Export limit exceeded: 341622 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (341622 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-7338 | 1 Ruckusnetworks | 30 Ruckus C110, Ruckus E510, Ruckus H320 and 27 more | 2026-03-30 | 7.5 High |
| Ruckus Unleashed contains a remote code execution vulnerability in the web-based management interface that allows authenticated remote attackers to execute arbitrary code on the system when gateway mode is enabled. Attackers can exploit this vulnerability by sending specially crafted requests through the management interface to achieve arbitrary code execution on affected systems. | ||||
| CVE-2026-33529 | 1 Tobychui | 1 Zoraxy | 2026-03-30 | 3.3 Low |
| Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. Prior to version 3.3.2, an authenticated path traversal vulnerability in the configuration import endpoint allows an authenticated user to write arbitrary files outside the config directory, which can lead to RCE by creating a plugin. Version 3.3.2 patches the issue. | ||||
| CVE-2026-33530 | 1 Inventree | 1 Inventree | 2026-03-30 | 7.7 High |
| InvenTree is an Open Source Inventory Management System. Prior to version 1.2.6, certain API endpoints associated with bulk data operations can be hijacked to exfiltrate sensitive information from the database. The bulk operation API endpoints (e.g. `/api/part/`, `/api/stock/`, `/api/order/so/allocation/`, and others) accept a filters parameter that is passed directly to Django's ORM queryset.filter(**filters) without any field allowlisting. This enables any authenticated user to traverse model relationships using Django's __ lookup syntax and perform blind boolean-based data extraction. This issue is patched in version 1.2.6, and 1.3.0 (or above). Users should update to the patched versions. No known workarounds are available. | ||||
| CVE-2026-33531 | 1 Inventree | 1 Inventree | 2026-03-30 | N/A |
| InvenTree is an Open Source Inventory Management System. Prior to version 1.2.6, a path traversal vulnerability in the report template engine allows a staff-level user to read arbitrary files from the server filesystem via crafted template tags. Affected functions: `encode_svg_image()`, `asset()`, and `uploaded_image()` in `src/backend/InvenTree/report/templatetags/report.py`. This requires staff access (to upload / edit templates with maliciously crafted tags). If the InvenTree installation is configured with high access privileges on the host system, this path traversal may allow file access outside of the InvenTree source directory. This issue is patched in version 1.2.6, and 1.3.0 (or above). Users should update to the patched versions. No known workarounds are available. | ||||
| CVE-2026-33535 | 1 Imagemagick | 1 Imagemagick | 2026-03-30 | 4 Medium |
| ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-18 and 6.9.13-43, an out-of-bounds write of a zero byte exists in the X11 `display` interaction path that could lead to a crash. Versions 7.1.2-18 and 6.9.13-43 patch the issue. | ||||
| CVE-2026-0965 | 2 Libssh, Redhat | 3 Libssh, Enterprise Linux, Openshift | 2026-03-30 | N/A |
| A flaw was found in libssh where it can attempt to open arbitrary files during configuration parsing. A local attacker can exploit this by providing a malicious configuration file or when the system is misconfigured. This vulnerability could lead to a Denial of Service (DoS) by causing the system to try and access dangerous files, such as block devices or large system files, which can disrupt normal operations. | ||||
| CVE-2026-0968 | 2 Libssh, Redhat | 3 Libssh, Enterprise Linux, Openshift | 2026-03-30 | N/A |
| A flaw was found in libssh in which a malicious SFTP (SSH File Transfer Protocol) server can exploit this by sending a malformed 'longname' field within an `SSH_FXP_NAME` message during a file listing operation. This missing null check can lead to reading beyond allocated memory on the heap. This can cause unexpected behavior or lead to a denial of service (DoS) due to application crashes. | ||||
| CVE-2026-2272 | 2 Gimp, Redhat | 2 Gimp, Enterprise Linux | 2026-03-30 | 4.3 Medium |
