Total
338653 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-2326 | 2026-03-16 | N/A | N/A | ||
| Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2026-27332 | 2026-03-16 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Skygroup Agrofood allows Reflected XSS.This issue affects Agrofood: from n/a before 1.4.0. | |||||
| CVE-2026-27264 | 2026-03-16 | N/A | N/A | ||
| Rejected reason: This CVE ID was issued in error by its CVE Numbering Authority. | |||||
| CVE-2026-27263 | 2026-03-16 | N/A | N/A | ||
| Rejected reason: This CVE ID was issued in error by its CVE Numbering Authority. | |||||
| CVE-2026-27261 | 2026-03-16 | N/A | N/A | ||
| Rejected reason: This CVE ID was issued in error by its CVE Numbering Authority. | |||||
| CVE-2026-27260 | 2026-03-16 | N/A | N/A | ||
| Rejected reason: This CVE ID was issued in error by its CVE Numbering Authority. | |||||
| CVE-2026-27259 | 2026-03-16 | N/A | N/A | ||
| Rejected reason: This CVE ID was issued in error by its CVE Numbering Authority. | |||||
| CVE-2026-26795 | 1 Gl-inet | 2 Ar300m16, Ar300m16 Firmware | 2026-03-16 | N/A | 9.8 CRITICAL |
| GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the module parameter in the M.get_system_log function. This vulnerability allows attackers to execute arbitrary commands via a crafted input. | |||||
| CVE-2026-26794 | 1 Gl-inet | 2 Ar300m16, Ar300m16 Firmware | 2026-03-16 | N/A | 8.8 HIGH |
| GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a SQL injection vulnerability via the add_group() function. This vulnerability allows attackers to execute arbitrary SQL database operations via a crafted HTTP request. | |||||
| CVE-2026-26792 | 1 Gl-inet | 2 Ar300m16, Ar300m16 Firmware | 2026-03-16 | N/A | 9.8 CRITICAL |
| GL-iNet GL-AR300M16 v4.3.11 was discovered to contain multiple command injection vulnerabilities in the set_upgrade function via the modem_url, target_version, current_version, firmware_upload, hash_type, hash_value, and upgrade_type parameters. These vulnerabilities allow attackers to execute arbitrary commands via a crafted input. | |||||
| CVE-2026-26791 | 1 Gl-inet | 2 Ar300m16, Ar300m16 Firmware | 2026-03-16 | N/A | 9.8 CRITICAL |
| GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the string port parameter in the enable_echo_server function. This vulnerability allows attackers to execute arbitrary commands via a crafted input. | |||||
| CVE-2026-22572 | 1 Fortinet | 3 Fortianalyzer, Fortimanager, Fortimanager Cloud | 2026-03-16 | N/A | 7.2 HIGH |
| An authentication bypass using an alternate path or channel vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.2 through 7.2.11, FortiManager 7.6.0 through 7.6.3, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2.2 through 7.2.11 may allow an attacker with knowledge of the admins password to bypass multifactor authentication checks via submitting multiple crafted requests. | |||||
| CVE-2026-20675 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2026-03-16 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved bounds checks. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. Processing a maliciously crafted image may lead to disclosure of user information. | |||||
| CVE-2026-20616 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2026-03-16 | N/A | 8.8 HIGH |
| An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, macOS Tahoe 26.3, macOS Sonoma 14.8.4, visionOS 26.3. Processing a maliciously crafted USD file may lead to unexpected app termination. | |||||
| CVE-2026-20611 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2026-03-16 | N/A | 7.8 HIGH |
| An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory. | |||||
| CVE-2025-9904 | 2026-03-16 | N/A | 5.3 MEDIUM | ||
| Unallocated memory access vulnerability in print processing of Generic Plus PCL6 Printer Driver / Generic Plus UFR II Printer Driver / Generic Plus LIPS4 Printer Driver / Generic Plus LIPSLX Printer Driver / Generic Plus PS Printer Driver / UFRII LT Printer Driver / CARPS2 Printer Driver / Generic FAX Driver / LIPS4 Printer Driver / LIPSLX Printer Driver / UFR II Printer Driver / PS Printer Driver / PCL6 Printer Driver | |||||
| CVE-2025-9903 | 2026-03-16 | N/A | 5.9 MEDIUM | ||
| Out-of-bounds write vulnerabilities in print processing of Generic Plus PCL6 Printer Driver / Generic Plus UFR II Printer Driver / Generic Plus LIPS4 Printer Driver / Generic Plus LIPSLX Printer Driver / Generic Plus PS Printer Driver / UFRII LT Printer Driver / CARPS2 Printer Driver / Generic FAX Driver / LIPS4 Printer Driver / LIPSLX Printer Driver / UFR II Printer Driver / PS Printer Driver / PCL6 Printer Driver | |||||
| CVE-2025-7698 | 2026-03-16 | N/A | 5.9 MEDIUM | ||
| Out-of-bounds read vulnerabilities in print processing of Generic Plus PCL6 Printer Driver / Generic Plus UFR II Printer Driver / Generic Plus LIPS4 Printer Driver / Generic Plus LIPSLX Printer Driver / Generic Plus PS Printer Driver / UFRII LT Printer Driver / CARPS2 Printer Driver / Generic FAX Driver / LIPS4 Printer Driver / LIPSLX Printer Driver / UFR II Printer Driver / PS Printer Driver / PCL6 Printer Driver | |||||
| CVE-2025-70873 | 2026-03-16 | N/A | 7.5 HIGH | ||
| An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file. | |||||
| CVE-2025-66955 | 2026-03-16 | N/A | 6.5 MEDIUM | ||
| Local File Inclusion in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote authenticated users to access files on the host via "path" parameter in the downloadAttachment and downloadAttachmentFromPath API calls. | |||||