Total
337669 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-2339 | 2026-03-11 | N/A | 7.5 HIGH | ||
| Missing Authentication for Critical Function vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Remote Code Inclusion, Privilege Abuse, Command Injection.This issue affects Liderahenk: before v3.4.0. | |||||
| CVE-2026-23661 | 2026-03-11 | N/A | 7.5 HIGH | ||
| Cleartext transmission of sensitive information in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2026-31792 | 2026-03-11 | N/A | 7.8 HIGH | ||
| iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a null pointer dereference in CIccTagXmlStruct::ParseTag() causing a segmentation fault or denial of service. This vulnerability is fixed in 2.3.1.5. | |||||
| CVE-2026-26105 | 2026-03-11 | N/A | 8.1 HIGH | ||
| Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network. | |||||
| CVE-2025-48611 | 2026-03-11 | N/A | 10.0 CRITICAL | ||
| In DeviceId of DeviceId.java, there is a possible desync in persistence due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2026-25169 | 2026-03-11 | N/A | 6.2 MEDIUM | ||
| Divide by zero in Microsoft Graphics Component allows an unauthorized attacker to deny service locally. | |||||
| CVE-2026-3228 | 2026-03-11 | N/A | 6.4 MEDIUM | ||
| The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `[nxs_fbembed]` shortcode in all versions up to, and including, 4.4.6. This is due to insufficient input sanitization and output escaping on the `snapFB` post meta value. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2026-23674 | 2026-03-11 | N/A | 7.5 HIGH | ||
| Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network. | |||||
| CVE-2026-25190 | 2026-03-11 | N/A | 7.8 HIGH | ||
| Untrusted search path in Windows GDI allows an unauthorized attacker to execute code locally. | |||||
| CVE-2026-30986 | 2026-03-11 | N/A | 5.5 MEDIUM | ||
| iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-based buffer overflow write in CIccMatrixMath::SetRange() causing memory corruption or crash. This vulnerability is fixed in 2.3.1.5. | |||||
| CVE-2026-25836 | 2026-03-11 | N/A | 7.2 HIGH | ||
| An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox Cloud 5.0.4 may allow a privileged attacker with super-admin profile and CLI access to execute unauthorized code or commands via crafted HTTP requests. | |||||
| CVE-2026-31793 | 2026-03-11 | N/A | 5.5 MEDIUM | ||
| iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a segmentation fault due to invalid/wild pointer read in CIccCalculatorFunc::ApplySequence() causing denial of service. This vulnerability is fixed in 2.3.1.5. | |||||
| CVE-2026-23662 | 2026-03-11 | N/A | 7.5 HIGH | ||
| Missing authentication for critical function in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2026-26132 | 2026-03-11 | N/A | 7.8 HIGH | ||
| Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-25179 | 2026-03-11 | N/A | 7.0 HIGH | ||
| Improper validation of specified type of input in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-25172 | 2026-03-11 | N/A | 8.8 HIGH | ||
| Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2026-3862 | 2026-03-11 | N/A | N/A | ||
| Cross-site Scripting (XSS) allows an attacker to submit specially crafted data to the application which is returned unaltered in the resulting web page. | |||||
| CVE-2026-31796 | 2026-03-11 | N/A | 7.8 HIGH | ||
| iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-based buffer overflow in icCurvesFromXml() causing heap memory corruption or crash. This vulnerability is fixed in 2.3.1.5. | |||||
| CVE-2026-26116 | 2026-03-11 | N/A | 8.8 HIGH | ||
| Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network. | |||||
| CVE-2026-30980 | 2026-03-11 | N/A | 5.5 MEDIUM | ||
| iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack overflow in CIccBasicStructFactory::CreateStruct() causing uncontrolled recursion/stack exhaustion and crash. This vulnerability is fixed in 2.3.1.5. | |||||