Export limit exceeded: 341439 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (341439 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-33906 | 1 Ellanetworks | 1 Core | 2026-03-30 | 7.2 High |
| Ella Core is a 5G core designed for private networks. Prior to version 1.7.0, the NetworkManager role was granted backup and restore permission. The restore endpoint accepted any valid SQLite file without verifying its contents. A NetworkManager could replace the production database with a tampered copy to escalate to Admin, gaining access to user management, audit logs, debug endpoints, and operator identity configuration that the role was explicitly denied. In version 1.7.0, backup and restore permissions have been removed from the NetworkManager role. | ||||
| CVE-2026-5015 | 1 Elecv2 | 1 Elecv2p | 2026-03-30 | 4.3 Medium |
| A vulnerability was determined in elecV2 elecV2P up to 3.8.3. The impacted element is an unknown function of the file /logs of the component Endpoint. This manipulation of the argument filename causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-33938 | 1 Handlebarsjs | 1 Handlebars | 2026-03-30 | 8.1 High |
| Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the `@partial-block` special variable is stored in the template data context and is reachable and mutable from within a template via helpers that accept arbitrary objects. When a helper overwrites `@partial-block` with a crafted Handlebars AST, a subsequent invocation of `{{> @partial-block}}` compiles and executes that AST, enabling arbitrary JavaScript execution on the server. Version 4.7.9 fixes the issue. Some workarounds are available. First, use the runtime-only build (`require('handlebars/runtime')`). The `compile()` method is absent, eliminating the vulnerable fallback path. Second, audit registered helpers for any that write arbitrary values to context objects. Helpers should treat context data as read-only. Third, avoid registering helpers from third-party packages (such as `handlebars-helpers`) in contexts where templates or context data can be influenced by untrusted input. | ||||
| CVE-2026-32922 | 1 Openclaw | 1 Openclaw | 2026-03-30 | 9.9 Critical |
| OpenClaw before 2026.3.11 contains a privilege escalation vulnerability in device.token.rotate that allows callers with operator.pairing scope to mint tokens with broader scopes by failing to constrain newly minted scopes to the caller's current scope set. Attackers can obtain operator.admin tokens for paired devices and achieve remote code execution on connected nodes via system.run or gain unauthorized gateway-admin access. | ||||
| CVE-2026-33572 | 1 Openclaw | 1 Openclaw | 2026-03-30 | 8.4 High |
| OpenClaw before 2026.2.17 creates session transcript JSONL files with overly broad default permissions, allowing local users to read transcript contents. Attackers with local access can read transcript files to extract sensitive information including secrets from tool output. | ||||
| CVE-2025-68158 | 1 Authlib | 1 Authlib | 2026-03-30 | 5.7 Medium |
| Authlib is a Python library which builds OAuth and OpenID Connect servers. In versions 1.0.0 through 1.6.5, cache-backed state/request-token storage is not tied to the initiating user session, so CSRF is possible for any attacker that has a valid state (easily obtainable via an attacker-initiated authentication flow). When a cache is supplied to the OAuth client registry, FrameworkIntegration.set_state_data writes the entire state blob under _state_{app}_{state}, and get_state_data ignores the caller’s session altogether. This issue has been patched in version 1.6.6. | ||||
| CVE-2026-3442 | 2 Gnu, Redhat | 4 Binutils, Enterprise Linux, Openshift and 1 more | 2026-03-30 | 6.1 Medium |
| A flaw was found in GNU Binutils. This vulnerability, a heap-based buffer overflow, specifically an out-of-bounds read, exists in the bfd linker component. An attacker could exploit this by convincing a user to process a specially crafted malicious XCOFF object file. Successful exploitation may lead to the disclosure of sensitive information or cause the application to crash, resulting in an application level denial of service. | ||||
| CVE-2026-20416 | 2 Google, Mediatek | 5 Android, Mt6991, Mt6993 and 2 more | 2026-03-30 | 7.2 High |
| In pcie, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10315038 / ALPS10340155; Issue ID: MSV-5155. | ||||
| CVE-2026-20445 | 2 Google, Mediatek | 24 Android, Mt6835, Mt6855 and 21 more | 2026-03-30 | 4.4 Medium |
| In MDDP, there is a possible system crash due to a race condition. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10289875; Issue ID: MSV-5184. | ||||
| CVE-2026-20429 | 2 Google, Mediatek | 30 Android, Mt6739, Mt6761 and 27 more | 2026-03-30 | 4.4 Medium |
| In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5535. | ||||
| CVE-2026-20424 | 2 Google, Mediatek | 6 Android, Mt6991, Mt6993 and 3 more | 2026-03-30 | 4.4 Medium |
| In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5540. | ||||
| CVE-2026-20444 | 2 Google, Mediatek | 47 Android, Mt6739, Mt6761 and 44 more | 2026-03-30 | 6.7 Medium |
| In display, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10436995; Issue ID: MSV-5721. | ||||
| CVE-2026-20443 | 2 Google, Mediatek | 47 Android, Mt6739, Mt6761 and 44 more | 2026-03-30 | 6.7 Medium |
| In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10436998; Issue ID: MSV-5722. | ||||
| CVE-2026-20442 | 2 Google, Mediatek | 47 Android, Mt6739, Mt6761 and 44 more | 2026-03-30 | 4.4 Medium |
| In display, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10436998; Issue ID: MSV-5723. | ||||
| CVE-2026-20441 | 2 Google, Mediatek | 6 Android, Mt2718, Mt6899 and 3 more | 2026-03-30 | 6.7 Medium |
| In MAE, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10432500; Issue ID: MSV-5803. | ||||
| CVE-2026-20440 | 2 Google, Mediatek | 6 Android, Mt2718, Mt6899 and 3 more | 2026-03-30 | 6.7 Medium |
| In MAE, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10431968; Issue ID: MSV-5824. | ||||
| CVE-2026-20439 | 2 Google, Mediatek | 6 Android, Mt2718, Mt6899 and 3 more | 2026-03-30 | 4.4 Medium |
| In imgsys, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10431955; Issue ID: MSV-5826. | ||||
| CVE-2026-20438 | 2 Google, Mediatek | 12 Android, Mt2718, Mt6899 and 9 more | 2026-03-30 | 6.4 Medium |
| In MAE, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10431920; Issue ID: MSV-5835. | ||||
| CVE-2026-20437 | 2 Google, Mediatek | 6 Android, Mt2718, Mt6899 and 3 more | 2026-03-30 | 4.4 Medium |
| In MAE, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10431940; Issue ID: MSV-5843. | ||||
| CVE-2026-20436 | 1 Mediatek | 8 Mt7902, Mt7920, Mt7921 and 5 more | 2026-03-30 | 6.7 Medium |
| In wlan STA driver, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00473802; Issue ID: MSV-5970. | ||||