Export limit exceeded: 339706 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 339706 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (339706 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-51602 | 1 Videolan | 1 Vlc Media Player | 2026-03-23 | 4.8 Medium |
| mmstu.c in VideoLAN VLC media player before 3.0.22 allows an out-of-bounds read and denial of service via a crafted 0x01 response from an MMS server. | ||||
| CVE-2026-32945 | 1 Pjsip | 2 Pjproject, Pjsip | 2026-03-23 | 9.8 Critical |
| PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below have a Heap-based Buffer Overflowvulnerability in the DNS parser's name length handler. Thisimpacts applications using PJSIP's built-in DNS resolver, such as those configured with pjsua_config.nameserver or UaConfig.nameserver in PJSUA/PJSUA2. It does not affect users who rely on the OS resolver (e.g., getaddrinfo()) by not configuring a nameserver, or those using an external resolver via pjsip_resolver_set_ext_resolver(). This issue is fixed in version 2.17. For users unable to upgrade, a workaround is to disable DNS resolution in the PJSIP config (by setting nameserver_count to zero) or to use an external resolver implementation instead. | ||||
| CVE-2026-32942 | 1 Pjsip | 2 Pjproject, Pjsip | 2026-03-23 | 8.1 High |
| PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below contain a heap use-after-free vulnerability in the ICE session that occurs when there are race conditions between session destruction and the callbacks. This issue has been fixed in version 2.17. | ||||
| CVE-2026-33142 | 2 Hackerbay, Oneuptime | 2 Oneuptime, Oneuptime | 2026-03-23 | 8.1 High |
| OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.34, the fix for CVE-2026-32306 (ClickHouse SQL injection via aggregate query parameters) added column name validation to the _aggregateBy method but did not apply the same validation to three other query construction paths in StatementGenerator. The toSortStatement, toSelectStatement, and toGroupByStatement methods accept user-controlled object keys from API request bodies and interpolate them as ClickHouse Identifier parameters without verifying they correspond to actual model columns. ClickHouse Identifier parameters are substituted directly into queries without escaping, so an attacker who can reach any analytics list or aggregate endpoint can inject arbitrary SQL through crafted sort, select, or groupBy keys. This issue has been patched in version 10.0.34. | ||||
| CVE-2019-25545 | 1 Lizardsystems | 1 Terminal Services Manager | 2026-03-23 | 6.2 Medium |
| Terminal Services Manager 3.2.1 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying an excessively long string in the computer name field. Attackers can input a 5000-byte buffer of data into the 'Computer name or IP address' field during computer addition, causing a denial of service when the server entry is accessed. | ||||
| CVE-2026-0385 | 1 Microsoft | 2 Edge, Edge For Android | 2026-03-23 | 5 Medium |
| Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability | ||||
| CVE-2026-26133 | 1 Microsoft | 33 365 Copilot Android, 365 Copilot For Android, 365 Copilot For Ios and 30 more | 2026-03-23 | 7.1 High |
| AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-26144 | 1 Microsoft | 1 365 Apps | 2026-03-23 | 7.5 High |
| Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-26141 | 1 Microsoft | 1 Azure Automation Hybrid Worker Windows Extension | 2026-03-23 | 7.8 High |
| Improper authentication in Azure Arc allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-26130 | 2 Microsoft, Redhat | 2 Asp.net Core, Enterprise Linux | 2026-03-23 | 7.5 High |
| Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2026-26123 | 1 Microsoft | 3 Authenticator, Authenticator For Android, Authenticator For Ios | 2026-03-23 | 5.5 Medium |
| Cwe is not in rca categories in Microsoft Authenticator allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2026-26118 | 1 Microsoft | 4 Azure Mcp Server, Azure Mcp Server Tools, Azure Mcp Server Tools 1 and 1 more | 2026-03-23 | 8.8 High |
| Server-side request forgery (ssrf) in Azure MCP Server allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-26117 | 1 Microsoft | 1 Arc Enabled Servers Azure Connected Machine Agent | 2026-03-23 | 7.8 High |
| Authentication bypass using an alternate path or channel in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-26110 | 1 Microsoft | 9 365 Apps, Office, Office 2016 and 6 more | 2026-03-23 | 8.4 High |
| Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-26109 | 1 Microsoft | 13 365 Apps, Excel, Excel 2016 and 10 more | 2026-03-23 | 8.4 High |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-26108 | 1 Microsoft | 11 365 Apps, Excel, Excel 2016 and 8 more | 2026-03-23 | 7.8 High |
| Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-26107 | 1 Microsoft | 11 365 Apps, Excel, Excel 2016 and 8 more | 2026-03-23 | 7.8 High |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-26106 | 1 Microsoft | 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 | 2026-03-23 | 8.8 High |
| Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | ||||
| CVE-2026-23665 | 1 Microsoft | 2 Azure Linux Virtual Machines Azure Diagnostics, Linux Diagnostic Extension | 2026-03-23 | 7.8 High |
| Heap-based buffer overflow in Azure Linux Virtual Machines allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-23662 | 1 Microsoft | 1 Azure Iot Explorer | 2026-03-23 | 7.5 High |
| Missing authentication for critical function in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network. | ||||