Export limit exceeded: 76982 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (76982 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-4699 | 1 Mozilla | 2 Firefox, Firefox Esr | 2026-03-26 | 7.5 High |
| Incorrect boundary conditions in the Layout: Text and Fonts component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. | ||||
| CVE-2026-4697 | 1 Mozilla | 2 Firefox, Firefox Esr | 2026-03-26 | 7.5 High |
| Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. | ||||
| CVE-2026-4695 | 1 Mozilla | 2 Firefox, Firefox Esr | 2026-03-26 | 7.5 High |
| Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. | ||||
| CVE-2026-4694 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-03-26 | 7.5 High |
| Incorrect boundary conditions, integer overflow in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. | ||||
| CVE-2026-4693 | 1 Mozilla | 2 Firefox, Firefox Esr | 2026-03-26 | 7.5 High |
| Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. | ||||
| CVE-2026-4686 | 1 Mozilla | 2 Firefox, Firefox Esr | 2026-03-26 | 7.5 High |
| Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. | ||||
| CVE-2026-4685 | 1 Mozilla | 2 Firefox, Firefox Esr | 2026-03-26 | 7.5 High |
| Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. | ||||
| CVE-2026-33316 | 2 Go-vikunja, Vikunja | 2 Vikunja, Vikunja | 2026-03-26 | 8.1 High |
| Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.0, a flaw in Vikunja’s password reset logic allows disabled users to regain access to their accounts. The `ResetPassword()` function sets the user’s status to `StatusActive` after a successful password reset without verifying whether the account was previously disabled. By requesting a reset token through `/api/v1/user/password/token` and completing the reset via `/api/v1/user/password/reset`, a disabled user can reactivate their account and bypass administrator-imposed account disablement. Version 2.2.0 patches the issue. | ||||
| CVE-2019-25638 | 1 Meeplace | 1 Meeplace Business Review Script | 2026-03-26 | 7.1 High |
| Meeplace Business Review Script contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to the addclick.php endpoint with crafted SQL payloads in the 'id' parameter to extract sensitive database information or cause denial of service. | ||||
| CVE-2019-25626 | 1 Flexhex | 1 River Past Cam Do | 2026-03-26 | 8.4 High |
| River Past Cam Do 3.7.6 contains a local buffer overflow vulnerability in the activation code input field that allows local attackers to execute arbitrary code by supplying a malicious activation code string. Attackers can craft a buffer containing 608 bytes of junk data followed by shellcode and SEH chain overwrite values to trigger code execution when the activation dialog processes the input. | ||||
| CVE-2026-3509 | 1 Codesys | 15 Control For Beaglebone Sl, Control For Empc-a/imx6 Sl, Control For Iot2000 Sl and 12 more | 2026-03-26 | 7.5 High |
| An unauthenticated remote attacker may be able to control the format string of messages processed by the Audit Log of the CODESYS Control runtime system, potentially resulting in a denial‑of‑service (DoS) condition. | ||||
| CVE-2026-23250 | 1 Linux | 1 Linux Kernel | 2026-03-26 | 7.0 High |
| In the Linux kernel, the following vulnerability has been resolved: xfs: check return value of xchk_scrub_create_subord Fix this function to return NULL instead of a mangled ENOMEM, then fix the callers to actually check for a null pointer and return ENOMEM. Most of the corrections here are for code merged between 6.2 and 6.10. | ||||
| CVE-2026-27934 | 1 Discourse | 1 Discourse | 2026-03-26 | 7.5 High |
| Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a lack of visibility checks with a user action API endpoint that results in disclosure of the title and post excerpt to unauthorized users, leading to information disclosure. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. No known workarounds are available. | ||||
| CVE-2025-60947 | 2 Census, Csprousers | 2 Csweb, Csweb | 2026-03-26 | 8.8 High |
| Census CSWeb 8.0.1 allows arbitrary file upload. A remote, authenticated attacker could upload a malicious file, possibly leading to remote code execution. Fixed in 8.1.0 alpha. | ||||
| CVE-2026-29839 | 1 Dedecms | 1 Dedecms | 2026-03-26 | 8.8 High |
| DedeCMS v5.7.118 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability in /sys_task_add.php. | ||||
| CVE-2019-25647 | 1 Phreesoft | 1 Phreebookserp | 2026-03-26 | 8.8 High |
| PhreeBooks ERP 5.2.3 contains a remote code execution vulnerability in the image manager that allows authenticated attackers to upload and execute arbitrary PHP files by bypassing file extension controls. Attackers can upload malicious PHP files through the image manager endpoint and execute them to establish reverse shell connections and execute system commands. | ||||
| CVE-2026-4684 | 1 Mozilla | 2 Firefox, Firefox Esr | 2026-03-26 | 7.5 High |
| Race condition, use-after-free in the Graphics: WebRender component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. | ||||
| CVE-2026-4704 | 1 Mozilla | 2 Firefox, Firefox Esr | 2026-03-26 | 7.5 High |
| Denial-of-service in the WebRTC: Signaling component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. | ||||
| CVE-2026-4706 | 1 Mozilla | 2 Firefox, Firefox Esr | 2026-03-26 | 7.5 High |
| Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. | ||||
| CVE-2026-4707 | 1 Mozilla | 2 Firefox, Firefox Esr | 2026-03-26 | 7.5 High |
| Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. | ||||