Export limit exceeded: 341651 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (341651 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-9966 | 1 Novakon | 1 P Series | 2026-03-31 | N/A |
| Improper privilege management vulnerability in Novakon P series allows attackers to gain root privileges if one service is compromized.This issue affects P series: P – V2001.A.C518o2 until P-2.0.05 Build 2026.02.06 (commit d0f97fd9). | ||||
| CVE-2025-9965 | 1 Novakon | 1 P Series | 2026-03-31 | N/A |
| Improper authentication vulnerability in Novakon P series allows unauthenticated attackers to upload and download any application from/to the device.This issue affects P series: P – V2001.A.C518o2 until P-2.0.05 Build 2026.02.06 (commit d0f97fd9). | ||||
| CVE-2025-9964 | 1 Novakon | 1 P Series | 2026-03-31 | N/A |
| No password for the root user is set in Novakon P series. This allows phyiscal attackers to enter the console easily. This issue affects P series: P – V2001.A.C518o2 until P-2.0.05 Build 2026.02.06 (commit d0f97fd9). | ||||
| CVE-2025-9963 | 1 Novakon | 1 P Series | 2026-03-31 | N/A |
| A path traversal vulnerability in Novakon P series allows to expose the root file system "/" and modify all files with root permissions. This way the system can also be compromized.This issue affects P series: P – V2001.A.C518o2 until P-2.0.05 Build 2026.02.06 (commit d0f97fd9). | ||||
| CVE-2025-9962 | 1 Novakon | 1 P Series | 2026-03-31 | N/A |
| A buffer overflow vulnerability in Novakon P series allows attackers to gain root permission without prior authentication.This issue affects P series: P – V2001.A.C518o2 until P-2.0.05 Build 2026.02.06 (commit d0f97fd9). | ||||
| CVE-2025-7073 | 1 Bitdefender | 5 Antivirus, Antivirus Plus, Endpoint Security Tools and 2 more | 2026-03-31 | 7.8 High |
| A local privilege escalation vulnerability in Bitdefender Total Security versions prior to 27.0.47.241 allows low-privileged attackers to elevate privileges. The issue arises from bdservicehost.exe deleting files from a user-writable directory (C:\ProgramData\Atc\Feedback) without proper symbolic link validation, enabling arbitrary file deletion. This issue is chained with a file copy operation during network events and a filter driver bypass via DLL injection to achieve arbitrary file copy and code execution as elevated user. | ||||
| CVE-2025-13611 | 1 Gitlab | 1 Gitlab | 2026-03-31 | 2 Low |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.2 before 18.5.5 and 18.6 before 18.6.3 that could have allowed an authenticated user with access to certain logs to obtain sensitive tokens under specific conditions. | ||||
| CVE-2025-47904 | 1 Microchip | 2 Timeprovider 4100, Timeprovider 4100 Firmware | 2026-03-31 | 4.1 Medium |
| Download of Code Without Integrity Check vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This issue affects Time Provider 4100: before 2.5. | ||||
| CVE-2025-47902 | 1 Microchip | 2 Timeprovider 4100, Timeprovider 4100 Firmware | 2026-03-31 | 8.8 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Microchip Time Provider 4100 allows SQL Injection.This issue affects Time Provider 4100: before 2.5. | ||||
| CVE-2025-47901 | 1 Microchip | 2 Timeprovider 4100, Timeprovider 4100 Firmware | 2026-03-31 | 8.8 High |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Microchip Time Provider 4100 allows OS Command Injection.This issue affects Time Provider 4100: before 2.5. | ||||
| CVE-2025-47900 | 1 Microchip | 2 Timeprovider 4100, Timeprovider 4100 Firmware | 2026-03-31 | 8.8 High |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Microchip Time Provider 4100 allows OS Command Injection.This issue affects Time Provider 4100: before 2.5. | ||||
| CVE-2024-8403 | 1 Mitsubishi Electric | 2 Melsec Iq-f Series Fx5-enet, Melsec Iq-f Series Fx5-enet Ip | 2026-03-31 | 7.5 High |
| Improper Validation of Specified Type of Input vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET versions 1.100 to 1.200 and FX5-ENET/IP versions 1.100 to 1.104 allows a remote attacker to cause a Denial of Service condition in Ethernet communication of the products by sending specially crafted SLMP packets. | ||||
| CVE-2026-27309 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2026-03-31 | 7.8 High |
| Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-4415 | 2026-03-31 | 8.1 High | ||
| Gigabyte Control Center developed by GIGABYTE has an Arbitrary File Write vulnerability. When the pairing feature is enabled, unauthenticated remote attackers can write arbitrary files to any location on the underlying operating system, leading to arbitrary code execution or privilege escalation. | ||||
| CVE-2025-12805 | 1 Redhat | 1 Openshift Ai | 2026-03-31 | 8.1 High |
| A flaw was found in Red Hat OpenShift AI (RHOAI) llama-stack-operator. This vulnerability allows unauthorized access to Llama Stack services deployed in other namespaces via direct network requests, because no NetworkPolicy restricts access to the llama-stack service endpoint. As a result, a user in one namespace can access another user’s Llama Stack instance and potentially view or manipulate sensitive data. | ||||
| CVE-2026-3277 | 2 Devolutions, Ironmansoftware | 2 Powershell Universal, Powershell Universal | 2026-03-30 | 5.5 Medium |
| The OpenID Connect (OIDC) authentication configuration in PowerShell Universal before 2026.1.3 stores the OIDC client secret in cleartext in the .universal/authentication.ps1 script, which allows an attacker with read access to that file to obtain the OIDC client credentials | ||||
| CVE-2026-4396 | 1 Devolutions | 1 Hub Reporting Service | 2026-03-30 | 8.3 High |
| Improper certificate validation in Devolutions Hub Reporting Service 2025.3.1.1 and earlier allows a network attacker to perform a man-in-the-middle attack via disabled TLS certificate verification. | ||||
| CVE-2026-32865 | 2 Opexus, Opexustech | 3 Ecase, Ecomplaint, Ecase Ecomplaint | 2026-03-30 | 9.8 Critical |
| OPEXUS eComplaint and eCASE before version 10.1.0.0 include the secret verification code in the HTTP response when requesting a password reset via 'ForcePasswordReset.aspx'. An attacker who knows an existing user's email address can reset the user's password and security questions. Existing security questions are not asked during the process. | ||||
| CVE-2026-32866 | 2 Opexus, Opexustech | 2 Ecase, Ecase Ecomplaint | 2026-03-30 | 5.5 Medium |
| OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of first and last name fields in a user profile. An authenticated attacker can inject parts of an XSS payload in their first and last name fields. The payload is executed when the user's full name is rendered. The attacker can run script in the context of a victim's session. | ||||
| CVE-2026-32867 | 2 Opexus, Opexustech | 2 Ecomplaint, Ecase Ecomplaint | 2026-03-30 | 5.4 Medium |
| OPEXUS eComplaint before version 10.1.0.0 allows an unauthenticated attacker to obtain or guess an existing case number and upload arbitrary files via 'Portal/EEOC/DocumentUploadPub.aspx'. Users would see these unexpected files in cases. Uploading a large number of files could consume storage. | ||||