Total
686 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-3668 | 2026-03-09 | 2.6 LOW | 3.1 LOW | ||
| A weakness has been identified in Freedom Factory dGEN1 up to 20260221. This affects the function AndroidEthereum of the component org.ethosmobile.webpwaemul. This manipulation causes improper access controls. Remote exploitation of the attack is possible. The attack is considered to have high complexity. The exploitability is reported as difficult. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-3674 | 2026-03-09 | 4.3 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability was found in Freedom Factory dGEN1 up to 20260221. Affected by this vulnerability is the function FakeAppProvider of the component org.ethosmobile.ethoslauncher. Performing a manipulation results in improper authorization. The attack must be initiated from a local position. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-3669 | 2026-03-09 | 4.3 MEDIUM | 5.3 MEDIUM | ||
| A security vulnerability has been detected in Freedom Factory dGEN1 up to 20260221. This impacts the function AlarmService of the component com.dgen.alarm. Such manipulation leads to improper authorization. The attack needs to be performed locally. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-3209 | 2026-03-08 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability has been found in fosrl Pangolin up to 1.15.4-s.3. This affects the function verifyRoleAccess/verifyApiKeyRoleAccess of the component Role Handler. The manipulation leads to improper access controls. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. Upgrading to version 1.15.4-s.4 mitigates this issue. The identifier of the patch is 5e37c4e85fae68e756be5019a28ca903b161fdd5. Upgrading the affected component is advised. | |||||
| CVE-2026-1963 | 1 Wekan Project | 1 Wekan | 2026-03-06 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in WeKan up to 8.20. This affects an unknown function of the file models/attachments.js of the component Attachment Storage. The manipulation results in improper access controls. The attack may be launched remotely. Upgrading to version 8.21 mitigates this issue. The patch is identified as c413a7e860bc4d93fe2adcf82516228570bf382d. Upgrading the affected component is advised. | |||||
| CVE-2026-27983 | 2026-03-06 | N/A | 9.8 CRITICAL | ||
| Incorrect Privilege Assignment vulnerability in designthemes LMS Elementor Pro lms-elementor-pro allows Privilege Escalation.This issue affects LMS Elementor Pro: from n/a through <= 1.0.4. | |||||
| CVE-2026-2141 | 1 5kcrm | 1 Wukongcrm | 2026-03-05 | 6.5 MEDIUM | 6.3 MEDIUM |
| A security flaw has been discovered in WuKongOpenSource WukongCRM up to 11.3.3. This affects an unknown part of the file gateway/src/main/java/com/kakarote/gateway/service/impl/PermissionServiceImpl.java of the component URL Handler. Performing a manipulation results in improper authorization. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-0871 | 1 Redhat | 2 Build Of Keycloak, Keycloak | 2026-03-05 | N/A | 4.9 MEDIUM |
| A flaw was found in Keycloak. An administrator with `manage-users` permission can bypass the "Only administrators can view" setting for unmanaged attributes, allowing them to modify these attributes. This improper access control can lead to unauthorized changes to user profiles, even when the system is configured to restrict such modifications. | |||||
| CVE-2025-15597 | 1 Fit2cloud | 1 Sqlbot | 2026-03-05 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability has been found in Dataease SQLBot up to 1.4.0. This affects an unknown function of the file backend/apps/system/api/assistant.py of the component API Endpoint. Such manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.5.0 mitigates this issue. The name of the patch is d640ac31d1ce64ce90e06cf7081163915c9fc28c. Upgrading the affected component is recommended. Multiple endpoints are affected. The vendor was contacted early about this disclosure. | |||||
| CVE-2026-21425 | 1 Dell | 1 Powerscale Onefs | 2026-03-04 | N/A | 6.7 MEDIUM |
| Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an incorrect privilege assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. | |||||
| CVE-2026-3265 | 1 Go2ismail | 1 Free-crm | 2026-03-03 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was identified in go2ismail Free-CRM up to b83c40a90726d5e58f0cc680ffdcaa28a03fb5d1. This affects an unknown part of the file /api/Security/ of the component Security API. The manipulation leads to improper authorization. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-3263 | 1 Go2ismail | 1 Asp.net-core-inventory-order-management-system | 2026-03-03 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in go2ismail Asp.Net-Core-Inventory-Order-Management-System up to 9.20250118. Affected by this vulnerability is an unknown functionality of the file /api/Security/ of the component Security API. Performing a manipulation results in improper authorization. Remote exploitation of the attack is possible. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-33179 | 1 Nvidia | 5 Cumulus Linux, Dgx Gb200, Gb300 Nvl72 and 2 more | 2026-02-27 | N/A | 8.0 HIGH |
| NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could run an unauthorized command. A successful exploit of this vulnerability might lead to escalation of privileges. | |||||
| CVE-2025-69378 | 2026-02-27 | N/A | 7.3 HIGH | ||
| Incorrect Privilege Assignment vulnerability in XforWooCommerce Product Filter for WooCommerce prdctfltr allows Privilege Escalation.This issue affects Product Filter for WooCommerce: from n/a through <= 9.1.2. | |||||
| CVE-2026-2109 | 1 Jsbroks | 1 Coco Annotator | 2026-02-27 | 5.5 MEDIUM | 5.4 MEDIUM |
| A vulnerability was identified in jsbroks COCO Annotator up to 0.11.1. Affected is an unknown function of the file /api/undo/ of the component Delete Category Handler. Such manipulation of the argument ID leads to improper authorization. The attack may be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-1106 | 1 Chamilo | 1 Chamilo Lms | 2026-02-27 | 5.5 MEDIUM | 5.4 MEDIUM |
| A security flaw has been discovered in Chamilo LMS up to 2.0.0 Beta 1. This issue affects the function deleteLegal of the file src/CoreBundle/Controller/SocialController.php of the component Legal Consent Handler. Performing a manipulation of the argument userId results in improper authorization. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-2852 | 1 Yeqifu | 1 Warehouse | 2026-02-26 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This issue affects the function addSales/updateSales/deleteSales of the file dataset\repos\warehouse\src\main\java\com\yeqifu\bus\controller\SalesController.java of the component Sales Endpoint. The manipulation leads to improper access controls. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The project was informed of the problem early through an issue report but has not responded yet. | |||||
| CVE-2026-2667 | 1 Rongzhitong | 1 Visual Integrated Command And Dispatch Platform | 2026-02-26 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been found in Rongzhitong Visual Integrated Command and Dispatch Platform up to 20260206. The impacted element is an unknown function of the file /dispatch/api?cmd=userinfo. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-2668 | 1 Rongzhitong | 1 Visual Integrated Command And Dispatch Platform | 2026-02-26 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in Rongzhitong Visual Integrated Command and Dispatch Platform up to 20260206. This affects an unknown function of the file /dm/dispatch/user/add of the component User Handler. The manipulation results in improper access controls. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-2669 | 1 Rongzhitong | 1 Visual Integrated Command And Dispatch Platform | 2026-02-26 | 6.4 MEDIUM | 6.5 MEDIUM |
| A vulnerability was determined in Rongzhitong Visual Integrated Command and Dispatch Platform up to 20260206. This impacts an unknown function of the file /dm/dispatch/user/delete of the component User Handler. This manipulation of the argument ID causes improper access controls. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | |||||