Export limit exceeded: 340996 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 340996 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (340996 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-32241 | 2026-03-27 | 7.5 High | ||
| Flannel is a network fabric for containers, designed for Kubernetes. The Flannel project includes an experimental Extension backend that allows users to easily prototype new backend types. In versions of Flannel prior to 0.28.2, this Extension backend is vulnerable to a command injection that allows an attacker who can set Kubernetes Node annotations to achieve root-level arbitrary command execution on every flannel node in the cluster. The Extension backend's SubnetAddCommand and SubnetRemoveCommand receive attacker-controlled data via stdin (from the `flannel.alpha.coreos.com/backend-data` Node annotation). The content of this annotation is unmarshalled and piped directly to a shell command without checks. Kubernetes clusters using Flannel with the Extension backend are affected by this vulnerability. Other backends such as vxlan and wireguard are unaffected. The vulnerability is fixed in version v0.28.2. As a workaround, use Flannel with another backend such as vxlan or wireguard. | ||||
| CVE-2025-66955 | 1 Asseco | 1 See Live | 2026-03-27 | 6.5 Medium |
| Local File Inclusion in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote authenticated users to access files on the host via "path" parameter in the downloadAttachment and downloadAttachmentFromPath API calls. | ||||
| CVE-2026-21670 | 1 Veeam | 1 Backup And Replication | 2026-03-27 | 7.7 High |
| A vulnerability allowing a low-privileged user to extract saved SSH credentials. | ||||
| CVE-2026-21669 | 1 Veeam | 1 Backup And Replication | 2026-03-27 | 10 Critical |
| A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server. | ||||
| CVE-2026-21668 | 1 Veeam | 1 Backup And Replication | 2026-03-27 | 8.8 High |
| A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository. | ||||
| CVE-2026-21672 | 1 Veeam | 1 Backup And Recovery | 2026-03-27 | 8.8 High |
| A vulnerability allowing local privilege escalation on Windows-based Veeam Backup & Replication servers. | ||||
| CVE-2026-21708 | 1 Veeam | 1 Backup And Recovery | 2026-03-27 | 10 Critical |
| A vulnerability allowing a Backup Viewer to perform remote code execution (RCE) as the postgres user. | ||||
| CVE-2026-28252 | 1 Trane | 5 Tracer Concierge, Tracer Sc, Tracer Sc\+ and 2 more | 2026-03-27 | 9.8 Critical |
| A Use of a Broken or Risky Cryptographic Algorithm vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to bypass authentication and gain root-level access to the device. | ||||
| CVE-2026-28253 | 1 Trane | 5 Tracer Concierge, Tracer Sc, Tracer Sc\+ and 2 more | 2026-03-27 | 7.5 High |
| A Memory Allocation with Excessive Size Value vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to cause a denial-of-service condition | ||||
| CVE-2026-28254 | 1 Trane | 5 Tracer Concierge, Tracer Sc, Tracer Sc\+ and 2 more | 2026-03-27 | 7.5 High |
| A Missing Authorization vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to access sensitive information through unprotected APIs. | ||||
| CVE-2026-28255 | 1 Trane | 5 Tracer Concierge, Tracer Sc, Tracer Sc\+ and 2 more | 2026-03-27 | 9.8 Critical |
| A Use of Hard-coded Credentials vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to disclose sensitive information and take over accounts. | ||||
| CVE-2026-28256 | 1 Trane | 5 Tracer Concierge, Tracer Sc, Tracer Sc\+ and 2 more | 2026-03-27 | 9.8 Critical |
| A Use of Hard-coded, Security-relevant Constants vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to disclose sensitive information and take over accounts. | ||||
| CVE-2026-26133 | 1 Microsoft | 33 365 Copilot Android, 365 Copilot For Android, 365 Copilot For Ios and 30 more | 2026-03-27 | 7.1 High |
| AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-20993 | 1 Samsung | 1 Samsung Assistant | 2026-03-27 | N/A |
| Improper export of android application components in Samsung Assistant prior to version 9.3.10.7 allows local attacker to access saved information. | ||||
| CVE-2026-20994 | 1 Samsung | 1 Account | 2026-03-27 | N/A |
| URL redirection in Samsung Account prior to version 15.5.01.1 allows remote attackers to potentially get access token. | ||||
| CVE-2026-20995 | 1 Samsung | 1 Smart Switch | 2026-03-27 | N/A |
| Exposure of sensitive functionality to an unauthorized actor in Smart Switch prior to version 3.7.69.15 allows remote attackers to set a specific configuration. | ||||
| CVE-2026-20996 | 1 Samsung | 1 Smart Switch | 2026-03-27 | N/A |
| Use of a broken or risky cryptographic algorithm in Smart Switch prior to version 3.7.69.15 allows remote attackers to configure a downgraded scheme for authentication. | ||||
| CVE-2026-20997 | 1 Samsung | 1 Smart Switch | 2026-03-27 | N/A |
| Improper verification of cryptographic signature in Smart Switch prior to version 3.7.69.15 allows remote attackers to potentially bypass authentication. | ||||
| CVE-2026-20998 | 1 Samsung | 1 Smart Switch | 2026-03-27 | N/A |
| Improper authentication in Smart Switch prior to version 3.7.69.15 allows remote attackers to bypass authentication. | ||||
| CVE-2026-20999 | 1 Samsung | 1 Smart Switch | 2026-03-27 | N/A |
| Authentication bypass by replay in Smart Switch prior to version 3.7.69.15 allows remote attackers to trigger privileged functions. | ||||