. | ||||
| CVE-2023-5868 | 2 Postgresql, Redhat | 22 Postgresql, Advanced Cluster Security, Codeready Linux Builder Eus and 19 more | 2026-03-02 | 4.3 Medium |
| A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory. | ||||
| CVE-2026-25105 | 1 Copeland | 9 Copeland Xweb 300d Pro, Copeland Xweb 500b Pro, Copeland Xweb 500d Pro and 6 more | 2026-03-02 | 8 High |
| An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into parameters of the Modbus command tool in the debug route. | ||||
| CVE-2026-24695 | 1 Copeland | 3 Copeland Xweb 300d Pro, Copeland Xweb 500b Pro, Copeland Xweb 500d Pro | 2026-03-02 | 8 High |
| An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into OpenSSL argument fields within requests sent to the utility route, leading to remote code execution. | ||||
| CVE-2026-28370 | 1 Openstack | 1 Vitrage | 2026-03-02 | 9.1 Critical |
| In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user allowed to access the Vitrage API may trigger code execution on the Vitrage service host as the user the Vitrage service runs under. This may result in unauthorized access to the host and further compromise of the Vitrage service. All deployments exposing the Vitrage API are affected. This occurs in _create_query_function in vitrage/graph/query.py. | ||||
| CVE-2026-3302 | 2 Remyandrade, Sourcecodester | 2 Doctor Appointment System, Doctor Appointment System | 2026-03-02 | 4.3 Medium |
| A weakness has been identified in SourceCodester Doctor Appointment System 1.0. Affected by this issue is some unknown functionality of the file /register.php of the component Sign Up Page. Executing a manipulation of the argument Email can lead to cross site scripting. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2026-1434 | 2 Politechnika Warszawska, Pw | 2 Omega-psir, Omega-psir | 2026-03-02 | 6.1 Medium |
| Omega-PSIR is vulnerable to Reflected XSS via the lang parameter. An attacker can craft a malicious URL that, when opened, causes arbitrary JavaScript to execute in the victim’s browser. This issue was fixed in 4.6.7. | ||||
| CVE-2026-2831 | 2 Pierrelannoy, Wordpress | 2 Mailarchiver, Wordpress | 2026-03-02 | 4.9 Medium |
| The MailArchiver plugin for WordPress is vulnerable to SQL Injection via the ‘logid’ parameter in all versions up to, and including, 4.5.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2026-24350 | 1 Pluxml | 1 Pluxml | 2026-03-02 | 5.4 Medium |
| PluXml CMS is vulnerable to Stored XSS in file uploading functionality. An authenticated attacker can upload an SVG file containing a malicious payload, which will be executed when a victim clicks the link associated with the uploaded image. In version 5.9.0-rc7 clicking the link associated with the uploaded image doesn't execute malicious code but directly accessing the file will still execute the embedded payload. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only versions 5.8.21 and 5.9.0-rc7 were tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable. | ||||