Export limit exceeded: 339135 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 339135 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (339135 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-4324 | 1 Redhat | 1 Satellite | 2026-03-19 | 5.4 Medium |
| A flaw was found in the Katello plugin for Red Hat Satellite. This vulnerability, caused by improper sanitization of user-provided input, allows a remote attacker to inject arbitrary SQL commands into the sort_by parameter of the /api/hosts/bootc_images API endpoint. This can lead to a Denial of Service (DoS) by triggering database errors, and potentially enable Boolean-based Blind SQL injection, which could allow an attacker to extract sensitive information from the database. | ||||
| CVE-2026-32691 | 1 Canonical | 1 Juju | 2026-03-19 | 5.3 Medium |
| A race condition in the secrets management subsystem of Juju versions 3.0.0 through 3.6.18 allows an authenticated unit agent to claim ownership of a newly initialized secret. Between generating a Juju Secret ID and creating the secret's first revision, an attacker authenticated as another unit agent can claim ownership of a known secret. This leads to the attacking unit being able to read the content of the initial secret revision. | ||||
| CVE-2026-32692 | 1 Canonical | 1 Juju | 2026-03-19 | 7.6 High |
| An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within the scope of that Vault secret back-end. | ||||
| CVE-2026-32693 | 1 Canonical | 1 Juju | 2026-03-19 | 8.8 High |
| In Juju from version 3.0.0 through 3.6.18, the authorization of the "secret-set" tool is not performed correctly, which allows a grantee to update the secret content, and can lead to reading or updating other secrets. When the "secret-set" tool logs an error in an exploitation attempt, the secret is still updated contrary to expectations, and the new value is visible to both the owner and the grantee. | ||||
| CVE-2026-33004 | 1 Jenkins Project | 1 Jenkins Loadninja Plugin | 2026-03-19 | 4.3 Medium |
| Jenkins LoadNinja Plugin 2.1 and earlier does not mask LoadNinja API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them. | ||||
| CVE-2026-33002 | 1 Jenkins Project | 1 Jenkins | 2026-03-19 | 7.5 High |
| Jenkins 2.442 through 2.554 (both inclusive), LTS 2.426.3 through LTS 2.541.2 (both inclusive) performs origin validation of requests made through the CLI WebSocket endpoint by computing the expected origin for comparison using the Host or X-Forwarded-Host HTTP request headers, making it vulnerable to DNS rebinding attacks that allow bypassing origin validation. | ||||
| CVE-2026-30704 | 1 Shenzhen Yuner Yipu | 1 Wifi Extender Wdr201a | 2026-03-19 | 9.1 Critical |
| The WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02) exposes an unprotected UART interface through accessible hardware pads on the PCB | ||||
| CVE-2026-30695 | 1 Zucchetti | 1 Axess | 2026-03-19 | 6.1 Medium |
| A Cross-Site Scripting (XSS) vulnerability exists in the web-based configuration interface of Zucchetti Axess access control devices, including XA4, X3/X3BIO, X4, X7, and XIO / i-door / i-door+. The vulnerability is caused by improper sanitization of user-supplied input in the dirBrowse parameter of the /file_manager.cgi endpoint. | ||||
| CVE-2026-30345 | 1 Ctfd | 1 Ctfd | 2026-03-19 | 7.5 High |
| A zip slip vulnerability in the Admin import functionality of CTFd v3.8.1-18-gdb5a18c4 allows attackers to write arbitrary files outside the intended directories via supplying a crafted import. | ||||
| CVE-2026-30048 | 1 Developer.notchatbot | 1 Webchat | 2026-03-19 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability exists in the NotChatbot WebChat widget thru 1.4.4. User-supplied input is not properly sanitized before being stored and rendered in the chat conversation history. This allows an attacker to inject arbitrary JavaScript code which is executed when the chat history is reloaded. The issue is reproducible across multiple independent implementations of the widget, indicating that the vulnerability resides in the product itself rather than in a specific website configuration. | ||||
| CVE-2026-1801 | 1 Redhat | 1 Enterprise Linux | 2026-03-19 | 5.3 Medium |
| A flaw was found in libsoup, an HTTP client/server library. This HTTP Request Smuggling vulnerability arises from non-RFC-compliant parsing in the soup_filter_input_stream_read_line() logic, where libsoup accepts malformed chunk headers, such as lone line feed (LF) characters instead of the required carriage return and line feed (CRLF). A remote attacker can exploit this without authentication or user interaction by sending specially crafted chunked requests. This allows libsoup to parse and process multiple HTTP requests from a single network message, potentially leading to information disclosure. | ||||
