Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
80,400 matching · page 165/1608Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2025-67039(opens NVD record) | Critical | 9.1 | An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The authentication on management pages can be bypassed by appending a specific suffix to the URL and by sending an Authorization header that uses "admin" as the username. | Mar 11, 2026 |
| CVE-2025-67038(opens NVD record) | Critical | 9.8 | An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's authantication fails. The username is directly concatenated with the command without any sanitization. This allow attackers to inject arbitrary OS commands into the username parameter. Injected commands are executed with root privileges. | Mar 11, 2026 |
| CVE-2025-67037(opens NVD record) | High | 8.8 | An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "tunnel" parameter when killing a tunnel connection. Injected commands are executed with root privileges. | Mar 11, 2026 |
| CVE-2025-67036(opens NVD record) | High | 8.8 | An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The Log Info page allows users to see log files by specifying their names. Due to a missing sanitization in the file name parameter, an authenticated attacker can inject arbitrary OS commands that are executed with root privileges. | Mar 11, 2026 |
| CVE-2025-67035(opens NVD record) | Critical | 9.8 | An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The SSH Client and SSH Server pages are affected by multiple OS injection vulnerabilities due to missing sanitization of input parameters. An attacker can inject arbitrary commands in delete actions of various objects, such as server keys, users, and known hosts. Commands are executed with root privileges. | Mar 11, 2026 |
| CVE-2025-67034(opens NVD record) | High | 8.8 | An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "name" parameter when deleting SSL credentials through the management interface. Injected commands are executed with root privileges. | Mar 11, 2026 |
| CVE-2025-12690(opens NVD record) | High | 7.8 | Execution with unnecessary privileges in Forcepoint NGFW Engine allows local privilege escalation.This issue affects NGFW Engine through 6.10.19, through 7.3.0, through 7.2.4, through 7.1.10. | Mar 11, 2026 |
| CVE-2025-70330(opens NVD record) | Low | 3.3 | Easy Grade Pro 4.1.0.2 contains a file parsing logic flaw in the handling of proprietary .EGP gradebook files. By modifying specific fields at precise offsets within an otherwise valid .EGP file, an attacker can trigger an out-of-bounds memory read during parsing. This results in an unhandled access violation and application crash, leading to a local denial-of-service condition when the crafted file is opened by a user. | Mar 11, 2026 |
| CVE-2026-3904(opens NVD record) | Medium | 6.2 | Calling NSS-backed functions that support caching via nscd may call the nscd client side code and in the GNU C Library version 2.36 under high load on x86_64 systems, the client may call memcmp on inputs that are concurrently modified by other processes or threads and crash. The nscd client in the GNU C Library uses the memcmp function with inputs that may be concurrently modified by another thread, potentially resulting in spurious cache misses, which in itself is not a security issue. However in the GNU C Library version 2.36 an optimized implementation of memcmp was introduced for x86_64 which could crash when invoked with such undefined behaviour, turning this into a potential crash of the nscd client and the application that uses it. This implementation was backported to the 2.35 branch, making the nscd client in that branch vulnerable as well. Subsequently, the fix for this issue was backported to all vulnerable branches in the GNU C Library repository. It is advised that distributions that may have cherry-picked the memcpy SSE2 optimization in their copy of the GNU C Library, also apply the fix to avoid the potential crash in the nscd client. | Mar 11, 2026 |
| CVE-2026-3911(opens NVD record) | Low | 2.7 | A flaw was found in Keycloak. An authenticated user with the view-users role could exploit a vulnerability in the UserResource component. By accessing a specific administrative endpoint, this user could improperly retrieve user attributes that were configured to be hidden. This unauthorized information disclosure could expose sensitive user data. | Mar 11, 2026 |
| CVE-2026-29515(opens NVD record) | Critical | 9.8 | MiCode FileExplorer contains an authentication bypass vulnerability in the embedded SwiFTP FTP server component that allows network attackers to log in without valid credentials. Attackers can send arbitrary username and password combinations to the PASS command handler, which unconditionally grants access and allows listing, reading, writing, and deleting files exposed by the FTP server. The MiCode/Explorer open source project has reached end-of-life status. | Mar 11, 2026 |
| CVE-2026-27272(opens NVD record) | High | 7.8 | Illustrator versions 29.8.4, 30.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Mar 10, 2026 |
| CVE-2026-27271(opens NVD record) | High | 7.8 | Illustrator versions 29.8.4, 30.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Mar 10, 2026 |
| CVE-2026-27270(opens NVD record) | Medium | 5.5 | Illustrator versions 29.8.4, 30.1 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Mar 10, 2026 |
| CVE-2026-27268(opens NVD record) | Medium | 5.5 | Illustrator versions 29.8.4, 30.1 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Mar 10, 2026 |
| CVE-2026-27267(opens NVD record) | High | 7.8 | Illustrator versions 29.8.4, 30.1 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Mar 10, 2026 |
