Export limit exceeded: 76467 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (76467 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-29082 | 2 Kestra, Kestra-io | 2 Kestra, Kestra | 2026-03-10 | 7.3 High |
| Kestra is an event-driven orchestration platform. In versions from 1.1.10 and prior, Kestra’s execution-file preview renders user-supplied Markdown (.md) with markdown-it instantiated as html:true and injects the resulting HTML with Vue’s v-html without sanitisation. At time of publication, there are no publicly available patches. | ||||
| CVE-2026-3765 | 2 Angeljudesuarez, Itsourcecode | 2 University Management System, University Management System | 2026-03-10 | 7.3 High |
| A vulnerability was identified in itsourcecode University Management System 1.0. This affects an unknown function of the file /att_single_view.php. Such manipulation of the argument dt leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used. | ||||
| CVE-2026-3764 | 2 Lerouxyxchire, Sourcecodester | 2 Client Database Management System, Client Database Management System | 2026-03-10 | 7.3 High |
| A vulnerability was determined in SourceCodester Client Database Management System 1.0. The impacted element is an unknown function of the file /superadmin_user_update.php. This manipulation causes improper authorization. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-3769 | 1 Tenda | 2 F453, F453 Firmware | 2026-03-10 | 8.8 High |
| A vulnerability was detected in Tenda F453 1.0.0.3. Affected by this issue is the function WrlclientSet of the file /goform/WrlclientSet. The manipulation of the argument GO results in stack-based buffer overflow. The attack can be executed remotely. The exploit is now public and may be used. | ||||
| CVE-2026-3768 | 1 Tenda | 2 F453, F453 Firmware | 2026-03-10 | 8.8 High |
| A security vulnerability has been detected in Tenda F453 1.0.0.3. Affected by this vulnerability is the function formWrlExtraSet of the file /goform/WrlExtraSet. The manipulation of the argument GO leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2026-3787 | 3 Microsoft, Ultravnc, Uvnc | 3 Windows, Ultravnc, Ultravnc | 2026-03-10 | 7 High |
| A weakness has been identified in UltraVNC 1.6.4.0 on Windows. This affects an unknown function in the library cryptbase.dll of the component Windows Service. This manipulation causes uncontrolled search path. The attack requires local access. A high degree of complexity is needed for the attack. The exploitability is reported as difficult. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-3794 | 2 Doramart, Html-js | 2 Doracms, Doracms | 2026-03-10 | 7.3 High |
| A vulnerability was identified in doramart DoraCMS 3.0.x. This issue affects some unknown processing of the file /api/v1/mail/send of the component Email API. Such manipulation leads to improper authentication. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-20098 | 1 Cisco | 1 Meeting Management | 2026-03-10 | 8.8 High |
| A vulnerability in the Certificate Management feature of Cisco Meeting Management could allow an authenticated, remote attacker to upload arbitrary files, execute arbitrary commands, and elevate privileges to root on an affected system. This vulnerability is due to improper input validation in certain sections of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to upload arbitrary files to the affected system. The malicious files could overwrite system files that are processed by the root system account and allow arbitrary command execution with root privileges. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of video operator. | ||||
| CVE-2026-28392 | 1 Openclaw | 1 Openclaw | 2026-03-10 | 7.5 High |
| OpenClaw versions prior to 2026.2.14 contain a privilege escalation vulnerability in the Slack slash-command handler that incorrectly authorizes any direct message sender when dmPolicy is set to open (must be configured). Attackers can execute privileged slash commands via direct message to bypass allowlist and access-group restrictions. | ||||
| CVE-2026-28679 | 2 Home-gallery, Xemle | 2 Homegallery, Home-gallery | 2026-03-10 | 8.6 High |
| Home-Gallery.org is a self-hosted open-source web gallery to browse personal photos and videos. Prior to version 1.21.0, when a user requests a download, the application does not verify whether the requested file is located within the media source directory, which can result in sensitive system files being downloadable as well. This issue has been patched in version 1.21.0. | ||||
| CVE-2026-29182 | 2 Parse Community, Parseplatform | 2 Parse Server, Parse-server | 2026-03-10 | 7.2 High |
| Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.4 and 9.4.1-alpha.3, Parse Server's readOnlyMasterKey option allows access with master-level read privileges but is documented to deny all write operations. However, some endpoints incorrectly accept the readOnlyMasterKey for mutating operations. This allows a caller who only holds the readOnlyMasterKey to create, modify, and delete Cloud Hooks and to start Cloud Jobs, which can be used for data exfiltration. Any Parse Server deployment that uses the readOnlyMasterKey option is affected. Note than an attacker needs to know the readOnlyMasterKey to exploit this vulnerability. This issue has been patched in versions 8.6.4 and 9.4.1-alpha.3. | ||||
| CVE-2026-28405 | 1 Markusproject | 1 Markus | 2026-03-10 | 8 High |
| MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.1, the courses/<:course_id>/assignments/<:assignment_id>/submissions/html_content route reads the contents of a student-submitted file and renders them without sanitization. This issue has been patched in version 2.9.1. | ||||
| CVE-2026-28787 | 2 Hackerbay, Oneuptime | 2 Oneuptime, Oneuptime | 2026-03-10 | 8.2 High |
| OneUptime is a solution for monitoring and managing online services. In version 10.0.11 and prior, the WebAuthn authentication implementation does not store the challenge on the server side. Instead, the challenge is returned to the client and accepted back from the client request body during verification. This violates the WebAuthn specification (W3C Web Authentication Level 2, §13.4.3) and allows an attacker who has obtained a valid WebAuthn assertion (e.g., via XSS, MitM, or log exposure) to replay it indefinitely, completely bypassing the second-factor authentication. No known patches are available. | ||||
| CVE-2026-28799 | 1 Pjsip | 2 Pjproject, Pjsip | 2026-03-10 | 7.5 High |
| PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, a heap use-after-free vulnerability exists in PJSIP's event subscription framework (evsub.c) that is triggered during presence unsubscription (SUBSCRIBE with Expires=0). This issue has been patched in version 2.17. | ||||
| CVE-2025-70616 | 2 Dieboldnixdorf, Wincor | 2 Wnbios64.sys, Nixdorf | 2026-03-10 | 7.8 High |
| A stack buffer overflow vulnerability exists in the Wincor Nixdorf wnBios64.sys kernel driver (version 1.2.0.0) in the IOCTL handler for code 0x80102058. The vulnerability is caused by missing bounds checking on the user-controlled Options parameter before copying data into a 40-byte stack buffer (Src[40]) using memmove. An attacker with local access can exploit this vulnerability by sending a crafted IOCTL request with Options > 40, causing a stack buffer overflow that may lead to kernel code execution, local privilege escalation, or denial of service (system crash). Additionally, the same IOCTL handler can leak kernel addresses and other sensitive stack data when reading beyond the buffer boundaries. | ||||
| CVE-2025-66414 | 2 Lfprojects, Modelcontextprotocol | 2 Mcp Typescript Sdk, Typescript-sdk | 2026-03-10 | 8.1 High |
| MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients. Prior to 1.24.0, The Model Context Protocol (MCP) TypeScript SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without authentication with StreamableHTTPServerTransport or SSEServerTransport and has not enabled enableDnsRebindingProtection, a malicious website could exploit DNS rebinding to bypass same-origin policy restrictions and send requests to the local MCP server. This could allow an attacker to invoke tools or access resources exposed by the MCP server on behalf of the user in those limited circumstances. Note that running HTTP-based MCP servers locally without authentication is not recommended per MCP security best practices. This issue does not affect servers using stdio transport. This vulnerability is fixed in 1.24.0. | ||||
| CVE-2025-66416 | 2 Lfprojects, Modelcontextprotocol | 2 Mcp Python Sdk, Python-sdk | 2026-03-10 | 8.1 High |
| The MCP Python SDK, called `mcp` on PyPI, is a Python implementation of the Model Context Protocol (MCP). Prior to version 1.23.0, tThe Model Context Protocol (MCP) Python SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without authentication using FastMCP with streamable HTTP or SSE transport, and has not configured TransportSecuritySettings, a malicious website could exploit DNS rebinding to bypass same-origin policy restrictions and send requests to the local MCP server. This could allow an attacker to invoke tools or access resources exposed by the MCP server on behalf of the user in those limited circumstances. Note that running HTTP-based MCP servers locally without authentication is not recommended per MCP security best practices. This issue does not affect servers using stdio transport. This vulnerability is fixed in 1.23.0. | ||||
| CVE-2025-66468 | 1 Aimeos | 2 Ai-cms-grapesjs, Grapesjs Cms | 2026-03-10 | 7.7 High |
| The Aimeos GrapesJS CMS extension provides page editor for creating content pages based on extensible components. Prior to 2021.10.8, 2022.10.8, 2023.10.8, 2024.10.8, and 2025.10.8, Javascript code can be injected by malicious editors for a stored XSS attack if the standard Content Security Policy is disabled. This vulnerability is fixed in 2021.10.8, 2022.10.8, 2023.10.8, 2024.10.8, and 2025.10.8. | ||||
| CVE-2025-45691 | 2 Explodinggradients, Vibrantlabsai | 2 Ragas, Ragas | 2026-03-10 | 7.5 High |
| An Arbitrary File Read vulnerability exists in the ImageTextPromptValue class in Exploding Gradients RAGAS v0.2.3 to v0.2.14. The vulnerability stems from improper validation and sanitization of URLs supplied in the retrieved_contexts parameter when handling multimodal inputs. | ||||
| CVE-2026-29039 | 2 Dgtlmoon, Webtechnologies | 2 Changedetection.io, Changedetection | 2026-03-10 | 7.5 High |
| changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, the changedetection.io application allows users to specify XPath expressions as content filters via the include_filters field. These XPath expressions are processed using the elementpath library which implements XPath 3.0/3.1 specification. XPath 3.0 includes the unparsed-text() function which can read arbitrary files from the filesystem. The application does not validate or sanitize XPath expressions to block dangerous functions, allowing an attacker to read any file accessible to the application process. This issue has been patched in version 0.54.4. | ||||