| A flaw was found in GIMP. An integer overflow vulnerability exists when processing ICO image files, specifically in the `ico_read_info` and `ico_read_icon` functions. This issue arises because a size calculation for image buffers can wrap around due to a 32-bit integer evaluation, allowing oversized image headers to bypass security checks. A remote attacker could exploit this by providing a specially crafted ICO file, leading to a buffer overflow and memory corruption, which may result in an application level denial of service. | ||||
| CVE-2026-2436 | 2 Libsoup, Redhat | 2 Libsoup, Enterprise Linux | 2026-03-30 | 6.5 Medium |
| A flaw was found in libsoup's SoupServer. A remote attacker could exploit a use-after-free vulnerability where the `soup_server_disconnect()` function frees connection objects prematurely, even if a TLS handshake is still pending. If the handshake completes after the connection object has been freed, a dangling pointer is accessed, leading to a server crash and a Denial of Service. | ||||
| CVE-2026-33545 | 1 Mobsf | 1 Mobile Security Framework | 2026-03-30 | 5.3 Medium |
| MobSF is a mobile application security testing tool used. Prior to version 4.4.6, MobSF's `read_sqlite()` function in `mobsf/MobSF/utils.py` (lines 542-566) uses Python string formatting (`%`) to construct SQL queries with table names read from a SQLite database's `sqlite_master` table. When a security analyst uses MobSF to analyze a malicious mobile application containing a crafted SQLite database, attacker-controlled table names are interpolated directly into SQL queries without parameterization or escaping. This allows an attacker to cause denial of service and achieve SQL injection. Version 4.4.6 patches the issue. | ||||
| CVE-2026-2100 | 1 Redhat | 2 Enterprise Linux, Openshift | 2026-03-30 | 5.3 Medium |
| A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states. | ||||
| CVE-2026-33537 | 1 Lycheeorg | 1 Lychee | 2026-03-30 | N/A |
| Lychee is a free, open-source photo-management tool. The patch introduced for GHSA-cpgw-wgf3-xc6v (SSRF via `Photo::fromUrl`) contains an incomplete IP validation check that fails to block loopback addresses and link-local addresses. Prior to version 7.5.1, an authenticated user can still reach internal services using direct IP addresses, bypassing all four protection configuration settings even when they are set to their secure defaults. Version 7.5.1 contains a fix for the issue. | ||||
| CVE-2026-33653 | 1 Farisc0de | 1 Uploady | 2026-03-30 | 4.6 Medium |
| Ulloady is a file uploader script with multi-file upload support. A Stored Cross-Site Scripting (XSS) vulnerability exists in versions prior to 3.1.2 due to improper sanitization of filenames during the file upload process. An attacker can upload a file with a malicious filename containing JavaScript code, which is later rendered in the application without proper escaping. When the filename is displayed in the file list or file details page, the malicious script executes in the browser of any user who views the page. Version 3.1.2 fixes the issue. | ||||
| CVE-2026-0964 | 2 Libssh, Redhat | 3 Libssh, Enterprise Linux, Openshift | 2026-03-30 | N/A |
| A malicious SCP server can send unexpected paths that could make the client application override local files outside of working directory. This could be misused to create malicious executable or configuration files and make the user execute them under specific consequences. This is the same issue as in OpenSSH, tracked as CVE-2019-6111. | ||||
| CVE-2026-33674 | 1 Prestashop | 1 Prestashop | 2026-03-30 | 2 Low |
| PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 improperly use the validation framework. Versions 8.2.5 and 9.1.0 contain a fix. No known workarounds are available. | ||||
| CVE-2026-33494 | 1 Ory | 1 Oathkeeper | 2026-03-30 | 10 Critical |
| ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Versions prior to 26.2.0 are vulnerable to an authorization bypass via HTTP path traversal. An attacker can craft a URL containing path traversal sequences (e.g. `/public/../admin/secrets`) that resolves to a protected path after normalization, but is matched against a permissive rule because the raw, un-normalized path is used during rule evaluation. Version 26.2.0 contains a patch. | ||||
