Export limit exceeded: 335194 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (335194 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-2241 | 1 Redhat | 2 Acm, Multicluster Engine | 2026-02-27 | 8.2 High |
| A flaw was found in Hive, a component of Multicluster Engine (MCE) and Advanced Cluster Management (ACM). This vulnerability causes VCenter credentials to be exposed in the ClusterProvision object after provisioning a VSphere cluster. Users with read access to ClusterProvision objects can extract sensitive credentials even if they do not have direct access to Kubernetes Secrets. This issue can lead to unauthorized VCenter access, cluster management, and privilege escalation. | ||||
| CVE-2025-3528 | 1 Redhat | 1 Mirror Registry | 2026-02-27 | 8.2 High |
| A flaw was found in the Mirror Registry. The quay-app container shipped as part of the Mirror Registry for OpenShift has write access to the `/etc/passwd`. This flaw allows a malicious actor with access to the container to modify the passwd file and elevate their privileges to the root user within that pod. | ||||
| CVE-2026-27518 | 1 Binardat | 3 10g08-0800gsm, 10g08-0800gsm Firmware, 10g08-0800gsm Network Switch | 2026-02-27 | 4.3 Medium |
| Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior lack CSRF protections for state-changing actions in the administrative interface. An attacker can trick an authenticated administrator into performing unauthorized configuration changes. | ||||
| CVE-2026-27519 | 1 Binardat | 3 10g08-0800gsm, 10g08-0800gsm Firmware, 10g08-0800gsm Network Switch | 2026-02-27 | 7.5 High |
| Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior use RC4 with a hard-coded key embedded in client-side JavaScript. Because the key is static and exposed, an attacker can decrypt protected values and defeat confidentiality protections. | ||||
| CVE-2026-27830 | 1 Swaldman | 1 C3p0 | 2026-02-27 | N/A |
| c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and `javax.naming.Reference` instances. Several c3p0 `ConnectionPoolDataSource` implementations have a property called `userOverridesAsString` which conceptually represents a `Map<String,Map<String,String>>`. Prior to v0.12.0, that property was maintained as a hex-encoded serialized object. Any attacker able to reset this property, on an existing `ConnectionPoolDataSource` or via maliciously crafted serialized objects or `javax.naming.Reference` instances could be tailored execute unexpected code on the application's `CLASSPATH`. The danger of this vulnerability was strongly magnified by vulnerabilities in c3p0's main dependency, mchange-commons-java. This library includes code that mirrors early implementations of JNDI functionality, including ungated support for remote `factoryClassLocation` values. Attackers could set c3p0's `userOverridesAsString` hex-encoded serialized objects that include objects "indirectly serialized" via JNDI references. Deserialization of those objects and dereferencing of the embedded `javax.naming.Reference` objects could provoke download and execution of malicious code from a remote `factoryClassLocation`. Although hazard presented by c3p0's vulnerabilites are exarcerbated by vulnerabilities in mchange-commons-java, use of Java-serialized-object hex as the format for a writable Java-Bean property, of objects that may be exposed across JNDI interfaces, represents a serious independent fragility. The `userOverridesAsString` property of c3p0 `ConnectionPoolDataSource` classes has been reimplemented to use a safe CSV-based format, rather than rely upon potentially dangerous Java object deserialization. c3p0-0.12.0+ and above depend upon mchange-commons-java 0.4.0+, which gates support for remote `factoryClassLocation` values by configuration parameters that default to restrictive values. c3p0 additionally enforces the new mchange-commons-java `com.mchange.v2.naming.nameGuardClassName` to prevent injection of unexpected, potentially remote JNDI names. There is no supported workaround for versions of c3p0 prior to 0.12.0. | ||||
| CVE-2025-15571 | 1 Ckolivas | 1 Lrzip | 2026-02-27 | 3.3 Low |
| A security vulnerability has been detected in ckolivas lrzip up to 0.651. This vulnerability affects the function ucompthread of the file stream.c. Such manipulation leads to null pointer dereference. The attack can only be performed from a local environment. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-3261 | 1 Itsourcecode | 1 School Management System | 2026-02-27 | 7.3 High |
| A flaw has been found in itsourcecode School Management System 1.0. This impacts an unknown function of the file /settings/index.php of the component Setting Handler. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used. | ||||
| CVE-2026-26077 | 1 Discourse | 1 Discourse | 2026-02-27 | 6.5 Medium |
| Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, several webhook endpoints (SendGrid, Mailjet, Mandrill, Postmark, SparkPost) in the `WebhooksController` accepted requests without a valid authentication token when no token was configured. This allowed unauthenticated attackers to forge webhook payloads and artificially inflate user bounce scores, potentially causing legitimate user emails to be disabled. The Mailpace endpoint had no token validation at all. Starting in versions 2025.12.2, 2026.1.1, and 2026.2.0, all webhook endpoints reject requests with a 406 response when no authentication token is configured. As a workaround, ensure that webhook authentication tokens are configured for all email provider integrations in site settings (e.g., `sendgrid_verification_key`, `mailjet_webhook_token`, `postmark_webhook_token`, `sparkpost_webhook_token`). There's no current workaround for mailpace before getting this fix. | ||||
