Export limit exceeded: 336261 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (336261 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-26828 | 1 Owntone | 1 Owntone-server | 2026-03-24 | 7.5 High |
| A NULL pointer dereference in the daap_reply_playlists function (src/httpd_daap.c) of owntone-server commit 3d1652d allows attackers to cause a Denial of Service (DoS) via sending a crafted DAAP request to the server | ||||
| CVE-2026-30006 | 1 Xnview | 1 Nconvert | 2026-03-24 | 6.2 Medium |
| XnSoft NConvert 7.230 is vulnerable to Stack Buffer Overrun via a crafted .tiff file. | ||||
| CVE-2026-27183 | 1 Openclaw | 1 Openclaw | 2026-03-24 | 4.5 Medium |
| OpenClaw versions prior to 2026.3.7 contain a shell approval gating bypass vulnerability in system.run dispatch-wrapper handling that allows attackers to skip shell wrapper approval requirements. The approval classifier and execution planner apply different depth-boundary rules, permitting exactly four transparent dispatch wrappers like repeated env invocations before /bin/sh -c to bypass security=allowlist approval gating by misaligning classification with execution planning. | ||||
| CVE-2026-32845 | 1 Jkuhlmann | 1 Cgltf | 2026-03-24 | 8.4 High |
| cgltf version 1.15 and prior contain an integer overflow vulnerability in the cgltf_validate() function when validating sparse accessors that allows attackers to trigger out-of-bounds reads by supplying crafted glTF/GLB input files with attacker-controlled size values. Attackers can exploit unchecked arithmetic operations in sparse accessor validation to cause heap buffer over-reads in cgltf_calc_index_bound(), resulting in denial of service crashes and potential memory disclosure. | ||||
| CVE-2026-32850 | 1 Mailenable | 1 Mailenable | 2026-03-24 | N/A |
| MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the webmail interface that allows remote attackers to execute arbitrary JavaScript in a victim's browser by crafting a malicious URL. Attackers can inject malicious code through the SelectedIndex parameter in the ManageShares.aspx form, which is not properly sanitized before being embedded into dynamically generated JavaScript. | ||||
| CVE-2026-30007 | 1 Xnsoft | 1 Nconvert | 2026-03-24 | 6.2 Medium |
| XnSoft NConvert 7.230 is vulnerable to Use-After-Free via a crafted .tiff file | ||||
| CVE-2026-30886 | 1 Quantumnous | 1 New-api | 2026-03-24 | 6.5 Medium |
| New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to version 0.11.4-alpha.2, an Insecure Direct Object Reference (IDOR) vulnerability in the video proxy endpoint (`GET /v1/videos/:task_id/content`) allows any authenticated user to access video content belonging to other users and causes the server to authenticate to upstream AI providers (Google Gemini, OpenAI) using credentials derived from tasks they do not own. The missing authorization check is a single function call — `model.GetByOnlyTaskId(taskID)` queries by `task_id` alone with no `user_id` filter, while every other task-lookup in the codebase enforces ownership via `model.GetByTaskId(userId, taskID)`. Version 0.11.4-alpha.2 contains a patch. | ||||
| CVE-2026-33502 | 1 Wwbn | 1 Avideo | 2026-03-24 | 9.3 Critical |
| WWBN AVideo is an open source video platform. In versions up to and including 26.0, an unauthenticated server-side request forgery vulnerability in `plugin/Live/test.php` allows any remote user to make the AVideo server send HTTP requests to arbitrary URLs. This can be used to probe localhost/internal services and, when reachable, access internal HTTP resources or cloud metadata endpoints. Commit 1e6cf03e93b5a5318204b010ea28440b0d9a5ab3 contains a patch. | ||||
| CVE-2026-33513 | 1 Wwbn | 1 Avideo | 2026-03-24 | 8.6 High |
| WWBN AVideo is an open source video platform. In versions up to and including 26.0, an unauthenticated API endpoint (`APIName=locale`) concatenates user input into an `include` path with no canonicalization or whitelist. Path traversal is accepted, so arbitrary PHP files under the web root can be included. In our test this yielded confirmed file disclosure and code execution of existing PHP content (e.g., `view/about.php`), and it *can* escalate to RCE if an attacker can place or control a PHP file elsewhere in the tree. As of time of publication, no patched versions are available. | ||||
| CVE-2026-33716 | 1 Wwbn | 1 Avideo | 2026-03-24 | 9.4 Critical |
