Export limit exceeded: 338340 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (338340 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-3082 | 1 Gstreamer | 1 Gstreamer | 2026-03-16 | 7.8 High |
| GStreamer JPEG Parser Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the processing of Huffman tables. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28840. | ||||
| CVE-2026-4240 | 1 Open5gs | 1 Open5gs | 2026-03-16 | 5.3 Medium |
| A vulnerability was determined in Open5GS up to 2.7.6. The affected element is the function smf_gx_cca_cb/smf_gy_cca_cb/smf_s6b_aaa_cb/smf_s6b_sta_cb of the component CCA Handler. This manipulation causes denial of service. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 2.7.7 is sufficient to fix this issue. Patch name: 80eb484a6ab32968e755e628b70d1a9c64f012ec. Upgrading the affected component is recommended. | ||||
| CVE-2026-32313 | 1 Robrichards | 1 Xmlseclibs | 2026-03-16 | 8.2 High |
| xmlseclibs is a library written in PHP for working with XML Encryption and Signatures. Prior to 3.1.5, XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can use this to brute-force an authentication tag, recover the GHASH key, and decrypt the encrypted nodes. It also allows to forge arbitrary ciphertexts without knowing the encryption key. This vulnerability is fixed in 3.1.5. | ||||
| CVE-2026-4163 | 1 Wavlink | 2 Wl-wn579a3, Wl-wn579a3 Firmware | 2026-03-16 | 9.8 Critical |
| A vulnerability was detected in Wavlink WL-WN579A3 220323. This issue affects the function SetName/GuestWifi of the file /cgi-bin/wireless.cgi of the component POST Request Handler. Performing a manipulation results in command injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. Upgrading the affected component is recommended. | ||||
| CVE-2026-4173 | 1 Codephiliax | 1 Chat2db | 2026-03-16 | 6.3 Medium |
| A flaw has been found in CodePhiliaX Chat2DB up to 0.3.7. This vulnerability affects the function exportTable/exportTableColumnComment/exportView/exportProcedure/exportTriggers/exportTrigger/updateProcedure of the file DMDBManage.java of the component Database Export Handler. This manipulation causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-26246 | 2026-03-16 | 4.3 Medium | ||
| Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to bound memory allocation when processing PSD image files which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted PSD file. Mattermost Advisory ID: MMSA-2026-00572 | ||||
| CVE-2026-24458 | 2026-03-16 | 7.5 High | ||
| Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to properly handle very long passwords, which allows an attacker to overload the server CPU and memory via executing login attempts with multi-megabyte passwords. Mattermost Advisory ID: MMSA-2026-00587 | ||||
| CVE-2026-2578 | 2026-03-16 | 4.3 Medium | ||
| Mattermost versions 11.3.x <= 11.3.0 fail to preserve the redacted state of burn-on-read posts during deletion which allows channel members to access unrevealed burn-on-read message contents via the WebSocket post deletion event.. Mattermost Advisory ID: MMSA-2026-00579 | ||||
| CVE-2026-25783 | 2026-03-16 | 4.3 Medium | ||
| Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to properly validate User-Agent header tokens which allows an authenticated attacker to cause a request panic via a specially crafted User-Agent header. Mattermost Advisory ID: MMSA-2026-00586 | ||||
| CVE-2026-4234 | 1 Sscms | 1 Sscms | 2026-03-16 | 6.3 Medium |
| A security flaw has been discovered in SSCMS 7.4.0. This vulnerability affects unknown code of the file SitesAddController.Submit.cs of the component DDL Handler. The manipulation of the argument tableHandWrite results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-20989 | 2026-03-16 | N/A | ||
| Improper verification of cryptographic signature in Font Settings prior to SMR Mar-2026 Release 1 allows physical attackers to use custom font. | ||||
| CVE-2026-20991 | 2026-03-16 | N/A | ||
| Improper privilege management in ThemeManager prior to SMR Mar-2026 Release 1 allows local privileged attackers to reuse trial contents. | ||||
| CVE-2026-20992 | 2026-03-16 | N/A | ||
| Improper authorization in Settings prior to SMR Mar-2026 Release 1 allows local attacker to disable configuring the background data usage of application. | ||||
| CVE-2026-20994 | 2026-03-16 | N/A | ||
| URL redirection in Samsung Account prior to version 15.5.01.1 allows remote attackers to potentially get access token. | ||||
| CVE-2026-20996 | 2026-03-16 | N/A | ||
| Use of a broken or risky cryptographic algorithm in Smart Switch prior to version 3.7.69.15 allows remote attackers to configure a downgraded scheme for authentication. | ||||
| CVE-2026-20997 | 2026-03-16 | N/A | ||
| Improper verification of cryptographic signature in Smart Switch prior to version 3.7.69.15 allows remote attackers to potentially bypass authentication. | ||||
| CVE-2026-20998 | 2026-03-16 | N/A | ||
| Improper authentication in Smart Switch prior to version 3.7.69.15 allows remote attackers to bypass authentication. | ||||
| CVE-2026-21001 | 2026-03-16 | N/A | ||
| Path traversal in Galaxy Store prior to version 4.6.03.8 allows local attacker to create file with Galaxy Store privilege. | ||||
| CVE-2026-21004 | 2026-03-16 | N/A | ||
| Improper authentication in Smart Switch prior to version 3.7.69.15 allows adjacent attackers to trigger a denial of service. | ||||
| CVE-2026-32775 | 2026-03-16 | 7.4 High | ||
| libexif through 0.6.25 has a flaw in decoding MakerNotes. If the exif_mnote_data_get_value function gets passed in a 0 size, the passed in-buffer would be overwritten due to an integer underflow. | ||||