Export limit exceeded: 337571 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (337571 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-27591 | 2026-03-11 | 10 Critical | ||
| Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Prior to 1.0.477, 1.1.12, and 1.2.12, Winter CMS allowed authenticated backend users to escalate their accounts level of access to the system by modifying the roles / permissions assigned to their account through specially crafted requests to the backend while logged in. To actively exploit this security issue, an attacker would need access to the Backend with a user account with any level of access. This vulnerability is fixed in 1.0.477, 1.1.12, and 1.2.12. | ||||
| CVE-2025-62328 | 2026-03-11 | 3.7 Low | ||
| HCL Nomad server on Domino did not configure the frame-ancestors directive in the Content-Security-Policy header by default which could allow an attacker to obtain sensitive information via unspecified vectors. | ||||
| CVE-2019-25487 | 2026-03-11 | 9.8 Critical | ||
| SAPIDO RB-1732 V2.0.43 contains a remote command execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious input to the formSysCmd endpoint. Attackers can send POST requests with the sysCmd parameter containing shell commands to execute code on the device with router privileges. | ||||
| CVE-2019-25485 | 2026-03-11 | 6.2 Medium | ||
| R 3.4.4 on Windows x64 contains a buffer overflow vulnerability in the GUI Preferences language menu field that allows local attackers to bypass DEP and ASLR protections. Attackers can inject a crafted payload through the Language for menus preference to trigger a structured exception handler chain pivot and execute arbitrary shellcode with application privileges. | ||||
| CVE-2019-25483 | 2026-03-11 | 8.4 High | ||
| Comtrend AR-5310 GE31-412SSG-C01_R10.A2pG039u.d24k contains a restricted shell escape vulnerability that allows local users to bypass command restrictions by using the command substitution operator $( ). Attackers can inject arbitrary commands through the $( ) syntax when passed as arguments to allowed commands like ping to execute unrestricted shell access. | ||||
| CVE-2019-25480 | 2026-03-11 | 7.5 High | ||
| ARMBot contains an unrestricted file upload vulnerability in upload.php that allows unauthenticated attackers to upload arbitrary files by manipulating the file parameter with path traversal sequences. Attackers can upload PHP files with traversal payloads ../public_html/ to write executable code to the web root and achieve remote code execution. | ||||
| CVE-2019-25474 | 2026-03-11 | 6.2 Medium | ||
| Easy MP3 Downloader 4.7.8.8 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long unlock code. Attackers can generate a file containing 6000 'A' characters and paste the contents into the Unlock Code field during application startup to trigger a denial of service condition. | ||||
| CVE-2019-25472 | 2026-03-11 | 7.5 High | ||
| IntelBras Telefone IP TIP200 and 200 LITE contain an unauthenticated arbitrary file read vulnerability in the dumpConfigFile function accessible via the cgiServer.exx endpoint. Attackers can send GET requests to /cgi-bin/cgiServer.exx with the command parameter containing dumpConfigFile() to read sensitive files including /etc/shadow and configuration files without proper authorization. | ||||
| CVE-2019-25471 | 2026-03-11 | 9.8 Critical | ||
| FileThingie 2.5.7 contains an arbitrary file upload vulnerability that allows attackers to upload malicious files by sending ZIP archives through the ft2.php endpoint. Attackers can upload ZIP files containing PHP shells, use the unzip functionality to extract them into accessible directories, and execute arbitrary commands through the extracted PHP files. | ||||
| CVE-2019-25468 | 2026-03-11 | 9.8 Critical | ||
| NetGain EM Plus 10.1.68 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious parameters to the script_test.jsp endpoint. Attackers can send POST requests with shell commands embedded in the 'content' parameter to execute code and retrieve command output. | ||||
| CVE-2019-25465 | 2026-03-11 | 7.5 High | ||
| Hisilicon HiIpcam V100R003 contains a directory traversal vulnerability that allows unauthenticated attackers to access sensitive configuration files by exploiting directory listing in the cgi-bin directory. Attackers can request the getadslattr.cgi endpoint to retrieve ADSL credentials and network configuration parameters including usernames, passwords, and DNS settings. | ||||