| CVE-2026-1761 | 1 Redhat | 9 Enterprise Linux, Enterprise Linux Eus, Openshift Devspaces and 6 more | 2026-03-19 | 8.6 High |
| A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption. This issue may result in application crashes or arbitrary code execution in applications that process untrusted server responses, and it does not require authentication or user interaction. | ||||
| CVE-2026-1760 | 1 Redhat | 1 Enterprise Linux | 2026-03-19 | 5.3 Medium |
| A flaw was found in SoupServer. This HTTP request smuggling vulnerability occurs because SoupServer improperly handles requests that combine Transfer-Encoding: chunked and Connection: keep-alive headers. A remote, unauthenticated client can exploit this by sending specially crafted requests, causing SoupServer to fail to close the connection as required by RFC 9112. This allows the attacker to smuggle additional requests over the persistent connection, leading to unintended request processing and potential denial-of-service (DoS) conditions. | ||||
| CVE-2026-1539 | 1 Redhat | 1 Enterprise Linux | 2026-03-19 | 5.8 Medium |
| A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different host. As a result, sensitive proxy credentials may be leaked to third-party servers. Applications using libsoup for HTTP communication may unintentionally expose proxy authentication data. | ||||
| CVE-2026-1536 | 1 Redhat | 1 Enterprise Linux | 2026-03-19 | 5.8 Medium |
| A flaw was found in libsoup. An attacker who can control the input for the Content-Disposition header can inject CRLF (Carriage Return Line Feed) sequences into the header value. These sequences are then interpreted verbatim when the HTTP request or response is constructed, allowing arbitrary HTTP headers to be injected. This vulnerability can lead to HTTP header injection or HTTP response splitting without requiring authentication or user interaction. | ||||
| CVE-2026-1467 | 1 Redhat | 1 Enterprise Linux | 2026-03-19 | 5.8 Medium |
| A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF (Carriage Return Line Feed) Injection, occurs when an HTTP proxy is configured and the library improperly handles URL-decoded input used to create the Host header. A remote attacker can exploit this by providing a specially crafted URL containing CRLF sequences, allowing them to inject additional HTTP headers or complete HTTP request bodies. This can lead to unintended or unauthorized HTTP requests being forwarded by the proxy, potentially impacting downstream services. | ||||
| CVE-2025-67830 | 1 Murasoftware | 1 Mura Cms | 2026-03-19 | 9.8 Critical |
| Mura before 10.1.14 allows beanFeed.cfc getQuery sortby SQL injection. | ||||
| CVE-2025-58112 | 1 Microsoft | 1 Dynamics 365 Customer Service | 2026-03-19 | 8.8 High |
| Microsoft Dynamics 365 Customer Engagement (on-premises) 1612 (9.0.2.3034) allows the generation of customized reports via raw SQL queries in an upload of a .rdl (Report Definition Language) file; this is then processed by the SQL Server Reporting Service. An account with the privilege Add Reporting Services Reports can upload a malicious rdl file. If the malicious rdl file is already loaded and it is executable by the user, the Add Reporting Services Reports privilege is not required. A malicious actor can trigger the generation of the report, causing the execution of arbitrary SQL commands in the underlying database. Depending on the permissions of the account running SQL Server Reporting Services, the attacker may be able to perform additional actions, such as accessing linked servers or executing operating system commands. | ||||
| CVE-2025-15031 | 1 Mlflow | 1 Mlflow/mlflow | 2026-03-19 | 8.1 High |
| A vulnerability in MLflow's pyfunc extraction process allows for arbitrary file writes due to improper handling of tar archive entries. Specifically, the use of `tarfile.extractall` without path validation enables crafted tar.gz files containing `..` or absolute paths to escape the intended extraction directory. This issue affects the latest version of MLflow and poses a high/critical risk in scenarios involving multi-tenant environments or ingestion of untrusted artifacts, as it can lead to arbitrary file overwrites and potential remote code execution. | ||||
| CVE-2025-14523 | 1 Redhat | 8 Enterprise Linux, Enterprise Linux Eus, Rhel Aus and 5 more | 2026-03-19 | 8.2 High |
| A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confusion where a proxy routes a request to one backend but the backend interprets it as destined for another host. This discrepancy enables request-smuggling style attacks, cache poisoning, or bypassing host-based access controls when an attacker supplies duplicate Host headers. | ||||