Export limit exceeded: 329859 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (329859 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-20022 | 1 Cisco | 2 Adaptive Security Appliance Software, Secure Firewall Threat Defense | 2026-03-06 | 6.1 Medium |
| A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition when OSPF canonicalization debug is enabled by using the command debug ip ospf canon. This vulnerability is due to insufficient input validation when processing OSPF LSU packets. An attacker could exploit this vulnerability by sending crafted unauthenticated OSPF packets. A successful exploit could allow the attacker to write to memory outside of the packet data, causing the device to reload, resulting in a DoS condition. | ||||
| CVE-2025-70948 | 1 Perfood | 1 Couchauth | 2026-03-06 | 9.3 Critical |
| A host header injection vulnerability in the mailer component of @perfood/couch-auth v0.26.0 allows attackers to obtain reset tokens and execute an account takeover via spoofing the HTTP Host header. | ||||
| CVE-2025-70949 | 1 Perfood | 1 Couchauth | 2026-03-06 | 7.5 High |
| An observable timing discrepancy in @perfood/couch-auth v0.26.0 allows attackers to access sensitive information via a timing side-channel. | ||||
| CVE-2025-70995 | 1 Arandasoft | 1 Aranda Service Desk Web Edition | 2026-03-06 | 8.8 High |
| An issue in Aranda Service Desk Web Edition (ASDK API 8.6) allows authenticated attackers to achieve remote code execution due to improper validation of uploaded files. An authenticated user can upload a crafted web.config file by sending a crafted POST request to /ASDKAPI/api/v8.6/item/addfile, which is processed by the ASP.NET runtime. The uploaded configuration file alters the execution context of the upload directory, enabling compilation and execution of attacker-controlled code (e.g., generation of an .aspx webshell). This allows remote command execution on the server without user interaction beyond authentication, impacting both On-Premise and SaaS deployments. | ||||
| CVE-2025-70614 | 1 Opencode Systems | 1 Ussd Gateway | 2026-03-06 | 8.1 High |
| OpenCode Systems OC Messaging / USSD Gateway OC Release 6.32.2 contains a broken access control vulnerability in the web-based control panel allowing authenticated low-privileged attackers to gain to access to arbitrary SMS messages via a crafted company or tenant identifier parameter. | ||||
| CVE-2025-29165 | 1 Dlink | 1 Dir-1253 | 2026-03-06 | 9.8 Critical |
| An issue in D-Link DIR-1253 MESH V1.6.1684 allows an attacker to escalate privileges via the etc/shadow.sample component | ||||
| CVE-2025-70616 | 1 Wincor | 1 Nixdorf | 2026-03-06 | 7.8 High |
| A stack buffer overflow vulnerability exists in the Wincor Nixdorf wnBios64.sys kernel driver (version 1.2.0.0) in the IOCTL handler for code 0x80102058. The vulnerability is caused by missing bounds checking on the user-controlled Options parameter before copying data into a 40-byte stack buffer (Src[40]) using memmove. An attacker with local access can exploit this vulnerability by sending a crafted IOCTL request with Options > 40, causing a stack buffer overflow that may lead to kernel code execution, local privilege escalation, or denial of service (system crash). Additionally, the same IOCTL handler can leak kernel addresses and other sensitive stack data when reading beyond the buffer boundaries. | ||||
| CVE-2025-45691 | 1 Explodinggradients | 1 Ragas | 2026-03-06 | 7.5 High |
| An Arbitrary File Read vulnerability exists in the ImageTextPromptValue class in Exploding Gradients RAGAS v0.2.3 to v0.2.14. The vulnerability stems from improper validation and sanitization of URLs supplied in the retrieved_contexts parameter when handling multimodal inputs. | ||||
| CVE-2026-26416 | 1 Tcs | 1 Cognix Recon Client | 2026-03-06 | 8.8 High |
| An authorization bypass vulnerability in Tata Consultancy Services Cognix Recon Client v3.0 allows authenticated users to escalate privileges across role boundaries via crafted requests. | ||||
| CVE-2026-26417 | 1 Tcs | 1 Cognix Recon Client | 2026-03-06 | 8.1 High |
| A broken access control vulnerability in the password reset functionality of Tata Consultancy Services Cognix Recon Client v3.0 allows authenticated users to reset passwords of arbitrary user accounts via crafted requests. | ||||
| CVE-2026-26418 | 1 Tcs | 1 Cognix Recon Client | 2026-03-06 | 7.5 High |
