Export limit exceeded: 339840 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (339840 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-33211 | 1 Tektoncd | 1 Pipeline | 2026-03-24 | 9.6 Critical |
| Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.1, 1.3.3, 1.6.1, 1.9.2, and 1.10.2, the Tekton Pipelines git resolver is vulnerable to path traversal via the `pathInRepo` parameter. A tenant with permission to create `ResolutionRequests` (e.g. by creating `TaskRuns` or `PipelineRuns` that use the git resolver) can read arbitrary files from the resolver pod's filesystem, including ServiceAccount tokens. The file contents are returned base64-encoded in `resolutionrequest.status.data`. Versions 1.0.1, 1.3.3, 1.6.1, 1.9.2, and 1.10.2 contain a patch. | ||||
| CVE-2026-33241 | 1 Salvo-rs | 1 Salvo | 2026-03-24 | N/A |
| Salvo is a Rust web framework. Prior to version 0.89.3, Salvo's form data parsing implementations (`form_data()` method and `Extractible` macro) do not enforce payload size limits before reading request bodies into memory. This allows attackers to cause Out-of-Memory (OOM) conditions by sending extremely large payloads, leading to service crashes and denial of service. Version 0.89.3 contains a patch. | ||||
| CVE-2026-4733 | 1 Ixray-team | 1 Ixray-1.6-stcop | 2026-03-24 | 5.3 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3. | ||||
| CVE-2026-4738 | 1 Osgeo | 1 Gdal | 2026-03-24 | N/A |
| Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in OSGeo gdal (frmts/zlib/contrib/infback9 modules). This vulnerability is associated with program files inftree9.C. This issue affects gdal: before 3.11.0. | ||||
| CVE-2026-4613 | 1 Sourcecodester | 1 Ecommerce System | 2026-03-24 | 7.3 High |
| A vulnerability was found in SourceCodester E-Commerce Site 1.0. This vulnerability affects unknown code of the file /products.php. The manipulation of the argument Search results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used. | ||||
| CVE-2026-4743 | 1 Taurusxin | 1 Ncmdump | 2026-03-24 | N/A |
| NULL Pointer Dereference vulnerability in taurusxin ncmdump (src/utils modules). This vulnerability is associated with program files cJSON.Cpp. This issue affects ncmdump: before 1.4.0. | ||||
| CVE-2026-4752 | 1 No-chicken | 1 Echo-mate | 2026-03-24 | 6.4 Medium |
| Use After Free vulnerability in No-Chicken Echo-Mate.This issue affects Echo-Mate: before V250329. | ||||
| CVE-2026-33848 | 1 Linkingvision | 1 Rapidvms | 2026-03-24 | 8.8 High |
| Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in linkingvision rapidvms.This issue affects rapidvms: before PR#96. | ||||
| CVE-2026-4750 | 1 Fabiangreffrath | 1 Woof | 2026-03-24 | 9.1 Critical |
| Out-of-bounds Read vulnerability in fabiangreffrath woof.This issue affects woof: before woof_15.3.0. | ||||
| CVE-2026-4754 | 1 Molotovcherry | 1 Android-imagemagick7 | 2026-03-24 | 6.1 Medium |
| CWE-79 vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11. | ||||
| CVE-2026-4755 | 1 Molotovcherry | 1 Android-imagemagick7 | 2026-03-24 | 9.8 Critical |
| CWE-20 vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11. | ||||
| CVE-2026-4685 | 2026-03-24 | N/A | ||
| Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. | ||||
| CVE-2026-4686 | 2026-03-24 | N/A | ||
| Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. | ||||
| CVE-2026-4687 | 2026-03-24 | N/A | ||
| Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. | ||||
| CVE-2026-4690 | 2026-03-24 | N/A | ||
| Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. | ||||
| CVE-2026-4691 | 2026-03-24 | N/A | ||
| Use-after-free in the CSS Parsing and Computation component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. | ||||
| CVE-2026-4692 | 2026-03-24 | N/A | ||
| Sandbox escape in the Responsive Design Mode component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. | ||||
| CVE-2026-4695 | 2026-03-24 | N/A | ||
| Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. | ||||
| CVE-2026-4696 | 2026-03-24 | N/A | ||
| Use-after-free in the Layout: Text and Fonts component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. | ||||
| CVE-2026-4697 | 2026-03-24 | N/A | ||
| Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. | ||||