Export limit exceeded: 334586 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (334586 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-3508 | 1 Hp | 150 1vd83a, 1vd83a Firmware, 1vd84a and 147 more | 2026-02-24 | 6.5 Medium |
| Certain HP DesignJet products may be vulnerable to information disclosure though printer's web interface allowing unauthenticated users to view sensitive print job information. | ||||
| CVE-2026-2184 | 2 Great Developers, Greatdevelopers | 2 Certificate Generation System, Certificate | 2026-02-24 | 7.3 High |
| A vulnerability was detected in Great Developers Certificate Generation System up to 97171bb0e5e22e52eacf4e4fa81773e5f3cffb73. This vulnerability affects unknown code of the file /restructured/csv.php. The manipulation of the argument photo results in os command injection. The attack can be executed remotely. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The code repository of the project has not been active for many years. | ||||
| CVE-2025-1697 | 1 Hp | 1 Touchpoint Analytics Service | 2026-02-24 | 7.8 High |
| A potential security vulnerability has been identified in the HP Touchpoint Analytics Service for certain HP PC products with versions prior to 4.2.2439. This vulnerability could potentially allow a local attacker to escalate privileges. HP is providing software updates to mitigate this potential vulnerability. | ||||
| CVE-2025-1004 | 1 Hp | 20 4pa41a, 4pa41a Firmware, 4pa42a and 17 more | 2026-02-24 | 5.3 Medium |
| Certain HP LaserJet Pro printers may potentially experience a denial of service when a user sends a raw JPEG file to the printer via IPP (Internet Printing Protocol). | ||||
| CVE-2024-5749 | 1 Hp | 32 1jl02b, 1jl02b Firmware, Designjet T730 Firmware and 29 more | 2026-02-24 | 7.5 High |
| Certain HP DesignJet products may be vulnerable to credential reflection which allow viewing SMTP server credentials. | ||||
| CVE-2024-9423 | 1 Hp | 205 1y7d4a, 1y7d4a Firmware, 2a129a and 202 more | 2026-02-24 | 5.3 Medium |
| Certain HP LaserJet printers may potentially experience a denial of service when a user sends a raw JPEG file to the printer. The printer displays a “JPEG Unsupported” message which may not clear, potentially blocking queued print jobs. | ||||
| CVE-2026-2849 | 1 Yeqifu | 1 Warehouse | 2026-02-24 | 5.4 Medium |
| A vulnerability has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this issue is the function deleteCache/removeAllCache/syncCache of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\CacheController.java of the component Cache Sync Handler. Such manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-1996 | 2 Hp, Hp Inc | 35 D9l18a, D9l18a Firmware, J6x76a and 32 more | 2026-02-24 | 5.3 Medium |
| Certain HP OfficeJet Pro printers may be vulnerable to potential denial of service when the IPP requests are mishandled, failing to establish a TCP connection. | ||||
| CVE-2025-43018 | 1 Hp | 39 Hp, Laserjet Mfp M428, Laserjet Mfp M429 and 36 more | 2026-02-24 | 5.3 Medium |
| Certain HP LaserJet Pro printers may be vulnerable to information disclosure when a non-authenticated user queries a device’s local address book. | ||||
| CVE-2026-2848 | 2 Oretnom23, Sourcecodester | 2 Simple Responsive Tourism Website, Simple Responsive Tourism Website | 2026-02-24 | 7.3 High |
| A flaw has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=register of the component Registration. This manipulation of the argument Username causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used. | ||||
| CVE-2025-11165 | 2026-02-24 | N/A | ||
| A sandbox escape vulnerability exists in dotCMS’s Velocity scripting engine (VTools) that allows authenticated users with scripting privileges to bypass class and package restrictions enforced by SecureUberspectorImpl. By dynamically modifying the Velocity engine’s runtime configuration and reinitializing its Uberspect, a malicious actor can remove the introspector.restrict.classes and introspector.restrict.packages protections. Once these restrictions are cleared, the attacker can access arbitrary Java classes, including java.lang.Runtime, and execute arbitrary system commands under the privileges of the application process (e.g. dotCMS or Tomcat user). | ||||
| CVE-2026-2847 | 1 Utt | 1 Hiper 520 | 2026-02-24 | 7.2 High |