| Missing authentication and authorization in the web API of Tata Consultancy Services Cognix Recon Client v3.0 allows remote attackers to access application functionality without restriction via the network. | ||||
| CVE-2026-29122 | 1 International Datacasting Corporation | 1 Sfx2100 Satellite Receiver | 2026-03-06 | N/A |
| International Data Casting (IDC) SFX2100 satellite receiver comes with the `/bin/date` utility installed with the setuid bit set. This configuration grants elevated privileges to any local user who can execute the binary. A local actor is able to use the GTFObins resource to preform privileged file reads as the root user on the local file system. This allows an actor to be able to read any root read-only files, such as the /etc/shadow file or other configuration/secrets carrier files. | ||||
| CVE-2026-29123 | 1 International Datacasting Corporation | 1 Sfx2100 Satellite Receiver | 2026-03-06 | N/A |
| A SUID root-owned binary in /home/xd/terminal/XDTerminal in International Data Casting (IDC) SFX2100 on Linux allows a local actor to potentially preform local privilege escalation depending on conditions of the system via execution of the affected SUID binary. This can be via PATH hijacking, symlink abuse or shared object hijacking. | ||||
| CVE-2026-29124 | 1 International Datacasting Corporation | 1 Sfx2100 Satellite Receiver | 2026-03-06 | N/A |
| Multiple SUID root-owned binaries are found in /home/monitor/terminal, /home/monitor/kore-terminal, /home/monitor/IDE-DPack/terminal-dpack, and /home/monitor/IDE-DPack/terminal-dpack2 in International Data Casting (IDC) SFX2100 Satellite Receiver, which may lead to local privlidge escalation from the `monitor` user to root | ||||
| CVE-2026-29125 | 1 International Datacasting Corporation | 1 Sfx2100 Satellite Receiver | 2026-03-06 | N/A |
| IDC SFX2100 Satalite Recievers set the `/etc/resolv.conf` file to be world-writable by any local user, allowing DNS resolver tampering that can redirect network communications, facilitate man-in-the-middle attacks, and cause denial of service. | ||||
| CVE-2026-29126 | 1 International Datacasting Corporation | 1 Sfx2100 Satellite Receiver | 2026-03-06 | N/A |
| Incorrect permission assignment (world-writable file) in /etc/udhcpc/default.script in International Data Casting (IDC) SFX2100 Satellite Receiver allows a local unprivileged attacker to potentially execute arbitrary commands with root privileges (local privilege escalation and persistence) via modification of a root-owned, world-writable BusyBox udhcpc DHCP event script, which is executed when a DHCP lease is obtained, renewed, or lost. | ||||
| CVE-2026-26033 | 1 Dell Inc. | 1 Ups Multi-ups Management Console (mumc) | 2026-03-06 | N/A |
| UPS Multi-UPS Management Console (MUMC) version 01.06.0001 (A03) contains an Unquoted Search Path or Element (CWE-428) vulnerability, which allows a user with write access to a directory on the system drive to execute arbitrary code with SYSTEM privileges. | ||||
| CVE-2026-26034 | 1 Dell Inc. | 1 Ups Multi-ups Management Console (mumc) | 2026-03-06 | N/A |
| UPS Multi-UPS Management Console (MUMC) version 01.06.0001 (A03) contains an Incorrect Default Permissions (CWE-276) vulnerability that allows an attacker to execute arbitrary code with SYSTEM privileges by causing the application to load a specially crafted DLL. | ||||
| CVE-2026-29127 | 1 International Datacasting Corporation | 1 Sfx2100 Satellite Receiver | 2026-03-06 | N/A |
| The IDC SFX2100 Satellite Receiver sets overly permissive file system permissions on the monitor user's home directory. The directory is configured with permissions 0777, granting read, write, and execute access to all local users on the system, which may cause local privilege escalation depending on conditions of the system due to the presence of highly privileged processes and binaries residing within the affected directory. | ||||
| CVE-2026-2365 | 2 Techjewel, Wordpress | 2 Fluent Forms Pro Add On Pack, Wordpress | 2026-03-06 | 7.2 High |
| The Fluent Forms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `fluentform_step_form_save_data` AJAX action in all versions up to, and including, 6.1.17. This is due to the draft form submission endpoint being publicly accessible without authentication or nonce verification, combined with insufficient input sanitization and output escaping of form field data. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever an administrator views a partial form entry. | ||||