Export limit exceeded: 17675 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 75891 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (75891 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-40800 | 1 Siemens | 6 Comos, Nx, Simcenter 3d and 3 more | 2026-03-10 | 7.4 High |
| A vulnerability has been identified in COMOS V10.6 (All versions < V10.6.1), COMOS V10.6 (All versions < V10.6.1), NX V2412 (All versions < V2412.8700), NX V2506 (All versions < V2506.6000), Simcenter 3D (All versions < V2506.6000), Simcenter Femap (All versions < V2506.0002), Solid Edge SE2025 (All versions < V225.0 Update 10), Solid Edge SE2026 (All versions < V226.0 Update 1). The IAM client in affected products is missing server certificate validation while establishing TLS connections to the authorization server. This could allow an attacker to perform a man-in-the-middle attack. | ||||
| CVE-2024-47562 | 1 Siemens | 1 Sinec Security Monitor | 2026-03-10 | 8.8 High |
| A vulnerability has been identified in SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly neutralize special elements in user input to the ```ssmctl-client``` command. This could allow an authenticated, lowly privileged local attacker to execute privileged commands in the underlying OS. | ||||
| CVE-2026-21352 | 1 Adobe | 2 Dng Sdk, Dng Software Development Kit | 2026-03-10 | 7.8 High |
| DNG SDK versions 1.7.1 2410 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-21353 | 1 Adobe | 2 Dng Sdk, Dng Software Development Kit | 2026-03-10 | 7.8 High |
| DNG SDK versions 1.7.1 2410 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-13002 | 2 Farktor, Farktor Software E-commerce Services Inc. | 2 E-commerce Package, E-commerce Package | 2026-03-10 | 8.2 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Cross-Site Scripting (XSS).This issue affects E-Commerce Package: through 27112025. | ||||
| CVE-2025-4764 | 1 Aida | 1 Hotel Guest Hotspot | 2026-03-10 | 8 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aida Computer Information Technology Inc. Hotel Guest Hotspot allows SQL Injection.This issue affects Hotel Guest Hotspot: through 22012026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-23896 | 2 Immich, Immich-app | 2 Immich, Immich | 2026-03-10 | 7.2 High |
| immich is a high performance self-hosted photo and video management solution. Prior to version 2.5.0, API keys can escalate their own permissions by calling the update endpoint, allowing a low-privilege API key to grant itself full administrative access to the system. Version 2.5.0 fixes the issue. | ||||
| CVE-2026-29067 | 1 Zitadel | 1 Zitadel | 2026-03-10 | 8.1 High |
| ZITADEL is an open source identity management platform. From version 4.0.0-rc.1 to 4.7.0, a potential vulnerability exists in ZITADEL's password reset mechanism in login V2. ZITADEL utilizes the Forwarded or X-Forwarded-Host header from incoming requests to construct the URL for the password reset confirmation link. This link, containing a secret code, is then emailed to the user. This issue has been patched in version 4.7.1. | ||||
| CVE-2025-7714 | 2 Global Interactive Design Media Software, Globalmedya | 2 Content Management System, Content Management System | 2026-03-10 | 7.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Global Interactive Design Media Software Inc. Content Management System (CMS) allows Command Line Execution through SQL Injection.This issue affects Content Management System (CMS): through 21072025. | ||||
| CVE-2025-7713 | 2 Global Interactive Design Media Software, Globalmedya | 2 Content Management System, Content Management System | 2026-03-10 | 7.5 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Global Interactive Design Media Software Inc. Content Management System (CMS) allows XSS Through HTTP Headers.This issue affects Content Management System (CMS): through 21072025. | ||||
| CVE-2026-29192 | 1 Zitadel | 1 Zitadel | 2026-03-10 | 7.7 High |
| ZITADEL is an open source identity management platform. From version 4.0.0 to 4.11.1, a vulnerability in Zitadel's login V2 interface was discovered that allowed a possible account takeover via Default URI Redirect. This issue has been patched in version 4.12.0. | ||||
| CVE-2026-29193 | 1 Zitadel | 1 Zitadel | 2026-03-10 | 8.2 High |
| ZITADEL is an open source identity management platform. From version 4.0.0 to 4.12.0, a vulnerability in Zitadel's login V2 UI allowed users to bypass login behavior and security policies and self-register new accounts or sign in using password even if corresponding options were disabled in their organizaton. This issue has been patched in version 4.12.1. | ||||
| CVE-2026-1616 | 1 Redhat | 2 Open Security Issue Management, Osim | 2026-03-10 | 7.5 High |
| The $uri$args concatenation in nginx configuration file present in Open Security Issue Management (OSIM) prior v2025.9.0 allows path traversal attacks via query parameters. | ||||
| CVE-2026-3803 | 1 Tenda | 2 I3, I3 Firmware | 2026-03-10 | 8.8 High |
| A vulnerability was identified in Tenda i3 1.0.0.6(2204). This affects the function formWifiMacFilterGet of the file /goform/WifiMacFilterGet. The manipulation of the argument index leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. | ||||
| CVE-2025-40905 | 1 Dbook | 2 Www::oauth, Www\ | 2026-03-10 | 7.3 High |
| WWW::OAuth 1.000 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. | ||||
| CVE-2026-3009 | 1 Redhat | 7 Build Keycloak, Build Of Keycloak, Jboss Enterprise Application Platform and 4 more | 2026-03-10 | 8.1 High |
| A security flaw in the IdentityBrokerService.performLogin endpoint of Keycloak allows authentication to proceed using an Identity Provider (IdP) even after it has been disabled by an administrator. An attacker who knows the IdP alias can reuse a previously generated login request to bypass the administrative restriction. This undermines access control enforcement and may allow unauthorized authentication through a disabled external provider. | ||||
| CVE-2026-28410 | 2 Graphprotocol, Thegraph | 2 Contracts, Graph Protocol Contracts | 2026-03-10 | 8.1 High |
| The Graph is an indexing protocol for querying networks like Ethereum, IPFS, Polygon, and other blockchains. Prior to version 3.0.0, a flaw in the token vesting contracts allows users to access tokens that should still be locked according to their vesting schedule. This issue has been patched in version 3.0.0. | ||||
| CVE-2026-30244 | 2 Makeplane, Plane | 2 Plane, Plane | 2026-03-10 | 7.5 High |
| Plane is an an open-source project management tool. Prior to version 1.2.2, unauthenticated attackers can enumerate workspace members and extract sensitive information including email addresses, user roles, and internal identifiers. The vulnerability stems from Django REST Framework permission classes being incorrectly configured to allow anonymous access to protected endpoints. This issue has been patched in version 1.2.2. | ||||
| CVE-2026-30242 | 2 Makeplane, Plane | 2 Plane, Plane | 2026-03-10 | 8.5 High |
| Plane is an an open-source project management tool. Prior to version 1.2.3, the webhook URL validation in plane/app/serializers/webhook.py only checks ip.is_loopback, allowing attackers with workspace ADMIN role to create webhooks pointing to private/internal network addresses (10.x.x.x, 172.16.x.x, 192.168.x.x, 169.254.169.254, etc.). When webhook events fire, the server makes requests to these internal addresses and stores the response — enabling SSRF with full response read-back. This issue has been patched in version 1.2.3. | ||||
| CVE-2026-3799 | 1 Tenda | 2 I3, I3 Firmware | 2026-03-10 | 8.8 High |
| A flaw has been found in Tenda i3 1.0.0.6(2204). This impacts the function formSetCfm of the file /goform/setcfm. This manipulation of the argument funcpara1 causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used. | ||||