Export limit exceeded: 337808 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (337808 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-54820 | 1 Fortinet | 1 Fortimanager | 2026-03-12 | 7 High |
| A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiManager 7.4.0 through 7.4.2, FortiManager 7.2.0 through 7.2.10, FortiManager 6.4 all versions may allow a remote unauthenticated attacker to execute unauthorized commands via crafted requests, if the service is enabled. The success of the attack depends on the ability to bypass the stack protection mechanisms. | ||||
| CVE-2026-2376 | 2 Mirror-registry, Redhat | 3 Quay, Mirror Registry, Quay | 2026-03-12 | 4.9 Medium |
| A flaw was found in mirror-registry where an authenticated user can trick the system into accessing unintended internal or restricted systems by providing malicious web addresses. When the application processes these addresses, it automatically follows redirects without verifying the final destination, allowing attackers to route requests to systems they should not have access to. | ||||
| CVE-2026-32059 | 1 Openclaw | 1 Openclaw | 2026-03-12 | 8.8 High |
| OpenClaw version 2026.2.22-2 prior to 2026.2.23 tools.exec.safeBins validation for sort command fails to properly validate GNU long-option abbreviations, allowing attackers to bypass denied-flag checks via abbreviated options. Remote attackers can execute sort commands with abbreviated long options to skip approval requirements in allowlist mode. | ||||
| CVE-2026-32060 | 1 Openclaw | 1 Openclaw | 2026-03-12 | 8.8 High |
| OpenClaw versions prior to 2026.2.14 contain a path traversal vulnerability in apply_patch that allows attackers to write or delete files outside the configured workspace directory. When apply_patch is enabled without filesystem sandbox containment, attackers can exploit crafted paths including directory traversal sequences or absolute paths to escape workspace boundaries and modify arbitrary files. | ||||
| CVE-2026-32061 | 1 Openclaw | 1 Openclaw | 2026-03-12 | 4.4 Medium |
| OpenClaw versions prior to 2026.2.17 contain a path traversal vulnerability in the $include directive resolution that allows reading arbitrary local files outside the config directory boundary. Attackers with config modification capabilities can exploit this by specifying absolute paths, traversal sequences, or symlinks to access sensitive files readable by the OpenClaw process user, including API keys and credentials. | ||||
| CVE-2026-32062 | 1 Openclaw | 2 Openclaw, Voice-call | 2026-03-12 | 7.5 High |
| OpenClaw versions2026.2.21-2 prior to 2026.2.22 and @openclaw/voice-call versions 2026.2.21 prior to 2026.2.22 accept media-stream WebSocket upgrades before stream validation, allowing unauthenticated clients to establish connections. Remote attackers can hold idle pre-authenticated sockets open to consume connection resources and degrade service availability for legitimate streams. | ||||
| CVE-2025-67298 | 1 Classroomio | 1 Classroomio | 2026-03-12 | 8.1 High |
| An issue in ClasroomIO before v.0.2.6 allows a remote attacker to escalate privileges via the endpoints /api/verify and /rest/v1/profile | ||||
| CVE-2026-0602 | 1 Gitlab | 1 Gitlab | 2026-03-12 | 4.3 Medium |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to disclose metadata from private issues, merge requests, epics, milestones, or commits due to improper filtering in the snippet rendering process under certain circumstances. | ||||
| CVE-2026-1069 | 1 Gitlab | 1 Gitlab | 2026-03-12 | 7.5 High |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service by sending specially crafted GraphQL requests due to uncontrolled recursion under certain circumstances. | ||||
| CVE-2019-25464 | 1 Dsd Consulting Services | 1 Inputmapper | 2026-03-12 | 5.5 Medium |
| InputMapper 1.6.10 contains a buffer overflow vulnerability in the username field that allows local attackers to crash the application by entering an excessively long string. Attackers can trigger a denial of service by copying a large payload into the username field and double-clicking to process it, causing the application to crash. | ||||
| CVE-2026-32229 | 1 Jetbrains | 1 Hub | 2026-03-12 | 6.8 Medium |
| In JetBrains Hub before 2026.1 possible on sign-in account mismatch with non-SSO auth and 2FA disabled | ||||
| CVE-2026-20040 | 1 Cisco | 1 Ios Xr Software | 2026-03-12 | 8.8 High |
| A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker with a low-privileged account could exploit this vulnerability by using crafted commands at the prompt. A successful exploit could allow the attacker to elevate privileges to root and execute arbitrary commands on the underlying operating system. | ||||
| CVE-2019-25467 | 1 Verypdf | 1 Docprint Pro | 2026-03-12 | 8.4 High |
| Verypdf docPrint Pro 8.0 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized alphanumeric encoded payload in the User Password or Master Password fields. Attackers can craft a malicious payload with encoded shellcode and SEH chain manipulation to bypass protections and execute a MessageBox proof-of-concept when the password fields are processed during PDF encryption. | ||||
| CVE-2026-24510 | 1 Dell | 1 Alienware Command Center | 2026-03-12 | 6.7 Medium |
| Dell Alienware Command Center (AWCC), versions prior to 6.12.24.0, contain an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges. | ||||
| CVE-2018-25159 | 1 Epross | 1 Avcon6 Systems Management Platform | 2026-03-12 | 9.8 Critical |
| Epross AVCON6 systems management platform contains an object-graph navigation language (OGNL) injection vulnerability that allows unauthenticated attackers to execute arbitrary commands by injecting malicious OGNL expressions. Attackers can send crafted requests to the login.action endpoint with OGNL payloads in the redirect parameter to instantiate ProcessBuilder objects and execute system commands with root privileges. | ||||
| CVE-2026-20046 | 1 Cisco | 1 Ios Xr Software | 2026-03-12 | 8.8 High |
| A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to elevate privileges and gain full administrative control of an affected device. This vulnerability is due to incorrect mapping of a command to task groups within the source code. An attacker with a low-privileged account could exploit this vulnerability by using the CLI command to bypass the task group–based checks. A successful exploit could allow the attacker to elevate privileges and perform actions on an affected device without authorization checks. | ||||
| CVE-2019-25469 | 1 Newsoftwares | 1 Folder Lock | 2026-03-12 | 6.2 Medium |
| Folder Lock 7.7.9 contains a buffer overflow vulnerability in the serial number registration field that allows local attackers to crash the application by submitting an oversized payload. Attackers can paste a 6000-byte buffer of arbitrary data into the 'Serial Number and Registration Key' field to trigger a denial of service condition. | ||||
| CVE-2025-14513 | 1 Gitlab | 1 Gitlab | 2026-03-12 | 7.5 High |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.11 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service condition due to improper input validation when processing specially crafted JSON payloads in the protected branches API. | ||||
| CVE-2025-70082 | 1 Lantronix | 1 Eds3000ps | 2026-03-12 | 9.8 Critical |
| An issue in Lantronix EDS3000PS v.3.1.0.0R2 allows an attacker to execute arbitrary code and obtain sensitive information via the ltrx_evo component | ||||
| CVE-2026-1715 | 1 Lenovo | 2 Baiying, Vantage | 2026-03-12 | 7.1 High |
| An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to modify arbitrary registry keys with elevated privileges. | ||||