Export limit exceeded: 334784 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (334784 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-23984 | 1 Apache | 1 Superset | 2026-02-25 | N/A |
| An Improper Input Validation vulnerability exists in Apache Superset that allows an authenticated user with SQLLab access to bypass the read-only verification check when using a PostgreSQL database connection. While the system effectively blocks standard Data Manipulation Language (DML) statements (e.g., INSERT, UPDATE, DELETE) on read-only connections, it fails to detect them in specially crafted SQL statements. This issue affects Apache Superset: before 6.0.0. Users are recommended to upgrade to version 6.0.0, which fixes the issue. | ||||
| CVE-2026-23969 | 1 Apache | 1 Superset | 2026-02-25 | N/A |
| Apache Superset utilizes a configurable dictionary, DISALLOWED_SQL_FUNCTIONS, to restrict the execution of potentially sensitive SQL functions within SQL Lab and charts. While this feature included restrictions for engines like PostgreSQL, a vulnerability was reported where the default list for the ClickHouse engine was incomplete. This issue affects Apache Superset: before 4.1.2. Users are recommended to upgrade to version 4.1.2, which fixes the issue. | ||||
| CVE-2026-1772 | 1 Hitachienergy | 1 Rtu500 Firmware | 2026-02-25 | N/A |
| RTU500 web interface: An unprivileged user can read user management information. The information cannot be accessed via the RTU500 web user interface but requires further tools like browser development utilities to access them without required privileges. | ||||
| CVE-2026-1773 | 1 Hitachienergy | 1 Rtu500 Firmware | 2026-02-25 | N/A |
| IEC 60870-5-104: Potential Denial of Service impact on reception of invalid U-format frame. Product is only affected if IEC 60870-5-104 bi-directional functionality is configured. Enabling secure communication following IEC 62351-3 does not remediate the vulnerability but mitigates the risk of exploitation. | ||||
| CVE-2025-14577 | 1 Slican | 4 Ipl, Ipm, Ipu and 1 more | 2026-02-25 | N/A |
| Slican NCP/IPL/IPM/IPU devices are vulnerable to PHP Function Injection. An unauthenticated remote attacker is able to execute arbitrary PHP commands by sending specially crafted requests to /webcti/session_ajax.php endpoint. This issue was fixed in version 1.24.0190 (Slican NCP) and 6.61.0010 (Slican IPL/IPM/IPU). | ||||
| CVE-2026-2459 | 1 Hitachienergy | 1 Relion Reb500 | 2026-02-25 | N/A |
| A vulnerability exists in REB500 for an authenticated user with Installer role to access and alter the contents of directories that the role is not authorized to do so. | ||||
| CVE-2026-2460 | 1 Hitachienergy | 1 Relion Reb500 | 2026-02-25 | N/A |
| A vulnerability exists in REB500 for an authenticated user with low-level privileges to access and alter the content of directories by using the DAC protocol that the user is not authorized to do so. | ||||
| CVE-2026-2757 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-02-25 | 7.5 High |
| Incorrect boundary conditions in the WebRTC: Audio/Video component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. | ||||
| CVE-2026-2758 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-02-25 | 7.5 High |
| Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. | ||||
| CVE-2026-2760 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-02-25 | 7.5 High |
| Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. | ||||
| CVE-2026-2761 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-02-25 | 7.5 High |
| Sandbox escape in the Graphics: WebRender component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. | ||||
| CVE-2026-2762 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-02-25 | 7.5 High |
| Integer overflow in the JavaScript: Standard Library component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. | ||||
| CVE-2026-2763 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-02-25 | 7.5 High |
| Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. | ||||
| CVE-2026-2782 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-02-25 | 6.1 Medium |
| Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. | ||||
| CVE-2026-2783 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-02-25 | 6.1 Medium |
| Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. | ||||
| CVE-2026-2634 | 1 Mozilla | 1 Firefox For Ios | 2026-02-25 | N/A |
| Malicious scripts could cause desynchronization between the address bar and web content before a response is received in Firefox iOS, allowing attacker-controlled pages to be presented under spoofed domains. This vulnerability affects Firefox for iOS < 147.4. | ||||
| CVE-2026-2795 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-02-25 | 7.5 High |
| Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 148 and Thunderbird < 148. | ||||
| CVE-2026-2796 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-02-25 | N/A |
| JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148 and Thunderbird < 148. | ||||
| CVE-2026-2797 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-02-25 | N/A |
| Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 148 and Thunderbird < 148. | ||||
| CVE-2026-2799 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-02-25 | N/A |
| Use-after-free in the DOM: Core & HTML component. This vulnerability affects Firefox < 148 and Thunderbird < 148. | ||||