Export limit exceeded: 339373 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (339373 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-12453 | 1 Opentext | 1 Vertica | 2026-03-16 | N/A |
| Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText™ Vertica allows Reflected XSS. The vulnerability could lead to Reflected XSS attack of cross-site scripting in Vertica management console application.This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X, from 23.0 through 23.X, from 24.0 through 24.X, from 25.1.0 through 25.1.X, from 25.2.0 through 25.2.X, from 25.3.0 through 25.3.X. | ||||
| CVE-2025-13778 | 1 Abb | 2 Awin Gw100 Rev.2, Awin Gw120 | 2026-03-16 | 6.5 Medium |
| Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1. | ||||
| CVE-2025-14811 | 1 Ibm | 1 Sterling Partner Engagement Manager | 2026-03-16 | 3.1 Low |
| IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques. | ||||
| CVE-2026-31922 | 2 Ays-pro, Wordpress | 2 Fox Lms, Wordpress | 2026-03-16 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ays Pro Fox LMS fox-lms allows Blind SQL Injection.This issue affects Fox LMS: from n/a through <= 1.0.6.3. | ||||
| CVE-2025-13777 | 1 Abb | 2 Awin Gw100 Rev.2, Awin Gw120 | 2026-03-16 | 8.3 High |
| Authentication bypass by capture-replay vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1. | ||||
| CVE-2026-31917 | 2 Wedevs, Wordpress | 2 Wp Erp, Wordpress | 2026-03-16 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP ERP erp allows SQL Injection.This issue affects WP ERP: from n/a through <= 1.16.10. | ||||
| CVE-2025-15515 | 1 Vivo | 1 Easyshare | 2026-03-16 | N/A |
| The authentication mechanism for a specific feature in the EasyShare module contains a vulnerability. If specific conditions are met on a local network, it can cause data leakage | ||||
| CVE-2026-31918 | 2 Immonex, Wordpress | 2 Immonex Kickstart, Wordpress | 2026-03-16 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in immonex immonex Kickstart immonex-kickstart allows Stored XSS.This issue affects immonex Kickstart: from n/a through <= 1.13.0. | ||||
| CVE-2026-32329 | 2 Ays Pro, Wordpress | 2 Advanced Related Posts, Wordpress | 2026-03-16 | 5.3 Medium |
| Missing Authorization vulnerability in Ays Pro Advanced Related Posts advanced-related-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Related Posts: from n/a through <= 1.9.1. | ||||
| CVE-2026-1668 | 1 Tp-link | 39 Sg2005p-pd, Sg2008, Sg2008p and 36 more | 2026-03-16 | N/A |
| The web interface on multiple Omada switches does not adequately validate certain external inputs, which may lead to out-of-bound memory access when processing crafted requests. Under specific conditions, this flaw may result in unintended command execution.<br>An unauthenticated attacker with network access to the affected interface may cause memory corruption, service instability, or information disclosure. Successful exploitation may allow remote code execution or denial-of-service. | ||||
| CVE-2026-25076 | 1 Anchore | 1 Anchore | 2026-03-16 | 7.3 High |
| Anchore Enterprise versions before 5.25.1 contain an SQL injection vulnerability in the GraphQL Reports API. An authenticated attacker that is able to access the GraphQL API could execute arbitrary SQL instructions resulting in modifications to the data contained in the Anchore Enterprise database. | ||||
| CVE-2026-2890 | 2 Strategy11team, Wordpress | 2 Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder, Wordpress | 2026-03-16 | 7.5 High |
| The Formidable Forms plugin for WordPress is vulnerable to a payment integrity bypass in all versions up to, and including, 6.28. This is due to the Stripe Link return handler (`handle_one_time_stripe_link_return_url`) marking payment records as complete based solely on the Stripe PaymentIntent status without comparing the intent's charged amount against the expected payment amount, and the `verify_intent()` function validating only client secret ownership without binding intents to specific forms or actions. This makes it possible for unauthenticated attackers to reuse a PaymentIntent from a completed low-value payment to mark a high-value payment as complete, effectively bypassing payment for goods or services. | ||||
| CVE-2026-31919 | 2 Josh Kohlbach, Wordpress | 2 Advanced Coupons For Woocommerce Coupons, Wordpress | 2026-03-16 | 4.3 Medium |
| Missing Authorization vulnerability in Josh Kohlbach Advanced Coupons for WooCommerce Coupons advanced-coupons-for-woocommerce-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Coupons for WooCommerce Coupons: from n/a through <= 4.7.1. | ||||
| CVE-2026-32328 | 2 Shufflehound, Wordpress | 2 Lemmony, Wordpress | 2026-03-16 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in shufflehound Lemmony lemmony allows Cross Site Request Forgery.This issue affects Lemmony: from n/a through < 1.7.1. | ||||
| CVE-2017-20219 | 1 Serviio | 1 Serviio Pro | 2026-03-16 | 6.1 Medium |
| Serviio PRO 1.8 DLNA Media Streaming Server contains a DOM-based cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads. Attackers can craft URLs with malicious input that is read from document.location and passed to document.write() in the mediabrowser component to execute code in a user's browser context. | ||||
| CVE-2017-20217 | 1 Serviio | 1 Serviio Pro | 2026-03-16 | 7.5 High |
| Serviio PRO 1.8 contains an information disclosure vulnerability due to improper access control enforcement in the Configuration REST API that allows unauthenticated attackers to access sensitive information. Remote attackers can send specially crafted requests to the REST API endpoints to retrieve potentially sensitive configuration data without authentication. | ||||
| CVE-2016-20032 | 1 Zkteco | 1 Zkaccess Security System | 2026-03-16 | 7.2 High |
| ZKTeco ZKAccess Security System 5.3.1 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads through the 'holiday_name' and 'memo' POST parameters. Attackers can submit crafted requests with script code in these parameters to compromise user browser sessions and steal sensitive information. | ||||
| CVE-2016-20031 | 1 Zkteco | 1 Zkbiosecurity | 2026-03-16 | 5.5 Medium |
| ZKTeco ZKBioSecurity 3.0 contains a local authorization bypass vulnerability in visLogin.jsp that allows attackers to authenticate without valid credentials by spoofing localhost requests. Attackers can exploit the EnvironmentUtil.getClientIp() method which treats IPv6 loopback address 0:0:0:0:0:0:0:1 as 127.0.0.1 and authenticates using the IP as username with hardcoded password 123456 to access sensitive information and perform unauthorized actions. | ||||
| CVE-2016-20030 | 1 Zkteco | 1 Zkbiosecurity | 2026-03-16 | 9.8 Critical |
| ZKTeco ZKBioSecurity 3.0 contains a user enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by submitting partial characters via the username parameter. Attackers can send requests to the authLoginAction!login.do script with varying username inputs to enumerate valid user accounts based on application responses. | ||||
| CVE-2016-20029 | 1 Zkteco | 1 Zkbiosecurity | 2026-03-16 | 6.2 Medium |
| ZKTeco ZKBioSecurity 3.0 contains a file path manipulation vulnerability that allows attackers to access arbitrary files by modifying file paths used to retrieve local resources. Attackers can manipulate path parameters to bypass access controls and retrieve sensitive information including configuration files, source code, and protected application resources. | ||||