Export limit exceeded: 330302 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 330302 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (330302 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-28343 | 1 Ckeditor | 1 Ckeditor5 | 2026-03-06 | 6.4 Medium |
| CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. Prior to version 47.6.0, a cross-site scripting (XSS) vulnerability has been discovered in the General HTML Support feature. This vulnerability could be triggered by inserting specially crafted markup, leading to unauthorized JavaScript code execution, if the editor instance used an unsafe General HTML Support configuration. This issue has been patched in version 47.6.0. | ||||
| CVE-2025-70218 | 1 Dlink | 2 Dir-513, Dir-513 Firmware | 2026-03-06 | 9.8 Critical |
| Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via POST to the goform/formAdvFirewall component. | ||||
| CVE-2025-70220 | 1 Dlink | 2 Dir-513, Dir-513 Firmware | 2026-03-06 | 9.8 Critical |
| Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAutoDetecWAN_wizard4. | ||||
| CVE-2025-70223 | 1 Dlink | 2 Dir-513, Dir-513 Firmware | 2026-03-06 | 9.8 Critical |
| Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAdvNetwork. | ||||
| CVE-2025-70226 | 1 Dlink | 2 Dir-513, Dir-513 Firmware | 2026-03-06 | 9.8 Critical |
| Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formEasySetupWizard. | ||||
| CVE-2025-70219 | 1 Dlink | 2 Dir-513, Dir-513 Firmware | 2026-03-06 | 9.8 Critical |
| Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the goform/formDeviceReboot. | ||||
| CVE-2025-70221 | 1 Dlink | 2 Dir-513, Dir-513 Firmware | 2026-03-06 | 9.8 Critical |
| Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formLogin. | ||||
| CVE-2025-70225 | 1 Dlink | 2 Dir-513, Dir-513 Firmware | 2026-03-06 | 9.8 Critical |
| Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curtime parameter to the goform/formEasySetupWWConfig component | ||||
| CVE-2025-70222 | 1 Dlink | 2 Dir-513, Dir-513 Firmware | 2026-03-06 | 9.8 Critical |
| Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formLogin,goform/getAuthCode. | ||||
| CVE-2025-70229 | 1 Dlink | 2 Dir-513, Dir-513 Firmware | 2026-03-06 | 9.8 Critical |
| Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSchedule. | ||||
| CVE-2025-70230 | 1 Dlink | 2 Dir-513, Dir-513 Firmware | 2026-03-06 | 9.8 Critical |
| Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetDDNS. | ||||
| CVE-2025-70231 | 1 Dlink | 2 Dir-513, Dir-513 Firmware | 2026-03-06 | 9.8 Critical |
| D-Link DIR-513 version 1.10 contains a critical-level vulnerability. When processing POST requests related to verification codes in /goform/formLogin, it enters /goform/getAuthCode but fails to filter the value of the FILECODE parameter, resulting in a path traversal vulnerability. | ||||
| CVE-2025-70232 | 1 Dlink | 2 Dir-513, Dir-513 Firmware | 2026-03-06 | 9.8 Critical |
| Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetMACFilter. | ||||
| CVE-2025-70233 | 1 Dlink | 2 Dir-513, Dir-513 Firmware | 2026-03-06 | 9.8 Critical |
| Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetEnableWizard. | ||||
| CVE-2026-28484 | 1 Openclaw | 1 Openclaw | 2026-03-06 | N/A |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2026-28450 | 1 Openclaw | 1 Openclaw | 2026-03-06 | 6.8 Medium |
| OpenClaw versions prior to 2026.2.12 with the optional Nostr plugin enabled expose unauthenticated HTTP endpoints at /api/channels/nostr/:accountId/profile and /api/channels/nostr/:accountId/profile/import that allow reading and modifying Nostr profiles without gateway authentication. Remote attackers can exploit these endpoints to read sensitive profile data, modify Nostr profiles, persist malicious changes to gateway configuration, and publish signed Nostr events using the bot's private key when the gateway HTTP port is accessible beyond localhost. | ||||
| CVE-2026-28447 | 1 Openclaw | 1 Openclaw | 2026-03-06 | 8.1 High |
| OpenClaw versions 2026.1.29-beta.1 prior to 2026.2.1 contain a path traversal vulnerability in plugin installation that allows malicious plugin package names to escape the extensions directory. Attackers can craft scoped package names containing path traversal sequences like .. to write files outside the intended installation directory when victims run the plugins install command. | ||||
| CVE-2026-28442 | 1 Icewhaletech | 1 Zimaos | 2026-03-06 | 8.6 High |
| ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.2-beta3, users are restricted from deleting internal system files or folders through the application interface. However, when interacting directly with the API, these restrictions can be bypassed. By altering the path parameter in the delete request, internal OS files and directories can be removed successfully. The backend processes these manipulated requests without validating whether the targeted path belongs to restricted system locations. This demonstrates improper input validation and broken access control on sensitive filesystem operations. No known public patch is available. | ||||
| CVE-2026-28041 | 2 Ancorathemes, Wordpress | 2 Grit, Wordpress | 2026-03-06 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Grit grit allows PHP Local File Inclusion.This issue affects Grit: from n/a through <= 1.0.1. | ||||
| CVE-2026-28034 | 2 Themerex, Wordpress | 2 Progress, Wordpress | 2026-03-06 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Progress progress allows PHP Local File Inclusion.This issue affects Progress: from n/a through <= 1.2. | ||||