Export limit exceeded: 333895 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (333895 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-4307 | 1 Agent-zero | 1 Agent-zero | 2026-03-17 | 4.3 Medium |
| A security flaw has been discovered in frdel/agent0ai agent-zero 0.9.7-10. The impacted element is the function get_abs_path of the file python/helpers/files.py. The manipulation results in path traversal. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-4308 | 1 Agent-zero | 1 Agent-zero | 2026-03-17 | 6.3 Medium |
| A weakness has been identified in frdel/agent0ai agent-zero 0.9.7. This affects the function handle_pdf_document of the file python/helpers/document_query.py. This manipulation causes server-side request forgery. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-4312 | 1 Drangsoft | 2 Gcb/fcb Audit Software, Gcb Fcb Audit Software | 2026-03-17 | 9.8 Critical |
| GCB/FCB Audit Software developed by DrangSoft has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access certain APIs to create a new administrative account. | ||||
| CVE-2026-3059 | 2 Lmsys, Sglang | 2 Sglang, Sglang | 2026-03-17 | 9.8 Critical |
| SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, which deserializes untrusted data using pickle.loads() without authentication. | ||||
| CVE-2026-3839 | 1 Unraid | 1 Unraid | 2026-03-17 | N/A |
| Unraid Authentication Request Path Traversal Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Unraid. Authentication is not required to exploit this vulnerability. The specific flaw exists within the auth-request.php file. The issue results from the lack of proper validation of a user-supplied path prior to using it in authentications. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-28912. | ||||
| CVE-2026-3838 | 1 Unraid | 1 Unraid | 2026-03-17 | N/A |
| Unraid Update Request Path Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication is required to exploit this vulnerability. The specific flaw exists within the update.php file. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-28951. | ||||
| CVE-2022-50521 | 1 Linux | 1 Linux Kernel | 2026-03-17 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: platform/x86: mxm-wmi: fix memleak in mxm_wmi_call_mx[ds|mx]() The ACPI buffer memory (out.pointer) returned by wmi_evaluate_method() is not freed after the call, so it leads to memory leak. The method results in ACPI buffer is not used, so just pass NULL to wmi_evaluate_method() which fixes the memory leak. | ||||
| CVE-2025-30415 | 2026-03-17 | N/A | ||
| Denial of service due to improper handling of malformed input. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 40077, Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186. | ||||
| CVE-2026-32415 | 2 Bogdan Bendziukov, Wordpress | 2 Squeeze, Wordpress | 2026-03-17 | 5 Medium |
| Path Traversal: '.../...//' vulnerability in Bogdan Bendziukov Squeeze squeeze allows Path Traversal.This issue affects Squeeze: from n/a through <= 1.7.7. | ||||
| CVE-2026-32405 | 2 Wordpress, Xtemos | 2 Wordpress, Woodmart | 2026-03-17 | 5.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in xtemos WoodMart woodmart allows Retrieve Embedded Sensitive Data.This issue affects WoodMart: from n/a through <= 8.3.9. | ||||
| CVE-2026-32401 | 2 Boldgrid, Wordpress | 2 Client Invoicing By Sprout Invoices, Wordpress | 2026-03-17 | 7.2 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows PHP Local File Inclusion.This issue affects Client Invoicing by Sprout Invoices: from n/a through <= 20.8.9. | ||||
| CVE-2026-32393 | 2 Creatives Planet, Wordpress | 2 Greenly Theme Addons, Wordpress | 2026-03-17 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Creatives_Planet Greenly Theme Addons greenly-addons allows PHP Local File Inclusion.This issue affects Greenly Theme Addons: from n/a through < 8.2. | ||||
| CVE-2026-32384 | 2 Magepeopleteam, Wordpress | 2 Wpbookingly, Wordpress | 2026-03-17 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in magepeopleteam WpBookingly service-booking-manager allows PHP Local File Inclusion.This issue affects WpBookingly: from n/a through <= 1.2.9. | ||||
| CVE-2026-32372 | 2 Radiustheme, Wordpress | 2 Shopbuilder – Elementor Woocommerce Builder Addons, Wordpress | 2026-03-17 | 5.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RadiusTheme ShopBuilder – Elementor WooCommerce Builder Addons shopbuilder allows Retrieve Embedded Sensitive Data.This issue affects ShopBuilder – Elementor WooCommerce Builder Addons: from n/a through <= 3.2.4. | ||||
| CVE-2026-32364 | 2 Redqteam, Wordpress | 2 Turbo Manager, Wordpress | 2026-03-17 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in redqteam Turbo Manager turbo-manager allows PHP Local File Inclusion.This issue affects Turbo Manager: from n/a through < 4.0.8. | ||||
| CVE-2026-32344 | 2 Desertthemes, Wordpress | 2 Corpiva, Wordpress | 2026-03-17 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in desertthemes Corpiva corpiva allows Cross Site Request Forgery.This issue affects Corpiva: from n/a through <= 1.0.96. | ||||
| CVE-2026-31857 | 1 Craftcms | 2 Craft Cms, Craftcms | 2026-03-17 | 8.8 High |
| Craft is a content management system (CMS). Prior to 5.9.9 and 4.17.4, a Remote Code Execution vulnerability exists in the Craft CMS 5 conditions system. The BaseElementSelectConditionRule::getElementIds() method passes user-controlled string input through renderObjectTemplate() -- an unsandboxed Twig rendering function with escaping disabled. Any authenticated Control Panel user (including non-admin roles such as Author or Editor) can achieve full RCE by sending a crafted condition rule via standard element listing endpoints. This vulnerability requires no admin privileges, no special permissions beyond basic control panel access, and bypasses all production hardening settings (allowAdminChanges: false, devMode: false, enableTwigSandbox: true). Users should update to the patched 5.9.9 or 4.17.4 release to mitigate the issue. | ||||
| CVE-2022-50522 | 1 Linux | 1 Linux Kernel | 2026-03-17 | 3.3 Low |
| In the Linux kernel, the following vulnerability has been resolved: mcb: mcb-parse: fix error handing in chameleon_parse_gdd() If mcb_device_register() returns error in chameleon_parse_gdd(), the refcount of bus and device name are leaked. Fix this by calling put_device() to give up the reference, so they can be released in mcb_release_dev() and kobject_cleanup(). | ||||
| CVE-2022-50518 | 1 Linux | 1 Linux Kernel | 2026-03-17 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: parisc: Fix locking in pdc_iodc_print() firmware call Utilize pdc_lock spinlock to protect parallel modifications of the iodc_dbuf[] buffer, check length to prevent buffer overflow of iodc_dbuf[], drop the iodc_retbuf[] buffer and fix some wrong indentings. | ||||
| CVE-2025-22978 | 1 Eladmin | 1 Eladmin | 2026-03-17 | 9.8 Critical |
| eladmin <=2.7 is vulnerable to CSV Injection in the exception log download module. | ||||