Export limit exceeded: 339867 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (339867 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-4694 | 2026-03-24 | N/A | ||
| Incorrect boundary conditions, integer overflow in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. | ||||
| CVE-2026-4706 | 2026-03-24 | N/A | ||
| Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. | ||||
| CVE-2026-4709 | 2026-03-24 | N/A | ||
| Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. | ||||
| CVE-2026-4721 | 2026-03-24 | N/A | ||
| Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. | ||||
| CVE-2019-25641 | 2026-03-24 | 8.2 High | ||
| Netartmedia Vlog System contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers can send POST requests to index.php with malicious email values in the forgotten_password module to extract sensitive database information. | ||||
| CVE-2019-25645 | 2026-03-24 | 6.2 Medium | ||
| WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 contains a denial of service vulnerability that allows local attackers to crash the application by processing malformed AVI files. Attackers can create a specially crafted AVI file with an oversized buffer and load it through the Convert to iPhone function to trigger an application crash. | ||||
| CVE-2026-29111 | 1 Systemd | 1 Systemd | 2026-03-24 | 5.5 Medium |
| systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an assert, but stack overwriting, with the attacker controlled content. From version v250 and newer this is not possible as the safety check causes an assert instead. This IPC call was added in v239, so versions older than that are not affected. Versions 260-rc1, 259.2, 258.5, and 257.11 contain patches. No known workarounds are available. | ||||
| CVE-2026-32279 | 1 Opensource-workshop | 1 Connect-cms | 2026-03-24 | 6.8 Medium |
| Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, a Server-Side Request Forgery (SSRF) issue exists in the external page migration feature of the Page Management Plugin. Versions 1.41.1 and 2.41.1 contain a patch. | ||||
| CVE-2026-32300 | 1 Opensource-workshop | 1 Connect-cms | 2026-03-24 | 8.1 High |
| Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the My Page profile update feature may allow modification of arbitrary user information. Versions 1.41.1 and 2.41.1 contain a patch. | ||||
| CVE-2026-4612 | 1 Itsourcecode | 1 Free Hotel Reservation System | 2026-03-24 | 7.3 High |
| A vulnerability has been found in itsourcecode Free Hotel Reservation System 1.0. This affects an unknown part of the file /hotel/admin/mod_users/index.php?view=edit&id=8 of the component Parameter Handler. The manipulation of the argument account_id leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-4625 | 1 Sourcecodester | 1 Online Admission System | 2026-03-24 | 7.3 High |
| A flaw has been found in SourceCodester Online Admission System 1.0. This affects an unknown function of the file /programmes.php. Executing a manipulation of the argument program can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used. | ||||
| CVE-2026-4756 | 1 Molotovcherry | 1 Android-imagemagick7 | 2026-03-24 | 7.8 High |
| Out-of-bounds Write vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11. | ||||
| CVE-2026-4662 | 2 Crocoblock, Wordpress | 2 Jetengine, Wordpress | 2026-03-24 | 7.5 High |
| The JetEngine plugin for WordPress is vulnerable to SQL Injection via the `listing_load_more` AJAX action in all versions up to, and including, 3.8.6.1. This is due to the `filtered_query` parameter being excluded from the HMAC signature validation (allowing attacker-controlled input to bypass security checks) combined with the `prepare_where_clause()` method in the SQL Query Builder not sanitizing the `compare` operator before concatenating it into SQL statements. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database, provided the site has a JetEngine Listing Grid with Load More enabled that uses a SQL Query Builder query. | ||||
| CVE-2026-27784 | 2026-03-24 | 7.8 High | ||
| The 32-bit implementation of NGINX Open Source has a vulnerability in the ngx_http_mp4_module module, which might allow an attacker to over-read or over-write NGINX worker memory resulting in its termination, using a specially crafted MP4 file. The issue only affects 32-bit NGINX Open Source if it is built with the ngx_http_mp4_module module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted MP4 file with the ngx_http_mp4_module module. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2026-28755 | 2026-03-24 | 5.4 Medium | ||
| NGINX Plus and NGINX Open Source have a vulnerability in the ngx_stream_ssl_module module due to the improper handling of revoked certificates when configured with the ssl_verify_client on and ssl_ocsp on directives, allowing the TLS handshake to succeed even after an OCSP check identifies the certificate as revoked. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2026-4639 | 1 Galaxy Software Services Corporation | 1 Vitals Esp | 2026-03-24 | 8.8 High |
| Vitals ESP developed by Galaxy Software Services has a Incorrect Authorization vulnerability, allowing authenticated remote attackers to perform certain administrative functions, thereby escalating privileges. | ||||
| CVE-2026-4737 | 1 No-chicken | 1 Echo-mate | 2026-03-24 | N/A |
| Use After Free vulnerability in No-Chicken Echo-Mate (SDK/rv1106-sdk/sysdrv/source/kernel/mm modules). This vulnerability is associated with program files rmap.C. This issue affects Echo-Mate: before V250329. | ||||
| CVE-2026-4751 | 1 Tmate-io | 1 Tmate | 2026-03-24 | 5.3 Medium |
| NULL Pointer Dereference vulnerability in tmate-io tmate.This issue affects tmate: before 2.4.0. | ||||
| CVE-2026-4753 | 1 Slajerek | 1 Retrodebugger | 2026-03-24 | 9.1 Critical |
| Out-of-bounds Read vulnerability in slajerek RetroDebugger.This issue affects RetroDebugger: before v0.64.72. | ||||
| CVE-2026-4640 | 1 Galaxy Software Services Corporation | 1 Vitals Esp | 2026-03-24 | 7.5 High |
| Vitals ESP developed by Galaxy Software Services has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to execute certain functions to obtain sensitive information. | ||||