| CVE-2018-25159 | 2026-03-11 | 9.8 Critical | ||
| Epross AVCON6 systems management platform contains an object-graph navigation language (OGNL) injection vulnerability that allows unauthenticated attackers to execute arbitrary commands by injecting malicious OGNL expressions. Attackers can send crafted requests to the login.action endpoint with OGNL payloads in the redirect parameter to instantiate ProcessBuilder objects and execute system commands with root privileges. | ||||
| CVE-2026-29778 | 2 Pyload, Pyload-ng Project | 2 Pyload, Pyload-ng | 2026-03-11 | 7.1 High |
| pyLoad is a free and open-source download manager written in Python. From version 0.5.0b3.dev13 to 0.5.0b3.dev96, the edit_package() function implements insufficient sanitization for the pack_folder parameter. The current protection relies on a single-pass string replacement of "../", which can be bypassed using crafted recursive traversal sequences. This issue has been patched in version 0.5.0b3.dev97. | ||||
| CVE-2026-29779 | 1 Lyc8503 | 1 Uptimeflare | 2026-03-11 | 7.5 High |
| UptimeFlare is a serverless uptime monitoring & status page solution, powered by Cloudflare Workers. Prior to commit 377a596, configuration file uptime.config.ts exports both pageConfig (safe for client use) and workerConfig (server-only, contains sensitive data) from the same module. Due to pages/incidents.tsx importing and using workerConfig directly inside client-side component code, the entire workerConfig object was included in the client-side JavaScript bundle served to all visitors. This issue has been patched via commit 377a596. | ||||
| CVE-2026-29780 | 2 Govcert-lu, Govcert.lu | 2 Eml Parser, Eml Parser | 2026-03-11 | 5.5 Medium |
| eml_parser serves as a python module for parsing eml files and returning various information found in the e-mail as well as computed information. Prior to version 2.0.1, the official example script examples/recursively_extract_attachments.py contains a path traversal vulnerability that allows arbitrary file write outside the intended output directory. Attachment filenames extracted from parsed emails are directly used to construct output file paths without any sanitization, allowing an attacker-controlled filename to escape the target directory. This issue has been patched in version 2.0.1. | ||||
| CVE-2026-29781 | 1 Bishopfox | 1 Sliver | 2026-03-11 | 6.5 Medium |
| Sliver is a command and control framework that uses a custom Wireguard netstack. In versions from 1.7.3 and prior, a vulnerability exists in the Sliver C2 server's Protobuf unmarshalling logic due to a systemic lack of nil-pointer validation. By extracting valid implant credentials and omitting nested fields in a signed message, an authenticated actor can trigger an unhandled runtime panic. Because the mTLS, WireGuard, and DNS transport layers lack the panic recovery middleware present in the HTTP transport, this results in a global process termination. While requiring post-authentication access (a captured implant), this flaw effectively acts as an infrastructure "kill-switch," instantly severing all active sessions across the entire fleet and requiring a manual server restart to restore operations. At time of publication, there are no publicly available patches. | ||||
| CVE-2026-29786 | 1 Isaacs | 1 Tar | 2026-03-11 | 6.3 Medium |
| node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extraction directory by using a drive-relative link target such as C:../target.txt, which enables file overwrite outside cwd during normal tar.x() extraction. This issue has been patched in version 7.5.10. | ||||
| CVE-2024-9675 | 2 Buildah Project, Redhat | 21 Buildah, Enterprise Linux, Enterprise Linux Eus and 18 more | 2026-03-11 | 7.8 High |
| A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah. | ||||
| CVE-2026-26148 | 1 Microsoft | 1 Azure Ad Ssh Login Extension For Linux | 2026-03-11 | 8.1 High |
| External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate privileges locally. | ||||
| CVE-2026-24293 | 1 Microsoft | 18 Windows 10 21h2, Windows 10 21h2, Windows 10 22h2 and 15 more | 2026-03-11 | 7.8 High |
| Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||||