| CVE-2025-14103 | 1 Gitlab | 1 Gitlab | 2026-02-27 | 4.3 Medium |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthorized user with Developer-role permissions to set pipeline variables for manually triggered jobs under certain conditions. | ||||
| CVE-2025-3525 | 1 Gitlab | 1 Gitlab | 2026-02-27 | 6.5 Medium |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.0 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have, under certain circumstances, allowed an authenticated user with certain access to cause Denial of Service by creating specially crafted CI triggers via the API. | ||||
| CVE-2026-21660 | 1 Johnsoncontrols | 1 Frick Controls Quantum Hd | 2026-02-27 | N/A |
| Hardcoded Email Credentials Saved as Plaintext in Firmware (CWE-256: Plaintext Storage of a Password) vulnerability in Frick Controls Quantum HD version 10.22 and prior lead to unauthorized access, exposure of sensitive information, and potential misuse or system compromise This issue affects Frick Controls Quantum HD version 10.22 and prior. | ||||
| CVE-2026-26078 | 1 Discourse | 1 Discourse | 2026-02-27 | 7.5 High |
| Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, when the `patreon_webhook_secret` site setting is blank, an attacker can forge valid webhook signatures by computing an HMAC-MD5 with an empty string as the key. Since the request body is known to the sender, the attacker can produce a matching signature and send arbitrary webhook payloads. This allows unauthorized creation, modification, or deletion of Patreon pledge data and triggering patron-to-group synchronization. This vulnerability is patched in versions 2025.12.2, 2026.1.1, and 2026.2.0. The fix rejects webhook requests when the webhook secret is not configured, preventing signature forgery with an empty key. As a workaround, configure the `patreon_webhook_secret` site setting with a strong, non-empty secret value. When the secret is non-empty, an attacker cannot forge valid signatures without knowing the secret. | ||||
| CVE-2026-26265 | 1 Discourse | 1 Discourse | 2026-02-27 | 7.5 High |
| Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, an IDOR vulnerability in the directory items endpoint allows any user, including anonymous users, to retrieve private user field values for all users in the directory. The `user_field_ids` parameter in `DirectoryItemsController#index` accepts arbitrary user field IDs without authorization checks, bypassing the visibility restrictions (`show_on_profile` / `show_on_user_card`) that are enforced elsewhere (e.g., `UserCardSerializer` via `Guardian#allowed_user_field_ids`). An attacker can request `GET /directory_items.json?period=all&user_field_ids=<id>` with any private field ID and receive that field's value for every user in the directory response. This enables bulk exfiltration of private user data such as phone numbers, addresses, or other sensitive custom fields that admins have explicitly configured as non-public. The issue is patched in versions 2025.12.2, 2026.1.1, and 2026.2.0 by filtering `user_field_ids` against `UserField.public_fields` for non-staff users before building the custom field map. As a workaround, site administrators can remove sensitive data from private user fields, or disable the user directory via the `enable_user_directory` site setting. | ||||
| CVE-2026-3277 | 2026-02-27 | N/A | ||
| The OpenID Connect (OIDC) authentication configuration in PowerShell Universal before 2026.1.3 stores the OIDC client secret in cleartext in the .universal/authentication.ps1 script, which allows an attacker with read access to that file to obtain the OIDC client credentials | ||||
| CVE-2026-2750 | 2026-02-27 | 9.1 Critical | ||
| Improper Input Validation vulnerability in Centreon Centreon Open Tickets on Central Server on Linux (Centreon Open Tickets modules).This issue affects Centreon Open Tickets on Central Server: from all before 25.10; 24.10;24.04. | ||||
| CVE-2026-2749 | 2026-02-27 | 9.9 Critical | ||
| Vulnerability in Centreon Centreon Open Tickets on Central Server on Linux (Centroen Open Ticket modules).This issue affects Centreon Open Tickets on Central Server: from all before 25.10.3, 24.10.8, 24.04.7. | ||||
| CVE-2026-27831 | 1 Bluedragonsecurity | 1 Rldns | 2026-02-27 | 7.5 High |
| rldns is an open source DNS server. Version 1.3 has a heap-based out-of-bounds read that leads to denial of service. Version 1.4 contains a patch for the issue. | ||||
| CVE-2025-9900 | 1 Redhat | 9 Ai Inference Server, Discovery, Enterprise Linux and 6 more | 2026-02-27 | 8.8 High |
| A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user. | ||||
| CVE-2025-71056 | 1 Szgcom | 1 Gcom Epon 1ge Onu | 2026-02-27 | 8.1 High |
| Improper session management in GCOM EPON 1GE ONU version C00R371V00B01 allows attackers to execute a session hijacking attack via spoofing the IP address of an authenticated user. | ||||
| CVE-2026-23517 | 1 Fleetdm | 1 Fleet | 2026-02-27 | 8.1 High |
| Fleet is open source device management software. A broken access control issue in versions prior to 4.78.3, 4.77.1, 4.76.2, 4.75.2, and 4.53.3 allowed authenticated users to access debug and profiling endpoints regardless of role. As a result, low-privilege users could view internal server diagnostics and trigger resource-intensive profiling operations. Fleet’s debug/pprof endpoints are accessible to any authenticated user regardless of role, including the lowest-privilege “Observer” role. This allows low-privilege users to access sensitive server internals, including runtime profiling data and in-memory application state, and to trigger CPU-intensive profiling operations that could lead to denial of service. Versions 4.78.3, 4.77.1, 4.76.2, 4.75.2, and 4.53.3 fix the issue. If an immediate upgrade is not possible, users should put the debug/pprof endpoints behind an IP allowlist as a workaround. | ||||