| A vulnerability was detected in UTT HiPER 520 1.7.7-160105. Affected is the function sub_44EFB4 of the file /goform/formReleaseConnect of the component Web Management Interface. The manipulation of the argument Isp_Name results in os command injection. The attack can be launched remotely. The exploit is now public and may be used. | ||||
| CVE-2025-9208 | 1 Opentext | 1 Web Site Management Server | 2026-02-24 | N/A |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Web Site Management Server allows Stored XSS. The vulnerability could execute malicious scripts on the client side when the download query parameter is removed from the file URL, allowing attackers to compromise user sessions and data. This issue affects Web Site Management Server: 16.7.X, 16.8, 16.8.1. | ||||
| CVE-2026-3102 | 2026-02-24 | 6.3 Medium | ||
| A vulnerability was determined in exiftool up to 13.49 on macOS. This issue affects the function SetMacOSTags of the file lib/Image/ExifTool/MacOS.pm of the component PNG File Parser. This manipulation of the argument DateTimeOriginal causes os command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 13.50 is capable of addressing this issue. Patch name: e9609a9bcc0d32bd252a709a562fb822d6dd86f7. Upgrading the affected component is recommended. | ||||
| CVE-2026-3101 | 2026-02-24 | 6.3 Medium | ||
| A vulnerability was found in Intelbras TIP 635G 1.12.3.5. This vulnerability affects unknown code of the component Ping Handler. The manipulation results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-2846 | 1 Utt | 1 Hiper 520 | 2026-02-24 | 7.2 High |
| A security vulnerability has been detected in UTT HiPER 520 1.7.7-160105. This impacts the function sub_44D264 of the file /goform/formPdbUpConfig of the component Web Management Interface. The manipulation of the argument policyNames leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2024-1524 | 1 Wso2 | 2 Wso2 Api Manager, Wso2 Identity Server | 2026-02-24 | 7.7 High |
| When the "Silent Just-In-Time Provisioning" feature is enabled for a federated identity provider (IDP) there is a risk that a local user store user's information may be replaced during the account provisioning process in cases where federated users share the same username as local users. There will be no impact on your deployment if any of the preconditions mentioned below are not met. Only when all the preconditions mentioned below are fulfilled could a malicious actor associate a targeted local user account with a federated IDP user account that they control. The Deployment should have: -An IDP configured for federated authentication with Silent JIT provisioning enabled. The malicious actor should have: -A fresh valid user account in the federated IDP that has not been used earlier. -Knowledge of the username of a valid user in the local IDP. -An account at the federated IDP matching the targeted local username. | ||||
| CVE-2026-27567 | 2026-02-24 | 6.5 Medium | ||
| Payload is a free and open source headless content management system. Prior to 3.75.0, a Server-Side Request Forgery (SSRF) vulnerability exists in Payload's external file upload functionality. When processing external URLs for file uploads, insufficient validation of HTTP redirects could allow an authenticated attacker to access internal network resources. The Payload environment must have at least one collection with `upload` enabled and a user who has `create` access to that upload-enabled collection in order to be vulnerable. An authenticated user with upload collection write permissions could potentially access internal services. Response content from internal services could be retrieved through the application. This vulnerability has been patched in v3.75.0. As a workaround, one may mitigate this vulnerability by disabling external file uploads via the `disableExternalFile` upload collection option, or by restricting `create` access on upload-enabled collections to trusted users only. | ||||
| CVE-2026-2769 | 2026-02-24 | N/A | ||
| Use-after-free in the Storage: IndexedDB component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, and Firefox ESR < 140.8. | ||||
| CVE-2026-2807 | 2026-02-24 | N/A | ||
| Memory safety bugs present in Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 148. | ||||