Export limit exceeded: 335571 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (335571 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-66880 | 2026-03-02 | 6.1 Medium | ||
| Cross Site Scripting vulnerability in Wethink Technology Inc 720yun pano-sdk 0.5.877 allows a remote attacker to execute arbitrary code via the LoginComp (Module 2093) and SignupComp (Module 2094) modules. | ||||
| CVE-2025-65465 | 2026-03-02 | 6.1 Medium | ||
| A reflected Cross-Site Scripting (XSS) vulnerability in the RaiseError function of Skrol29 TbsZip version 2.17 and earlier allows remote attackers to execute arbitrary web script or HTML via a crafted payload in a filename parameter (e.g., to the FileRead function). This occurs because the error message is not properly sanitized before being output to the user. This vulnerability is fixed in version 2.18. | ||||
| CVE-2025-52998 | 2026-03-02 | N/A | ||
| Chamilo is a learning management system. Prior to version 1.11.30, in the application, deserialization of data is performed, the data can be spoofed. An attacker can create objects of arbitrary classes, as well as fully control their properties, and thus modify the logic of the web application's operation. This issue has been patched in version 1.11.30. | ||||
| CVE-2025-58402 | 2026-03-02 | N/A | ||
| The CGM CLININET application uses direct, sequential object identifiers "MessageID" without proper authorization checks. By modifying the parameter in the GET request, an attacker can access messages and attachments belonging to other users. | ||||
| CVE-2025-58405 | 2026-03-02 | N/A | ||
| The CGM CLININET application does not implement any mechanisms that prevent clickjacking attacks, neither HTTP security headers nor HTML-based frame‑busting protections were detected. As a result, an attacker can embed the application inside a maliciously crafted IFRAME and trick users into performing unintended actions, including potentially bypassing CSRF/XSRF defenses. | ||||
| CVE-2025-58406 | 2026-03-02 | N/A | ||
| The CGM CLININET application respond without essential security HTTP headers, exposing users to client‑side attacks such as clickjacking, MIME sniffing, unsafe caching, weak cross‑origin isolation, and missing transport security controls. | ||||
| CVE-2025-12462 | 2026-03-02 | N/A | ||
| A Blind SQL injection vulnerability has been identified in DobryCMS. A remote unauthenticated attacker is able to inject SQL syntax into URL path resulting in Blind SQL Injection. This issue was fixed in versions above 8.0. | ||||
| CVE-2026-1628 | 2026-03-02 | 4.6 Medium | ||
| Mattermost Desktop App versions <=5.13.3 fail to attach listeners restricting navigation to external sites within the Mattermost app which allows a malicious server to expose preload script functionality to untrusted servers via having a user open an external link in their Mattermost server. Mattermost Advisory ID: MMSA-2026-00596 | ||||
| CVE-2024-47886 | 2026-03-02 | N/A | ||
| Chamilo is a learning management system. Chamillo is affected by a post-authentication phar unserialize which leads to a remote code execution (RCE) within versions 1.11.12 to 1.11.26. By abusing multiple supported features from the virtualization plugin vchamilo, the vulnerability allows an administrator to execute arbitrary code on the server. This issue has been patched in version 1.11.26. | ||||
| CVE-2024-50337 | 2026-03-02 | 5.3 Medium | ||
| Chamilo is a learning management system. Prior to version 1.11.28, the OpenId function allows anyone to send requests to any URL on server's behalf, which results in unauthenticated blind SSRF. This issue has been patched in version 1.11.28. | ||||
| CVE-2025-14532 | 2026-03-02 | N/A | ||
| DobryCMS's upload file functionality allows an unauthenticated remote attacker to upload files of any type and extension without restriction, which can result in Remote Code Execution. This issue was fixed in versions above 5.0. | ||||
| CVE-2025-52482 | 2026-03-02 | 8.3 High | ||
| Chamilo is a learning management system. Prior to version 1.11.30, a Stored XSS vulnerability exists in the glossary function, enabling all users with the Teachers role to inject JavaScript malicious code against the administrator. This issue has been patched in version 1.11.30. | ||||
| CVE-2026-26695 | 2026-03-02 | N/A | ||
| code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/recordstudent_edit.php. | ||||
| CVE-2026-26703 | 2026-03-02 | N/A | ||
| sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/advance_search.php. | ||||
| CVE-2026-3000 | 2026-03-02 | 9.8 Critical | ||
| IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability, allowing unauthenticated remote attackers to force the system to download arbitrary DLL files from a remote source and execute them. | ||||
| CVE-2026-26702 | 2026-03-02 | N/A | ||
| sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/myitem_reuse.php. | ||||
| CVE-2025-47371 | 2026-03-02 | 6.5 Medium | ||
| Transient DOS when an LTE RLC packet with invalid TB is received by UE. | ||||
| CVE-2026-26700 | 2026-03-02 | N/A | ||
| sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/edit_employee.php. | ||||
| CVE-2025-58107 | 2026-03-02 | 7.5 High | ||
| In Microsoft Exchange through 2019, Exchange ActiveSync (EAS) configurations on on-premises servers may transmit sensitive data from Samsung mobile devices in cleartext, including the user's name, e-mail address, device ID, bearer token, and base64-encoded password. | ||||
| CVE-2026-21882 | 2026-03-02 | 8.4 High | ||
| theshit is a command-line utility that automatically detects and fixes common mistakes in shell commands. Prior to version 0.2.0, improper privilege dropping allows local privilege escalation via command re-execution. This issue has been patched in version 0.2.0. | ||||