Export limit exceeded: 334864 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (334864 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-2797 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-02-25 | 9.8 Critical |
| Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 148 and Thunderbird < 148. | ||||
| CVE-2026-2796 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-02-25 | 9.8 Critical |
| JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148 and Thunderbird < 148. | ||||
| CVE-2026-2795 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-02-25 | 9.8 Critical |
| Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 148 and Thunderbird < 148. | ||||
| CVE-2026-3194 | 2026-02-25 | 4.5 Medium | ||
| A flaw has been found in Chia Blockchain 2.1.0. The affected element is the function send_transaction/get_private_key of the component RPC Server Master Passphrase Handler. This manipulation causes missing authentication. The attack can only be executed locally. The attack's complexity is rated as high. The exploitability is described as difficult. The exploit has been published and may be used. The vendor was informed early via email. A separate report via bugbounty was rejected with the reason "This is by design. The user is responsible for host security". | ||||
| CVE-2025-65717 | 1 Ritwickdey | 2 Live Server, Vscode-live-server | 2026-02-25 | 4.3 Medium |
| An issue in Visual Studio Code Extensions Live Server v5.7.9 allows attackers to exfiltrate files via user interaction with a crafted HTML page. | ||||
| CVE-2026-27795 | 2026-02-25 | 4.1 Medium | ||
| LangChain is a framework for building LLM-powered applications. Prior to version 1.1.8, a redirect-based Server-Side Request Forgery (SSRF) bypass exists in `RecursiveUrlLoader` in `@langchain/community`. The loader validates the initial URL but allows the underlying fetch to follow redirects automatically, which permits a transition from a safe public URL to an internal or metadata endpoint without revalidation. This is a bypass of the SSRF protections introduced in 1.1.14 (CVE-2026-26019). Users should upgrade to `@langchain/community` 1.1.18, which validates every redirect hop by disabling automatic redirects and re-validating `Location` targets before following them. In this version, automatic redirects are disabled (`redirect: "manual"`), each 3xx `Location` is resolved and validated with `validateSafeUrl()` before the next request, and a maximum redirect limit prevents infinite loops. | ||||
| CVE-2026-3163 | 2 Remyandrade, Sourcecodester | 2 Website Link Extractor, Website Link Extractor | 2026-02-25 | 6.3 Medium |
| A vulnerability has been found in SourceCodester Website Link Extractor 1.0. This vulnerability affects the function file_get_contents of the component URL Handler. The manipulation leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-2946 | 1 Rymcu | 1 Forest | 2026-02-25 | 3.5 Low |
| A security vulnerability has been detected in rymcu forest up to 0.0.5. Affected by this issue is the function XssUtils.replaceHtmlCode of the file src/main/java/com/rymcu/forest/util/XssUtils.java of the component Article Content/Comments/Portfolio. The manipulation leads to cross site scripting. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-2934 | 2 Yifang, Yifangcms | 2 Cms, Yifang | 2026-02-25 | 2.4 Low |
| A security vulnerability has been detected in YiFang CMS up to 2.0.5. This impacts the function update of the file app/db/admin/D_friendLinkGroup.php of the component Extended Management Module. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2026-2935 | 1 Utt | 3 810g, 810g Firmware, Hiper 810g | 2026-02-25 | 7.2 High |
| A weakness has been identified in UTT HiPER 810G up to 1.7.7-171114. This issue affects the function strcpy of the file /goform/ConfigExceptMSN. Executing a manipulation of the argument remark can lead to buffer overflow. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2023-4886 | 2 Redhat, Theforeman | 5 Satellite, Satellite Capsule, Satellite Maintenance and 2 more | 2026-02-25 | 6.7 Medium |
| A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable. | ||||
| CVE-2023-4237 | 1 Redhat | 3 Ansible Automation Platform, Ansible Automation Platform Cloud Billing, Ansible Collection | 2026-02-25 | 7.3 High |
| A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system's confidentiality, integrity, and availability. | ||||
| CVE-2023-5157 | 3 Fedoraproject, Mariadb, Redhat | 17 Fedora, Mariadb, Enterprise Linux and 14 more | 2026-02-25 | 7.5 High |
| A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service. | ||||
| CVE-2019-25450 | 1 Dolibarr | 2 Dolibarr Erp/crm, Dolibarr Erp\/crm | 2026-02-25 | 7.1 High |
| Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through POST parameters. Attackers can inject malicious SQL through parameters like actioncode, demand_reason_id, and availability_id in card.php endpoints to extract sensitive database information using boolean-based blind, error-based, and time-based blind techniques. | ||||
| CVE-2026-2385 | 2 Posimyththemes, Wordpress | 2 The Plus Addons For Elementor – Addons For Elementor, Page Templates, Widgets, Mega Menu, Woocommerce, Wordpress | 2026-02-25 | 5.3 Medium |
| The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in all versions up to, and including, 6.4.7. This is due to the plugin decrypting and trusting attacker-controlled email_data in an unauthenticated AJAX handler without cryptographic authenticity guarantees. This makes it possible for unauthenticated attackers to tamper with form email routing and redirection values to trigger unauthorized email relay and attacker-controlled redirection via the 'email_data' parameter. | ||||
| CVE-2019-25452 | 1 Dolibarr | 2 Dolibarr Erp/crm, Dolibarr Erp\/crm | 2026-02-25 | 8.2 High |
| Dolibarr ERP/CRM 10.0.1 contains an SQL injection vulnerability in the elemid POST parameter of the viewcat.php endpoint that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit crafted POST requests with malicious SQL payloads in the elemid parameter to extract sensitive database information using error-based or time-based blind SQL injection techniques. | ||||
| CVE-2026-2938 | 2 Munyweki, Sourcecodester | 2 Student Result Management System, Student Result Management System | 2026-02-25 | 7.3 High |
| A vulnerability has been found in SourceCodester Student Result Management System 1.0. The affected element is an unknown function of the file /srms/script/admin/core/update_smtp.php. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-2939 | 1 Itsourcecode | 1 Student Management System | 2026-02-25 | 2.4 Low |
| A vulnerability was found in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /add_student/ of the component Add Student Module. The manipulation results in cross site scripting. It is possible to launch the attack remotely. The exploit has been made public and could be used. | ||||
| CVE-2024-12401 | 1 Redhat | 8 Cert Manager, Connectivity Link, Cryostat and 5 more | 2026-02-25 | 4.4 Medium |
| A flaw was found in the cert-manager package. This flaw allows an attacker who can modify PEM data that the cert-manager reads, for example, in a Secret resource, to use large amounts of CPU in the cert-manager controller pod to effectively create a denial-of-service (DoS) vector for the cert-manager in the cluster. | ||||
| CVE-2024-13484 | 1 Redhat | 1 Openshift Gitops | 2026-02-25 | 8.2 High |
| A flaw was found in openshift-gitops-operator-container. The openshift.io/cluster-monitoring label is applied to all namespaces that deploy an ArgoCD CR instance, allowing the namespace to create a rogue PrometheusRule. This issue can have adverse effects on the platform monitoring stack, as the rule is rolled out cluster-wide when the label is applied. | ||||