Export limit exceeded: 340578 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (340578 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-4824 | 2026-03-25 | 7 High | ||
| A vulnerability has been found in Enter Software Iperius Backup up to 8.7.3. Affected by this issue is some unknown functionality of the component Backup Job Configuration File Handler. The manipulation leads to improper privilege management. The attack must be carried out locally. The attack is considered to have high complexity. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 8.7.4 can resolve this issue. It is advisable to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product. | ||||
| CVE-2026-4823 | 2026-03-25 | 2.5 Low | ||
| A flaw has been found in Enter Software Iperius Backup up to 8.7.3. Affected by this vulnerability is an unknown functionality of the component NTLM2 Handler. Executing a manipulation can lead to information disclosure. The attack is restricted to local execution. Attacks of this nature are highly complex. The exploitation appears to be difficult. The exploit has been published and may be used. Upgrading to version 8.7.4 addresses this issue. Upgrading the affected component is advised. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product. | ||||
| CVE-2025-36187 | 1 Ibm | 1 Knowledge Catalog Standard Cartridge | 2026-03-25 | 4.4 Medium |
| IBM Knowledge Catalog Standard Cartridge 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.1, 5.1.1, 5,1.2, 5.1.3, 5.2.0, 5.2.1 stores potentially sensitive information in log files that could be read by a local privileged user. | ||||
| CVE-2025-14684 | 1 Ibm | 1 Maximo Application Suite Monitor Component | 2026-03-25 | 4 Medium |
| IBM Maximo Application Suite - Monitor Component 9.1, 9.0, 8.11, and 8.10 could allow an unauthorized user to inject data into log messages due to improper neutralization of special elements when written to log files. | ||||
| CVE-2026-33353 | 2 Charm, Charmbracelet | 2 Soft Serve, Soft-serve | 2026-03-25 | 6.5 Medium |
| Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0.11.6, an authorization flaw in repo import allows any authenticated SSH user to clone a server-local Git repository, including another user's private repo, into a new repository they control. This issue has been patched in version 0.11.6. | ||||
| CVE-2025-33247 | 1 Nvidia | 1 Megatron-lm | 2026-03-25 | 7.8 High |
| NVIDIA Megatron LM contains a vulnerability in quantization configuration loading, which could allow remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. | ||||
| CVE-2025-33248 | 1 Nvidia | 1 Megatron-lm | 2026-03-25 | 7.8 High |
| NVIDIA Megatron-LM contains a vulnerability in the hybrid conversion script where an Attacker may cause an RCE by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering. | ||||
| CVE-2026-24150 | 1 Nvidia | 1 Megatron-lm | 2026-03-25 | 7.8 High |
| NVIDIA Megatron-LM contains a vulnerability in checkpoint loading where an Attacker may cause an RCE by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering. | ||||
| CVE-2026-24151 | 1 Nvidia | 1 Megatron-lm | 2026-03-25 | 7.8 High |
| NVIDIA Megatron-LM contains a vulnerability in inferencing where an Attacker may cause an RCE by convincing a user to load a maliciously crafted input. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering. | ||||
| CVE-2026-32854 | 2 Libvncserver, Libvncserver Project | 2 Libvncserver, Libvncserver | 2026-03-25 | 7.5 High |
| LibVNCServer versions 0.9.15 and prior (fixed in commit dc78dee) contain null pointer dereference vulnerabilities in the HTTP proxy handlers within httpProcessInput() in httpd.c that allow remote attackers to cause a denial of service by sending specially crafted HTTP requests. Attackers can exploit missing validation of strchr() return values in the CONNECT and GET proxy handling paths to trigger null pointer dereferences and crash the server when httpd and proxy features are enabled. | ||||
| CVE-2026-24152 | 1 Nvidia | 1 Megatron-lm | 2026-03-25 | 7.8 High |
| NVIDIA Megatron-LM contains a vulnerability in checkpoint loading where an Attacker may cause an RCE by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering. | ||||
| CVE-2026-28859 | 1 Apple | 8 Ios And Ipados, Ipados, Iphone Os and 5 more | 2026-03-25 | 4.3 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. A malicious website may be able to process restricted web content outside the sandbox. | ||||
| CVE-2026-20665 | 1 Apple | 8 Ios And Ipados, Ipados, Iphone Os and 5 more | 2026-03-25 | 6.5 Medium |
| This issue was addressed through improved state management. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. | ||||
| CVE-2026-20622 | 1 Apple | 1 Macos | 2026-03-25 | 7.5 High |
| A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3. An app may be able to capture a user's screen. | ||||
| CVE-2026-4710 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-03-25 | 9.8 Critical |
| Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. | ||||
| CVE-2026-29772 | 2 Astro, Withastro | 2 \@astrojs\/node, Astro | 2026-03-25 | 5.9 Medium |
| Astro is a web framework. Prior to version 10.0.0, Astro's Server Islands POST handler buffers and parses the full request body as JSON without enforcing a size limit. Because JSON.parse() allocates a V8 heap object for every element in the input, a crafted payload of many small JSON objects achieves ~15x memory amplification (wire bytes to heap bytes), allowing a single unauthenticated request to exhaust the process heap and crash the server. The /_server-islands/[name] route is registered on all Astro SSR apps regardless of whether any component uses server:defer, and the body is parsed before the island name is validated, so any Astro SSR app with the Node standalone adapter is affected. This issue has been patched in version 10.0.0. | ||||
| CVE-2026-20693 | 1 Apple | 1 Macos | 2026-03-25 | 4.9 Medium |
| This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An attacker with root privileges may be able to delete protected system files. | ||||
| CVE-2026-28823 | 1 Apple | 1 Macos | 2026-03-25 | 4.9 Medium |
| A path handling issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26.4. An app with root privileges may be able to delete protected system files. | ||||
| CVE-2026-20686 | 1 Apple | 3 Ios And Ipados, Ipados, Iphone Os | 2026-03-25 | 5.3 Medium |
| This issue was addressed with improved input validation. This issue is fixed in iOS 26.3 and iPadOS 26.3. An app may be able to access sensitive user data. | ||||
| CVE-2026-28828 | 1 Apple | 1 Macos | 2026-03-25 | 5.3 Medium |
| A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access sensitive user data. | ||||