Export limit exceeded: 327194 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (327194 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-44141 | 1 Backdropcms | 1 Backdrop Cms | 2026-03-04 | 6.1 Medium |
| A Cross-Site Scripting (XSS) vulnerability exists in the node creation form of Backdrop CMS 1.30. | ||||
| CVE-2026-1763 | 1 Ge Vernova | 1 Enervista | 2026-03-04 | 4.6 Medium |
| Vulnerability in GE Vernova Enervista UR Setup on Windows.This issue affects Enervista: 8.6 and previous versions. | ||||
| CVE-2026-1762 | 1 Ge Vernova | 1 Enervista | 2026-03-04 | 2.9 Low |
| A vulnerability in GE Vernova Enervista UR Setup on Windows allows File Manipulation.This issue affects Enervista: 8.6 and prior versions. | ||||
| CVE-2026-20601 | 1 Apple | 1 Macos | 2026-03-04 | 3.3 Low |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.3. An app may be able to monitor keystrokes without user permission. | ||||
| CVE-2026-20022 | 2026-03-04 | 6.1 Medium | ||
| A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition when OSPF canonicalization debug is enabled by using the command debug ip ospf canon. This vulnerability is due to insufficient input validation when processing OSPF LSU packets. An attacker could exploit this vulnerability by sending crafted unauthenticated OSPF packets. A successful exploit could allow the attacker to write to memory outside of the packet data, causing the device to reload, resulting in a DoS condition. | ||||
| CVE-2025-47373 | 1 Qualcomm | 376 Ar8035, Ar8035 Firmware, Cologne and 373 more | 2026-03-04 | 7.8 High |
| Memory Corruption when accessing buffers with invalid length during TA invocation. | ||||
| CVE-2025-14604 | 1 Ibm | 1 Storage Scale | 2026-03-04 | 6.6 Medium |
| IBM Storage Scale IBM S through rage Scale 5.2.3.0 - 5.2.3.5, and IBM S through rage Scale 6.0.0.0 - 6.0.0.1 could allow a local user to unintentionally trigger additional permissions for resources in a way that allows that resource to be executed by unintended actors. | ||||
| CVE-2025-14923 | 1 Ibm | 2 Websphere Application Server, Websphere Application Server Liberty | 2026-03-04 | 4.7 Medium |
| IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.2 IBM WebSphere Application Server Liberty could provide weaker than expected security when using the Security Utility when administering security settings. | ||||
| CVE-2024-20358 | 1 Cisco | 3 Adaptive Security Appliance, Adaptive Security Appliance Software, Firepower Threat Defense Software | 2026-03-04 | 6 Medium |
| A vulnerability in the Cisco Adaptive Security Appliance (ASA) restore functionality that is available in Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level privileges. Administrator-level privileges are required to exploit this vulnerability. This vulnerability exists because the contents of a backup file are improperly sanitized at restore time. An attacker could exploit this vulnerability by restoring a crafted backup file to an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system as root. | ||||
| CVE-2024-20340 | 1 Cisco | 1 Secure Firewall Management Center | 2026-03-04 | 6.5 Medium |
| A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to perform an SQL injection attack against an affected device. To exploit this vulnerability, an attacker must have a valid account on the device with the role of Security Approver, Intrusion Admin, Access Admin, or Network Admin. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to read the contents of databases on the affected device and also obtain limited read access to the underlying operating system. | ||||
| CVE-2026-21385 | 1 Qualcomm | 475 5g Fixed Wireless Access Platform, 5g Fixed Wireless Access Platform Firmware, Apq8098 and 472 more | 2026-03-04 | 7.8 High |
| Memory corruption while using alignments for memory allocation. | ||||
| CVE-2025-13016 | 1 Mozilla | 2 Firefox, Firefox Esr | 2026-03-04 | 7.5 High |
| Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5. | ||||
| CVE-2026-3094 | 1 Deltaww | 1 Cncsoft-g2 | 2026-03-04 | 7.8 High |
| Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process. | ||||
| CVE-2026-3056 | 2026-03-04 | 4.3 Medium | ||
| The Seraphinite Accelerator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `seraph_accel_api` AJAX action with `fn=LogClear` in all versions up to, and including, 2.28.14. This makes it possible for authenticated attackers, with Subscriber-level access and above, to clear the plugin's debug/operational logs. | ||||
| CVE-2026-1674 | 2026-03-04 | 6.5 Medium | ||
| The Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization within the save_gutena_forms_schema() function in all versions up to, and including, 1.6.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to update option values to a structured array value on the WordPress site. This can be leveraged to update an option that would create an error on the site and deny service to legitimate users or be used to set some values, that would, for example enable site user registration when it is explicitly disabled. | ||||
| CVE-2026-1980 | 2 Iqonicdesign, Wordpress | 2 Wpbookit, Wordpress | 2026-03-04 | 5.3 Medium |
| The WPBookit plugin for WordPress is vulnerable to unauthorized data disclosure due to a missing authorization check on the 'get_customer_list' route in all versions up to, and including, 1.0.8. This makes it possible for unauthenticated attackers to retrieve sensitive customer information including names, emails, phone numbers, dates of birth, and gender. | ||||
| CVE-2026-24415 | 1 Devcode | 1 Openstamanager | 2026-03-04 | N/A |
| OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contains Reflected XSS vulnerabilities in invoice/order/contract modification modals. The application fails to properly sanitize user-supplied input from the righe GET parameter before reflecting it in HTML output.The $_GET['righe'] parameter is directly echoed into the HTML value attribute without any sanitization using htmlspecialchars() or equivalent functions. This allows an attacker to break out of the attribute context and inject arbitrary HTML/JavaScript. | ||||
| CVE-2026-27445 | 1 Seppmail | 1 Seppmail Secure Email Gateway | 2026-03-04 | N/A |
| SEPPmail Secure Email Gateway before version 15.0.1 does not properly verify that a PGP signature was generated by the expected key, allowing signature spoofing. | ||||
| CVE-2023-7337 | 2026-03-04 | 7.5 High | ||
| The JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress is vulnerable to SQL Injection via the 'js-support-ticket-token-tkstatus' cookie in version 2.8.2 due to an incomplete fix for CVE-2023-50839 where a second sink was left with insufficient escaping on the user supplied values and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2025-40894 | 1 Nozomi Networks | 2 Cmc, Guardian | 2026-03-04 | 4.4 Medium |
| A Stored HTML Injection vulnerability was discovered in the Alerted Nodes Dashboard functionality due to improper validation on an input parameter. A malicious authenticated user with the required privileges could edit a node label to inject HTML tags. If the system is configured to use the Alerted Nodes Dashboard, and alerts are reported for the affected node, then the injected HTML may render in the browser of a victim user interacting with it, enabling phishing and possibly open redirect attacks. Full XSS exploitation and direct information disclosure are prevented by the existing input validation and Content Security Policy configuration. | ||||