Search
18,985 CVEs
CVEs (18,985, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 151–175 of 18,985 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↑ | Description |
|---|---|---|---|---|---|
| CVE-2025-12555 | MEDIUM | Patched | 4.3 | 2026-03-11 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that, under certain conditions, co… |
| CVE-2025-67034 | HIGH | 8.8 | 2026-03-11 | An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "name" parameter when deleting SSL credentials through the… | |
| CVE-2025-67035 | CRITICAL | 9.8 | 2026-03-11 | An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The SSH Client and SSH Server pages are affected by multiple OS injection vulnerabilities due to missing sanitizatio… | |
| CVE-2025-67036 | HIGH | 8.8 | 2026-03-11 | An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The Log Info page allows users to see log files by specifying their names. Due to a missing sanitization in the file… | |
| CVE-2025-67037 | HIGH | 8.8 | 2026-03-11 | An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "tunnel" parameter when killing a tunnel connection. Injec… | |
| CVE-2025-67038 | CRITICAL | 9.8 | 2026-03-11 | An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's authantication fails. The username is directl… | |
| CVE-2025-67039 | CRITICAL | 9.1 | 2026-03-11 | An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The authentication on management pages can be bypassed by appending a specific suffix to the URL and by sending an… | |
| CVE-2025-67041 | CRITICAL | 9.8 | 2026-03-11 | An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The host parameter of the TFTP client in the Filesystem Browser page is not properly sanitized. This can be exploi… | |
| CVE-2025-68623 | HIGH | 8.8 | 2026-03-11 | In Microsoft DirectX End-User Runtime Web Installer 9.29.1974.0, a low-privilege user can replace an executable file during the installation process, which may result in un… | |
| CVE-2025-70082 | CRITICAL | 9.8 | 2026-03-11 | An issue in Lantronix EDS3000PS v.3.1.0.0R2 allows an attacker to execute arbitrary code and obtain sensitive information via the ltrx_evo component | |
| CVE-2026-1471 | NONE | — | 2026-03-11 | Excessive caching of authentication context in Neo4j Enterprise edition versions prior to 2026.01.4 leads to authenticated users inheriting the context of the first user wh… | |
| CVE-2026-1524 | NONE | — | 2026-03-11 | An edgecase in SSO implementation in Neo4j Enterprise edition versions prior to version 2026.02 can lead to unauthorised access under the following conditions: If a neo4j… | |
| CVE-2026-20040 | HIGH | Patched | 8.8 | 2026-03-11 | A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of… |
| CVE-2026-20046 | HIGH | Patched | 8.8 | 2026-03-11 | A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to elevate privileges and gain ful… |
| CVE-2026-20074 | HIGH | Patched | 7.4 | 2026-03-11 | A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) multi-instance routing feature of Cisco IOS XR Software could allow an unauthenticated, adjacent a… |
| CVE-2026-20116 | MEDIUM | Patched | 6.1 | 2026-03-11 | A vulnerability in the web-based management interface of Cisco Finesse, Cisco Packaged Contact Center Enterprise (Packaged CCE), Cisco Unified Contact Center Enterpri… |
| CVE-2026-20117 | MEDIUM | Patched | 6.1 | 2026-03-11 | A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct cross… |
| CVE-2026-20118 | MEDIUM | Patched | 6.8 | 2026-03-11 | A vulnerability in the handling of an Egress Packet Network Interface (EPNI) Aligner interrupt in Cisco IOS XR Software for Cisco Network Convergence System (NCS) 5500 Seri… |
| CVE-2026-20162 | MEDIUM | Patched | 6.3 | 2026-03-11 | In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.9, and Splunk Cloud Platform versions below 10.2.2510.4, 10.1.2507.15, 10.0.2503.11, and 9.3.2411.123, a … |
| CVE-2026-20163 | HIGH | Patched | 7.2 | 2026-03-11 | In Splunk Enterprise versions below 10.2.0, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.5, 10.0.2503.12, 10.1.2507.16, and 9.3.2411.124, a… |
| CVE-2026-20164 | MEDIUM | Patched | 6.5 | 2026-03-11 | In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.5, 10.1.2507.16, 10.0.2503.11, and 9.3.2411.123, a… |
| CVE-2026-20165 | MEDIUM | Patched | 6.3 | 2026-03-11 | In Splunk Enterprise versions below 10.2.1, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.7, 10.1.2507.17, 10.0.2503.12, and 9.3.2411.124, a… |
| CVE-2026-20166 | MEDIUM | Patched | 5.4 | 2026-03-11 | In Splunk Enterprise versions below 10.2.1 and 10.0.4, and Splunk Cloud Platform versions below 10.2.2510.5, 10.1.2507.16, and 10.0.2503.12, a low-privileged user that does… |
| CVE-2026-30235 | MEDIUM | Patched | 6.5 | 2026-03-11 | OpenProject is an open-source, web-based project management software. Prior to 17.2.0, this vulnerability occurs due to improper validation of OpenProject’s Markdown render… |
| CVE-2026-30236 | MEDIUM | Patched | 4.3 | 2026-03-11 | OpenProject is an open-source, web-based project management software. Prior to 17.2.0, when editing a project budget and planning the labor cost, it was not checked that th… |