Export limit exceeded: 335260 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 335260 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (335260 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-27583 | 2026-02-27 | N/A | ||
| Further research determined the situation described is not a vulnerability. | ||||
| CVE-2026-27582 | 2026-02-27 | N/A | ||
| Further research determined the situation described is not a vulnerability. | ||||
| CVE-2026-27581 | 2026-02-27 | N/A | ||
| Further research determined the situation described is not a vulnerability. | ||||
| CVE-2026-27580 | 2026-02-27 | N/A | ||
| Further research determined the situation described is not a vulnerability. | ||||
| CVE-2026-27573 | 2026-02-27 | N/A | ||
| Further research determined the situation described is not a vulnerability. | ||||
| CVE-2026-27501 | 2026-02-27 | N/A | ||
| Further research determined the situation described is not a vulnerability. | ||||
| CVE-2026-27500 | 2026-02-27 | N/A | ||
| Further research determined the situation described is not a vulnerability. | ||||
| CVE-2026-27201 | 2026-02-27 | N/A | ||
| Further research determined the situation described is not a vulnerability. | ||||
| CVE-2026-27200 | 2026-02-27 | N/A | ||
| Further research determined the situation described is not a vulnerability. | ||||
| CVE-2026-27141 | 1 Go Standard Library | 1 Net/http | 2026-02-27 | 7.5 High |
| Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic | ||||
| CVE-2026-26862 | 2026-02-27 | 8.3 High | ||
| CleverTap Web SDK version 1.15.2 and earlier is vulnerable to DOM-based Cross-Site Scripting (XSS) via window.postMessage in the Visual Builder module. The origin validation in src/modules/visualBuilder/pageBuilder.js (lines 56-60) uses the includes() method to verify the originUrl contains "dashboard.clevertap.com", which can be bypassed by an attacker using a crafted subdomain | ||||
| CVE-2026-26861 | 2026-02-27 | 8.3 High | ||
| CleverTap Web SDK version 1.15.2 and earlier is vulnerable to Cross-Site Scripting (XSS) via window.postMessage. The handleCustomHtmlPreviewPostMessageEvent function in src/util/campaignRender/nativeDisplay.js performs insufficient origin validation using the includes() method, which can be bypassed by an attacker using a subdomain | ||||
| CVE-2026-22717 | 2026-02-27 | 2.7 Low | ||
| Out-of-bound read vulnerability in VMware Workstation 25H1 and below on any platform allows an actor with non-administrative privileges on a guest VM to obtain limited information disclosure from the machine where VMware Workstation is installed. | ||||
| CVE-2026-22716 | 2026-02-27 | 5 Medium | ||
| Out-of-bound write vulnerability in VMware Workstation 25H1 and below on any platform allows an actor with non-administrative privileges on a guest VM to terminate certain Workstation processes. | ||||
| CVE-2025-69437 | 2026-02-27 | 8.7 High | ||
| PublicCMS v5.202506.d and earlier is vulnerable to stored XSS. Uploaded PDFs can contain JavaScript payloads and bypass PDF security checks in the backend CmsFileUtils.java. If a user uploads a PDF file containing a malicious payload to the system and views it, the embedded JavaScript payload can be triggered, resulting in issues such as credential theft, arbitrary API execution, and other security concerns. This vulnerability affects all file upload endpoint, including /cmsTemplate/save, /file/doUpload, /cmsTemplate/doUpload, /file/doBatchUpload, /cmsWebFile/doUpload, etc. | ||||
| CVE-2026-25518 | 1 Cert-manager | 1 Cert-manager | 2026-02-27 | 5.9 Medium |
| cert-manager adds certificates and certificate issuers as resource types in Kubernetes clusters, and simplifies the process of obtaining, renewing and using those certificates. In versions from 1.18.0 to before 1.18.5 and from 1.19.0 to before 1.19.3, the cert-manager-controller performs DNS lookups during ACME DNS-01 processing (for zone discovery and propagation self-checks). By default, these lookups use standard unencrypted DNS. An attacker who can intercept and modify DNS traffic from the cert-manager-controller pod can insert a crafted entry into cert-manager's DNS cache. Accessing this entry will trigger a panic, resulting in denial‑of‑service (DoS) of the cert-manager controller. The issue can also be exploited if the authoritative DNS server for the domain being validated is controlled by a malicious actor. This issue has been patched in versions 1.18.5 and 1.19.3. | ||||
| CVE-2026-25541 | 2 Tokio, Tokio-rs | 2 Bytes, Bytes | 2026-02-27 | 7.5 High |
| Bytes is a utility library for working with bytes. From version 1.2.1 to before 1.11.1, Bytes is vulnerable to integer overflow in BytesMut::reserve. In the unique reclaim path of BytesMut::reserve, if the condition "v_capacity >= new_cap + offset" uses an unchecked addition. When new_cap + offset overflows usize in release builds, this condition may incorrectly pass, causing self.cap to be set to a value that exceeds the actual allocated capacity. Subsequent APIs such as spare_capacity_mut() then trust this corrupted cap value and may create out-of-bounds slices, leading to UB. This behavior is observable in release builds (integer overflow wraps), whereas debug builds panic due to overflow checks. This issue has been patched in version 1.11.1. | ||||
| CVE-2026-1978 | 1 Kalyan02 | 1 Nanocms | 2026-02-27 | 5.3 Medium |
| A vulnerability was detected in kalyan02 NanoCMS up to 0.4. Affected by this issue is some unknown functionality of the file /data/pagesdata.txt of the component User Information Handler. Performing a manipulation results in direct request. It is possible to initiate the attack remotely. The exploit is now public and may be used. You should change the configuration settings. | ||||
| CVE-2026-22206 | 1 Spip | 1 Spip | 2026-02-27 | 8.8 High |
| SPIP versions prior to 4.4.10 contain a SQL injection vulnerability that allows authenticated low-privilege users to execute arbitrary SQL queries by manipulating union-based injection techniques. Attackers can exploit this SQL injection flaw combined with PHP tag processing to achieve remote code execution on the server. | ||||
| CVE-2026-22205 | 1 Spip | 1 Spip | 2026-02-27 | 7.5 High |
| SPIP versions prior to 4.4.10 contain an authentication bypass vulnerability caused by PHP type juggling that allows unauthenticated attackers to access protected information. Attackers can exploit loose type comparisons in authentication logic to bypass login verification and retrieve sensitive internal data. | ||||