Export limit exceeded: 19606 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10182 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10182 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-32237 | 2 Backstage, Linuxfoundation | 2 Plugin-scaffolder-backend, Backstage | 2026-03-23 | 4.4 Medium |
| Backstage is an open framework for building developer portals. Prior to 3.1.5, authenticated users with permission to execute scaffolder dry-runs can gain access to server-configured environment secrets through the dry-run API response. Secrets are properly redacted in log output but not in all parts of the response payload. Deployments that have configured scaffolder.defaultEnvironment.secrets are affected. This is patched in @backstage/plugin-scaffolder-backend version 3.1.5. | ||||
| CVE-2025-2842 | 1 Redhat | 1 Openshift Distributed Tracing | 2026-03-22 | 4.3 Medium |
| A flaw was found in the Tempo Operator. When the Jaeger UI Monitor Tab functionality is enabled in a Tempo instance managed by the Tempo Operator, the Operator creates a ClusterRoleBinding for the Service Account of the Tempo instance to grant the cluster-monitoring-view ClusterRole. This can be exploited if a user has 'create' permissions on TempoStack and 'get' permissions on Secret in a namespace (for example, a user has ClusterAdmin permissions for a specific namespace), as the user can read the token of the Tempo service account and therefore has access to see all cluster metrics. | ||||
| CVE-2025-2786 | 1 Redhat | 1 Openshift Distributed Tracing | 2026-03-22 | 4.3 Medium |
| A flaw was found in Tempo Operator, where it creates a ServiceAccount, ClusterRole, and ClusterRoleBinding when a user deploys a TempoStack or TempoMonolithic instance. This flaw allows a user with full access to their namespace to extract the ServiceAccount token and use it to submit TokenReview and SubjectAccessReview requests, potentially revealing information about other users' permissions. While this does not allow privilege escalation or impersonation, it exposes information that could aid in gathering information for further attacks. | ||||
| CVE-2024-1139 | 1 Redhat | 2 Acm, Openshift | 2026-03-22 | 7.7 High |
| A credentials leak vulnerability was found in the cluster monitoring operator in OCP. This issue may allow a remote attacker who has basic login credentials to check the pod manifest to discover a repository pull secret. | ||||
| CVE-2026-20133 | 1 Cisco | 1 Catalyst Sd-wan Manager | 2026-03-20 | 6.5 Medium |
| A vulnerability in Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system access restrictions. An attacker could exploit this vulnerability by accessing the API of an affected system. A successful exploit could allow the attacker to read sensitive information on the underlying operating system. | ||||
| CVE-2026-32890 | 1 Openvessl | 1 Anchorr | 2026-03-20 | 9.7 Critical |
| Anchorr is a Discord bot for requesting movies and TV shows and receiving notifications when items are added to a media server. In versions 1.4.1 and below, a stored Cross-site Scripting (XSS) vulnerability in the web dashboard's User Mapping dropdown allows any unprivileged Discord user in the configured guild to execute arbitrary JavaScript in the Anchorr admin's browser. By chaining this with the GET /api/config endpoint (which returns all secrets in plaintext), an attacker can exfiltrate every credential stored in Anchorr which includes DISCORD_TOKEN, JELLYFIN_API_KEY, JELLYSEERR_API_KEY, JWT_SECRET, WEBHOOK_SECRET, and bcrypt password hashes without any authentication to Anchorr itself. This issue has been fixed in version 1.4.2. | ||||
| CVE-2026-4040 | 1 Openclaw | 1 Openclaw | 2026-03-20 | 3.3 Low |
| A vulnerability was identified in OpenClaw up to 2026.2.17. This issue affects the function tools.exec.safeBins of the component File Existence Handler. The manipulation leads to information exposure through discrepancy. The attack needs to be performed locally. Upgrading to version 2026.2.19-beta.1 is capable of addressing this issue. The identifier of the patch is bafdbb6f112409a65decd3d4e7350fbd637c7754. Upgrading the affected component is advised. | ||||
| CVE-2026-29066 | 2 Ssw, Tina | 2 Tinacms\/cli, Tinacms | 2026-03-20 | 6.2 Medium |
| Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI dev server configures Vite with server.fs.strict: false, which disables Vite's built-in filesystem access restriction. This allows any unauthenticated attacker who can reach the dev server to read arbitrary files on the host system. This vulnerability is fixed in 2.1.8. | ||||
| CVE-2026-32100 | 1 Swag | 1 Platform-security | 2026-03-20 | 5.3 Medium |
| Shopware is an open commerce platform. /api/_info/config route exposes information about active security fixes. This vulnerability is fixed in 2.0.16, 3.0.12, and 4.0.7. | ||||
| CVE-2026-32142 | 1 Shopware | 1 Commercial | 2026-03-20 | 5.3 Medium |
| Shopware is an open commerce platform. /api/_info/config route exposes information about licenses. This vulnerability is fixed in 7.8.1 and 6.10.15. | ||||
| CVE-2026-32094 | 2 Ericcornelissen, Shescape Project | 2 Shescape, Shescape | 2026-03-20 | 6.5 Medium |
| Shescape is a simple shell escape library for JavaScript. Prior to 2.1.10, Shescape#escape() does not escape square-bracket glob syntax for Bash, BusyBox sh, and Dash. Applications that interpolate the return value directly into a shell command string can cause an attacker-controlled value like secret[12] to expand into multiple filesystem matches instead of a single literal argument, turning one argument into multiple trusted-pathname matches. This vulnerability is fixed in 2.1.10. | ||||
| CVE-2026-32098 | 2 Parse Community, Parseplatform | 2 Parse Server, Parse-server | 2026-03-20 | 7.5 High |
| Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.9 and 8.6.35, an attacker can exploit LiveQuery subscriptions to infer the values of protected fields without directly receiving them. By subscribing with a WHERE clause that references a protected field (including via dot-notation or $regex), the attacker can observe whether LiveQuery events are delivered for matching objects. This creates a boolean oracle that leaks protected field values. The attack affects any class that has both protectedFields configured in Class-Level Permissions and LiveQuery enabled. This vulnerability is fixed in 9.6.0-alpha.9 and 8.6.35. | ||||
| CVE-2026-1867 | 2 Wordpress, Wp Front User Submit | 2 Wordpress, Guest Posting / Frontend Posting / Front Editor | 2026-03-20 | 5.9 Medium |
| The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.6 allows passing a URL parameter to regenerate a .json file based on demo data that it initially creates. If an administrator modifies the demo form and enables admin notifications in the Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.6's settings, it is possible for an unauthenticated attacker to export and download all of the form data/settings, including the administrator's email address. | ||||
| CVE-2026-2571 | 2 Codename065, Wordpress | 2 Download Manager Plugin, Wordpress | 2026-03-20 | 4.3 Medium |
| The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'reviewUserStatus' function in all versions up to, and including, 3.3.49. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve sensitive information for any user on the site including email addresses, display names, and registration dates. | ||||
| CVE-2026-32865 | 1 Opexus | 2 Ecase, Ecomplaint | 2026-03-20 | 9.8 Critical |
| OPEXUS eComplaint and eCASE before version 10.1.0.0 include the secret verification code in the HTTP response when requesting a password reset via 'ForcePasswordReset.aspx'. An attacker who knows an existing user's email address can reset the user's password and security questions. Existing security questions are not asked during the process. | ||||
| CVE-2024-7557 | 1 Redhat | 2 Openshift Ai, Openshift Data Science | 2026-03-19 | 8.8 High |
| A vulnerability was found in OpenShift AI that allows for authentication bypass and privilege escalation across models within the same namespace. When deploying AI models, the UI provides the option to protect models with authentication. However, credentials from one model can be used to access other models and APIs within the same namespace. The exposed ServiceAccount tokens, visible in the UI, can be utilized with oc --token={token} to exploit the elevated view privileges associated with the ServiceAccount, leading to unauthorized access to additional resources. | ||||
| CVE-2026-31837 | 1 Istio | 1 Istio | 2026-03-18 | 7.5 High |
| Istio is an open platform to connect, manage, and secure microservices. Prior to 1.29.1, 1.28.5, and 1.27.8, a user of Istio is impacted if the JWKS resolver becomes unavailable or the fetch fails, exposing hardcoded defaults regardless of use of the RequestAuthentication resource. This vulnerability is fixed in 1.29.1, 1.28.5, and 1.27.8. | ||||
| CVE-2026-30933 | 2 Filebrowser, Gtsteffaniak | 2 Filebrowser, Filebrowser | 2026-03-18 | 7.5 High |
| FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, the remediation for CVE-2026-27611 is incomplete. Password protected shares still disclose tokenized downloadURL via /public/api/share/info. This vulnerability is fixed in 1.3.1-beta and 1.2.2-stable. | ||||
| CVE-2025-68467 | 1 Darkreader | 1 Darkreader | 2026-03-18 | 3.4 Low |
| Dark Reader is an accessibility browser extension that makes web pages colors dark. The dynamic dark mode feature of the extension works by analyzing the colors of web pages found in CSS style sheet files. In order to analyze cross-origin style sheets (stored on websites different from the original web page), Dark Reader requests such files via a background worker, ensuring the request is performed with no credentials and that the content type of the response is a CSS file. Prior to Dark Reader 4.9.117, this style content was assigned to an HTML Style Element in order to parse and loop through style declarations, and also stored in page's Session Storage for performance gains. This could allow a website author to request a style sheet from a locally running web server, for example by having a link pointing to `http[:]//localhost[:]8080/style[.]css`. The brute force of the host name, port and file name would be unlikely due to performance impact, that would cause the browser tab to hang shortly, but it could be possible to request a style sheet if the full URL was known in advance. As per December 18, 2025 there is no known exploit of the issue. The problem has been fixed in version 4.9.117 on December 3, 2025. The style sheets are now parsed using modern Constructed Style Sheets API and the contents of cross-origin style sheets is no longer stored in page's Session Storage. Version 4.9.118 (December 8, 2025) restricts cross-origin requests to localhost aliases, IP addresses, hosts with ports and non-HTTPS resources. The absolute majority of users have received an update 4.1.117 or 4.9.118 automatically within a week. However users must ensure their automatic updates are not blocked and they are using the latest version of the extension by going to chrome://extensions or about:addons pages in browser settings. Users utilizing manual builds must upgrade to version 4.9.118 and above. Developers using `darkreader` NPM package for their own websites are likely not affected, but must ensure the function passed to `setFetchMethod()` for performing cross-origin requests works within the intended scope. Developers using custom forks of earlier versions of Dark Reader to build other extensions or integrating into their apps or browsers must ensure they perform cross-origin requests safely and the responses are not accessible outside of the app or extension. | ||||
| CVE-2026-28675 | 1 Opensift | 1 Opensift | 2026-03-18 | 5.3 Medium |
| OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, some endpoints returned raw exception strings to clients. Additionally, login token material was exposed in UI/rendered responses and token rotation output. This issue has been patched in version 1.6.3-alpha. | ||||