Export limit exceeded: 341258 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 341258 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (341258 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-5119 | 1 Redhat | 1 Enterprise Linux | 2026-03-30 | 5.9 Medium |
| A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential session hijacking or user impersonation. | ||||
| CVE-2026-5014 | 1 Elecv2 | 1 Elecv2p | 2026-03-30 | 5.3 Medium |
| A vulnerability was found in elecV2 elecV2P up to 3.8.3. The affected element is the function path.join of the file /log/ of the component Wildcard Handler. The manipulation results in path traversal. The attack may be performed from remote. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2018-25226 | 1 Ftpshell | 1 Ftpshell Server | 2026-03-30 | 6.2 Medium |
| FTPShell Server 6.83 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the account name field. Attackers can trigger a denial of service by pasting a 417-byte payload into the 'Account name to ban' parameter within the Manage FTP Accounts interface. | ||||
| CVE-2018-25232 | 2026-03-30 | 5.5 Medium | ||
| Softros LAN Messenger 9.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the custom log files location field. Attackers can input a buffer of 2000 characters in the Log Files Location custom path parameter to trigger a crash when the OK button is clicked. | ||||
| CVE-2019-25655 | 2026-03-30 | 6.2 Medium | ||
| Device Monitoring Studio 8.10.00.8925 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the server connection dialog. Attackers can trigger the crash by entering a malformed server name or address containing repeated characters through the Tools menu Connect to New Server interface. | ||||
| CVE-2026-32915 | 1 Openclaw | 1 Openclaw | 2026-03-30 | 8.8 High |
| OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability allowing leaf subagents to access the subagents control surface and resolve against parent requester scope instead of their own session tree. A low-privilege sandboxed leaf worker can steer or kill sibling runs and cause execution with broader tool policies by exploiting insufficient authorization checks on subagent control requests. | ||||
| CVE-2026-32979 | 1 Openclaw | 1 Openclaw | 2026-03-30 | 7.3 High |
| OpenClaw before 2026.3.11 contains an approval integrity vulnerability allowing attackers to execute rewritten local code by modifying scripts between approval and execution when exact file binding cannot occur. Remote attackers can change approved local scripts before execution to achieve unintended code execution as the OpenClaw runtime user. | ||||
| CVE-2026-5102 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-03-30 | 6.3 Medium |
| A security flaw has been discovered in Totolink A3300R 17.0.0cu.557_b20221024. This vulnerability affects the function setSmartQosCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument qos_up_bw results in command injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2026-5013 | 1 Elecv2 | 1 Elecv2p | 2026-03-30 | 5.3 Medium |
| A vulnerability has been found in elecV2 elecV2P up to 3.8.3. Impacted is the function path.join of the file /store/:key. The manipulation of the argument URL leads to path traversal. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-5018 | 1 Code-projects | 1 Simple Food Order System | 2026-03-30 | 7.3 High |
| A weakness has been identified in code-projects Simple Food Order System 1.0. Affected is an unknown function of the file register-router.php of the component Parameter Handler. Executing a manipulation of the argument Name can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2026-5003 | 1 Promtengineer | 1 Localgpt | 2026-03-30 | 5.3 Medium |
| A vulnerability was found in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054. This affects the function handle_index of the file rag_system/api_server.py of the component Web Interface. Performing a manipulation results in information disclosure. It is possible to initiate the attack remotely. The exploit has been made public and could be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-4897 | 1 Redhat | 3 Enterprise Linux, Openshift, Openshift Container Platform | 2026-03-30 | 5.5 Medium |
| A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the `polkit-agent-helper-1` setuid binary via standard input (stdin). This unbounded input can lead to an out-of-memory (OOM) condition, resulting in a Denial of Service (DoS) for the system. | ||||
| CVE-2018-25221 | 1 Echatserver | 1 Echat Server | 2026-03-30 | 9.8 Critical |
| EChat Server 3.1 contains a buffer overflow vulnerability in the chat.ghp endpoint that allows remote attackers to execute arbitrary code by supplying an oversized username parameter. Attackers can send a GET request to chat.ghp with a malicious username value containing shellcode and ROP gadgets to achieve code execution in the application context. | ||||
| CVE-2017-20225 | 1 Ticalc | 1 Tiemu | 2026-03-30 | 9.8 Critical |
| TiEmu 2.08 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting inadequate boundary checks on user-supplied input. Attackers can trigger the overflow through command-line arguments passed to the application, leveraging ROP gadgets to bypass protections and execute shellcode in the application context. | ||||
| CVE-2026-33573 | 1 Openclaw | 1 Openclaw | 2026-03-30 | 8.8 High |
| OpenClaw before 2026.3.11 contains an authorization bypass vulnerability in the gateway agent RPC that allows authenticated operators with operator.write permission to override workspace boundaries by supplying attacker-controlled spawnedBy and workspaceDir values. Remote operators can escape the configured workspace boundary and execute arbitrary file and exec operations from any process-accessible directory. | ||||
| CVE-2026-33575 | 1 Openclaw | 1 Openclaw | 2026-03-30 | 7.5 High |
| OpenClaw before 2026.3.12 embeds long-lived shared gateway credentials directly in pairing setup codes generated by /pair endpoint and OpenClaw qr command. Attackers with access to leaked setup codes from chat history, logs, or screenshots can recover and reuse the shared gateway credential outside the intended one-time pairing flow. | ||||
| CVE-2016-20044 | 1 Pinfo | 1 Pinfo | 2026-03-30 | 8.4 High |
| PInfo 0.6.9-5.1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -m parameter. Attackers can craft a malicious input string with 564 bytes of padding followed by a return address to overwrite the instruction pointer and execute shellcode with user privileges. | ||||
| CVE-2016-20038 | 1 Werner | 1 Ytree | 2026-03-30 | 8.4 High |
| yTree 1.94-1.1 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an excessively long argument to the application. Attackers can craft a malicious command-line argument containing shellcode and a return address to overwrite the stack and execute code in the application context. | ||||
| CVE-2026-4998 | 1 Sinaptik Ai | 1 Pandasai | 2026-03-30 | 7.3 High |
| A weakness has been identified in Sinaptik AI PandasAI up to 3.0.0. This vulnerability affects the function CodeExecutor.execute of the file pandasai/core/code_execution/code_executor.py of the component Chat Message Handler. Executing a manipulation can lead to code injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-4985 | 1 Dloebl | 1 Cgif | 2026-03-30 | 4.3 Medium |
| A vulnerability was identified in dloebl CGIF up to 0.5.2. This vulnerability affects the function cgif_addframe of the file src/cgif.c of the component GIF Image Handler. The manipulation of the argument width/height leads to integer overflow. The attack may be initiated remotely. The identifier of the patch is b0ba830093f4317a5d1f345715d2fa3cd2dab474. It is suggested to install a patch to address this issue. | ||||