Export limit exceeded: 333435 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (333435 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-69246 | 2026-03-16 | N/A | ||
| Raytha CMS does not have any brute force protection mechanism implemented. It allows an attacker to send multiple automated logon requests without triggering lockout, throttling, or step-up challenges. This issue was fixed in version 1.4.6. | ||||
| CVE-2026-20991 | 2026-03-16 | N/A | ||
| Improper privilege management in ThemeManager prior to SMR Mar-2026 Release 1 allows local privileged attackers to reuse trial contents. | ||||
| CVE-2026-2578 | 2026-03-16 | 4.3 Medium | ||
| Mattermost versions 11.3.x <= 11.3.0 fail to preserve the redacted state of burn-on-read posts during deletion which allows channel members to access unrevealed burn-on-read message contents via the WebSocket post deletion event.. Mattermost Advisory ID: MMSA-2026-00579 | ||||
| CVE-2026-28520 | 1 Tuya | 1 Arduino-tuyaopen | 2026-03-16 | 8.4 High |
| arduino-TuyaOpen before version 1.2.1 contains a single-byte buffer overflow vulnerability in the WiFiMulti component. When the victim's smart hardware connects to an attacker-controlled AP hotspot, the attacker can exploit the overflow to execute arbitrary code on the affected embedded device. | ||||
| CVE-2025-69242 | 2026-03-16 | N/A | ||
| Raytha CMS is vulnerable to reflected XSS via the backToListUrl parameter. An attacker can craft a malicious URL which, when opened by authenticated victim, results in arbitrary JavaScript execution in the victim’s browser. This issue was fixed in version 1.4.6. | ||||
| CVE-2025-69245 | 2026-03-16 | N/A | ||
| Raytha CMS is vulnerable to Reflected XSS via returnUrl parameter in logon functionality. An attacker can craft a malicious URL which, when opened by the authenticated victim, results in arbitrary JavaScript execution in the victim’s browser. This issue was fixed in 1.4.6. | ||||
| CVE-2026-3839 | 1 Unraid | 1 Unraid | 2026-03-16 | N/A |
| Unraid Authentication Request Path Traversal Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Unraid. Authentication is not required to exploit this vulnerability. The specific flaw exists within the auth-request.php file. The issue results from the lack of proper validation of a user-supplied path prior to using it in authentications. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-28912. | ||||
| CVE-2026-0849 | 1 Zephyrproject-rtos | 1 Zephyr | 2026-03-16 | 3.8 Low |
| Malformed ATAES132A responses with an oversized length field overflow a 52-byte stack buffer in the Zephyr crypto driver, allowing a compromised device or bus attacker to corrupt kernel memory and potentially hijack execution. | ||||
| CVE-2026-20990 | 2026-03-16 | N/A | ||
| Improper export of android application components in Secure Folder prior to SMR Mar-2026 Release 1 allows local attackers to launch arbitrary activity with Secure Folder privilege. | ||||
| CVE-2026-20992 | 2026-03-16 | N/A | ||
| Improper authorization in Settings prior to SMR Mar-2026 Release 1 allows local attacker to disable configuring the background data usage of application. | ||||
| CVE-2026-20997 | 2026-03-16 | N/A | ||
| Improper verification of cryptographic signature in Smart Switch prior to version 3.7.69.15 allows remote attackers to potentially bypass authentication. | ||||
| CVE-2026-20998 | 2026-03-16 | N/A | ||
| Improper authentication in Smart Switch prior to version 3.7.69.15 allows remote attackers to bypass authentication. | ||||
| CVE-2026-21004 | 2026-03-16 | N/A | ||
| Improper authentication in Smart Switch prior to version 3.7.69.15 allows adjacent attackers to trigger a denial of service. | ||||
| CVE-2025-71264 | 2026-03-16 | 3.7 Low | ||
| Mumble before 1.6.870 is prone to an out-of-bounds array access, which may result in denial of service (client crash). | ||||
| CVE-2026-32778 | 2026-03-16 | 2.9 Low | ||
| libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition. | ||||
| CVE-2026-20988 | 2026-03-16 | N/A | ||
| Improper verification of intent by broadcast receiver in Settings prior to SMR Mar-2026 Release 1 allows local attacker to launch arbitrary activity with Settings privilege. User interaction is required for triggering this vulnerability. | ||||
| CVE-2026-20989 | 2026-03-16 | N/A | ||
| Improper verification of cryptographic signature in Font Settings prior to SMR Mar-2026 Release 1 allows physical attackers to use custom font. | ||||
| CVE-2026-20994 | 2026-03-16 | N/A | ||
| URL redirection in Samsung Account prior to version 15.5.01.1 allows remote attackers to potentially get access token. | ||||
| CVE-2026-20996 | 2026-03-16 | N/A | ||
| Use of a broken or risky cryptographic algorithm in Smart Switch prior to version 3.7.69.15 allows remote attackers to configure a downgraded scheme for authentication. | ||||
| CVE-2026-21000 | 2026-03-16 | N/A | ||
| Improper access control in Galaxy Store prior to version 4.6.03.8 allows local attacker to create file with Galaxy Store privilege. | ||||