Export limit exceeded: 337606 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (337606 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-30969 | 1 Coral-protocol | 1 Coral-server | 2026-03-11 | N/A |
| Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The Internet of Agents. Prior to 1.1.0, Coral Server did not enforce strong authentication between agents and the server within an active session. This could allow an attacker who obtained or predicted a session identifier to impersonate an agent or join an existing session. This vulnerability is fixed in 1.1.0. | ||||
| CVE-2026-30970 | 1 Coral-protocol | 1 Coral-server | 2026-03-11 | N/A |
| Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The Internet of Agents. Prior to 1.1.0, Coral Server allowed the creation of agent sessions through the /api/v1/sessions endpoint without strong authentication. This endpoint performs resource-intensive initialization operations including container spawning and memory context creation. An attacker capable of accessing the endpoint could create sessions or consume system resources without proper authorization. This vulnerability is fixed in 1.1.0. | ||||
| CVE-2026-30978 | 1 Internationalcolorconsortium | 1 Iccdev | 2026-03-11 | 7.8 High |
| iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-use-after-free in CIccCmm::AddXform() causing invalid vptr dereference and crash. This vulnerability is fixed in 2.3.1.5. | ||||
| CVE-2026-30981 | 1 Internationalcolorconsortium | 1 Iccdev | 2026-03-11 | 6.1 Medium |
| iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-buffer-overflow read in CIccXmlArrayType<>::DumpArray() causing out-of-bounds read and/or crash. This vulnerability is fixed in 2.3.1.5. | ||||
| CVE-2026-30982 | 1 Internationalcolorconsortium | 1 Iccdev | 2026-03-11 | 6.1 Medium |
| iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap out-of-bounds read in CIccPcsXform::pushXYZConvert() causing crash and potentially leaking memory contents. This vulnerability is fixed in 2.3.1.5. | ||||
| CVE-2026-30983 | 1 Internationalcolorconsortium | 1 Iccdev | 2026-03-11 | 7.8 High |
| iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack buffer overflow in icFixXml() (strcpy) causing stack memory corruption or crash. This vulnerability is fixed in 2.3.1.5. | ||||
| CVE-2026-30985 | 1 Internationalcolorconsortium | 1 Iccdev | 2026-03-11 | 7.8 High |
| iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-based buffer overflow write in CIccMatrixMath::SetRange() causing memory corruption or crash. This vulnerability is fixed in 2.3.1.5. | ||||
| CVE-2026-30986 | 1 Internationalcolorconsortium | 1 Iccdev | 2026-03-11 | 5.5 Medium |
| iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-based buffer overflow write in CIccMatrixMath::SetRange() causing memory corruption or crash. This vulnerability is fixed in 2.3.1.5. | ||||
| CVE-2026-31792 | 1 Internationalcolorconsortium | 1 Iccdev | 2026-03-11 | 7.8 High |
| iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a null pointer dereference in CIccTagXmlStruct::ParseTag() causing a segmentation fault or denial of service. This vulnerability is fixed in 2.3.1.5. | ||||
| CVE-2026-3228 | 2 Nextscripts, Wordpress | 2 Social Networks Auto Poster, Wordpress | 2026-03-11 | 6.4 Medium |
| The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `[nxs_fbembed]` shortcode in all versions up to, and including, 4.4.6. This is due to insufficient input sanitization and output escaping on the `snapFB` post meta value. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2026-3315 | 1 Assa Abloy | 1 Visionline | 2026-03-11 | N/A |
| Incorrect Default Permissions, : Execution with Unnecessary Privileges, : Incorrect Permission Assignment for Critical Resource vulnerability in ASSA ABLOY Visionline on Windows allows Configuration/Environment Manipulation.This issue affects Visionline: from 1.0 before 1.33. | ||||
| CVE-2026-3843 | 1 Nefteprodukttekhnika Llc | 1 Buk Ts-g Gas Station Automation System | 2026-03-11 | 9.8 Critical |
| Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 on Linux contains a SQL Injection vulnerability (CWE-89) in the system configuration module. A remote attacker can send specially crafted HTTP POST requests to the /php/request.php endpoint via the sql parameter in application/x-www-form-urlencoded data (e.g., action=do&sql=<query_here>&reload_driver=0) to execute arbitrary SQL commands and potentially achieve remote code execution. | ||||
| CVE-2026-25569 | 1 Siemens | 1 Sicam Siapp Sdk | 2026-03-11 | 7.4 High |
| A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). An out-of-bounds write vulnerability exists in SICAM SIAPP SDK. This could allow an attacker to write data beyond the intended buffer, potentially leading to denial of service, or arbitrary code execution. | ||||
| CVE-2026-25573 | 1 Siemens | 1 Sicam Siapp Sdk | 2026-03-11 | 7.4 High |
| A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The affected application builds shell commands with caller-provided strings and executes them. An attacker could influence the executed command, potentially resulting in command injection and full system compromise. | ||||
| CVE-2026-26738 | 1 Uderzo Software | 1 Spacesniffer | 2026-03-11 | 7.8 High |
| Buffer Overflow vulnerability in Uderzo Software SpaceSniffer v.2.0.5.18 allows a remote attacker to execute arbitrary code via a crafted .sns snapshot file. | ||||
| CVE-2026-30930 | 1 Nicolargo | 1 Glances | 2026-03-11 | N/A |
| Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, The TimescaleDB export module constructs SQL queries using string concatenation with unsanitized system monitoring data. The normalize() method wraps string values in single quotes but does not escape embedded single quotes, making SQL injection trivial via attacker-controlled data such as process names, filesystem mount points, network interface names, or container names. This vulnerability is fixed in 4.5.1. | ||||
| CVE-2026-30934 | 1 Gtsteffaniak | 1 Filebrowser | 2026-03-11 | 8.9 High |
| FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, Stored XSS is possible via share metadata fields (e.g., title, description) that are rendered into HTML for /public/share/<hash> without context-aware escaping. The server uses text/template instead of html/template, allowing injected scripts to execute when victims visit the share URL. This vulnerability is fixed in 1.3.1-beta and 1.2.2-stable. | ||||
| CVE-2026-30958 | 1 Oneuptime | 1 Oneuptime | 2026-03-11 | 7.2 High |
| OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, an unauthenticated path traversal in the /workflow/docs/:componentName endpoint allows reading arbitrary files from the server filesystem. The componentName route parameter is concatenated directly into a file path passed to res.sendFile() in orker/FeatureSet/Workflow/Index.ts with no sanitization or authentication middleware. This vulnerability is fixed in 10.0.21. | ||||
| CVE-2026-30968 | 1 Coral-protocol | 1 Coral-server | 2026-03-11 | N/A |
| Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The Internet of Agents. Prior to 1.1.0, the SSE endpoint (/sse/v1/...) in Coral Server did not strongly validate that a connecting agent was a legitimate participant in the session. This could theoretically allow unauthorized message injection or observation. This vulnerability is fixed in 1.1.0. | ||||
| CVE-2026-30984 | 1 Internationalcolorconsortium | 1 Iccdev | 2026-03-11 | 6.1 Medium |
| iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap out-of-bounds read in CIccCalculatorFunc::ApplySequence() causing an application crash. This vulnerability is fixed in 2.3.1.5. | ||||