Export limit exceeded: 338063 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (338063 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-49784 | 1 Fortinet | 3 Fortianalyzer, Fortianalyzer-bigdata, Fortianalyzer Big Data | 2026-03-12 | 5.6 Medium |
| An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnalyzer-BigData 7.6.0, FortiAnalyzer-BigData 7.4.0 through 7.4.4, FortiAnalyzer-BigData 7.2 all versions, FortiAnalyzer-BigData 7.0 all versions, FortiAnalyzer-BigData 6.4 all versions, FortiAnalyzer-BigData 6.2 all versions may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted requests. | ||||
| CVE-2025-53608 | 1 Fortinet | 1 Fortisandbox | 2026-03-12 | 4.6 Medium |
| An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated privileged attacker to execute code via crafted requests. | ||||
| CVE-2025-54820 | 1 Fortinet | 1 Fortimanager | 2026-03-12 | 7 High |
| A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiManager 7.4.0 through 7.4.2, FortiManager 7.2.0 through 7.2.10, FortiManager 6.4 all versions may allow a remote unauthenticated attacker to execute unauthorized commands via crafted requests, if the service is enabled. The success of the attack depends on the ability to bypass the stack protection mechanisms. | ||||
| CVE-2026-2376 | 2 Mirror-registry, Redhat | 3 Quay, Mirror Registry, Quay | 2026-03-12 | 4.9 Medium |
| A flaw was found in mirror-registry where an authenticated user can trick the system into accessing unintended internal or restricted systems by providing malicious web addresses. When the application processes these addresses, it automatically follows redirects without verifying the final destination, allowing attackers to route requests to systems they should not have access to. | ||||
| CVE-2026-32059 | 1 Openclaw | 1 Openclaw | 2026-03-12 | 8.8 High |
| OpenClaw version 2026.2.22-2 prior to 2026.2.23 tools.exec.safeBins validation for sort command fails to properly validate GNU long-option abbreviations, allowing attackers to bypass denied-flag checks via abbreviated options. Remote attackers can execute sort commands with abbreviated long options to skip approval requirements in allowlist mode. | ||||
| CVE-2026-32060 | 1 Openclaw | 1 Openclaw | 2026-03-12 | 8.8 High |
| OpenClaw versions prior to 2026.2.14 contain a path traversal vulnerability in apply_patch that allows attackers to write or delete files outside the configured workspace directory. When apply_patch is enabled without filesystem sandbox containment, attackers can exploit crafted paths including directory traversal sequences or absolute paths to escape workspace boundaries and modify arbitrary files. | ||||
| CVE-2026-32061 | 1 Openclaw | 1 Openclaw | 2026-03-12 | 4.4 Medium |
| OpenClaw versions prior to 2026.2.17 contain a path traversal vulnerability in the $include directive resolution that allows reading arbitrary local files outside the config directory boundary. Attackers with config modification capabilities can exploit this by specifying absolute paths, traversal sequences, or symlinks to access sensitive files readable by the OpenClaw process user, including API keys and credentials. | ||||
| CVE-2026-32062 | 1 Openclaw | 2 Openclaw, Voice-call | 2026-03-12 | 7.5 High |
| OpenClaw versions2026.2.21-2 prior to 2026.2.22 and @openclaw/voice-call versions 2026.2.21 prior to 2026.2.22 accept media-stream WebSocket upgrades before stream validation, allowing unauthenticated clients to establish connections. Remote attackers can hold idle pre-authenticated sockets open to consume connection resources and degrade service availability for legitimate streams. | ||||
| CVE-2025-70041 | 1 Oslabs-beta | 1 Thermakube | 2026-03-12 | 9.8 Critical |
| An issue pertaining to CWE-259: Use of Hard-coded Password was discovered in oslabs-beta ThermaKube master. | ||||
| CVE-2025-70024 | 1 Benkeen | 1 Generatedata | 2026-03-12 | 9.8 Critical |
| An issue pertaining to CWE-89: Improper Neutralization of Special Elements used in an SQL Command was discovered in benkeen generatedata 4.0.14. | ||||
| CVE-2025-67037 | 1 Lantronix | 1 Eds5000 | 2026-03-12 | 8.8 High |
| An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "tunnel" parameter when killing a tunnel connection. Injected commands are executed with root privileges. | ||||
| CVE-2025-67036 | 1 Lantronix | 1 Eds5000 | 2026-03-12 | 8.8 High |
| An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The Log Info page allows users to see log files by specifying their names. Due to a missing sanitization in the file name parameter, an authenticated attacker can inject arbitrary OS commands that are executed with root privileges. | ||||
| CVE-2025-67298 | 1 Classroomio | 1 Classroomio | 2026-03-12 | 8.1 High |
| An issue in ClasroomIO before v.0.2.6 allows a remote attacker to escalate privileges via the endpoints /api/verify and /rest/v1/profile | ||||
| CVE-2026-0602 | 1 Gitlab | 1 Gitlab | 2026-03-12 | 4.3 Medium |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to disclose metadata from private issues, merge requests, epics, milestones, or commits due to improper filtering in the snippet rendering process under certain circumstances. | ||||
| CVE-2019-25464 | 1 Dsd Consulting Services | 1 Inputmapper | 2026-03-12 | 5.5 Medium |
| InputMapper 1.6.10 contains a buffer overflow vulnerability in the username field that allows local attackers to crash the application by entering an excessively long string. Attackers can trigger a denial of service by copying a large payload into the username field and double-clicking to process it, causing the application to crash. | ||||
| CVE-2026-32229 | 1 Jetbrains | 1 Hub | 2026-03-12 | 6.8 Medium |
| In JetBrains Hub before 2026.1 possible on sign-in account mismatch with non-SSO auth and 2FA disabled | ||||
| CVE-2026-20040 | 1 Cisco | 1 Ios Xr Software | 2026-03-12 | 8.8 High |
| A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker with a low-privileged account could exploit this vulnerability by using crafted commands at the prompt. A successful exploit could allow the attacker to elevate privileges to root and execute arbitrary commands on the underlying operating system. | ||||
| CVE-2019-25467 | 1 Verypdf | 1 Docprint Pro | 2026-03-12 | 8.4 High |
| Verypdf docPrint Pro 8.0 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized alphanumeric encoded payload in the User Password or Master Password fields. Attackers can craft a malicious payload with encoded shellcode and SEH chain manipulation to bypass protections and execute a MessageBox proof-of-concept when the password fields are processed during PDF encryption. | ||||
| CVE-2026-24510 | 1 Dell | 1 Alienware Command Center | 2026-03-12 | 6.7 Medium |
| Dell Alienware Command Center (AWCC), versions prior to 6.12.24.0, contain an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges. | ||||
| CVE-2018-25159 | 1 Epross | 1 Avcon6 Systems Management Platform | 2026-03-12 | 9.8 Critical |
| Epross AVCON6 systems management platform contains an object-graph navigation language (OGNL) injection vulnerability that allows unauthenticated attackers to execute arbitrary commands by injecting malicious OGNL expressions. Attackers can send crafted requests to the login.action endpoint with OGNL payloads in the redirect parameter to instantiate ProcessBuilder objects and execute system commands with root privileges. | ||||