Export limit exceeded: 335665 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (335665 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-3130 | 2026-03-03 | N/A | ||
| Improper Enforcement of Behavioral Controls in Devolutions Server 2025.3.15 and earlier allows an authenticated attacker with the delete permission to delete a PAM account that is currently checked out by selecting it alongside at least one non-checked-out account and performing a bulk deletion. | ||||
| CVE-2026-2590 | 2026-03-03 | N/A | ||
| Improper enforcement of the Disable password saving in vaults setting in the connection entry component in Devolutions Remote Desktop Manager 2025.3.30 and earlier allows an authenticated user to persist credentials in vault entries, potentially exposing sensitive information to other users, by creating or editing certain connection types while password saving is disabled. | ||||
| CVE-2026-28518 | 2026-03-03 | 7.8 High | ||
| OpenViking versions 0.2.1 and prior, fixed in commit 46b3e76, contain a path traversal vulnerability in the .ovpack import handling that allows attackers to write files outside the intended import directory. Attackers can craft malicious ZIP archives with traversal sequences, absolute paths, or drive prefixes in member names to overwrite or create arbitrary files with the importing process privileges. | ||||
| CVE-2026-27012 | 2026-03-03 | 9.8 Critical | ||
| OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, a privilege escalation and authentication bypass vulnerability in OpenSTAManager allows any attacker to arbitrarily change a user's group (idgruppo) by directly calling modules/utenti/actions.php. This can promote an existing account (e.g. agent) into the Amministratori group as well as demote any user including existing administrators. | ||||
| CVE-2026-25146 | 2026-03-03 | 9.6 Critical | ||
| OpenEMR is a free and open source electronic health records and medical practice management application. From 5.0.2 to before 8.0.0, there are (at least) two paths where the gateway_api_key secret value is rendered to the client in plaintext. These secret keys being leaked could result in arbitrary money movement or broad account takeover of payment gateway APIs. This vulnerability is fixed in 8.0.0. | ||||
| CVE-2026-24898 | 2026-03-03 | 10 Critical | ||
| OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0, an unauthenticated token disclosure vulnerability in the MedEx callback endpoint allows any unauthenticated visitor to obtain the practice's MedEx API tokens, leading to complete third-party service compromise, PHI exfiltration, unauthorized actions on the MedEx platform, and HIPAA violations. The vulnerability exists because the endpoint bypasses authentication ($ignoreAuth = true) and performs a MedEx login whenever $_POST['callback_key'] is provided, returning the full JSON response including sensitive API tokens. This vulnerability is fixed in 8.0.0. | ||||
| CVE-2026-24848 | 2026-03-03 | N/A | ||
| OpenEMR is a free and open source electronic health records and medical practice management application. In 7.0.4 and earlier, the disposeDocument() method in EtherFaxActions.php allows authenticated users to write arbitrary content to arbitrary locations on the server filesystem. This vulnerability can be exploited to achieve Remote Code Execution (RCE) by uploading malicious PHP web shells. | ||||
| CVE-2026-24415 | 2026-03-03 | N/A | ||
| OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contains Reflected XSS vulnerabilities in invoice/order/contract modification modals. The application fails to properly sanitize user-supplied input from the righe GET parameter before reflecting it in HTML output.The $_GET['righe'] parameter is directly echoed into the HTML value attribute without any sanitization using htmlspecialchars() or equivalent functions. This allows an attacker to break out of the attribute context and inject arbitrary HTML/JavaScript. | ||||
| CVE-2026-21866 | 2026-03-03 | N/A | ||
| Dify is an open-source LLM app development platform. Prior to 1.11.2, Dify is vulnerable to a stored XSS issue when rendering Mermaid diagrams within chats. This occurs because Dify’s default Mermaid configuration uses securityLevel: loose, which allows potentially unsafe content to execute. This vulnerability is fixed in 1.11.2. | ||||
| CVE-2026-1775 | 2026-03-03 | N/A | ||
| The Labkotec LID-3300IP has an existing vulnerability in the ice detector software that enables an unauthenticated attacker to alter device parameters and run operational commands when specially crafted packets are sent to the device. | ||||
| CVE-2025-15549 | 1 Fluentcms | 1 Fluentcms | 2026-03-03 | 4.8 Medium |
| FluentCMS 2026 contains a stored cross-site scripting vulnerability that allows authenticated administrators to upload SVG files with embedded JavaScript via the File Management module. Attackers can upload malicious SVG files that execute JavaScript in the browser of any user accessing the uploaded file URL. | ||||
| CVE-2026-26891 | 2026-03-03 | 2.7 Low | ||
| Sourcecodester Logistic Hub Parcel's Management System v1.0 is vulnerable to SQL Injection in /manage_parcel_type.php. | ||||
| CVE-2026-1713 | 1 Ibm | 1 Mq | 2026-03-03 | 5.5 Medium |
| IBM MQ 9.1.0.0 through 9.1.0.33 LTS, 9.2.0.0 through 9.2.0.40 LTS, 9.3.0.0 through 9.3.0.36 LTS, 9.30.0 through 9.3.5.1 CD, 9.4.0.0 through 9.4.0.17 LTS, and 9.4.0.0 through 9.4.4.1 CD | ||||
| CVE-2025-70239 | 2026-03-03 | N/A | ||
| Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard55. | ||||
| CVE-2026-26888 | 2026-03-03 | 2.7 Low | ||
| Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_stock.php. | ||||
| CVE-2025-14480 | 1 Ibm | 1 Aspera Faspio Gateway | 2026-03-03 | 5.1 Medium |
| IBM Aspera faspio Gateway 1.3.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information | ||||
| CVE-2026-1567 | 1 Ibm | 1 Infosphere Information Server | 2026-03-03 | 7.1 High |
| IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 An XML External Entity (XXE) vulnerability in IBM InfoSphere Information Server could allow attackers to retrieve sensitive information from the server. | ||||
| CVE-2025-70234 | 2026-03-03 | N/A | ||
| Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetQoS. | ||||
| CVE-2025-70240 | 2026-03-03 | N/A | ||
| Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard51. | ||||
| CVE-2025-66945 | 2026-03-03 | N/A | ||
| A path traversal vulnerability exists in the ZIP extraction API of Zdir Pro 4.x. When a crafted ZIP archive is processed by the backend at /api/extract, files may be written outside the intended directory, leading to arbitrary file overwrite and potentially remote code execution | ||||