Total
34933 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-27443 | 1 Seppmail | 1 Seppmail | 2026-03-05 | N/A | 7.5 HIGH |
| SEPPmail Secure Email Gateway before version 15.0.1 does not properly sanitize the headers from S/MIME protected MIME entities, allowing an attacker to control trusted headers. | |||||
| CVE-2026-2747 | 1 Seppmail | 1 Seppmail | 2026-03-05 | N/A | 7.5 HIGH |
| SEPPmail Secure Email Gateway before version 15.0.1 decrypts inline PGP messages without isolating them from surrounding unencrypted content, allowing exposure of sensitive information to an unauthorized actor. | |||||
| CVE-2026-2975 | 1 Fastapiadmin | 1 Fastapiadmin | 2026-03-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| A security flaw has been discovered in FastApiAdmin up to 2.2.0. Affected by this vulnerability is the function reset_api_docs of the file /backend/app/plugin/init_app.py of the component Custom Documentation Endpoint. The manipulation results in information disclosure. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. | |||||
| CVE-2026-24924 | 1 Huawei | 1 Harmonyos | 2026-03-05 | N/A | 6.1 MEDIUM |
| Vulnerability of improper permission control in the print module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2026-0871 | 1 Redhat | 2 Build Of Keycloak, Keycloak | 2026-03-05 | N/A | 4.9 MEDIUM |
| A flaw was found in Keycloak. An administrator with `manage-users` permission can bypass the "Only administrators can view" setting for unmanaged attributes, allowing them to modify these attributes. This improper access control can lead to unauthorized changes to user profiles, even when the system is configured to restrict such modifications. | |||||
| CVE-2026-20601 | 1 Apple | 1 Macos | 2026-03-04 | N/A | 3.3 LOW |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.3. An app may be able to monitor keystrokes without user permission. | |||||
| CVE-2025-36364 | 1 Ibm | 1 Devops Plan | 2026-03-04 | N/A | 6.2 MEDIUM |
| IBM DevOps Plan 3.0.0 through 3.0.5 allows web page cache to be stored locally which can be read by another user on the system. | |||||
| CVE-2026-28559 | 1 Gvectors | 1 Wpforo Forum | 2026-03-04 | N/A | 5.3 MEDIUM |
| wpForo Forum 2.4.14 contains an information disclosure vulnerability that allows unauthenticated users to retrieve private and unapproved forum topics via the global RSS feed endpoint. Attackers request the RSS feed without a forum ID parameter, bypassing the privacy and status WHERE clauses that are only applied when a specific forum ID is present in the query. | |||||
| CVE-2023-4631 | 1 Wpdo | 1 Dologin Security | 2026-03-03 | N/A | 5.3 MEDIUM |
| The DoLogin Security WordPress plugin before 3.7 uses headers such as the X-Forwarded-For to retrieve the IP address of the request, which could lead to IP spoofing. | |||||
| CVE-2026-21928 | 1 Oracle | 1 Solaris | 2026-03-03 | N/A | 5.3 MEDIUM |
| Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2026-24314 | 1 Sap | 2 S\/4hana Uiapfi70, S\/4hana Uis4h | 2026-03-03 | N/A | 4.3 MEDIUM |
| Under certain conditions SAP S/4HANA (Manage Payment Media) allows an authenticated attacker to access information which would otherwise be restricted. This could cause low impact on confidentiality of the application while integrity and availability are not impacted. | |||||
| CVE-2025-55749 | 1 Xwiki | 1 Xwiki | 2026-03-02 | N/A | 7.5 HIGH |
| XWiki is an open-source wiki software platform. From 16.7.0 to 16.10.11, 17.4.4, or 17.7.0, in an instance which is using the XWiki Jetty package (XJetty), a context is exposed to statically access any file located in the webapp/ folder. It allows accessing files which might contains credentials. Fixed in 16.10.11, 17.4.4, and 17.7.0. | |||||
| CVE-2026-27975 | 1 Ajenti | 1 Ajenti | 2026-03-02 | N/A | 9.8 CRITICAL |
| Ajenti is a Linux and BSD modular server admin panel. Prior to version 2.2.13, an unauthenticated user could gain access to a server to execute arbitrary code on this server. This is fixed in the version 2.2.13. | |||||
| CVE-2025-66374 | 1 Cyberark | 1 Endpoint Privilege Manager | 2026-02-28 | N/A | 7.8 HIGH |
| CyberArk Endpoint Privilege Manager Agent through 25.10.0 allows a local user to achieve privilege escalation through policy elevation of an Administration task. | |||||
| CVE-2024-26480 | 1 Statping-ng | 1 Statping-ng | 2026-02-28 | N/A | 7.5 HIGH |
| An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the admin parameter. | |||||
| CVE-2026-26369 | 1 Jung-group | 1 Enet Smart Home | 2026-02-28 | N/A | 9.8 CRITICAL |
| eNet SMART HOME server 2.2.1 and 2.3.1 contains a privilege escalation vulnerability due to insufficient authorization checks in the setUserGroup JSON-RPC method. A low-privileged user (UG_USER) can send a crafted POST request to /jsonrpc/management specifying their own username to elevate their account to the UG_ADMIN group, bypassing intended access controls and gaining administrative capabilities such as modifying device configurations, network settings, and other smart home system functions. | |||||
| CVE-2026-1747 | 1 Gitlab | 1 Gitlab | 2026-02-28 | N/A | 4.3 MEDIUM |
| GitLab has remediated an issue in GitLab EE affecting all versions from 17.11 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that, under certain conditions, could have allowed Developer-role users with insufficient privileges to make unauthorized modifications to protected Conan packages. | |||||
| CVE-2026-27959 | 1 Koajs | 1 Koa | 2026-02-28 | N/A | 7.5 HIGH |
| Koa is middleware for Node.js using ES2017 async functions. Prior to versions 3.1.2 and 2.16.4, Koa's `ctx.hostname` API performs naive parsing of the HTTP Host header, extracting everything before the first colon without validating the input conforms to RFC 3986 hostname syntax. When a malformed Host header containing a `@` symbol is received, `ctx.hostname` returns `evil[.]com` - an attacker-controlled value. Applications using `ctx.hostname` for URL generation, password reset links, email verification URLs, or routing decisions are vulnerable to Host header injection attacks. Versions 3.1.2 and 2.16.4 fix the issue. | |||||
| CVE-2026-21718 | 1 Copeland | 6 Xweb 300d Pro, Xweb 300d Pro Firmware, Xweb 500b Pro and 3 more | 2026-02-27 | N/A | 10.0 CRITICAL |
| An authentication bypass vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, enabling any attackers to bypass the authentication requirement and achieve pre-authenticated code execution on the system. | |||||
| CVE-2026-22877 | 1 Copeland | 6 Xweb 300d Pro, Xweb 300d Pro Firmware, Xweb 500b Pro and 3 more | 2026-02-27 | N/A | 3.7 LOW |
| An arbitrary file-read vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling unauthenticated attackers to read arbitrary files on the system, and potentially causing a denial-of-service attack. | |||||