Export limit exceeded: 337102 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (337102 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-27027 | 1 Everon | 1 Api.everon.io | 2026-03-10 | 6.5 Medium |
| Charging station authentication identifiers are publicly accessible via web-based mapping platforms. | ||||
| CVE-2026-26377 | 2 Koha, Koha-community | 2 Koha, Koha | 2026-03-10 | 5.4 Medium |
| Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via the News function. | ||||
| CVE-2026-26288 | 1 Everon | 1 Api.everon.io | 2026-03-10 | 9.4 Critical |
| WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then issue or receive OCPP commands as a legitimate charger. Given that no authentication is required, this can lead to privilege escalation, unauthorized control of charging infrastructure, and corruption of charging network data reported to the backend. | ||||
| CVE-2026-26148 | 1 Microsoft | 1 Azure Ad Ssh Login Extension For Linux | 2026-03-10 | 8.1 High |
| External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate privileges locally. | ||||
| CVE-2026-26144 | 1 Microsoft | 1 365 Apps | 2026-03-10 | 7.5 High |
| Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-26141 | 1 Microsoft | 1 Azure Automation Hybrid Worker Windows Extension | 2026-03-10 | 7.8 High |
| Improper authentication in Azure Arc allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-26134 | 1 Microsoft | 1 Office | 2026-03-10 | 7.8 High |
| Integer overflow or wraparound in Microsoft Office allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-26132 | 1 Microsoft | 9 Windows 10 21h2, Windows 10 22h2, Windows 11 23h2 and 6 more | 2026-03-10 | 7.8 High |
| Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-26131 | 1 Microsoft | 1 .net | 2026-03-10 | 7.8 High |
| Incorrect default permissions in .NET allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-26130 | 1 Microsoft | 1 Asp.net Core | 2026-03-10 | 7.5 High |
| Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2026-26128 | 1 Microsoft | 15 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 12 more | 2026-03-10 | 7.8 High |
| Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-26127 | 1 Microsoft | 2 .net, Bcl Memory | 2026-03-10 | 7.5 High |
| Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2026-26121 | 1 Microsoft | 1 Azure Iot Explorer | 2026-03-10 | 7.5 High |
| Server-side request forgery (ssrf) in Azure IoT Explorer allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2026-26118 | 1 Microsoft | 1 Azure Mcp Server Tools | 2026-03-10 | 8.8 High |
| Server-side request forgery (ssrf) in Azure MCP Server allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-26117 | 1 Microsoft | 1 Arc Enabled Servers Azure Connected Machine Agent | 2026-03-10 | 7.8 High |
| Authentication bypass using an alternate path or channel in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-26116 | 1 Microsoft | 1 Sql Server 2025 | 2026-03-10 | 8.8 High |
| Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-26115 | 1 Microsoft | 5 Sql Server 2016, Sql Server 2017, Sql Server 2019 and 2 more | 2026-03-10 | 8.8 High |
| Improper validation of specified type of input in SQL Server allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-26114 | 1 Microsoft | 2 Sharepoint Server 2016, Sharepoint Server 2019 | 2026-03-10 | 8.8 High |
| Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | ||||
| CVE-2026-26113 | 1 Microsoft | 10 365 Apps, Office 2016, Office 2019 and 7 more | 2026-03-10 | 8.4 High |
| Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-26112 | 1 Microsoft | 7 365 Apps, Excel 2016, Office 2019 and 4 more | 2026-03-10 | 7.8 High |
| Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||