Export limit exceeded: 334975 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (334975 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-1311 | 2 Bearsthemes, Wordpress | 2 Worry Proof Backup, Wordpress | 2026-02-26 | 8.8 High |
| The Worry Proof Backup plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 0.2.4 via the backup upload functionality. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload a malicious ZIP archive with path traversal sequences to write arbitrary files anywhere on the server, including executable PHP files. This can lead to remote code execution. | ||||
| CVE-2025-69253 | 1 Free5gc | 1 Udr | 2026-02-26 | 5.3 Medium |
| free5GC is an open-source project for 5th generation (5G) mobile core networks. Versions up to and including 1.4.1 of the User Data Repository are affected by Improper Error Handling with Information Exposure. The NEF component reliably leaks internal parsing error details (e.g., invalid character 'n' after top-level value) to remote clients, which can aid attackers in service fingerprinting. All deployments of free5GC using the Nnef_PfdManagement service may be vulnerable. free5gc/udr pull request 56 contains a patch. No direct workaround is available at the application level. Applying the official patch is recommended. | ||||
| CVE-2026-23703 | 1 Digital Arts | 2 Finalcode Ver.5 Series, Finalcode Ver.6 Series | 2026-02-26 | N/A |
| The installer of FinalCode Client provided by Digital Arts Inc. contains an incorrect default permissions vulnerability. A non-administrative user may execute arbitrary code with SYSTEM privilege. | ||||
| CVE-2026-25191 | 1 Digital Arts | 2 Finalcode Ver.5 Series, Finalcode Ver.6 Series | 2026-02-26 | N/A |
| The installer of FinalCode Client provided by Digital Arts Inc. contains an issue with the DLL search path. If a user is directed to place a malicious DLL file and the installer to the same directory and execute the installer, arbitrary code may be executed with the installer's execution privilege. | ||||
| CVE-2026-1692 | 1 Arcinfo | 1 Pcvue | 2026-02-26 | N/A |
| A missing origin validation in WebSockets vulnerability affects the GraphicalData web services used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It might allow a remote attacker to lure a successfully authenticated user to a malicious website. This vulnerability only affects the following two endpoints: GraphicalData/js/signalR/connect and GraphicalData/js/signalR/reconnect. | ||||
| CVE-2026-1693 | 1 Arcinfo | 1 Pcvue | 2026-02-26 | N/A |
| The OAuth grant type Resource Owner Password Credentials (ROPC) flow is still used by the werbservices used by the WebVue, WebScheduler, TouchVue and Snapvue features of PcVue in version 12.0.0 through 16.3.3 included despite being deprecated. It might allow a remote attacker to steal user credentials. | ||||
| CVE-2026-1694 | 1 Arcinfo | 1 Pcvue | 2026-02-26 | N/A |
| HTTP headers are added by the default configuration of IIS and ASP.net, and are not removed at the deployment phase of the webservices used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It unnecessarily exposes sensitive information about the server configuration. | ||||
| CVE-2026-1695 | 1 Arcinfo | 1 Pcvue | 2026-02-26 | N/A |
| An XSS vulnerability affects the OAuth web services used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It might allow a remote attacker to trick a legitimate user into loading content from another site upon unsuccessful user authentication on an unknown application (unknown client_id). This vulnerability only affects the error page of the OAuth server. | ||||
| CVE-2025-14343 | 2026-02-26 | 7.6 High | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dokuzsoft Technology Ltd. E-Commerce Product allows Reflected XSS.This issue affects E-Commerce Product: through 10122025. | ||||
| CVE-2026-2677 | 1 A3factura | 1 A3factura | 2026-02-26 | N/A |
| Reflected Cross-Site Scripting (XSS) on the A3factura web platform, in parameter 'name', in 'a3factura-app.wolterskluwer.es/#/incomes/representatives-management' endpoint, which could allow an attacker to execute arbitrary code in the victim's browser. | ||||
| CVE-2026-2678 | 1 A3factura | 1 A3factura | 2026-02-26 | N/A |
| Reflected Cross-Site Scripting (XSS) on the A3factura web platform, in parameter 'name', parameter 'name', in 'a3factura-app.wolterskluwer.es/#/incomes/customers' endpoint, which could allow an attacker to execute arbitrary code in the victim's browser. | ||||
| CVE-2026-22721 | 1 Vmware | 4 Aria Operations, Cloud Foundation, Telco Cloud Infrastructure and 1 more | 2026-02-26 | 6.2 Medium |
| VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with privileges in vCenter to access Aria Operations may leverage this vulnerability to obtain administrative access in VMware Aria Operations. To remediate CVE-2026-22721, apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found in VMSA-2026-0001 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 . | ||||
| CVE-2026-2679 | 1 A3factura | 1 A3factura | 2026-02-26 | N/A |
| Reflected Cross-Site Scripting (XSS) on the A3factura web platform, in parameter 'customerName', in 'a3factura-app.wolterskluwer.es/#/incomes/salesInvoices' endpoint, which could allow an attacker to execute arbitrary code in the victim's browser. | ||||
| CVE-2026-2680 | 1 A3factura | 1 A3factura | 2026-02-26 | N/A |
| Reflected Cross-Site Scripting (XSS) on the A3factura web platform, in parameter 'customerVATNumber', in 'a3factura-app.wolterskluwer.es/#/incomes/salesDeliveryNotes' endpoint, which could allow an attacker to execute arbitrary code in the victim's browser. | ||||
| CVE-2026-3184 | 1 Linux | 1 Util-linux | 2026-02-26 | 3.7 Low |
| No description is available for this CVE. | ||||
| CVE-2026-3190 | 1 Keycloak | 1 Keycloak | 2026-02-26 | 4.3 Medium |
| No description is available for this CVE. | ||||
| CVE-2025-69771 | 1 Asbplayer | 1 Asbplayer | 2026-02-26 | N/A |
| An arbitrary file upload vulnerability in the subtitle loading function of asbplayer v1.13.0 allows attackers to execute arbitrary code via uploading a crafted subtitle file. | ||||
| CVE-2026-26717 | 1 Openfun | 1 Richie | 2026-02-26 | N/A |
| An issue in OpenFUN Richie (LMS) in src/richie/apps/courses/api.py. The application used the non-constant time == operator for HMAC signature verification in the sync_course_run_from_request function. This allows remote attackers to forge valid signatures and bypass authentication by measuring response time discrepancies | ||||
| CVE-2026-1614 | 2 Eaglethemes, Wordpress | 2 Rise Blocks – A Complete Gutenberg Page Builder, Wordpress | 2026-02-26 | 6.4 Medium |
| The Rise Blocks – A Complete Gutenberg Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘logoTag’ Site Identity block attribute in all versions up to, and including, 3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2026-3167 | 1 Tenda | 2 F453, F453 Firmware | 2026-02-26 | 8.8 High |
| A security flaw has been discovered in Tenda F453 1.0.0.3. The impacted element is the function formWebTypeLibrary of the file /goform/webtypelibrary of the component httpd. Performing a manipulation of the argument webSiteId results in buffer overflow. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. | ||||