Export limit exceeded: 341483 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (341483 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-25190 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-03-29 | 7.8 High |
| Untrusted search path in Windows GDI allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-26111 | 1 Microsoft | 22 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 19 more | 2026-03-29 | 8 High |
| Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. | ||||
| CVE-2026-26128 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-03-29 | 7.8 High |
| Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-26132 | 1 Microsoft | 19 Windows 10 21h2, Windows 10 21h2, Windows 10 22h2 and 16 more | 2026-03-29 | 7.8 High |
| Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-23674 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-03-29 | 7.5 High |
| Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network. | ||||
| CVE-2026-20993 | 1 Samsung | 1 Samsung Assistant | 2026-03-29 | N/A |
| Improper export of android application components in Samsung Assistant prior to version 9.3.10.7 allows local attacker to access saved information. | ||||
| CVE-2026-20994 | 1 Samsung | 1 Account | 2026-03-29 | N/A |
| URL redirection in Samsung Account prior to version 15.5.01.1 allows remote attackers to potentially get access token. | ||||
| CVE-2026-2921 | 1 Gstreamer | 1 Gstreamer | 2026-03-29 | 7.8 High |
| GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of palette data in AVI files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28854. | ||||
| CVE-2026-28859 | 1 Apple | 8 Ios And Ipados, Ipados, Iphone Os and 5 more | 2026-03-28 | 4.3 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. A malicious website may be able to process restricted web content outside the sandbox. | ||||
| CVE-2026-28857 | 1 Apple | 6 Ios And Ipados, Ipados, Iphone Os and 3 more | 2026-03-28 | 6.5 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Processing maliciously crafted web content may lead to an unexpected process crash. | ||||
| CVE-2026-20665 | 1 Apple | 8 Ios And Ipados, Ipados, Iphone Os and 5 more | 2026-03-28 | 6.5 Medium |
| This issue was addressed through improved state management. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. | ||||
| CVE-2026-20664 | 1 Apple | 6 Ios And Ipados, Ipados, Iphone Os and 3 more | 2026-03-28 | 4.3 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Processing maliciously crafted web content may lead to an unexpected process crash. | ||||
| CVE-2026-20691 | 1 Apple | 7 Ios And Ipados, Ipados, Iphone Os and 4 more | 2026-03-28 | 4.3 Medium |
| An authorization issue was addressed with improved state management. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4, watchOS 26.4. A maliciously crafted webpage may be able to fingerprint the user. | ||||
| CVE-2026-20643 | 1 Apple | 4 Ios, Ipados, Iphone Os and 1 more | 2026-03-28 | 5.4 Medium |
| A cross-origin issue in the Navigation API was addressed with improved input validation. This issue is fixed in Background Security Improvements for iOS, iPadOS, and macOS, Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Processing maliciously crafted web content may bypass Same Origin Policy. | ||||
| CVE-2018-25206 | 1 Sitemakin | 1 Komseo Cart | 2026-03-28 | 8.2 High |
| KomSeo Cart 1.3 contains an SQL injection vulnerability that allows attackers to inject SQL commands through the 'my_item_search' parameter in edit.php. Attackers can submit POST requests with malicious SQL payloads to extract sensitive database information using boolean-based blind or error-based injection techniques. | ||||
| CVE-2026-33942 | 2 Saloon, Saloonphp | 2 Saloon, Saloon | 2026-03-28 | 9.8 Critical |
| Saloon is a PHP library that gives users tools to build API integrations and SDKs. Versions prior to 4.0.0 used PHP's unserialize() in AccessTokenAuthenticator::unserialize() to restore OAuth token state from cache or storage, with allowed_classes => true. An attacker who can control the serialized string (e.g. by overwriting a cached token file or via another injection) can supply a serialized "gadget" object. When unserialize() runs, PHP instantiates that object and runs its magic methods (__wakeup, __destruct, etc.), leading to object injection. In environments with common dependencies (e.g. Monolog), this can be chained to remote code execution (RCE). The fix in version 4.0.0 removes PHP serialization from the AccessTokenAuthenticator class requiring users to store and resolve the authenticator manually. | ||||
| CVE-2026-34056 | 2 Open-emr, Openemr | 2 Openemr, Openemr | 2026-03-28 | 7.7 High |
| OpenEMR is a free and open source electronic health records and medical practice management application. A Broken Access Control vulnerability in OpenEMR up to and including version 8.0.0.3 allows low-privilege users to view and download Ensora eRx error logs without proper authorization checks. This flaw compromises system confidentiality by exposing sensitive information, potentially leading to unauthorized data disclosure and misuse. As of time of publication, no known patches versions are available. | ||||
| CVE-2026-34051 | 2 Open-emr, Openemr | 2 Openemr, Openemr | 2026-03-28 | 5.4 Medium |
| OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 have an improper access control on the Import/Export functionality, allowing unauthorized users to perform import and export actions through direct request manipulation despite UI restrictions. This can lead to unauthorized data access, bulk data extraction, and manipulation of system data. Version 8.0.0.3 contains a fix. | ||||
| CVE-2025-14684 | 1 Ibm | 2 Maximo Application Suite - Monitor Component, Maximo Application Suite Monitor Component | 2026-03-28 | 4 Medium |
| IBM Maximo Application Suite - Monitor Component 9.1, 9.0, 8.11, and 8.10 could allow an unauthorized user to inject data into log messages due to improper neutralization of special elements when written to log files. | ||||
| CVE-2025-14974 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2026-03-28 | 5.7 Medium |
| IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable due to Insecure Direct Object Reference (IDOR). | ||||