Export limit exceeded: 340656 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (340656 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-33353 | 2 Charm, Charmbracelet | 2 Soft Serve, Soft-serve | 2026-03-26 | 6.5 Medium |
| Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0.11.6, an authorization flaw in repo import allows any authenticated SSH user to clone a server-local Git repository, including another user's private repo, into a new repository they control. This issue has been patched in version 0.11.6. | ||||
| CVE-2026-33412 | 1 Vim | 1 Vim | 2026-03-26 | 5.6 Medium |
| Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob() function on Unix-like systems. By including a newline character (\n) in a pattern passed to glob(), an attacker may be able to execute arbitrary shell commands. This vulnerability depends on the user's 'shell' setting. This issue has been patched in version 9.2.0202. | ||||
| CVE-2025-33247 | 1 Nvidia | 1 Megatron-lm | 2026-03-26 | 7.8 High |
| NVIDIA Megatron LM contains a vulnerability in quantization configuration loading, which could allow remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. | ||||
| CVE-2025-33248 | 1 Nvidia | 1 Megatron-lm | 2026-03-26 | 7.8 High |
| NVIDIA Megatron-LM contains a vulnerability in the hybrid conversion script where an Attacker may cause an RCE by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering. | ||||
| CVE-2026-24150 | 1 Nvidia | 1 Megatron-lm | 2026-03-26 | 7.8 High |
| NVIDIA Megatron-LM contains a vulnerability in checkpoint loading where an Attacker may cause an RCE by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering. | ||||
| CVE-2026-24151 | 1 Nvidia | 1 Megatron-lm | 2026-03-26 | 7.8 High |
| NVIDIA Megatron-LM contains a vulnerability in inferencing where an Attacker may cause an RCE by convincing a user to load a maliciously crafted input. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering. | ||||
| CVE-2026-24152 | 1 Nvidia | 1 Megatron-lm | 2026-03-26 | 7.8 High |
| NVIDIA Megatron-LM contains a vulnerability in checkpoint loading where an Attacker may cause an RCE by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering. | ||||
| CVE-2026-3889 | 1 Mozilla | 1 Thunderbird | 2026-03-26 | 6.5 Medium |
| Spoofing issue in Thunderbird. This vulnerability affects Thunderbird < 149 and Thunderbird < 140.9. | ||||
| CVE-2026-4371 | 1 Mozilla | 1 Thunderbird | 2026-03-26 | 7.4 High |
| A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were compromised, an attacker could cause the parser to malfunction, potentially crashing Thunderbird or leaking sensitive data. This vulnerability affects Thunderbird < 149 and Thunderbird < 140.9. | ||||
| CVE-2026-26830 | 1 Mooz | 1 Pdf-image | 2026-03-26 | 9.8 Critical |
| pdf-image (npm package) through version 2.0.0 allows OS command injection via the pdfFilePath parameter. The constructGetInfoCommand and constructConvertCommandForPage functions use util.format() to interpolate user-controlled file paths into shell command strings that are executed via child_process.exec() | ||||
| CVE-2026-26831 | 1 Dbashford | 1 Textract | 2026-03-26 | N/A |
| textract through 2.5.0 is vulnerable to OS Command Injection via the file path parameter in multiple extractors. When processing files with malicious filenames, the filePath is passed directly to child_process.exec() in lib/extractors/doc.js, rtf.js, dxf.js, images.js, and lib/util.js with inadequate sanitization | ||||
| CVE-2026-26833 | 1 Mmahrous | 1 Thumbler | 2026-03-26 | N/A |
| thumbler through 1.1.2 allows OS command injection via the input, output, time, or size parameter in the thumbnail() function because user input is concatenated into a shell command string passed to child_process.exec() without proper sanitization or escaping. | ||||
| CVE-2026-30587 | 1 Seafile | 1 Seafile | 2026-03-26 | 6.3 Medium |
| Multiple Stored XSS vulnerabilities exist in Seafile Server version 13.0.15,13.0.16-pro,12.0.14 and prior and fixed in 13.0.17, 13.0.17-pro, and 12.0.20-pro, via the Seadoc (sdoc) editor. The application fails to properly sanitize WebSocket messages regarding document structure updates. This allows authenticated remote attackers to inject malicious JavaScript payloads via the src attribute of embedded Excalidraw whiteboards or the href attribute of anchor tags | ||||
| CVE-2025-70888 | 1 Mtrojnar | 1 Osslsigncode | 2026-03-26 | 10.0 Critical |
| An issue in mtrojnar Osslsigncode affected at v2.10 and before allows a remote attacker to escalate privileges via the osslsigncode.c component | ||||
| CVE-2026-20651 | 1 Apple | 1 Macos | 2026-03-26 | 6.2 Medium |
| A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.4, macOS Tahoe 26.3. An app may be able to access sensitive user data. | ||||
| CVE-2026-28871 | 1 Apple | 3 Ios And Ipados, Macos, Safari | 2026-03-26 | N/A |
| A logic issue was addressed with improved checks. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4. Visiting a maliciously crafted website may lead to a cross-site scripting attack. | ||||
| CVE-2026-28826 | 1 Apple | 1 Macos | 2026-03-26 | 4 Medium |
| A logic issue was addressed with improved restrictions. This issue is fixed in macOS Tahoe 26.4. A malicious app may be able to break out of its sandbox. | ||||
| CVE-2026-28867 | 1 Apple | 5 Ios And Ipados, Macos, Tvos and 2 more | 2026-03-26 | N/A |
| This issue was addressed with improved authentication. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to leak sensitive kernel state. | ||||
| CVE-2026-28892 | 1 Apple | 1 Macos | 2026-03-26 | N/A |
| A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to modify protected parts of the file system. | ||||
| CVE-2026-20688 | 1 Apple | 3 Ios And Ipados, Macos, Visionos | 2026-03-26 | N/A |
| A path handling issue was addressed with improved validation. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, visionOS 26.4. An app may be able to break out of its sandbox. | ||||