| CVE-2026-21362(opens NVD record) | High | 7.8 | Illustrator versions 29.8.4, 30.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Mar 10, 2026 |
| CVE-2026-21333(opens NVD record) | High | 8.6 | Illustrator versions 29.8.4, 30.1 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Mar 10, 2026 |
| CVE-2026-27278(opens NVD record) | High | 7.8 | Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Mar 10, 2026 |
| CVE-2026-27221(opens NVD record) | Medium | 5.5 | Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by an Improper Certificate Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to spoof the identity of a signer. Exploitation of this issue requires user interaction. | Mar 10, 2026 |
| CVE-2026-27220(opens NVD record) | High | 7.8 | Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Mar 10, 2026 |
| CVE-2025-13213(opens NVD record) | Medium | 5.4 | IBM Aspera Orchestrator 3.0.0 through 4.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking | Mar 10, 2026 |
| CVE-2026-2713(opens NVD record) | High | 7.4 | IBM Trusteer Rapport installer 3.5.2309.290 IBM Trusteer Rapport could allow a local attacker to execute arbitrary code on the system, caused by DLL uncontrolled search path element vulnerability. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. | Mar 10, 2026 |
| CVE-2026-26123(opens NVD record) | Medium | 5.5 | Cwe is not in rca categories in Microsoft Authenticator allows an unauthorized attacker to disclose information locally. | Mar 10, 2026 |
| CVE-2025-36227(opens NVD record) | Medium | 5.4 | IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. | Mar 10, 2026 |
| CVE-2025-36226(opens NVD record) | Medium | 5.4 | IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | Mar 10, 2026 |
| CVE-2025-13219(opens NVD record) | Medium | 5.9 | IBM Aspera Orchestrator 3.0.0 through 4.1.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. | Mar 10, 2026 |
| CVE-2026-27279(opens NVD record) | High | 7.8 | Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Mar 10, 2026 |
| CVE-2026-27277(opens NVD record) | High | 7.8 | Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Mar 10, 2026 |
| CVE-2026-27276(opens NVD record) | High | 7.8 | Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Mar 10, 2026 |
| CVE-2026-27275(opens NVD record) | High | 7.8 | Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Mar 10, 2026 |
| CVE-2026-27274(opens NVD record) | High | 7.8 | Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Mar 10, 2026 |
| CVE-2026-27273(opens NVD record) | High | 7.8 | Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Mar 10, 2026 |
| CVE-2026-27269(opens NVD record) | High | 7.8 | Premiere Pro versions 25.5 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Mar 10, 2026 |
| CVE-2026-3862(opens NVD record) | Medium | 4.8 | Cross-site Scripting (XSS) allows an attacker to submit specially crafted data to the application which is returned unaltered in the resulting web page. | Mar 10, 2026 |
| CVE-2026-3483(opens NVD record) | High | 7.8 | An exposed dangerous method in Ivanti DSM before version 2026.1.1 allows a local authenticated attacker to escalate their privileges. | Mar 10, 2026 |
| CVE-2026-3315(opens NVD record) | High | 7.8 | Incorrect Default Permissions, : Execution with Unnecessary Privileges, : Incorrect Permission Assignment for Critical Resource vulnerability in ASSA ABLOY Visionline on Windows allows Configuration/Environment Manipulation.This issue affects Visionline: from 1.0 before 1.33. | Mar 10, 2026 |
| CVE-2026-30897(opens NVD record) | Medium | 6.6 | A stack-based buffer overflow vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow a remote authenticated attacker who can bypass stack protection and ASLR to execute arbitrary code or commands via crafted HTTP requests. | Mar 10, 2026 |
| CVE-2026-26148(opens NVD record) | High | 8.1 | External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate privileges locally. | Mar 10, 2026 |
| CVE-2026-26144(opens NVD record) | High | 7.5 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network. | Mar 10, 2026 |
| CVE-2026-26141(opens NVD record) | High | 7.8 | Improper authentication in Azure Arc allows an authorized attacker to elevate privileges locally. | Mar 10, 2026 |
| CVE-2026-26134(opens NVD record) | High | 7.8 | Integer overflow or wraparound in Microsoft Office allows an authorized attacker to elevate privileges locally. | Mar 10, 2026 |
| CVE-2026-26132(opens NVD record) | High | 7.8 | Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. | Mar 10, 2026 |
| CVE-2026-26131(opens NVD record) | High | 7.8 | Incorrect default permissions in .NET allows an authorized attacker to elevate privileges locally. | Mar 10, 2026 |
| CVE-2026-26130(opens NVD record) | High | 7.5 | Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network. | Mar 10, 2026 |
| CVE-2026-26128(opens NVD record) | High | 7.8 | Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally. | Mar 10, 2026 |
| CVE-2026-26127(opens NVD record) | High | 7.5 | Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network. | Mar 10, 2026 |
| CVE-2026-26121(opens NVD record) | High | 7.5 | Server-side request forgery (ssrf) in Azure IoT Explorer allows an unauthorized attacker to perform spoofing over a network. | Mar 10, 2026 |
| CVE-2026-26118(opens NVD record) | High | 8.8 | Server-side request forgery (ssrf) in Azure MCP Server allows an authorized attacker to elevate privileges over a network. | Mar 10, 2026 |
| CVE-2026-26117(opens NVD record) | High | 7.8 | Authentication bypass using an alternate path or channel in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally. | Mar 10, 2026 |