Total
335432 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-3044 | 1 Tenda | 2 Ac8, Ac8 Firmware | 2026-02-25 | 8.8 High |
| A vulnerability has been found in Tenda AC8 16.03.34.06. This affects the function webCgiGetUploadFile of the file /cgi-bin/UploadCfg of the component Httpd Service. The manipulation of the argument boundary leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-48782 | 1 Fortinet | 1 Fortiwlm | 2026-02-25 | 8.6 High |
| A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters | ||||
| CVE-2023-41678 | 1 Fortinet | 2 Fortios, Fortipam | 2026-02-25 | 8.3 High |
| A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiPAM version 1.0.0 through 1.0.3, 1.1.0 through 1.1.1 allows attacker to execute unauthorized code or commands via specifically crafted request. | ||||
| CVE-2026-3043 | 2 Admerc, Itsourcecode | 2 Event Management System, Event Management System | 2026-02-25 | 4.3 Medium |
| A flaw has been found in itsourcecode Event Management System 1.0. The impacted element is an unknown function of the file /admin/navbar.php. Executing a manipulation of the argument page can lead to cross site scripting. The attack may be performed from remote. The exploit has been published and may be used. | ||||
| CVE-2026-3042 | 2 Admerc, Itsourcecode | 2 Event Management System, Event Management System | 2026-02-25 | 7.3 High |
| A vulnerability was detected in itsourcecode Event Management System 1.0. The affected element is an unknown function of the file /admin/index.php. Performing a manipulation of the argument ID results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used. | ||||
| CVE-2019-25391 | 1 Ashopsoftware | 1 Ashop Shopping Cart Software | 2026-02-25 | 8.2 High |
| Ashop Shopping Cart Software contains a time-based blind SQL injection vulnerability that allows attackers to manipulate database queries through the blacklistitemid parameter. Attackers can send POST requests to the admin/bannedcustomers.php endpoint with crafted SQL payloads using SLEEP functions to extract sensitive database information. | ||||
| CVE-2022-30206 | 1 Microsoft | 21 Windows 10, Windows 10 1507, Windows 10 1607 and 18 more | 2026-02-25 | 7.8 High |
| Windows Print Spooler Elevation of Privilege Vulnerability | ||||
| CVE-2023-47041 | 3 Adobe, Apple, Microsoft | 3 Media Encoder, Macos, Windows | 2026-02-25 | 7.8 High |
| Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2023-47042 | 3 Adobe, Apple, Microsoft | 3 Media Encoder, Macos, Windows | 2026-02-25 | 7.8 High |
| Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2023-47046 | 3 Adobe, Apple, Microsoft | 3 Audition, Macos, Windows | 2026-02-25 | 5.5 Medium |
| Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-69208 | 1 Free5gc | 1 Udr | 2026-02-25 | 5.3 Medium |
| free5GC UDR is the user data repository (UDR) for free5GC, an an open-source project for 5th generation (5G) mobile core networks. Versions prior to 1.4.1 contain an Improper Error Handling vulnerability with Information Exposure. All deployments of free5GC using the Nnef_PfdManagement service may be affected. The NEF component reliably leaks internal parsing errors (e.g., invalid character 'n' after top-level value) to remote clients. This can aid attackers in fingerprinting server software and logic flows. Version 1.4.1 fixes the issue. There is no direct workaround at the application level. The recommended mitigation is to apply the provided patch. | ||||
| CVE-2026-26068 | 1 Jm33-m0 | 1 Emp3r0r | 2026-02-25 | 9.9 Critical |
| emp3r0r is a stealth-focused C2 designed by Linux users for Linux environments. Prior to 3.21.1, untrusted agent metadata (Transport, Hostname) is accepted during check-in and later interpolated into tmux shell command strings executed via /bin/sh -c. This enables command injection and remote code execution on the operator host. This vulnerability is fixed in 3.21.1. | ||||
| CVE-2026-2798 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-02-25 | 8.8 High |
| Use-after-free in the DOM: Core & HTML component. This vulnerability affects Firefox < 148 and Thunderbird < 148. | ||||
| CVE-2026-2802 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-02-25 | 4.2 Medium |
| Race condition in the JavaScript: GC component. This vulnerability affects Firefox < 148 and Thunderbird < 148. | ||||
| CVE-2026-3041 | 1 Xingfuggz | 1 Baykeshop | 2026-02-25 | 2.4 Low |
| A security vulnerability has been detected in xingfuggz BaykeShop up to 1.3.20. Impacted is an unknown function of the file src/baykeshop/contrib/article/templates/baykeshop/sidebar/custom.html of the component Article Sidebar Module. Such manipulation of the argument sidebar.content leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-2537 | 1 Comfast | 2 Cf-e4, Cf-e4 Firmware | 2026-02-25 | 4.7 Medium |
| A vulnerability was identified in Comfast CF-E4 2.6.0.1. This impacts an unknown function of the file /cgi-bin/mbox-config?method=SET§ion=ntp_timezone of the component HTTP POST Request Handler. Such manipulation of the argument timestr leads to command injection. The attack may be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-25061 | 3 Debian, Digitalcorpora, Simsong | 3 Debian Linux, Tcpflow, Tcpflow | 2026-02-25 | 7.5 High |
| tcpflow is a TCP/IP packet demultiplexer. In versions up to and including 1.61, wifipcap parses 802.11 management frame elements and performs a length check on the wrong field when handling the TIM element. A crafted frame with a large TIM length can cause a 1-byte out-of-bounds write past `tim.bitmap[251]`. The overflow is small and DoS is the likely impact; code execution is potential, but still up in the air. The affected structure is stack-allocated in `handle_beacon()` and related handlers. As of time of publication, no known patches are available. | ||||
| CVE-2025-65715 | 1 Formulahendry | 2 Coderunner, Vscode-code-runner | 2026-02-25 | 7.8 High |
| An issue in the code-runner.executorMap setting of Visual Studio Code Extensions Code Runner v0.12.2 allows attackers to execute arbitrary code when opening a crafted workspace. | ||||
| CVE-2026-21483 | 1 Nadh | 1 Listmonk | 2026-02-25 | 5.4 Medium |
| listmonk is a standalone, self-hosted, newsletter and mailing list manager. Prior to version 6.0.0, lower-privileged user with campaign management permissions can inject malicious JavaScript into campaigns or templates. When a higher-privileged user (Super Admin) views or previews this content, the XSS executes in their browser context, allowing the attacker to perform privileged actions such as creating backdoor admin accounts. The attack can be weaponized via the public archive feature, where victims simply need to visit a link - no preview click required. Version 6.0.0 fixes the issue. | ||||
| CVE-2026-27368 | 2 Seedprod, Wordpress | 2 Coming Soon Page, Under Construction & Maintenance Mode, Wordpress | 2026-02-25 | 5.3 Medium |
| Missing Authorization vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd coming-soon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through <= 6.19.7. | ||||