Export limit exceeded: 341202 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (341202 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-20228 | 1 Flatassembler | 1 Flat Assembler | 2026-03-30 | 8.4 High |
| Flat Assembler 1.71.21 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying oversized input to the application. Attackers can craft malicious assembly input exceeding 5895 bytes to overwrite the instruction pointer and execute return-oriented programming chains for shell command execution. | ||||
| CVE-2018-25226 | 1 Ftpshell | 1 Ftpshell Server | 2026-03-30 | 6.2 Medium |
| FTPShell Server 6.83 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the account name field. Attackers can trigger a denial of service by pasting a 417-byte payload into the 'Account name to ban' parameter within the Manage FTP Accounts interface. | ||||
| CVE-2026-33061 | 1 Jexactyl | 1 Jexactyl | 2026-03-30 | 5.8 Medium |
| Jexactyl is a customisable game management panel and billing system. Commits after 025e8dbb0daaa04054276bda814d922cf4af58da and before e28edb204e80efab628d1241198ea4f079779cfd inject server-side objects into client-side JavaScript through resources/views/templates/wrapper.blade.php. Using unescaped {!! json_encode(...) !!} without safe encoding flags allows string values to break out of the JavaScript context and be interpreted as HTML/JS by the browser. If any serialized fields contain attacker-controlled content, such as a username, display name, or site config value, a malicious payload will execute arbitrary script for any user viewing the page (stored DOM XSS). This issue has been patched by commit e28edb204e80efab628d1241198ea4f079779cfd. | ||||
| CVE-2026-21643 | 1 Fortinet | 1 Forticlientems | 2026-03-30 | 9.1 Critical |
| An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests. | ||||
| CVE-2025-68158 | 1 Authlib | 1 Authlib | 2026-03-30 | 5.7 Medium |
| Authlib is a Python library which builds OAuth and OpenID Connect servers. In versions 1.0.0 through 1.6.5, cache-backed state/request-token storage is not tied to the initiating user session, so CSRF is possible for any attacker that has a valid state (easily obtainable via an attacker-initiated authentication flow). When a cache is supplied to the OAuth client registry, FrameworkIntegration.set_state_data writes the entire state blob under _state_{app}_{state}, and get_state_data ignores the caller’s session altogether. This issue has been patched in version 1.6.6. | ||||
| CVE-2026-32865 | 2 Opexus, Opexustech | 3 Ecase, Ecomplaint, Ecase Ecomplaint | 2026-03-30 | 9.8 Critical |
| OPEXUS eComplaint and eCASE before version 10.1.0.0 include the secret verification code in the HTTP response when requesting a password reset via 'ForcePasswordReset.aspx'. An attacker who knows an existing user's email address can reset the user's password and security questions. Existing security questions are not asked during the process. | ||||
| CVE-2026-32866 | 2 Opexus, Opexustech | 2 Ecase, Ecase Ecomplaint | 2026-03-30 | 5.5 Medium |
| OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of first and last name fields in a user profile. An authenticated attacker can inject parts of an XSS payload in their first and last name fields. The payload is executed when the user's full name is rendered. The attacker can run script in the context of a victim's session. | ||||
| CVE-2026-32867 | 2 Opexus, Opexustech | 2 Ecomplaint, Ecase Ecomplaint | 2026-03-30 | 5.4 Medium |
| OPEXUS eComplaint before version 10.1.0.0 allows an unauthenticated attacker to obtain or guess an existing case number and upload arbitrary files via 'Portal/EEOC/DocumentUploadPub.aspx'. Users would see these unexpected files in cases. Uploading a large number of files could consume storage. | ||||
| CVE-2026-3442 | 2 Gnu, Redhat | 4 Binutils, Enterprise Linux, Openshift and 1 more | 2026-03-30 | 6.1 Medium |
| A flaw was found in GNU Binutils. This vulnerability, a heap-based buffer overflow, specifically an out-of-bounds read, exists in the bfd linker component. An attacker could exploit this by convincing a user to process a specially crafted malicious XCOFF object file. Successful exploitation may lead to the disclosure of sensitive information or cause the application to crash, resulting in an application level denial of service. | ||||
| CVE-2026-20416 | 2 Google, Mediatek | 5 Android, Mt6991, Mt6993 and 2 more | 2026-03-30 | 7.2 High |
| In pcie, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10315038 / ALPS10340155; Issue ID: MSV-5155. | ||||
| CVE-2026-20445 | 2 Google, Mediatek | 24 Android, Mt6835, Mt6855 and 21 more | 2026-03-30 | 4.4 Medium |
| In MDDP, there is a possible system crash due to a race condition. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10289875; Issue ID: MSV-5184. | ||||
| CVE-2026-20429 | 2 Google, Mediatek | 30 Android, Mt6739, Mt6761 and 27 more | 2026-03-30 | 4.4 Medium |
| In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5535. | ||||
| CVE-2026-20424 | 2 Google, Mediatek | 6 Android, Mt6991, Mt6993 and 3 more | 2026-03-30 | 4.4 Medium |
| In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5540. | ||||
| CVE-2026-20444 | 2 Google, Mediatek | 47 Android, Mt6739, Mt6761 and 44 more | 2026-03-30 | 6.7 Medium |
| In display, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10436995; Issue ID: MSV-5721. | ||||
| CVE-2026-32868 | 2 Opexus, Opexustech | 3 Ecase, Ecomplaint, Ecase Ecomplaint | 2026-03-30 | 5.5 Medium |
| OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of first and last name fields in the 'My Information' screen. An authenticated attacker can inject parts of an XSS payload in the first and last name fields. The payload is executed when the full name is rendered. The attacker can run script in the context of a victim's session. | ||||
| CVE-2026-20443 | 2 Google, Mediatek | 47 Android, Mt6739, Mt6761 and 44 more | 2026-03-30 | 6.7 Medium |
| In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10436998; Issue ID: MSV-5722. | ||||
| CVE-2026-20442 | 2 Google, Mediatek | 47 Android, Mt6739, Mt6761 and 44 more | 2026-03-30 | 4.4 Medium |
| In display, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10436998; Issue ID: MSV-5723. | ||||
| CVE-2026-20441 | 2 Google, Mediatek | 6 Android, Mt2718, Mt6899 and 3 more | 2026-03-30 | 6.7 Medium |
| In MAE, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10432500; Issue ID: MSV-5803. | ||||
| CVE-2026-20440 | 2 Google, Mediatek | 6 Android, Mt2718, Mt6899 and 3 more | 2026-03-30 | 6.7 Medium |
| In MAE, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10431968; Issue ID: MSV-5824. | ||||
| CVE-2026-20439 | 2 Google, Mediatek | 6 Android, Mt2718, Mt6899 and 3 more | 2026-03-30 | 4.4 Medium |
| In imgsys, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10431955; Issue ID: MSV-5826. | ||||