Export limit exceeded: 341439 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (341439 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-33349 | 1 Naturalintelligence | 1 Fast-xml-parser | 2026-03-27 | 5.9 Medium |
| fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. From version 4.0.0-beta.3 to before version 5.5.7, the DocTypeReader in fast-xml-parser uses JavaScript truthy checks to evaluate maxEntityCount and maxEntitySize configuration limits. When a developer explicitly sets either limit to 0 — intending to disallow all entities or restrict entity size to zero bytes — the falsy nature of 0 in JavaScript causes the guard conditions to short-circuit, completely bypassing the limits. An attacker who can supply XML input to such an application can trigger unbounded entity expansion, leading to memory exhaustion and denial of service. This issue has been patched in version 5.5.7. | ||||
| CVE-2026-33215 | 2 Linuxfoundation, Nats | 2 Nats-server, Nats Server | 2026-03-27 | 6.5 Medium |
| NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server provides an MQTT client interface. Prior to versions 2.11.15 and 2.12.5, Sessions and Messages can by hijacked via MQTT Client ID malfeasance. Versions 2.11.15 and 2.12.5 patch the issue. No known workarounds are available. | ||||
| CVE-2025-32991 | 2 N2w, N2ws | 2 Backup\& Recovery, Backup And Recovery | 2026-03-27 | 9 Critical |
| In N2WS Backup & Recovery before 4.4.0, a two-step attack against the RESTful API results in remote code execution. | ||||
| CVE-2026-26830 | 1 Mooz | 1 Pdf-image | 2026-03-27 | 9.8 Critical |
| pdf-image (npm package) through version 2.0.0 allows OS command injection via the pdfFilePath parameter. The constructGetInfoCommand and constructConvertCommandForPage functions use util.format() to interpolate user-controlled file paths into shell command strings that are executed via child_process.exec() | ||||
| CVE-2026-28826 | 1 Apple | 1 Macos | 2026-03-27 | 4 Medium |
| A logic issue was addressed with improved restrictions. This issue is fixed in macOS Tahoe 26.4. A malicious app may be able to break out of its sandbox. | ||||
| CVE-2026-20688 | 1 Apple | 5 Ios And Ipados, Ipados, Iphone Os and 2 more | 2026-03-27 | 9.3 Critical |
| A path handling issue was addressed with improved validation. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, visionOS 26.4. An app may be able to break out of its sandbox. | ||||
| CVE-2026-28889 | 1 Apple | 1 Xcode | 2026-03-27 | 6.2 Medium |
| A permissions issue was addressed with additional restrictions. This issue is fixed in Xcode 26.4. An app may be able to read arbitrary files as root. | ||||
| CVE-2026-28866 | 1 Apple | 4 Ios And Ipados, Ipados, Iphone Os and 1 more | 2026-03-27 | 6.2 Medium |
| This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access sensitive user data. | ||||
| CVE-2026-28827 | 1 Apple | 1 Macos | 2026-03-27 | 9.3 Critical |
| A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to break out of its sandbox. | ||||
| CVE-2026-20607 | 1 Apple | 1 Macos | 2026-03-27 | 4 Medium |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access protected user data. | ||||
| CVE-2026-28816 | 1 Apple | 1 Macos | 2026-03-27 | 4 Medium |
| A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to delete files for which it does not have permission. | ||||
| CVE-2026-20698 | 1 Apple | 7 Ios And Ipados, Ipados, Iphone Os and 4 more | 2026-03-27 | 5.5 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to cause unexpected system termination or corrupt kernel memory. | ||||
| CVE-2026-20657 | 1 Apple | 4 Ios And Ipados, Ipados, Iphone Os and 1 more | 2026-03-27 | 6.5 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5. Parsing a maliciously crafted file may lead to an unexpected app termination. | ||||
| CVE-2026-28877 | 1 Apple | 6 Ios And Ipados, Ipados, Iphone Os and 3 more | 2026-03-27 | 5.5 Medium |
| An authorization issue was addressed with improved state management. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Tahoe 26.4, visionOS 26.4, watchOS 26.4. An app may be able to access sensitive user data. | ||||
| CVE-2026-28820 | 1 Apple | 1 Macos | 2026-03-27 | 5.5 Medium |
| This issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.4. An app may be able to access sensitive user data. | ||||
| CVE-2026-20695 | 1 Apple | 1 Macos | 2026-03-27 | 6.2 Medium |
| An information disclosure issue was addressed with improved memory management. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to determine kernel memory layout. | ||||
| CVE-2026-28837 | 1 Apple | 1 Macos | 2026-03-27 | 7.5 High |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.4. An app may be able to access sensitive user data. | ||||
| CVE-2025-13406 | 1 Softing | 1 Smartlink Sw-ht | 2026-03-27 | N/A |
| NULL Pointer Dereference vulnerability in Softing Industrial Automation GmbH smartLink SW-HT (Webserver modules) allows HTTP DoS.This issue affects smartLink SW-HT: 1.43. | ||||
| CVE-2025-10685 | 1 Softing | 2 Smartlink Sw-ht, Smartlink Sw-pn | 2026-03-27 | N/A |
| Heap-based buffer overflow vulnerability in Softing Industrial Automation GmbH smartLink SW-PN and smartLink SW-HT (Webserver modules) allows overflow buffers.This issue affects: smartLink SW-PN: through 1.03 smartLink SW-HT: through 1.42 | ||||
| CVE-2025-10461 | 1 Softing | 2 Smartlink Sw-ht, Smartlink Sw-pn | 2026-03-27 | N/A |
| Global file reads caused by improper URL checks in webserver in Softing Industrial Automation GmbH smartLinks on docker (filesystem modules) allows file access. This issue affects smartLink SW-HT: through 1.42 smartLink SW-PN: through 1.03. | ||||