Export limit exceeded: 337973 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (337973 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-25472 | 1 Intelbras | 2 Telefone Ip Tip 200, Telefone Ip Tip 200 Lite | 2026-03-12 | 7.5 High |
| IntelBras Telefone IP TIP200 and 200 LITE contain an unauthenticated arbitrary file read vulnerability in the dumpConfigFile function accessible via the cgiServer.exx endpoint. Attackers can send GET requests to /cgi-bin/cgiServer.exx with the command parameter containing dumpConfigFile() to read sensitive files including /etc/shadow and configuration files without proper authorization. | ||||
| CVE-2019-25474 | 1 Easy Mp3 Downloader | 1 Easy Mp3 Downloader | 2026-03-12 | 6.2 Medium |
| Easy MP3 Downloader 4.7.8.8 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long unlock code. Attackers can generate a file containing 6000 'A' characters and paste the contents into the Unlock Code field during application startup to trigger a denial of service condition. | ||||
| CVE-2019-25484 | 1 Winmpg | 1 Winmpg Ipod Convert | 2026-03-12 | 6.2 Medium |
| WinMPG iPod Convert 3.0 contains a buffer overflow vulnerability in the Register dialog that allows local attackers to crash the application by supplying an oversized payload. Attackers can paste a large string of characters into the User Name and User Code field to trigger a denial of service condition. | ||||
| CVE-2025-70041 | 1 Oslabs-beta | 1 Thermakube | 2026-03-12 | 9.8 Critical |
| An issue pertaining to CWE-259: Use of Hard-coded Password was discovered in oslabs-beta ThermaKube master. | ||||
| CVE-2026-2640 | 1 Lenovo | 1 Pc Manager | 2026-03-12 | 5.5 Medium |
| During an internal security assessment, a potential vulnerability was discovered in Lenovo PC Manager that could allow a local authenticated user to terminate privileged processes. | ||||
| CVE-2026-24510 | 1 Dell | 1 Alienware Command Center | 2026-03-12 | 6.7 Medium |
| Dell Alienware Command Center (AWCC), versions prior to 6.12.24.0, contain an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges. | ||||
| CVE-2019-25475 | 1 Top Password Software | 1 Sql Server Password Changer | 2026-03-12 | 6.2 Medium |
| SQL Server Password Changer 1.90 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload. Attackers can inject 6000 bytes of data into the User Name and Registration Code field to trigger a denial of service condition. | ||||
| CVE-2025-70082 | 1 Lantronix | 1 Eds3000ps | 2026-03-12 | 9.8 Critical |
| An issue in Lantronix EDS3000PS v.3.1.0.0R2 allows an attacker to execute arbitrary code and obtain sensitive information via the ltrx_evo component | ||||
| CVE-2025-70330 | 1 Easy | 1 Grade Pro | 2026-03-12 | 3.3 Low |
| Easy Grade Pro 4.1.0.2 contains a file parsing logic flaw in the handling of proprietary .EGP gradebook files. By modifying specific fields at precise offsets within an otherwise valid .EGP file, an attacker can trigger an out-of-bounds memory read during parsing. This results in an unhandled access violation and application crash, leading to a local denial-of-service condition when the crafted file is opened by a user. | ||||
| CVE-2026-30901 | 1 Zoom | 1 Rooms | 2026-03-12 | 7 High |
| Improper Input Validation in Zoom Rooms for Windows before 6.6.5 in Kiosk Mode may allow an authenticated user to conduct an escalation of privilege via local access. | ||||
| CVE-2026-30903 | 1 Zoom Communications | 1 Zoom Workplace | 2026-03-12 | 9.6 Critical |
| External Control of File Name or Path in the Mail feature of Zoom Workplace for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via network access. | ||||
| CVE-2025-12690 | 1 Forcepoint | 1 Ngfw Engine | 2026-03-12 | N/A |
| Execution with unnecessary privileges in Forcepoint NGFW Engine allows local privilege escalation.This issue affects NGFW Engine through 6.10.19, through 7.3.0, through 7.2.4, through 7.1.10. | ||||
| CVE-2026-30900 | 1 Zoom | 1 Workplace | 2026-03-12 | 7.8 High |
| Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access. | ||||
| CVE-2026-22248 | 1 Glpi-project | 1 Glpi | 2026-03-12 | 8.1 High |
| GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. From 11.0.0 to before 11.0.5, an authenticated technician user can upload a malicious file and trigger its execution through an unsafe PHP instantiation. This vulnerability is fixed in 11.0.5. | ||||
| CVE-2026-31887 | 1 Shopware | 2 Platform, Shopware | 2026-03-12 | N/A |
| Shopware is an open commerce platform. Prior to 6.7.8.1 and 6.6.10.15, an insufficient check on the filter types for unauthenticated customers allows access to orders of other customers. This is part of the deepLinkCode support on the store-api.order endpoint. This vulnerability is fixed in 6.7.8.1 and 6.6.10.15. | ||||
| CVE-2026-32132 | 1 Zitadel | 1 Zitadel | 2026-03-12 | 7.4 High |
| ZITADEL is an open source identity management platform. Prior to 3.4.8 and 4.12.2, a potential vulnerability exists in Zitadel's passkey registration endpoints. This endpoint allows registering a new passkey using a previously retrieved code. An improper expiration check of the code, could allow an attacker to potentially register their own passkey and gain access to the victim's account. This vulnerability is fixed in 3.4.8 and 4.12.2. | ||||
| CVE-2025-67034 | 1 Lantronix | 1 Eds5000 | 2026-03-12 | 8.8 High |
| An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "name" parameter when deleting SSL credentials through the management interface. Injected commands are executed with root privileges. | ||||
| CVE-2026-3956 | 1 Xierongwkhd | 1 Weimai-wetapp | 2026-03-12 | 4.7 Medium |
| A vulnerability was detected in xierongwkhd weimai-wetapp up to 5fe9e8225be4f73f2c5087f134aff657bdf1c6f2. This affects the function getAdmins of the file source-code/src/main/java/com/moke/wp/wx_weimai/controller/admin/Admin_AdminUserController.java. Performing a manipulation of the argument keyword results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-21888 | 1 Nanomq | 1 Nanomq | 2026-03-12 | 7.5 High |
| NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. MQTT v5 Variable Byte Integer parsing out-of-bounds: get_var_integer() accepts 5-byte varints without bounds checks; reliably triggers OOB read / crash when built with ASan. This affects 0.24.6 and earlier. | ||||
| CVE-2026-0230 | 1 Palo Alto Networks | 1 Cortex Xdr Agent | 2026-03-12 | N/A |
| A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on macOS allows a local administrator to disable the agent. This issue could be leveraged by malware to perform malicious activity without detection. | ||||