| CVE-2026-33495 | 1 Ory | 1 Oathkeeper | 2026-03-30 | 6.5 Medium |
| ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Ory Oathkeeper is often deployed behind other components like CDNs, WAFs, or reverse proxies. Depending on the setup, another component might forward the request to the Oathkeeper proxy with a different protocol (http vs. https) than the original request. In order to properly match the request against the configured rules, Oathkeeper considers the `X-Forwarded-Proto` header when evaluating rules. The configuration option `serve.proxy.trust_forwarded_headers` (defaults to false) governs whether this and other `X-Forwarded-*` headers should be trusted. Prior to version 26.2.0, Oathkeeper did not properly respect this configuration, and would always consider the `X-Forwarded-Proto` header. In order for an attacker to abuse this, an installation of Ory Oathkeeper needs to have distinct rules for HTTP and HTTPS requests. Also, the attacker needs to be able to trigger one but not the other rule. In this scenario, the attacker can send the same request but with the `X-Forwarded-Proto` header in order to trigger the other rule. We do not expect many configurations to meet these preconditions. Version 26.2.0 contains a patch. Ory Oathkeeper will correctly respect the `serve.proxy.trust_forwarded_headers` configuration going forward, thereby eliminating the attack scenario. We recommend upgrading to a fixed version even if the preconditions are not met. As an additional mitigation, it is generally recommended to drop any unexpected headers as early as possible when a request is handled, e.g. in the WAF. | ||||
| CVE-2026-27664 | 1 Siemens | 2 Cpci85 Central Processing\/communication, Sicore Base System | 2026-03-30 | 7.5 High |
| A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.10), SICORE Base system (All versions < V26.10.0). The affected application contains an out-of-bounds write vulnerability while parsing specially crafted XML inputs. This could allow an unauthenticated attacker to exploit this issue by sending a malicious XML request, which may cause the service to crash, resulting in a denial-of-service condition. | ||||
| CVE-2026-33491 | 1 Zenc-lang | 1 Zenc | 2026-03-30 | 7.8 High |
| Zen C is a systems programming language that compiles to human-readable GNU C/C11. Prior to version 0.4.4, a stack-based buffer overflow vulnerability in the Zen C compiler allows attackers to cause a compiler crash or potentially execute arbitrary code by providing a specially crafted Zen C source file (`.zc`) with excessively long struct, function, or trait identifiers. Users are advised to update to Zen C version v0.4.4 or later to receive a patch. | ||||
| CVE-2026-33672 | 1 Micromatch | 1 Picomatch | 2026-03-30 | 5.3 Medium |
| Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to a method injection vulnerability affecting the `POSIX_REGEX_SOURCE` object. Because the object inherits from `Object.prototype`, specially crafted POSIX bracket expressions (e.g., `[[:constructor:]]`) can reference inherited method names. These methods are implicitly converted to strings and injected into the generated regular expression. This leads to incorrect glob matching behavior (integrity impact), where patterns may match unintended filenames. The issue does not enable remote code execution, but it can cause security-relevant logic errors in applications that rely on glob matching for filtering, validation, or access control. All users of affected `picomatch` versions that process untrusted or user-controlled glob patterns are potentially impacted. This issue is fixed in picomatch 4.0.4, 3.0.2 and 2.3.2. Users should upgrade to one of these versions or later, depending on their supported release line. If upgrading is not immediately possible, avoid passing untrusted glob patterns to picomatch. Possible mitigations include sanitizing or rejecting untrusted glob patterns, especially those containing POSIX character classes like `[[:...:]]`; avoiding the use of POSIX bracket expressions if user input is involved; and manually patching the library by modifying `POSIX_REGEX_SOURCE` to use a null prototype. | ||||