Export limit exceeded: 326342 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (326342 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-15559 | 1 Nestersoft | 1 Worktime | 2026-03-03 | 9.8 Critical |
| An unauthenticated attacker can inject OS commands when calling a server API endpoint in NesterSoft WorkTime. The server API call to generate and download the WorkTime client from the WorkTime server is vulnerable in the “guid” parameter. This allows an attacker to execute arbitrary commands on the WorkTime server as NT Authority\SYSTEM with the highest privileges. Attackers are able to access or manipulate sensitive data and take over the whole server. | ||||
| CVE-2026-26336 | 1 Hyland | 3 Alfresco Community, Alfresco Content Services, Alfresco Enterprise | 2026-03-03 | 7.5 High |
| Hyland Alfresco allows unauthenticated attackers to read arbitrary files from protected directories (like WEB-INF) via the "/share/page/resource/" endpoint, thus leading to the disclosure of sensitive configuration files. | ||||
| CVE-2026-26030 | 1 Microsoft | 2 Semantic-kernel, Semantic Kernel | 2026-03-03 | 10 Critical |
| Semantic Kernel, Microsoft's semantic kernel Python SDK, has a remote code execution vulnerability in versions prior to 1.39.4, specifically within the `InMemoryVectorStore` filter functionality. The problem has been fixed in version `python-1.39.4`. Users should upgrade this version or higher. As a workaround, avoid using `InMemoryVectorStore` for production scenarios. | ||||
| CVE-2026-20801 | 2026-03-03 | 5.6 Medium | ||
| Cleartext Transmission of Sensitive Information (CWE-319) in a component used in the Gallagher Hanwha VMS and Gallagher NxWitness VMS integrations allows unprivileged users with local network access to view live video streams. This issue affects all versions of Gallagher NxWitness VMS integration prior to 9.10.017 and Gallagher Hanwha VMS integration prior to 9.10.025. | ||||
| CVE-2025-67601 | 1 Suse | 1 Rancher | 2026-03-03 | 8.3 High |
| A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login command without also passing the –cacert flag results in the CLI attempting to fetch CA certificates stored in Rancher’s setting cacerts. | ||||
| CVE-2026-2628 | 2026-03-03 | 9.8 Critical | ||
| The All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.2.5. This makes it possible for unauthenticated attackers to bypass authentication and log in as other users, including administrators. | ||||
| CVE-2025-47904 | 1 Microchip | 2 Timeprovider 4100, Timeprovider 4100 Firmware | 2026-03-03 | 4.1 Medium |
| Download of Code Without Integrity Check vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This issue affects Time Provider 4100: before 2.5. | ||||
| CVE-2026-3465 | 2026-03-03 | 3.1 Low | ||
| A vulnerability was determined in Tuya App and SDK 24.07.11 on Android. Affected by this vulnerability is an unknown functionality of the component JSON Data Point Handler. This manipulation of the argument cruise_time causes denial of service. Remote exploitation of the attack is possible. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been publicly disclosed and may be utilized. There is ongoing doubt regarding the real existence of this vulnerability. The vendor disagrees with the conclusion of the finding: "The described vulnerability fails to prove its feasibility or exploitability by attackers. The issue essentially does not constitute a security vulnerability, aligning more closely with abnormal product functionality." These considerations are properly reflected within the CVSS vector. | ||||
| CVE-2026-26713 | 1 Carmelo | 1 Simple Food Order System | 2026-03-03 | 9.8 Critical |
| code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/routers/cancel-order.php. | ||||
| CVE-2026-26712 | 1 Carmelo | 1 Simple Food Order System | 2026-03-03 | 9.8 Critical |
| code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/view-ticket-admin.php. | ||||
| CVE-2026-26711 | 1 Carmelo | 1 Simple Food Order System | 2026-03-03 | 9.8 Critical |
| code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/view-ticket.php. | ||||
| CVE-2026-26710 | 1 Carmelo | 1 Simple Food Order System | 2026-03-03 | 9.8 Critical |
| code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/routers/edit-orders.php. | ||||
| CVE-2026-25674 | 2026-03-03 | 3.7 Low | ||
| An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. Race condition in file-system storage and file-based cache backends in Django allows an attacker to cause file system objects to be created with incorrect permissions via concurrent requests, where one thread's temporary `umask` change affects other threads in multi-threaded environments. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Tarek Nakkouch for reporting this issue. | ||||
| CVE-2026-25673 | 2026-03-03 | 7.5 High | ||
| An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. `URLField.to_python()` in Django calls `urllib.parse.urlsplit()`, which performs NFKC normalization on Windows that is disproportionately slow for certain Unicode characters, allowing a remote attacker to cause denial of service via large URL inputs containing these characters. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Seokchan Yoon for reporting this issue. | ||||
| CVE-2026-24812 | 1 Riot Project | 1 Riot | 2026-03-03 | N/A |
| Vulnerability in root-project root (builtins/zlib modules). This vulnerability is associated with program files inftrees.C. This issue affects root: through 6.36.00-rc1. | ||||
| CVE-2026-24801 | 1 Ralim | 1 Ironos | 2026-03-03 | N/A |
| Vulnerability in Ralim IronOS (source/Core/BSP/Pinecilv2/bl_mcu_sdk/components/ble/ble_stack/common/tinycrypt/source modules). This vulnerability is associated with program files ecc_dsa.C. This issue affects IronOS: before v2.23-rc3. | ||||
| CVE-2026-22891 | 2026-03-03 | 9.8 Critical | ||
| A heap-based buffer overflow vulnerability exists in the Intan CLP parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (db9a9a63). A specially crafted Intan CLP file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2026-21928 | 1 Oracle | 1 Solaris | 2026-03-03 | 5.3 Medium |
| Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). | ||||
| CVE-2026-20777 | 2026-03-03 | 8.1 High | ||
| A heap-based buffer overflow vulnerability exists in the Nicolet WFT parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (db9a9a63). A specially crafted .wft file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2026-0017 | 2026-03-03 | 7.7 High | ||
| In onChange of BiometricService.java, there is a possible way to enable fingerprint unlock due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||