Export limit exceeded: 336807 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (336807 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-69279 | 2026-03-09 | 7.5 High | ||
| In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. | ||||
| CVE-2025-69278 | 2026-03-09 | 7.5 High | ||
| In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. | ||||
| CVE-2025-69219 | 2026-03-09 | N/A | ||
| A user with access to the DB could craft a database entry that would result in executing code on Triggerer - which gives anyone who have access to DB the same permissions as Dag Author. Since direct DB access is not usual and recommended for Airflow, the likelihood of it making any damage is low. You should upgrade to version 6.0.0 of the provider to avoid even that risk. | ||||
| CVE-2025-61615 | 2026-03-09 | 7.5 High | ||
| In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. | ||||
| CVE-2025-61611 | 2026-03-09 | 7.5 High | ||
| In modem, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.. | ||||
| CVE-2025-41772 | 2026-03-09 | 7.5 High | ||
| An unauthenticated remote attacker can obtain valid session tokens because they are exposed in plaintext within the URL parameters of the wwwupdate.cgi endpoint in UBR. | ||||
| CVE-2025-41767 | 2026-03-09 | 7.2 High | ||
| A high-privileged remote attacker can fully compromise the device by abusing an update signature bypass vulnerability in the wwwupdate.cgi method in the web interface of UBR. | ||||
| CVE-2025-41766 | 2026-03-09 | 8.8 High | ||
| A low-privileged remote attacker can trigger a stack-based buffer overflow via a crafted HTTP POST request using the ubr-network method resulting in full device compromise. | ||||
| CVE-2026-29786 | 1 Isaacs | 1 Tar | 2026-03-09 | N/A |
| node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extraction directory by using a drive-relative link target such as C:../target.txt, which enables file overwrite outside cwd during normal tar.x() extraction. This issue has been patched in version 7.5.10. | ||||
| CVE-2026-30850 | 1 Parse Community | 1 Parse Server | 2026-03-09 | N/A |
| Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.9 and 9.5.0-alpha.9, the file metadata endpoint (GET /files/:appId/metadata/:filename) does not enforce beforeFind / afterFind file triggers. When these triggers are used as access-control gates, the metadata endpoint bypasses them entirely, allowing unauthorized access to file metadata. This issue has been patched in versions 8.6.9 and 9.5.0-alpha.9. | ||||
| CVE-2026-3728 | 1 Tenda | 2 F453, F453 Firmware | 2026-03-09 | 8.8 High |
| A vulnerability was determined in Tenda F453 1.0.0.3/1.If. This issue affects the function fromSetCfm of the file /goform/setcfm. This manipulation of the argument funcname/funcpara1 causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-3767 | 1 Itsourcecode | 1 Sanitize Or Validate This Input | 2026-03-09 | 6.3 Medium |
| A weakness has been identified in itsourcecode sanitize or validate this input 1.0. Affected is an unknown function of the file /admin/teacher-attendance.php. Executing a manipulation of the argument teacher_id can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2026-3631 | 1 Deltaww | 1 Commgr2 | 2026-03-09 | 7.5 High |
| Delta Electronics COMMGR2 has Buffer Over-read DoS vulnerability. | ||||
| CVE-2026-3802 | 2026-03-09 | 8.8 High | ||
| A vulnerability was determined in Tenda i3 1.0.0.6(2204). Affected by this issue is the function formexeCommand of the file /goform/exeCommand. Executing a manipulation of the argument cmdinput can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-3630 | 1 Deltaww | 1 Commgr2 | 2026-03-09 | 9.8 Critical |
| Delta Electronics COMMGR2 has Stack-based Buffer Overflow vulnerability. | ||||
| CVE-2026-3823 | 1 Atop Technologies | 2 Ehg2408, Ehg2408-2sfp | 2026-03-09 | 8.8 High |
| EHG2408 series switch developed by Atop Technologies has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's execution flow and execute arbitrary code. | ||||
| CVE-2025-41754 | 2026-03-09 | 6.5 Medium | ||
| A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to read arbitrary files on the system. | ||||
| CVE-2025-41756 | 2026-03-09 | 8.1 High | ||
| A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to write arbitrary files on the system. | ||||
| CVE-2025-41758 | 2026-03-09 | 8.8 High | ||
| A low-privileged remote attacker can exploit an arbitrary file write vulnerability in the wwupload.cgi endpoint. Due to path traversal this can lead to overwriting arbitrary files on the device and achieving a full system compromise. | ||||
| CVE-2025-41759 | 2026-03-09 | 4.9 Medium | ||
| An administrator may attempt to block all networks by specifying "\*" or "all" as the network identifier. However, these values are not supported and do not trigger any validation error. Instead, they are silently interpreted as network 0 which results in no networks being blocked at all. | ||||