Export limit exceeded: 326424 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (326424 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-3463 | 2026-03-03 | 3.3 Low | ||
| A weakness has been identified in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::binary_writer::append of the file source/detail/binary.hpp of the component Compound Document Parser. This manipulation causes heap-based buffer overflow. The attack can only be executed locally. The exploit has been made available to the public and could be used for attacks. Patch name: 147. It is suggested to install a patch to address this issue. | ||||
| CVE-2026-1336 | 2026-03-03 | 5.3 Medium | ||
| The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on the store_data() and get_chatgpt_api_key() functions in all versions up to, and including, 2.7.5. This makes it possible for unauthenticated attackers to view, modify or delete the plugin's ChatGPT API key. The vulnerability was partially fixed in version 2.7.5 and fully fixed in version 2.7.6 | ||||
| CVE-2026-2269 | 2026-03-03 | 7.2 High | ||
| The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.0.0.3 via the download_url() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. Additionally, the plugin stores the contents of the remote files on the server, which can be leveraged to upload arbitrary files on the affected site's server which may make remote code execution possible. | ||||
| CVE-2025-70241 | 2026-03-03 | N/A | ||
| Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWANType_Wizard5. | ||||
| CVE-2025-70237 | 2026-03-03 | N/A | ||
| Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetPortTr. | ||||
| CVE-2025-63912 | 2026-03-03 | N/A | ||
| Cohesity TranZman Migration Appliance Release 4.0 Build 14614 was discovered to use a weak cryptography algorithm for data encryption, allowing attackers to trivially reverse the encyption and expose credentials. | ||||
| CVE-2024-55024 | 2026-03-03 | 8.8 High | ||
| An authentication bypass vulnerability in the authorization mechanism of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to perform Administrative actions using service accounts. | ||||
| CVE-2026-29022 | 2026-03-03 | N/A | ||
| dr_libs version 0.14.4 and earlier (fixed in commit 8a7258c) contain a heap buffer overflow vulnerability in the drwav__read_smpl_to_metadata_obj() function of dr_wav.h that allows memory corruption via crafted WAV files. Attackers can exploit a mismatch between sampleLoopCount validation in pass 1 and unconditional processing in pass 2 to overflow heap allocations with 36 bytes of attacker-controlled data through any drwav_init_*_with_metadata() call on untrusted input. | ||||
| CVE-2026-1265 | 1 Ibm | 1 Infosphere Information Server | 2026-03-03 | 4.3 Medium |
| IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to writing of sensitive Information in a log file. | ||||
| CVE-2025-14923 | 1 Ibm | 1 Websphere Application Server Liberty | 2026-03-03 | 4.7 Medium |
| IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.2 IBM WebSphere Application Server Liberty could provide weaker than expected security when using the Security Utility when administering security settings. | ||||
| CVE-2025-13616 | 1 Ibm | 1 Datastage On Cloud Pak For Data | 2026-03-03 | 6.5 Medium |
| IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used in further attacks against the system. | ||||
| CVE-2026-26884 | 2026-03-03 | 2.7 Low | ||
| Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /msms/admin/appointments/view_appointment.php. | ||||
| CVE-2025-62814 | 2026-03-03 | N/A | ||
| An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, and 2400. A NULL pointer dereference of ft_handle in load_fw_utc_vector() causes a denial of service. | ||||
| CVE-2026-3437 | 2026-03-03 | N/A | ||
| An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Portwell Engineering Toolkits version 4.8.2 could allow a local authenticated attacker to read and write to arbitrary memory via the Portwell Engineering Toolkits driver. Successful exploitation of this vulnerability could result in escalation of privileges or cause a denial-of-service condition. | ||||
| CVE-2026-2915 | 1 Hp Inc | 1 Hp System Event Utility | 2026-03-03 | N/A |
| HP System Event Utility might allow denial of service with elevated arbitrary file writes. This potential vulnerability was remediated with HP System Event Utility version 3.2.16. | ||||
| CVE-2025-64736 | 2026-03-03 | 6.1 Medium | ||
| An out-of-bounds read vulnerability exists in the ABF parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (5462afb0). A specially crafted .abf file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2025-62815 | 2026-03-03 | N/A | ||
| An issue was discovered in Samsung Mobile Processor Exynos 1380, 1480, 2400, 1580, and 2500. A NULL pointer dereference of npu_proto_drv.ast.thread_ref in set_cpu_affinity() causes a denial of service. | ||||
| CVE-2025-70236 | 2026-03-03 | N/A | ||
| Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetDomainFilter. | ||||
| CVE-2024-55027 | 2026-03-03 | N/A | ||
| Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to stroe credentials in plaintext in the component uac_temp.db. | ||||
| CVE-2024-55019 | 2026-03-03 | 6.5 Medium | ||
| Incorrect access control in the component download_wb.cgi of Weintek cMT-3072XH2 easyweb Web Version v2.1.53, OS v20231011 allows unauthenticated attack to download arbitrary files. | ||||