Export limit exceeded: 34746 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (34746 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-4722 | 1 Mozilla | 1 Firefox | 2026-03-24 | 8.8 High |
| Privilege escalation in the IPC component. This vulnerability affects Firefox < 149 and Thunderbird < 149. | ||||
| CVE-2026-4717 | 1 Mozilla | 1 Firefox | 2026-03-24 | 9.8 Critical |
| Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. | ||||
| CVE-2026-4712 | 1 Mozilla | 1 Firefox | 2026-03-24 | 7.5 High |
| Information disclosure in the Widget: Cocoa component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. | ||||
| CVE-2026-4705 | 1 Mozilla | 1 Firefox | 2026-03-24 | 9.8 Critical |
| Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. | ||||
| CVE-2026-4704 | 1 Mozilla | 1 Firefox | 2026-03-24 | 7.5 High |
| Denial-of-service in the WebRTC: Signaling component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. | ||||
| CVE-2026-4700 | 1 Mozilla | 1 Firefox | 2026-03-24 | 9.8 Critical |
| Mitigation bypass in the Networking: HTTP component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. | ||||
| CVE-2026-30653 | 1 Free5gc | 1 Free5gc | 2026-03-24 | 7.5 High |
| An issue in Free5GC v.4.2.0 and before allows a remote attacker to cause a denial of service via the function HandleAuthenticationFailure of the component AMF | ||||
| CVE-2026-26123 | 1 Microsoft | 3 Authenticator, Authenticator For Android, Authenticator For Ios | 2026-03-24 | 5.5 Medium |
| Cwe is not in rca categories in Microsoft Authenticator allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2026-26106 | 1 Microsoft | 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 | 2026-03-24 | 8.8 High |
| Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | ||||
| CVE-2026-23654 | 1 Microsoft | 3 Gihub Repo Zero Shot Scfoundation, Gihub Repo Zero Shot Scfoundation, Zero-shot-scfoundation | 2026-03-24 | 8.8 High |
| Dependency on vulnerable third-party component in GitHub Repo: zero-shot-scfoundation allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-26148 | 1 Microsoft | 1 Azure Ad Ssh Login Extension For Linux | 2026-03-24 | 8.1 High |
| External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate privileges locally. | ||||
| CVE-2026-26125 | 1 Microsoft | 1 Payment Orchestrator Service | 2026-03-24 | 8.6 High |
| Payment Orchestrator Service Elevation of Privilege Vulnerability | ||||
| CVE-2026-21536 | 1 Microsoft | 1 Devices Pricing Program | 2026-03-24 | 9.8 Critical |
| Microsoft Devices Pricing Program Remote Code Execution Vulnerability | ||||
| CVE-2026-23660 | 1 Microsoft | 3 Azure Portal Windows Admin Center, Windows Admin Center, Windows Admin Center In Azure Portal | 2026-03-24 | 7.8 High |
| Improper access control in Azure Portal Windows Admin Center allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-32609 | 1 Nicolargo | 1 Glances | 2026-03-24 | 7.5 High |
| Glances is an open-source system cross-platform monitoring tool. The GHSA-gh4x fix (commit 5d3de60) addressed unauthenticated configuration secrets exposure on the `/api/v4/config` endpoints by introducing `as_dict_secure()` redaction. However, the `/api/v4/args` and `/api/v4/args/{item}` endpoints were not addressed by this fix. These endpoints return the complete command-line arguments namespace via `vars(self.args)`, which includes the password hash (salt + pbkdf2_hmac), SNMP community strings, SNMP authentication keys, and the configuration file path. When Glances runs without `--password` (the default), these endpoints are accessible without any authentication. Version 4.5.2 provides a more complete fix. | ||||
| CVE-2025-14031 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2026-03-24 | 7.5 High |
| IBM Sterling B2B Integrator and and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 could allow an unauthenticated attacker to send a specially crafted request that causes the application to crash. | ||||
| CVE-2026-25937 | 2 Glpi-project, Teclib-edition | 2 Glpi, Glpi | 2026-03-24 | 6.5 Medium |
| GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, a malicious actor with knowledge of a user's credentials can bypass MFA and steal their account. Version 11.0.6 fixes the issue. | ||||
| CVE-2026-2476 | 1 Mattermost | 1 Ms Teams | 2026-03-24 | 7.6 High |
| Mattermost Plugins versions <=2.0.3.0 fail to properly mask sensitive configuration values which allows an attacker with access to support packets to obtain original plugin settings via exported configuration data. Mattermost Advisory ID: MMSA-2026-00606 | ||||
| CVE-2023-53553 | 1 Linux | 1 Linux Kernel | 2026-03-23 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: HID: hyperv: avoid struct memcpy overrun warning A previous patch addressed the fortified memcpy warning for most builds, but I still see this one with gcc-9: In file included from include/linux/string.h:254, from drivers/hid/hid-hyperv.c:8: In function 'fortify_memcpy_chk', inlined from 'mousevsc_on_receive' at drivers/hid/hid-hyperv.c:272:3: include/linux/fortify-string.h:583:4: error: call to '__write_overflow_field' declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror=attribute-warning] 583 | __write_overflow_field(p_size_field, size); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ My guess is that the WARN_ON() itself is what confuses gcc, so it no longer sees that there is a correct range check. Rework the code in a way that helps readability and avoids the warning. | ||||
| CVE-2023-53535 | 1 Linux | 1 Linux Kernel | 2026-03-23 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: net: bcmgenet: Add a check for oversized packets Occasionnaly we may get oversized packets from the hardware which exceed the nomimal 2KiB buffer size we allocate SKBs with. Add an early check which drops the packet to avoid invoking skb_over_panic() and move on to processing the next packet. | ||||