Export limit exceeded: 340708 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (340708 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-1395 | 1 Codriapp | 1 Heygarson | 2026-03-25 | 8.2 High |
| Generation of Error Message Containing Sensitive Information vulnerability in Codriapp Innovation and Software Technologies Inc. HeyGarson allows Fuzzing for application mapping.This issue affects HeyGarson: through 30012026. NOTE: The vendor was contacted several times to verifying fixing process but did not respond in any way. | ||||
| CVE-2024-42159 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Linux | 2026-03-25 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Sanitise num_phys Information is stored in mr_sas_port->phy_mask, values larger then size of this field shouldn't be allowed. | ||||
| CVE-2026-32888 | 1 Opensourcepos | 1 Opensourcepos | 2026-03-25 | 8.8 High |
| Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Versions contain an SQL Injection in the Items search functionality. When the custom attribute search feature is enabled (search_custom filter), user-supplied input from the search GET parameter is interpolated directly into a HAVING clause without parameterization or sanitization. This allows an authenticated attacker with basic item search permissions to execute arbitrary SQL queries. A patch did not exist at the time of publication. | ||||
| CVE-2025-4686 | 1 Kodmatic | 1 Online Exam And Assessment | 2026-03-25 | 8.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kodmatic Computer Software Tourism Construction Industry and Trade Ltd. Co. Online Exam and Assessment allows SQL Injection.This issue affects Online Exam and Assessment: through 30012026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-8456 | 1 Kod8 | 1 Kod8 Individual And Sme Website | 2026-03-25 | 7.6 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kod8 Software Technologies Trade Ltd. Co. Kod8 Individual and SME Website allows Reflected XSS.This issue affects Kod8 Individual and SME Website: through 03022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-8461 | 1 Seres Software | 1 Syweb | 2026-03-25 | 7.6 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Seres Software syWEB allows Reflected XSS.This issue affects syWEB: through 03022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-33013 | 2 Micronaut-projects, Objectcomputing | 2 Micronaut-core, Micronaut | 2026-03-25 | 7.5 High |
| Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. Versions prior to both 4.10.16 and 3.10.5 do not correctly handle descending array index order during form-urlencoded body binding in theJsonBeanPropertyBinder::expandArrayToThreshold, which allows remote attackers to cause a DoS (non-terminating loop, CPU exhaustion, and OutOfMemoryError) via crafted indexed form parameters (e.g., authors[1].name followed by authors[0].name). This issue has been fixed in versions 4.10.16 and 3.10.5. | ||||
| CVE-2025-6397 | 1 Ankara Hosting Website Design | 1 Website Software | 2026-03-25 | 8.6 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ankara Hosting Website Design Website Software allows Reflected XSS.This issue affects Website Software: through 03022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-1536 | 2 Gnome, Redhat | 2 Libsoup, Enterprise Linux | 2026-03-25 | 5.8 Medium |
| A flaw was found in libsoup. An attacker who can control the input for the Content-Disposition header can inject CRLF (Carriage Return Line Feed) sequences into the header value. These sequences are then interpreted verbatim when the HTTP request or response is constructed, allowing arbitrary HTTP headers to be injected. This vulnerability can lead to HTTP header injection or HTTP response splitting without requiring authentication or user interaction. | ||||
| CVE-2025-7760 | 1 Ofisimo | 1 Association Web Package Flora | 2026-03-25 | 7.6 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ofisimo Web-Based Software Technologies Association Web Package Flora allows XSS Through HTTP Headers.This issue affects Association Web Package Flora: from v3.0 through 03022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-3849 | 1 Wolfssl | 1 Wolfssl | 2026-03-25 | N/A |
| Stack Buffer Overflow in wc_HpkeLabeledExtract via Oversized ECH Config. A vulnerability existed in wolfSSL 5.8.4 ECH (Encrypted Client Hello) support, where a maliciously crafted ECH config could cause a stack buffer overflow on the client side, leading to potential remote execution and client program crash. This could be exploited by a malicious TLS server supporting ECH. Note that ECH is off by default, and is only enabled with enable-ech. | ||||
| CVE-2024-35862 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-03-25 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in smb2_is_network_name_deleted() Skip sessions that are being teared down (status == SES_EXITING) to avoid UAF. | ||||
| CVE-2025-5319 | 1 Emit | 1 Efficiency Management System | 2026-03-25 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Emit Informatics and Communication Technologies Industry and Trade Ltd. Co. DIGITA Efficiency Management System allows SQL Injection.This issue affects DIGITA Efficiency Management System: through 03022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-30836 | 1 Smallstep | 1 Certificates | 2026-03-25 | 10 Critical |
| Step CA is an online certificate authority for secure, automated certificate management for DevOps. Versions 0.30.0-rc6 and below do not safeguard against unauthenticated certificate issuance through the SCEP UpdateReq. This issue has been fixed in version 0.30.0. | ||||
| CVE-2025-5329 | 1 Martcode | 1 Delta Course Automation | 2026-03-25 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Martcode Software Inc. Delta Course Automation allows SQL Injection.This issue affects Delta Course Automation: through 04022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-7708 | 1 Atlas Educational Software Industry | 1 K12net | 2026-03-25 | 6.8 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in Atlas Educational Software Industry Ltd. Co. K12net allows Communication Channel Manipulation.This issue affects k12net: through 09022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-4428 | 1 Aws | 2 Aws-lc, Aws-lc-fips | 2026-03-25 | 7.4 High |
| A logic error in CRL distribution point validation in AWS-LC before 1.71.0 causes partitioned CRLs to be incorrectly rejected as out of scope, which allows a revoked certificate to bypass certificate revocation checks. To remediate this issue, users should upgrade to AWS-LC 1.71.0 or AWS-LC-FIPS-3.3.0. | ||||
| CVE-2025-6967 | 1 Sarman Soft Software And Technology Services Industry And Trade Ltd. Co. | 1 Cms | 2026-03-25 | 8.7 High |
| Execution After Redirect (EAR) vulnerability in Sarman Soft Software and Technology Services Industry and Trade Ltd. Co. CMS allows JSON Hijacking (aka JavaScript Hijacking), Authentication Bypass.This issue affects CMS: through 10022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-1539 | 2 Gnome, Redhat | 2 Libsoup, Enterprise Linux | 2026-03-25 | 5.8 Medium |
| A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different host. As a result, sensitive proxy credentials may be leaked to third-party servers. Applications using libsoup for HTTP communication may unintentionally expose proxy authentication data. | ||||
| CVE-2025-7347 | 1 Dinibh Puzzle Software Solutions | 1 Dinibh Patrol Tracking System | 2026-03-25 | 8.8 High |
| Authorization Bypass Through User-Controlled Key vulnerability in Dinibh Puzzle Software Solutions Dinibh Patrol Tracking System allows Exploitation of Trusted Identifiers.This issue affects Dinibh Patrol Tracking System: through 10022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||