| WWBN AVideo is an open source video platform. In versions up to and including 26.0, the standalone live stream control endpoint at `plugin/Live/standAloneFiles/control.json.php` accepts a user-supplied `streamerURL` parameter that overrides where the server sends token verification requests. An attacker can redirect token verification to a server they control that always returns `{"error": false}`, completely bypassing authentication. This grants unauthenticated control over any live stream on the platform, including dropping active publishers, starting/stopping recordings, and probing stream existence. Commit 388fcd57dbd16f6cb3ebcdf1d08cf2b929941128 contains a patch. | ||||
| CVE-2026-33717 | 1 Wwbn | 1 Avideo | 2026-03-24 | 8.8 High |
| WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `downloadVideoFromDownloadURL()` function in `objects/aVideoEncoder.json.php` saves remote content to a web-accessible temporary directory using the original URL's filename and extension (including `.php`). By providing an invalid `resolution` parameter, an attacker triggers an early `die()` via `forbiddenPage()` before the temp file can be moved or cleaned up, leaving an executable PHP file persistently accessible under the web root at `videos/cache/tmpFile/`. Commit 6da79b43484099a0b660d1544a63c07b633ed3a2 contains a patch. | ||||
| CVE-2026-33719 | 1 Wwbn | 1 Avideo | 2026-03-24 | 8.6 High |
| WWBN AVideo is an open source video platform. In versions up to and including 26.0, the CDN plugin endpoints `plugin/CDN/status.json.php` and `plugin/CDN/disable.json.php` use key-based authentication with an empty string default key. When the CDN plugin is enabled but the key has not been configured (the default state), the key validation check is completely bypassed, allowing any unauthenticated attacker to modify the full CDN configuration — including CDN URLs, storage credentials, and the authentication key itself — via mass-assignment through the `par` request parameter. Commit adeff0a31ba04a56f411eef256139fd7ed7d4310 contains a patch. | ||||
| CVE-2026-4368 | 1 Netscaler | 2 Adc, Gateway | 2026-03-24 | N/A |
| Race Condition in NetScaler ADC and NetScaler Gateway when appliance is configured as Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server leading to User Session Mixup | ||||
| CVE-2026-4495 | 1 Atjiu | 1 Pybbs | 2026-03-24 | 3.5 Low |
| A security flaw has been discovered in atjiu pybbs 6.0.0. This impacts the function create of the file src/main/java/co/yiiu/pybbs/controller/api/CommentApiController.java. The manipulation results in cross site scripting. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2026-4590 | 1 Kalcaddle | 1 Kodbox | 2026-03-24 | 3.1 Low |
| A security flaw has been discovered in kalcaddle kodbox 1.64. The impacted element is an unknown function of the file /workspace/source-code/plugins/oauth/controller/bind/index.class.php of the component loginSubmit API. Performing a manipulation of the argument third results in cross-site request forgery. Remote exploitation of the attack is possible. A high degree of complexity is needed for the attack. The exploitability is regarded as difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-4592 | 1 Kalcaddle | 1 Kodbox | 2026-03-24 | 5.6 Medium |
| A security vulnerability has been detected in kalcaddle kodbox 1.64. This impacts the function loginAfter/tfaVerify of the file /workspace/source-code/plugins/client/controller/tfa/index.class.php of the component Password Login. The manipulation leads to improper authentication. The attack is possible to be carried out remotely. The attack is considered to have high complexity. The exploitability is said to be difficult. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-4594 | 1 Erupt | 1 Erupt | 2026-03-24 | 7.3 High |
| A vulnerability has been found in erupts erupt up to 1.13.3. Affected by this issue is the function geneEruptHqlOrderBy of the file erupt-data/erupt-jpa/src/main/java/xyz/erupt/jpa/dao/EruptJpaUtils.java. Such manipulation of the argument sort.field leads to sql injection hibernate. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-2298 | 1 Salesforce | 1 Marketing Cloud Engagement | 2026-03-24 | 9.4 Critical |
| Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Salesforce Marketing Cloud Engagement allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January 30th, 2026. | ||||
| CVE-2026-4754 | 1 Molotovcherry | 1 Android-imagemagick7 | 2026-03-24 | 6.1 Medium |
| CWE-79 vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11. | ||||
| CVE-2026-4753 | 1 Slajerek | 1 Retrodebugger | 2026-03-24 | 9.1 Critical |
| Out-of-bounds Read vulnerability in slajerek RetroDebugger.This issue affects RetroDebugger: before v0.64.72. | ||||