Export limit exceeded: 330477 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (330477 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-66203 | 1 Lemon8866 | 1 Streamvault | 2026-03-09 | 10 Critical |
| StreamVault is a video download integration solution. Prior to version 251126, a Remote Code Execution (RCE) vulnerability exists in the stream-vault application (SpiritApplication). The application allows administrators to configure yt-dlp arguments via the /admin/api/saveConfig endpoint without sufficient validation. These arguments are stored globally and subsequently used in YtDlpUtil.java when constructing the command line to execute yt-dlp. This issue has been patched in version 251126. | ||||
| CVE-2025-7014 | 2 Qr Menu Pro Smart Menu Systems, Qrmenumpro | 2 Menu Panel, Menu Panel | 2026-03-09 | 5.7 Medium |
| Session Fixation vulnerability in QR Menu Pro Smart Menu Systems Menu Panel allows Session Hijacking.This issue affects Menu Panel: through 29012026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-31044 | 1 Nokia | 2 Impact, Impact Mobile | 2026-03-09 | 2 Low |
| An issue was discovered in Nokia Impact before Mobile 23_FP1. In Impact DM 19.11 onwards, a remote authenticated user, using the Add Campaign functionality, can inject a malicious payload within the Campaign Name. This data can be exported to a CSV file. Attackers can populate data fields that may attempt data exfiltration or other malicious activity when automatically executed by the spreadsheet software. | ||||
| CVE-2025-67485 | 2 Machphy, Mad-proxy | 2 Mad-proxy, Mad-proxy | 2026-03-09 | 5.3 Medium |
| mad-proxy is a Python-based HTTP/HTTPS proxy server for detection and blocking of malicious web activity using custom security policies. Versions 0.3 and below allow attackers to bypass HTTP/HTTPS traffic interception rules, potentially exposing sensitive traffic. This issue does not have a fix at the time of publication. | ||||
| CVE-2026-22723 | 1 Cloudfoundry | 1 Uaa | 2026-03-09 | 6.5 Medium |
| Inappropriate user token revocation due to a logic error in the token revocation endpoint implementation in Cloudfoundry UAA v77.30.0 to v78.7.0 and in Cloudfoundry Deployment v48.7.0 to v54.10.0. | ||||
| CVE-2026-3713 | 1 Libpng | 1 Libpng | 2026-03-09 | 5.3 Medium |
| A flaw has been found in pnggroup libpng up to 1.6.55. Affected by this vulnerability is the function do_pnm2png of the file contrib/pngminus/pnm2png.c of the component pnm2png. This manipulation of the argument width/height causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-27406 | 2 Joe Dolson, Wordpress | 2 My Tickets, Wordpress | 2026-03-09 | 7.5 High |
| Insertion of Sensitive Information Into Sent Data vulnerability in Joe Dolson My Tickets my-tickets allows Retrieve Embedded Sensitive Data.This issue affects My Tickets: from n/a through <= 2.1.0. | ||||
| CVE-2026-27390 | 2 Designthemes, Wordpress | 2 Wedesigntech Ultimate Booking Addon, Wordpress | 2026-03-09 | 8.8 High |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in designthemes WeDesignTech Ultimate Booking Addon wedesigntech-ultimate-booking-addon allows Authentication Abuse.This issue affects WeDesignTech Ultimate Booking Addon: from n/a through <= 1.0.1. | ||||
| CVE-2026-27388 | 2 Designthemes, Wordpress | 2 Designthemes Booking Manager, Wordpress | 2026-03-09 | 7.5 High |
| Missing Authorization vulnerability in designthemes DesignThemes Booking Manager designthemes-booking-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DesignThemes Booking Manager: from n/a through <= 2.0. | ||||
| CVE-2024-36600 | 1 Gnu | 1 Libcdio | 2026-03-09 | 8.4 High |
| Buffer Overflow Vulnerability in libcdio 2.2.0 (fixed in 2.3.0) allows an attacker to execute arbitrary code via a crafted ISO 9660 image file. | ||||
| CVE-2025-7631 | 1 Tumeva Internet Technologies Software Information Advertising And Consulting Services Trade Ltd. Co. | 1 Tumeva News Software | 2026-03-09 | 8.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tumeva Internet Technologies Software Information Advertising and Consulting Services Trade Ltd. Co. Tumeva Prime News Software allows SQL Injection.This issue affects Tumeva Prime News Software: from v.1.0.1 before v1.0.2. | ||||
| CVE-2025-10465 | 1 Birtech Information Technologies Industry And Trade | 1 Sensaway | 2026-03-09 | 8.8 High |
| Unrestricted Upload of File with Dangerous Type vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Sensaway allows Upload a Web Shell to a Web Server.This issue affects Sensaway: through 09022026. NOTE: Because the product was developed using outdated technology, the manufacturer is unable to fix the relevant vulnerabilities. Users of the Sensaway application are advised to contact the manufacturer and review updated products developed with newer technology. | ||||
| CVE-2025-10464 | 1 Birtech Information Technologies Industry And Trade | 1 Senseway | 2026-03-09 | 6.5 Medium |
| Insecure Storage of Sensitive Information vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Senseway allows Retrieve Embedded Sensitive Data.This issue affects Senseway: through 09022026. NOTE: Because the product was developed using outdated technology, the manufacturer is unable to fix the relevant vulnerabilities. Users of the Sensaway application are advised to contact the manufacturer and review updated products developed with newer technology. | ||||
| CVE-2025-10463 | 1 Birtech Information Technologies Industry And Trade | 1 Senseway | 2026-03-09 | 7.3 High |
| Improper Authentication vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Senseway allows Authentication Abuse.This issue affects Senseway: through 09022026. NOTE: Because the product was developed using outdated technology, the manufacturer is unable to fix the relevant vulnerabilities. Users of the Sensaway application are advised to contact the manufacturer and review updated products developed with newer technology. | ||||
| CVE-2025-43079 | 3 Linux, Qualys, Qualys Inc | 4 Linux, Cloud Agent, Cloud Agent For Linux and 1 more | 2026-03-09 | 6.3 Medium |
| The Qualys Cloud Agent included a bundled uninstall script (qagent_uninstall.sh), specific to Mac and Linux supported versions that invoked multiple system commands without using absolute paths and without sanitizing the $PATH environment. If the uninstall script is executed with elevated privileges (e.g., via sudo) in an environment where $PATH has been manipulated, an attacker with root/sudo privileges could cause malicious executables to be run in place of the intended system binaries. This behavior can be leveraged for local privilege escalation and arbitrary command execution under elevated privileges. | ||||
| CVE-2025-11950 | 2 Eduasist, Knowhy Advanced Technology Trading | 2 Eduasist, Eduasist | 2026-03-09 | 6.3 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in KNOWHY Advanced Technology Trading Ltd. Co. EduAsist allows Reflected XSS.This issue affects EduAsist: before v2.1. | ||||
| CVE-2025-33022 | 2026-03-09 | N/A | ||
| The reporter agreed to not assign CVE ID | ||||
| CVE-2026-2603 | 2 Keycloak, Redhat | 2 Keycloak, Build Keycloak | 2026-03-09 | 8.1 High |
| No description is available for this CVE. | ||||
| CVE-2026-3632 | 1 Libsoup | 1 Libsoup | 2026-03-09 | 3.9 Low |
| No description is available for this CVE. | ||||
| CVE-2026-3633 | 1 Libsoup | 1 Libsoup | 2026-03-09 | 3.9 Low |
| No description is available for this CVE. | ||||