Export limit exceeded: 10300 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10300 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-53914 | 1 Ulicms | 1 Ulicms | 2026-03-05 | 9.8 Critical |
| UliCMS 2023.1 contains an authentication bypass vulnerability that allows unauthenticated attackers to create admin users through mass assignment in the UserController. Attackers can send a crafted POST request to the admin index.php endpoint with specific parameters to generate an administrative account with full system access. | ||||
| CVE-2023-53901 | 1 Wbce | 1 Wbce Cms | 2026-03-05 | 5.4 Medium |
| WBCE CMS 1.6.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious HTML and CSS to capture user keystrokes. Attackers can upload a crafted HTML file with CSS-based keylogging techniques to intercept password characters through background image requests. | ||||
| CVE-2021-47721 | 1 Orangescrum | 1 Orangescrum | 2026-03-05 | 8.8 High |
| Orangescrum 1.8.0 contains a privilege escalation vulnerability that allows authenticated users to take over other project-assigned accounts by manipulating session cookies. Attackers can extract the victim's unique ID from the page source and replace their own session cookie to gain unauthorized access to another user's account. | ||||
| CVE-2019-25235 | 1 Smartwares | 1 Home Easy | 2026-03-05 | 9.8 Critical |
| Smartwares HOME easy 1.0.9 contains an authentication bypass vulnerability that allows unauthenticated attackers to access administrative web pages by disabling JavaScript. Attackers can navigate to multiple administrative endpoints and to bypass client-side validation and access sensitive system information. | ||||
| CVE-2026-29069 | 1 Craftcms | 2 Craft Cms, Craftcms | 2026-03-05 | 5.3 Medium |
| Craft is a content management system (CMS). Prior to 5.9.0-beta.2 and 4.17.0-beta.2, the actionSendActivationEmail() endpoint is accessible to unauthenticated users and does not require a permission check for pending users. An attacker with no prior access can trigger activation emails for any pending user account by knowing or guessing the user ID. If the attacker controls the target user’s email address, they can activate the account and gain access to the system. This vulnerability is fixed in 5.9.0-beta.2 and 4.17.0-beta.2. | ||||
| CVE-2026-3388 | 2 Albertodemichelis, Squirrel-lang | 2 Squirrel, Squirrel | 2026-03-05 | 3.3 Low |
| A vulnerability was found in Squirrel up to 3.2. This affects the function SQCompiler::Factor/SQCompiler::UnaryOP of the file squirrel/sqcompiler.cpp. Performing a manipulation results in uncontrolled recursion. The attack needs to be approached locally. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-26342 | 2 Iptime, Tattile | 25 Smart Firmware, Anpr Mobile, Anpr Mobile Firmware and 22 more | 2026-03-05 | 9.8 Critical |
| Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior implement an authentication token (X-User-Token) with insufficient expiration. An attacker who obtains a valid token (for example via interception, log exposure, or token reuse on a shared system) can continue to authenticate to the management interface until the token is revoked, enabling unauthorized access to device functions and data. | ||||
| CVE-2026-26234 | 2 Albrecht Jung, Jung-group | 3 Jung Smart Visu Server, Smart Visu Server, Smart Visu Server Firmware | 2026-03-05 | 8.8 High |
| JUNG Smart Visu Server 1.1.1050 contains a request header manipulation vulnerability that allows unauthenticated attackers to override request URLs by injecting arbitrary values in the X-Forwarded-Host header. Attackers can manipulate proxied requests to generate tainted responses, enabling cache poisoning, potential phishing, and redirecting users to malicious domains. | ||||
| CVE-2026-25567 | 1 Wekan Project | 1 Wekan | 2026-03-05 | 4.3 Medium |
| WeKan versions prior to 8.19 contain an insecure direct object reference (IDOR) in the card comment creation API. The endpoint accepts an authorId from the request body, allowing an authenticated user to spoof the recorded comment author by supplying another user's identifier. | ||||
| CVE-2026-25564 | 1 Wekan Project | 1 Wekan | 2026-03-05 | 7.5 High |
| WeKan versions prior to 8.19 contain an insecure direct object reference (IDOR) in checklist creation and related checklist routes. The implementation does not verify that the supplied cardId belongs to the supplied boardId, allowing cross-board ID tampering by manipulating identifiers. | ||||
| CVE-2026-25563 | 1 Wekan Project | 1 Wekan | 2026-03-05 | 7.5 High |
| WeKan versions prior to 8.19 contain an insecure direct object reference (IDOR) in checklist creation and related checklist routes. The implementation does not verify that the supplied cardId belongs to the supplied boardId, allowing cross-board ID tampering by manipulating identifiers. | ||||
