Export limit exceeded: 356363 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (8454 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-27555 | 1 Apache | 1 Airflow | 2026-03-11 | 6.5 Medium |
| Airflow versions before 2.11.1 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive connection parameters were set via airflow CLI, values of those variables appeared in the audit log and were stored unencrypted in the Airflow database. While this risk is limited to users with audit log access, it is recommended to upgrade to Airflow 2.11.1 or a later version, which addresses this issue. Users who previously used the CLI to set connections should manually delete entries with those connection sensitive values from the log table. This is similar but not the same issue as CVE-2024-50378 | ||||
| CVE-2025-11739 | 1 Schneider-electric | 2 Ecostruxure Power Monitoring Expert, Ecostruxure Power Operation With Advanced Reporting And Dashboards | 2026-03-11 | N/A |
| CWE‑502: Deserialization of Untrusted Data vulnerability exists that could cause arbitrary code execution with administrative privileges when a locally authenticated attacker sends a crafted data stream, triggering unsafe deserialization. | ||||
| CVE-2025-26399 | 1 Solarwinds | 1 Web Help Desk | 2026-03-10 | 9.8 Critical |
| SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986. | ||||
| CVE-2025-15318 | 1 Tanium | 3 End-user Notifications, End-user Notifications Endpoint Tools, Endpoint End-user-notifications | 2026-03-09 | 5.1 Medium |
| Tanium addressed an arbitrary file deletion vulnerability in End-User Notifications Endpoint Tools. | ||||
| CVE-2025-15319 | 1 Tanium | 2 Endpoint Patch, Patch Endpoint Tools | 2026-03-09 | 7.8 High |
| Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools. | ||||
| CVE-2025-15543 | 1 Tp-link | 2 Vx800v, Vx800v Firmware | 2026-03-09 | 4.6 Medium |
| Improper link resolution in USB HTTP access path in VX800v v1.0 allows a crafted USB device to expose root filesystem contents, giving an attacker with physical access read‑only access to system files. | ||||
| CVE-2025-15541 | 1 Tp-link | 2 Vx800v, Vx800v Firmware | 2026-03-09 | 6.3 Medium |
| Improper link resolution in the VX800v v1.0 SFTP service allows authenticated adjacent attackers to use crafted symbolic links to access system files, resulting in high confidentiality impact and limited integrity risk. | ||||
| CVE-2023-2881 | 1 Pimcore | 1 Customer Management Framework | 2026-03-06 | 4.9 Medium |
| Storing Passwords in a Recoverable Format in GitHub repository pimcore/customer-data-framework prior to 3.3.10. | ||||
| CVE-2025-27899 | 1 Ibm | 2 Db2 Recovery Expert, Db2 Recovery Expert For Luw | 2026-03-06 | 5.3 Medium |
| IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 discloses sensitive information in an environment variable that could aid in further attacks against the system. | ||||
| CVE-2021-22681 | 1 Rockwellautomation | 20 Compact Guardlogix 5370, Compact Guardlogix 5380, Compactlogix 1768 and 17 more | 2026-03-06 | 9.8 Critical |
| Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800. Rockwell Automation Studio 5000 Logix Designer Versions 21 and later and RSLogix 5000: Versions 16 through 20 are vulnerable because an unauthenticated attacker could bypass this verification mechanism and authenticate with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800. | ||||
| CVE-2025-48635 | 1 Google | 1 Android | 2026-03-06 | 7.7 High |
| In multiple functions of TaskFragmentOrganizerController.java, there is a possible activity token leak due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-48582 | 1 Google | 1 Android | 2026-03-06 | 8.4 High |
| In multiple locations, there is a possible way to delete media without the MANAGE_EXTERNAL_STORAGE permission due to an intent redirect. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-66680 | 1 Wisecleaner | 1 Wise Force Deleter | 2026-03-05 | 7.1 High |
