Export limit exceeded: 340686 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (340686 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-10437 | 1 Eksagate | 1 Webpack Management System | 2026-03-26 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eksagate Electronic Engineering and Computer Industry Trade Inc. Webpack Management System allows SQL Injection.This issue affects Webpack Management System: through 20251119. | ||||
| CVE-2025-2204 | 1 Tapandsign | 1 Tap&sign | 2026-03-26 | 4.7 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tapandsign Technologies Software Inc. Tap&Sign allows Cross-Site Scripting (XSS).This issue affects Tap&Sign: through 23012026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-4763 | 1 Aida | 1 Hotel Guest Hotspot | 2026-03-26 | 5.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Aida Computer Information Technology Inc. Hotel Guest Hotspot allows Reflected XSS.This issue affects Hotel Guest Hotspot: through 22012026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-4764 | 1 Aida | 1 Hotel Guest Hotspot | 2026-03-26 | 8 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aida Computer Information Technology Inc. Hotel Guest Hotspot allows SQL Injection.This issue affects Hotel Guest Hotspot: through 22012026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-4320 | 1 Birebirsoft | 1 Sufirmam | 2026-03-26 | 10 Critical |
| Authentication Bypass by Primary Weakness, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Birebirsoft Software and Technology Solutions Sufirmam allows Authentication Bypass, Password Recovery Exploitation.This issue affects Sufirmam: through 23012026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-4319 | 1 Birebirsoft | 1 Sufirmam | 2026-03-26 | 9.4 Critical |
| Improper Restriction of Excessive Authentication Attempts, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Birebirsoft Software and Technology Solutions Sufirmam allows Brute Force, Password Recovery Exploitation.This issue affects Sufirmam: through 23012026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-23921 | 1 Zabbix | 1 Zabbix | 2026-03-26 | N/A |
| A low privilege Zabbix user with API access can exploit a blind SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL selects via the sortfield parameter. Although query results are not returned directly, an attacker can exfiltrate arbitrary database data through time-based techniques, potentially leading to session identifier disclosure and administrator account compromise. | ||||
| CVE-2026-23920 | 1 Zabbix | 1 Zabbix | 2026-03-26 | N/A |
| Host and event action script input is validated with a regex (set by the administrator), but the validation runs in multiline mode. If ^ and $ anchors are used in user input validation, an injected newline lets authenticated users bypass the check and inject shell commands. | ||||
| CVE-2026-28888 | 1 Apple | 1 Macos | 2026-03-26 | 5.1 Medium |
| A race condition was addressed with improved state handling. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to gain root privileges. | ||||
| CVE-2024-5042 | 1 Redhat | 2 Acm, Openshift Data Foundation | 2026-03-25 | 6.6 Medium |
| A flaw was found in the Submariner project. Due to unnecessary role-based access control permissions, a privileged attacker can run a malicious container on a node that may allow them to steal service account tokens and further compromise other nodes and potentially the entire cluster. | ||||
| CVE-2025-63261 | 1 Eldy | 1 Awstats | 2026-03-25 | 7.8 High |
| AWStats 8.0 is vulnerable to Command Injection via the open function | ||||
| CVE-2025-2535 | 2026-03-25 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2026-28823 | 1 Apple | 1 Macos | 2026-03-25 | 4.9 Medium |
| A path handling issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26.4. An app with root privileges may be able to delete protected system files. | ||||
| CVE-2026-28852 | 1 Apple | 7 Ios And Ipados, Ipados, Iphone Os and 4 more | 2026-03-25 | 5.5 Medium |
| A stack overflow was addressed with improved input validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to cause a denial-of-service. | ||||
| CVE-2026-28829 | 1 Apple | 1 Macos | 2026-03-25 | 5.5 Medium |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to modify protected parts of the file system. | ||||
| CVE-2025-43534 | 1 Apple | 3 Ios And Ipados, Ipados, Iphone Os | 2026-03-25 | 6.8 Medium |
| A path handling issue was addressed with improved validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.2 and iPadOS 26.2. A user with physical access to an iOS device may be able to bypass Activation Lock. | ||||
| CVE-2026-20701 | 1 Apple | 1 Macos | 2026-03-25 | 7.5 High |
| An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to connect to a network share without user consent. | ||||
| CVE-2026-20668 | 1 Apple | 5 Ios And Ipados, Ipados, Iphone Os and 2 more | 2026-03-25 | 5.5 Medium |
| A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.3, visionOS 26.3. An app may be able to access sensitive user data. | ||||
| CVE-2026-28825 | 1 Apple | 1 Macos | 2026-03-25 | 5.5 Medium |
| An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to modify protected parts of the file system. | ||||
| CVE-2025-66676 | 1 Iobit | 1 Iobit Unlocker | 2026-03-25 | 6.2 Medium |
| An issue in IObit Unlocker v1.3.0.11 allows attackers to cause a Denial of Service (DoS) via a crafted request. | ||||