Export limit exceeded: 10391 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 336194 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (336194 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-61652 | 1 Wikimedia | 1 Discussiontools | 2026-03-03 | N/A |
| Vulnerability in Wikimedia Foundation DiscussionTools.This issue affects DiscussionTools: from * before 1.43.4, 1.44.1. | ||||
| CVE-2025-61649 | 1 Wikimedia | 1 Checkuser | 2026-03-03 | N/A |
| Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files src/Services/CheckUserUserInfoCardService.Php. This issue affects CheckUser: from 7cedd58781d261f110651b6af4f41d2d11ae7309. | ||||
| CVE-2025-61647 | 1 Wikimedia | 1 Checkuser | 2026-03-03 | N/A |
| Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files src/Api/Rest/Handler/UserInfoHandler.Php. This issue affects CheckUser: from a3dc1bbcc33acbcca6831d6afaccbb1054c93a57, 0584eb2ad564648aa3ce9c555dd044dda02b55f4. | ||||
| CVE-2025-61646 | 2 Mediawiki, Wikimedia | 2 Mediawiki, Mediawiki | 2026-03-03 | N/A |
| Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/RecentChanges/EnhancedChangesList.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1. | ||||
| CVE-2025-61641 | 2 Mediawiki, Wikimedia | 2 Mediawiki, Mediawiki | 2026-03-03 | N/A |
| Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/api/ApiQueryAllPages.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1. | ||||
| CVE-2026-0027 | 1 Google | 1 Android | 2026-03-03 | 6.7 Medium |
| In smmu_detach_dev of arm-smmu-v3.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-24107 | 1 Tenda | 2 W20e, W20e Firmware | 2026-03-03 | 9.8 Critical |
| An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate the value of `usbPartitionName`, which is directly used in `doSystemCmd`, may lead to critical command injection vulnerabilities. | ||||
| CVE-2026-24108 | 1 Tenda | 2 W20e, W20e Firmware | 2026-03-03 | 9.8 Critical |
| An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `nptr`. When this value is passed into the `getMibPrefix` function and concatenated using `sprintf` without proper size validation, it could lead to a buffer overflow vulnerability. | ||||
| CVE-2026-21927 | 1 Oracle | 1 Solaris | 2026-03-03 | 5.8 Medium |
| Vulnerability in the Oracle Solaris product of Oracle Systems (component: Driver). The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Solaris accessible data as well as unauthorized access to critical data or complete access to all Oracle Solaris accessible data. CVSS 3.1 Base Score 5.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N). | ||||
| CVE-2026-24109 | 1 Tenda | 2 W20e, W20e Firmware | 2026-03-03 | 9.8 Critical |
| An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `picName`. When this value is used in `sprintf` without validating variable sizes, it could lead to a buffer overflow vulnerability. | ||||
| CVE-2026-24111 | 1 Tenda | 2 W20e, W20e Firmware | 2026-03-03 | 9.8 Critical |
| An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by specifying the value of `userInfo`. When `userInfo` is passed into the `addAuthUser` function and processed by `sscanf` without size validation, it could lead to buffer overflow. | ||||
| CVE-2026-24113 | 1 Tenda | 2 W20e, W20e Firmware | 2026-03-03 | 9.8 Critical |
| An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `nptr`. When this value is passed into the `getMibPrefix` function and concatenated using `sprintf` without proper size validation, it could lead to a buffer overflow vulnerability. | ||||
| CVE-2026-24110 | 1 Tenda | 2 W20e, W20e Firmware | 2026-03-03 | 9.8 Critical |
| An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may send overly long `addDhcpRules` data. When these rules enter the `addDhcpRule` function and are processed by `ret = sscanf(pRule, " %d\t%[^\t]\t%[^\n\r\t]", &dhcpsIndex, dhcpsIP, dhcpsMac);`, the lack of size validation for the rules could lead to buffer overflows in `dhcpsIndex`, `dhcpsIP`, and `dhcpsMac`. | ||||
| CVE-2026-26708 | 2 Oretnom23, Sourcecodester | 2 Pharmacy Point Of Sale System, Pharmacy Point Of Sale System | 2026-03-03 | 9.8 Critical |
| sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_user.php. | ||||
| CVE-2026-26704 | 2 Oretnom23, Sourcecodester | 2 Pharmacy Point Of Sale System, Pharmacy Point Of Sale System | 2026-03-03 | 9.8 Critical |
| sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/view_category.php. | ||||
| CVE-2026-26705 | 2 Oretnom23, Sourcecodester | 2 Pharmacy Point Of Sale System, Pharmacy Point Of Sale System | 2026-03-03 | 9.8 Critical |
| sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/view_product.php. | ||||
| CVE-2026-2251 | 1 Xerox | 1 Freeflow Core | 2026-03-03 | 9.8 Critical |
| Improper limitation of a pathname to a restricted directory (Path Traversal) vulnerability in Xerox FreeFlow Core allows unauthorized path traversal leading to RCE. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider upgrading to FreeFlow Core version 8.1.0 via the software available on - https://www.support.xerox.com/en-us/product/core/downloads https://www.support.xerox.com/en-us/product/core/downloads | ||||
| CVE-2026-0038 | 1 Google | 1 Android | 2026-03-03 | 8.4 High |
| In multiple functions of mem_protect.c, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-0037 | 1 Google | 1 Android | 2026-03-03 | 8.4 High |
| In multiple functions of ffa.c, there is a possible memory corruption due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-0031 | 1 Google | 1 Android | 2026-03-03 | 8.4 High |
| In multiple functions of mem_protect.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||