Export limit exceeded: 340499 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (340499 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-28833 | 1 Apple | 5 Ios And Ipados, Ipados, Iphone Os and 2 more | 2026-03-25 | 6.2 Medium |
| A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. An app may be able to enumerate a user's installed apps. | ||||
| CVE-2026-28834 | 1 Apple | 1 Macos | 2026-03-25 | 5.1 Medium |
| A race condition was addressed with improved state handling. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to cause unexpected system termination. | ||||
| CVE-2026-28841 | 1 Apple | 1 Macos | 2026-03-25 | 6.2 Medium |
| A buffer overflow was addressed with improved size validation. This issue is fixed in macOS Tahoe 26.4. A buffer overflow may result in memory corruption and unexpected app termination. | ||||
| CVE-2026-20637 | 1 Apple | 7 Ios And Ipados, Ipados, Iphone Os and 4 more | 2026-03-25 | 6.2 Medium |
| A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An app may be able to cause unexpected system termination. | ||||
| CVE-2026-22902 | 2 Qnap, Qnap Systems | 2 Qunetswitch, Qunetswitch | 2026-03-25 | 6.7 Medium |
| A command injection vulnerability has been reported to affect QuNetSwitch. If a local attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuNetSwitch 2.0.5.0906 and later | ||||
| CVE-2026-29840 | 1 Jizhicms | 1 Jizhicms | 2026-03-25 | 5.4 Medium |
| JiZhiCMS v2.5.6 and before contains a Stored Cross-Site Scripting (XSS) vulnerability in the release function within app/home/c/UserController.php. The application attempts to sanitize input by filtering <script> tags but fails to recursively remove dangerous event handlers in other HTML tags (such as onerror in <img> tags). This allows an authenticated remote attacker to inject arbitrary web script or HTML via the body parameter in a POST request to /user/release.html. | ||||
| CVE-2026-32309 | 1 Cryptomator | 1 Cryptomator | 2026-03-25 | 7.5 High |
| Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.1, the Hub-based unlock flow explicitly supports hub+http and consumes Hub endpoints from vault metadata without enforcing HTTPS. As a result, a vault configuration can drive OAuth and key-loading traffic over plaintext HTTP or other insecure endpoint combinations. An active network attacker can tamper with or observe this traffic. Even when the vault key is encrypted for the device, bearer tokens and endpoint-level trust decisions are still exposed to downgrade and interception. This issue has been patched in version 1.19.1. | ||||
| CVE-2026-32853 | 2 Libvncserver, Libvncserver Project | 2 Libvncserver, Libvncserver | 2026-03-25 | 8.1 High |
| LibVNCServer versions 0.9.15 and prior (fixed in commit 009008e) contain a heap out-of-bounds read vulnerability in the UltraZip encoding handler that allows a malicious VNC server to cause information disclosure or application crash. Attackers can exploit improper bounds checking in the HandleUltraZipBPP() function by manipulating subrectangle header counts to read beyond the allocated heap buffer. | ||||
| CVE-2025-14807 | 1 Ibm | 1 Infosphere Information Server | 2026-03-25 | 6.5 Medium |
| IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. | ||||
| CVE-2026-1015 | 1 Ibm | 1 Infosphere Information Server | 2026-03-25 | 5.4 Medium |
| IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | ||||
| CVE-2026-32310 | 2 Cryptomator, Microsoft | 2 Cryptomator, Windows | 2026-03-25 | 4.1 Medium |
| Cryptomator encrypts data being stored on cloud infrastructure. From version 1.6.0 to before version 1.19.1, vault configuration is parsed before its integrity is verified, and the masterkeyfile loader uses the unverified keyId as a filesystem path. The loader resolves keyId.getSchemeSpecificPart() directly against the vault path and immediately calls Files.exists(...). This allows a malicious vault config to supply parent-directory escapes, absolute local paths, or UNC paths (e.g., masterkeyfile://attacker/share/masterkey.cryptomator). On Windows, the UNC variant is especially dangerous because Path.resolve("//attacker/share/...") becomes \\attacker\share\..., so the existence check can trigger outbound SMB access before the user even enters a passphrase. This issue has been patched in version 1.19.1. | ||||
| CVE-2026-4709 | 1 Mozilla | 2 Firefox, Firefox Esr | 2026-03-25 | 7.5 High |
| Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. | ||||
| CVE-2026-2484 | 1 Ibm | 1 Infosphere Information Server | 2026-03-25 | 4.3 Medium |
| IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information exposure vulnerability caused by overly verbose error messages | ||||
| CVE-2026-1014 | 1 Ibm | 1 Infosphere Information Server | 2026-03-25 | 6.5 Medium |
| IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to exposure of sensitive information via JSON server response manipulation. | ||||
| CVE-2026-2483 | 1 Ibm | 1 Infosphere Information Server | 2026-03-25 | 5.4 Medium |
| IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session | ||||
| CVE-2017-15031 | 1 Arm | 1 Arm-trusted-firmware | 2026-03-25 | 7.5 High |
| In all versions of ARM Trusted Firmware up to and including v1.4, not initializing or saving/restoring the PMCR_EL0 register can leak secure world timing information. | ||||
| CVE-2025-64648 | 1 Ibm | 1 Concert | 2026-03-25 | 5.9 Medium |
| IBM Concert 1.0.0 through 2.2.0 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques. | ||||
| CVE-2025-64647 | 1 Ibm | 1 Concert | 2026-03-25 | 5.9 Medium |
| IBM Concert 1.0.0 through 2.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information | ||||
| CVE-2025-64646 | 1 Ibm | 1 Concert | 2026-03-25 | 6.2 Medium |
| IBM Concert 1.0.0 through 2.2.0 could allow an attacker to access sensitive information in memory due to the buffer not properly clearing resources. | ||||
| CVE-2025-36440 | 1 Ibm | 1 Concert | 2026-03-25 | 5.1 Medium |
| IBM Concert 1.0.0 through 2.2.0 could allow a local user to obtain sensitive information due to missing function level access control. | ||||