| CVE-2026-24443 | 1 Netikus | 1 Eventsentry | 2026-03-05 | 8.8 High |
| EventSentry versions prior to 6.0.1.20 contain an unverified password change vulnerability in the account management functionality of the Web Reports interface. The password change mechanism does not require validation of the current password before allowing a new password to be set. An attacker who gains temporary access to an authenticated user session can change the account password without knowledge of the original credentials. This enables persistent account takeover and, if administrative accounts are affected, may result in privilege escalation. | ||||
| CVE-2026-24440 | 1 Tenda | 2 W30e, W30e Firmware | 2026-03-05 | 8.8 High |
| Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) allow account passwords to be changed through the maintenance interface without requiring verification of the existing password. This enables unauthorized password changes when access to the affected endpoint is obtained. | ||||
| CVE-2026-23763 | 2 Twistedmatrix, Vb-audio Software | 3 Twistedweb, Matrix, Matrix Coconut | 2026-03-05 | N/A |
| VB-Audio Matrix and Matrix Coconut (versions ending in 1.0.2.2 and 2.0.2.2 and earlier, respectively), contain a local privilege escalation vulnerability in the VBMatrix VAIO virtual audio driver (vbmatrixvaio64*_win10.sys). The driver allocates a 128-byte non-paged pool buffer and, upon receiving IOCTL 0x222060, maps it into user space using an MDL and MmMapLockedPagesSpecifyCache. Because the allocation size is not page-aligned, the mapping exposes the entire 0x1000-byte kernel page containing the buffer plus adjacent non-paged pool allocations with read/write permissions. An unprivileged local attacker can open a device handle (using the required 0x800 attribute flag), invoke the IOCTL to obtain the mapping, and then read or modify live kernel objects and pointers present on that page. This enables bypass of KASLR, arbitrary kernel memory read/write within the exposed page, corruption of kernel objects, and escalation to SYSTEM. | ||||
| CVE-2026-23754 | 1 Dlink | 1 D-view 8 | 2026-03-05 | 8.8 High |
| D-Link D-View 8 versions 2.0.1.107 and below contain an improper access control vulnerability in backend API endpoints. Any authenticated user can supply an arbitrary user_id value to retrieve sensitive credential data belonging to other users, including super administrators. The exposed credential material can be reused directly as a valid authentication secret, allowing full impersonation of the targeted account. This results in complete account takeover and full administrative control over the D-View system. | ||||
| CVE-2025-71244 | 1 Spip | 1 Spip | 2026-03-05 | 6.1 Medium |
| SPIP before 4.4.5 and 4.3.9 allows an Open Redirect via the login form when used in AJAX mode. An attacker can craft a malicious URL that, when visited by a victim, redirects them to an arbitrary external site after login. This vulnerability only affects sites where the login page has been overridden to function in AJAX mode. It is not mitigated by the SPIP security screen. | ||||
| CVE-2022-50910 | 2 Beehive Forum, Beehiveforum | 2 Beehive Forum, Beehive Forum | 2026-03-05 | 9.8 Critical |
| Beehive Forum 1.5.2 contains a host header injection vulnerability in the forgot password functionality that allows attackers to manipulate password reset requests. Attackers can inject a malicious host header to intercept password reset tokens and change victim account passwords without direct authentication. | ||||
| CVE-2022-50899 | 3 Geonetwork, Geonetwork-opensource, Osgeo | 3 Opensource, Geonetwork, Geonetwork | 2026-03-05 | 6.5 Medium |
| Geonetwork 3.10 through 4.2.0 contains an XML external entity vulnerability in PDF rendering that allows attackers to retrieve arbitrary files from the server. Attackers can exploit the insecure XML parser by crafting a malicious XML document with external entity references to read system files through the baseURL parameter in PDF creation requests. | ||||
| CVE-2020-37192 | 2 Password-solutions, Top Password Software | 2 Office Password Recovery, Msn Password Recovery | 2026-03-05 | 6.2 Medium |
| MSN Password Recovery 1.30 contains an XML external entity injection vulnerability that allows attackers to read local system files through crafted XML input. Attackers can exploit the 'Favorites' tab by injecting a malicious XML file that references external entities to retrieve sensitive system configuration information. | ||||
| CVE-2020-37094 | 1 Espocrm | 1 Espocrm | 2026-03-05 | 9.8 Critical |
| EspoCRM 5.8.5 contains an authentication vulnerability that allows attackers to access other user accounts by manipulating authorization headers. Attackers can decode and modify Basic Authorization and Espo-Authorization tokens to gain unauthorized access to administrative user information and privileges. | ||||