| An issue in the WiseDelfile64.sys component of WiseCleaner Wise Force Deleter 7.3.2 and earlier allows attackers to delete arbitrary files via a crafted request. | ||||
| CVE-2025-68146 | 1 Tox-dev | 1 Filelock | 2026-03-05 | 6.3 Medium |
| filelock is a platform-independent file lock for Python. In versions prior to 3.20.1, a Time-of-Check-Time-of-Use (TOCTOU) race condition allows local attackers to corrupt or truncate arbitrary user files through symlink attacks. The vulnerability exists in both Unix and Windows lock file creation where filelock checks if a file exists before opening it with O_TRUNC. An attacker can create a symlink pointing to a victim file in the time gap between the check and open, causing os.open() to follow the symlink and truncate the target file. All users of filelock on Unix, Linux, macOS, and Windows systems are impacted. The vulnerability cascades to dependent libraries. The attack requires local filesystem access and ability to create symlinks (standard user permissions on Unix; Developer Mode on Windows 10+). Exploitation succeeds within 1-3 attempts when lock file paths are predictable. The issue is fixed in version 3.20.1. If immediate upgrade is not possible, use SoftFileLock instead of UnixFileLock/WindowsFileLock (note: different locking semantics, may not be suitable for all use cases); ensure lock file directories have restrictive permissions (chmod 0700) to prevent untrusted users from creating symlinks; and/or monitor lock file directories for suspicious symlinks before running trusted applications. These workarounds provide only partial mitigation. The race condition remains exploitable. Upgrading to version 3.20.1 is strongly recommended. | ||||
| CVE-2025-62879 | 1 Suse | 2 Rancher, Rancher Backup And Restore Operator | 2026-03-05 | 6.8 Medium |
| A vulnerability has been identified within the Rancher Backup Operator, resulting in the leakage of S3 tokens (both accessKey and secretKey) into the rancher-backup-operator pod's logs. | ||||
| CVE-2025-34394 | 3 Amidaware, Barracuda, Barracuda Networks | 3 Tactical Rmm, Rmm, Rmm | 2026-03-05 | 9.8 Critical |
| Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, exposes a .NET Remoting service that is insufficiently protected against deserialization of arbitrary types. This can lead to remote code execution. | ||||
| CVE-2020-37104 | 2 Astpp, Inextrix | 2 Astpp, Astpp | 2026-03-05 | 7.5 High |
| ASTPP 4.0.1 contains an information disclosure vulnerability that allows unauthenticated attackers to download database backup files by predicting backup filename patterns. Attackers can generate a list of 6-digit PIN combinations and fuzz the backup download URL to exfiltrate sensitive database information from the /database_backup/ directory. | ||||
| CVE-2020-37097 | 1 Edimax | 2 Ew-7438rpn Mini, Ew-7438rpn Mini Firmware | 2026-03-05 | 7.5 High |
| Edimax EW-7438RPn 1.13 contains an information disclosure vulnerability that exposes WiFi network configuration details through the wlencrypt_wiz.asp file. Attackers can access the script to retrieve sensitive information including WiFi network name and plaintext password stored in device configuration variables. | ||||
| CVE-2020-37082 | 1 Weberp | 1 Weberp | 2026-03-05 | 9.8 Critical |
| webERP 4.15.1 contains an unauthenticated file access vulnerability that allows remote attackers to download database backup files without authentication. Attackers can directly access generated backup files in the companies/weberp/ directory by requesting the Backup_[timestamp].sql.gz file. | ||||
| CVE-2020-36968 | 1 Tildeslash | 2 M\/monit, Monit | 2026-03-05 | 6.5 Medium |
| M/Monit 3.7.4 contains an authentication vulnerability that allows authenticated attackers to retrieve user password hashes through an administrative API endpoint. Attackers can send requests to the /api/1/admin/users/list and /api/1/admin/users/get endpoints to extract MD5 password hashes for all users. | ||||