Export limit exceeded: 335269 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (335269 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-25970 | 1 Imagemagick | 1 Imagemagick | 2026-02-26 | 5.3 Medium |
| ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a signed integer overflow vulnerability in ImageMagick's SIXEL decoder allows an attacker to trigger memory corruption and denial of service when processing a maliciously crafted SIXEL image file. The vulnerability occurs during buffer reallocation operations where pointer arithmetic using signed 32-bit integers overflows. Versions 7.1.2-15 and 6.9.13-40 contain a patch. | ||||
| CVE-2026-25971 | 1 Imagemagick | 1 Imagemagick | 2026-02-26 | 6.2 Medium |
| ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for circular references between two MSLs, leading to a stack overflow. Versions 7.1.2-15 and 6.9.13-40 contain a patch. | ||||
| CVE-2026-26725 | 1 Edubusinesssolutions | 1 Print Shop Pro Webdesk | 2026-02-26 | 9.8 Critical |
| An issue in edu Business Solutions Print Shop Pro WebDesk v.18.34 allows a remote attacker to escalate privileges via the AccessID parameter. | ||||
| CVE-2025-70833 | 2 Lkw199711, Pocketmanga | 2 Smanga, Smanga | 2026-02-26 | 9.4 Critical |
| An Authentication Bypass vulnerability in Smanga 3.2.7 allows an unauthenticated attacker to reset the password of any user (including the administrator) and fully takeover the account by manipulating POST parameters. The issue stems from insecure permission validation in check-power.php. | ||||
| CVE-2025-70831 | 2 Lkw199711, Pocketmanga | 2 Smanga, Smanga | 2026-02-26 | 9.8 Critical |
| A Remote Code Execution (RCE) vulnerability was found in Smanga 3.2.7 in the /php/path/rescan.php interface. The application fails to properly sanitize user-supplied input in the mediaId parameter before using it in a system shell command. This allows an unauthenticated attacker to inject arbitrary operating system commands, leading to complete server compromise. | ||||
| CVE-2026-2803 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-02-26 | 7.5 High |
| Information disclosure, mitigation bypass in the Settings UI component. This vulnerability affects Firefox < 148 and Thunderbird < 148. | ||||
| CVE-2026-2801 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-02-26 | 7.5 High |
| Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148 and Thunderbird < 148. | ||||
| CVE-2026-2800 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-02-26 | 9.8 Critical |
| Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability affects Firefox < 148 and Thunderbird < 148. | ||||
| CVE-2026-2794 | 1 Mozilla | 1 Firefox | 2026-02-26 | 6.5 Medium |
| Information disclosure due to uninitialized memory in Firefox and Firefox Focus for Android. This vulnerability affects Firefox < 148. | ||||
| CVE-2026-2790 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-02-26 | 8.8 High |
| Same-origin policy bypass in the Networking: JAR component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. | ||||
| CVE-2026-2787 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-02-26 | 8.8 High |
| Use-after-free in the DOM: Window and Location component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. | ||||
| CVE-2026-2786 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-02-26 | 8.8 High |
| Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. | ||||
| CVE-2026-2785 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-02-26 | 9.8 Critical |
| Invalid pointer in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. | ||||
| CVE-2026-2783 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-02-26 | 6.5 Medium |
| Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. | ||||
| CVE-2026-2781 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-02-26 | 8.8 High |
| Integer overflow in the Libraries component in NSS. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. | ||||
| CVE-2026-2774 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-02-26 | 9.8 Critical |
| Integer overflow in the Audio/Video component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. | ||||
| CVE-2026-2767 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-02-26 | 8.8 High |
| Use-after-free in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. | ||||
| CVE-2026-22923 | 1 Siemens | 1 Nx | 2026-02-26 | 7.8 High |
| A vulnerability has been identified in NX (All versions < V2512). The affected application contains a data validation vulnerability that could allow an attacker with local access to interfere with internal data during the PDF export process that could potentially lead to arbitrary code execution. | ||||
| CVE-2026-27520 | 1 Binardat | 3 10g08-0800gsm, 10g08-0800gsm Firmware, 10g08-0800gsm Network Switch | 2026-02-26 | 7.5 High |
| Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 store a user password in a client-side cookie as a Base64-encoded value accessible via the web interface. Because Base64 is reversible and provides no confidentiality, an attacker who can access the cookie value can recover the plaintext password. | ||||
| CVE-2019-25308 | 2 Litemanager Team, Mikogo | 2 Mikogo, Mikogo | 2026-02-26 | 7.8 High |
| Mikogo 5.2.2.150317 contains an unquoted service path vulnerability in the Mikogo-Service Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with LocalSystem privileges by placing executable files in specific path locations. | ||||