Export limit exceeded: 335521 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 335521 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (335521 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-0023 | 2026-03-02 | N/A | ||
| In createSessionInternal of PackageInstallerService.java, there is a possible way for an app to update its ownership due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-0029 | 2026-03-02 | N/A | ||
| In __pkvm_init_vm of pkvm.c, there is a possible memory corruption due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-0032 | 2026-03-02 | N/A | ||
| In multiple functions of mem_protect.c, there is a possible out-of-bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-0047 | 2026-03-02 | 8.4 High | ||
| In dumpBitmapsProto of ActivityManagerService.java, there is a possible way for an app to access private information due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-48636 | 2026-03-02 | 8.4 High | ||
| In openFile of BugreportContentProvider.java, there is a possible way to read and write unauthorized files due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-58107 | 2026-03-02 | 7.5 High | ||
| In Microsoft Exchange through 2019, Exchange ActiveSync (EAS) configurations on on-premises servers may transmit sensitive data from Samsung mobile devices in cleartext, including the user's name, e-mail address, device ID, bearer token, and base64-encoded password. | ||||
| CVE-2026-21853 | 2026-03-02 | 8.8 High | ||
| AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.25.4, there is a one-click remote code execution vulnerability. This vulnerability can be exploited by embedding a specially crafted affine: URL on a website. An attacker can trigger the vulnerability in two common scenarios: 1/ A victim visits a malicious website controlled by the attacker and the website redirect to the URL automatically, or 2/ A victim clicks on a crafted link embedded on a legitimate website (e.g., in user-generated content). In both cases, the browser invokes AFFiNE custom URL handler, which launches the AFFiNE app and processes the crafted URL. This results in arbitrary code execution on the victim’s machine, without further interaction. This issue has been patched in version 0.25.4. | ||||
| CVE-2026-26698 | 2026-03-02 | 4.9 Medium | ||
| code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/modal_edit.php. | ||||
| CVE-2026-3422 | 2026-03-02 | 9.8 Critical | ||
| U-Office Force developed by e-Excellence has a Insecure Deserialization vulnerability, allowing unauthenticated remote attackers to execute arbitrary code on the server by sending maliciously crafted serialized content. | ||||
| CVE-2025-48630 | 2026-03-02 | N/A | ||
| In drawLayersInternal of SkiaRenderEngine.cpp, there is a possible way to access the GPU cache due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-28412 | 2026-03-02 | 6.5 Medium | ||
| Textream is a free macOS teleprompter app. Prior to version 1.5.1, the `DirectorServer` WebSocket server imposes no limit on concurrent connections. Combined with a broadcast timer that sends state to all connected clients every 100 ms, an attacker can exhaust CPU and memory by flooding the server with connections, causing the Textream application to freeze and crash during a live session. Version 1.5.1 fixes the issue. | ||||
| CVE-2024-50337 | 2026-03-02 | 5.3 Medium | ||
| Chamilo is a learning management system. Prior to version 1.11.28, the OpenId function allows anyone to send requests to any URL on server's behalf, which results in unauthenticated blind SSRF. This issue has been patched in version 1.11.28. | ||||
| CVE-2025-50189 | 2026-03-02 | N/A | ||
| Chamilo is a learning management system. Prior to version 1.11.30, the application performs insufficient validation of data coming from the user from the POST resource[document][SQL_INJECTION_HERE] and POST login parameters found in /main/coursecopy/copy_course_session_selected.php, which allows an attacker to perform an attack aimed at modifying the database query logic by injecting an arbitrary SQL statements. This issue has been patched in version 1.11.30. | ||||
| CVE-2025-47385 | 2026-03-02 | 7.8 High | ||
| Memory Corruption when accessing trusted execution environment without proper privilege check. | ||||
| CVE-2025-50192 | 2026-03-02 | N/A | ||
| Chamilo is a learning management system. Prior to version 1.11.30, there is a time-based SQL Injection in found in /main/webservices/registration.soap.php. This issue has been patched in version 1.11.30. | ||||
| CVE-2025-52482 | 2026-03-02 | 8.3 High | ||
| Chamilo is a learning management system. Prior to version 1.11.30, a Stored XSS vulnerability exists in the glossary function, enabling all users with the Teachers role to inject JavaScript malicious code against the administrator. This issue has been patched in version 1.11.30. | ||||
| CVE-2025-59600 | 2026-03-02 | 7.8 High | ||
| Memory Corruption when adding user-supplied data without checking available buffer space. | ||||
| CVE-2025-59603 | 2026-03-02 | 7.8 High | ||
| Memory Corruption when processing invalid user address with nonstandard buffer address. | ||||
| CVE-2025-66880 | 2026-03-02 | 6.1 Medium | ||
| Cross Site Scripting vulnerability in Wethink Technology Inc 720yun pano-sdk 0.5.877 allows a remote attacker to execute arbitrary code via the LoginComp (Module 2093) and SignupComp (Module 2094) modules. | ||||
| CVE-2026-21385 | 2026-03-02 | 7.8 High | ||
| Memory corruption while using alignments for memory allocation. | ||||