Export limit exceeded: 334826 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (334826 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-2033 | 1 Mlflow | 1 Mlflow | 2026-02-25 | N/A |
| MLflow Tracking Server Artifact Handler Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MLflow Tracking Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of artifact file paths. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-26649. | ||||
| CVE-2026-2043 | 1 Nagios | 2 Host, Nagios Xi | 2026-02-25 | 8.8 High |
| Nagios Host esensors_websensor_configwizard_func Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vulnerability. The specific flaw exists within the esensors_websensor_configwizard_func method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-28249. | ||||
| CVE-2026-2041 | 1 Nagios | 2 Host, Nagios Xi | 2026-02-25 | 8.8 High |
| Nagios Host zabbixagent_configwizard_func Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vulnerability. The specific flaw exists within the zabbixagent_configwizard_func method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-28250. | ||||
| CVE-2026-2042 | 1 Nagios | 2 Host, Nagios Xi | 2026-02-25 | 8.8 High |
| Nagios Host monitoringwizard Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vulnerability. The specific flaw exists within the monitoringwizard module. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-28245. | ||||
| CVE-2026-0777 | 1 Xmind | 1 Xmind | 2026-02-25 | N/A |
| Xmind Attachment Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xmind. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of attachments. When opening an attachment, the user interface fails to warn the user of unsafe actions. An attacker can leverage this vulnerability to execute code in the context of current user. Was ZDI-CAN-26034. | ||||
| CVE-2026-0797 | 1 Gimp | 1 Gimp | 2026-02-25 | 8.8 High |
| GIMP ICO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ICO files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28599. | ||||
| CVE-2026-25108 | 2 Soliton, Soliton Systems K.k. | 2 Filezen, Filezen | 2026-02-25 | 8.8 High |
| FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in user may send a specially crafted HTTP request to execute an arbitrary OS command. | ||||
| CVE-2026-3184 | 2026-02-25 | 3.7 Low | ||
| No description is available for this CVE. | ||||
| CVE-2025-14905 | 1 Redhat | 3 Directory Server, Enterprise Linux, Redhat Directory Server | 2026-02-25 | 7.2 High |
| A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the `schema_attr_enum_callback` function within the `schema.c` file. This occurs because the code incorrectly calculates the buffer size by summing alias string lengths without accounting for additional formatting characters. When a large number of aliases are processed, this oversight can lead to a heap overflow, potentially allowing a remote attacker to cause a Denial of Service (DoS) or achieve Remote Code Execution (RCE). | ||||
| CVE-2026-25404 | 2 Automattic, Wordpress | 2 Wp Job Manager, Wordpress | 2026-02-24 | 5.3 Medium |
| Missing Authorization vulnerability in Automattic WP Job Manager wp-job-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Manager: from n/a through <= 2.4.0. | ||||
| CVE-2026-22346 | 2 A Wp Life, Wordpress | 2 Slider Responsive Slideshow – Image Slider, Gallery Slideshow, Wordpress | 2026-02-24 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in A WP Life Slider Responsive Slideshow – Image slider, Gallery slideshow slider-responsive-slideshow allows Object Injection.This issue affects Slider Responsive Slideshow – Image slider, Gallery slideshow: from n/a through <= 1.5.4. | ||||
| CVE-2026-22345 | 2 A Wp Life, Wordpress | 2 Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery, Wordpress | 2026-02-24 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in A WP Life Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery new-image-gallery allows Object Injection.This issue affects Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery: from n/a through <= 1.6.0. | ||||
| CVE-2025-69405 | 2 Themerex, Wordpress | 2 Lorem Ipsum | Books & Media Store, Wordpress | 2026-02-24 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in ThemeREX Lorem Ipsum | Books & Media Store lorem-ipsum-books-media-store allows Object Injection.This issue affects Lorem Ipsum | Books & Media Store: from n/a through <= 1.2.6. | ||||
| CVE-2025-69404 | 2 Themerex, Wordpress | 2 Extreme Store, Wordpress | 2026-02-24 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in ThemeREX Extreme Store extremestore allows Object Injection.This issue affects Extreme Store: from n/a through <= 1.5.7. | ||||
| CVE-2025-69382 | 2 Themesflat, Wordpress | 2 Themesflat Addons For Elementor, Wordpress | 2026-02-24 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in themesflat Themesflat Elementor themesflat-elementor allows Object Injection.This issue affects Themesflat Elementor: from n/a through <= 1.0.1. | ||||
| CVE-2025-69372 | 2 Ancorathemes, Wordpress | 2 Sevenhills, Wordpress | 2026-02-24 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in AncoraThemes SevenHills sevenhills allows Object Injection.This issue affects SevenHills: from n/a through <= 1.6.2. | ||||
| CVE-2025-69371 | 2 Ancorathemes, Wordpress | 2 Kindlycare, Wordpress | 2026-02-24 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in AncoraThemes KindlyCare kindlycare allows Object Injection.This issue affects KindlyCare: from n/a through <= 1.6.1. | ||||
| CVE-2025-69370 | 2 Themegoods, Wordpress | 2 Capella, Wordpress | 2026-02-24 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in ThemeGoods Capella capella allows Object Injection.This issue affects Capella: from n/a through <= 2.5.5. | ||||
| CVE-2025-69301 | 2 Themegoods, Wordpress | 2 Photome, Wordpress | 2026-02-24 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in ThemeGoods PhotoMe photome allows Object Injection.This issue affects PhotoMe: from n/a through <= 5.6.11. | ||||
| CVE-2025-69297 | 2 Ghostpool, Wordpress | 2 Aardvark Plugin, Wordpress | 2026-02-24 | 7.5 High |
| Missing Authorization vulnerability in GhostPool Aardvark Plugin aardvark-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aardvark Plugin: from n/a through <= 2.19. | ||||