ReportizFlow
Filtered by vendor
Subscriptions
Total
34647 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-27443 | 1 Seppmail | 2 Seppmail, Seppmail Secure Email Gateway | 2026-03-05 | 7.5 High |
| SEPPmail Secure Email Gateway before version 15.0.1 does not properly sanitize the headers from S/MIME protected MIME entities, allowing an attacker to control trusted headers. | ||||
| CVE-2026-2747 | 1 Seppmail | 2 Seppmail, Seppmail Secure Email Gateway | 2026-03-05 | 7.5 High |
| SEPPmail Secure Email Gateway before version 15.0.1 decrypts inline PGP messages without isolating them from surrounding unencrypted content, allowing exposure of sensitive information to an unauthorized actor. | ||||
| CVE-2026-2975 | 1 Fastapiadmin | 1 Fastapiadmin | 2026-03-05 | 5.3 Medium |
| A security flaw has been discovered in FastApiAdmin up to 2.2.0. Affected by this vulnerability is the function reset_api_docs of the file /backend/app/plugin/init_app.py of the component Custom Documentation Endpoint. The manipulation results in information disclosure. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2026-24924 | 1 Huawei | 1 Harmonyos | 2026-03-05 | 6.1 Medium |
| Vulnerability of improper permission control in the print module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2020-36926 | 1 Smartertools | 2 Smartermail, Smartertrack | 2026-03-05 | 7.5 High |
| SmarterTrack 7922 contains an information disclosure vulnerability in the Chat Management search form that reveals agent identification details. Attackers can access the vulnerable /Management/Chat/frmChatSearch.aspx endpoint to retrieve agents' first and last names along with their unique identifiers. | ||||
| CVE-2025-36364 | 1 Ibm | 1 Devops Plan | 2026-03-05 | 6.2 Medium |
| IBM DevOps Plan 3.0.0 through 3.0.5 allows web page cache to be stored locally which can be read by another user on the system. | ||||
| CVE-2026-20601 | 1 Apple | 1 Macos | 2026-03-04 | 3.3 Low |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.3. An app may be able to monitor keystrokes without user permission. | ||||
| CVE-2025-13016 | 1 Mozilla | 2 Firefox, Firefox Esr | 2026-03-04 | 7.5 High |
| Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5. | ||||
| CVE-2026-28230 | 1 Steve-community | 1 Steve | 2026-03-03 | 6.3 Medium |
| SteVe is an open-source EV charging station management system. In versions up to and including 3.11.0, when a charger sends a StopTransaction message, SteVe looks up the transaction solely by transactionId (a sequential integer starting from 1) without verifying that the requesting charger matches the charger that originally started the transaction. Any authenticated charger can terminate any other charger’s active session across the entire network. The root cause is in OcppServerRepositoryImpl.getTransaction() which queries only by transactionId with no chargeBoxId ownership check. The validator checks that the transaction exists and is not already stopped but never verifies identity. As an attacker controlling a single registered charger I could enumerate sequential transaction IDs and send StopTransaction messages targeting active sessions on every other charger on the network simultaneously. Combined with FINDING-014 (unauthenticated SOAP endpoints), no registered charger is even required — the attack is executable with a single curl command requiring only a known chargeBoxId. Commit 7f169c6c5b36a9c458ec41ce8af581972e5c724e contains a fix for the issue. | ||||
| CVE-2023-4631 | 1 Wpdo | 1 Dologin Security | 2026-03-03 | 5.3 Medium |
| The DoLogin Security WordPress plugin before 3.7 uses headers such as the X-Forwarded-For to retrieve the IP address of the request, which could lead to IP spoofing. | ||||
| CVE-2026-21928 | 1 Oracle | 1 Solaris | 2026-03-03 | 5.3 Medium |
| Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). | ||||
| CVE-2026-21927 | 1 Oracle | 1 Solaris | 2026-03-03 | 5.8 Medium |
| Vulnerability in the Oracle Solaris product of Oracle Systems (component: Driver). The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Solaris accessible data as well as unauthorized access to critical data or complete access to all Oracle Solaris accessible data. CVSS 3.1 Base Score 5.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N). | ||||
| CVE-2026-24314 | 2 Sap, Sap Se | 3 S\/4hana Uiapfi70, S\/4hana Uis4h, S/4hana (manage Payment Media) | 2026-03-03 | 4.3 Medium |
| Under certain conditions SAP S/4HANA (Manage Payment Media) allows an authenticated attacker to access information which would otherwise be restricted. This could cause low impact on confidentiality of the application while integrity and availability are not impacted. | ||||
| CVE-2023-5157 | 3 Fedoraproject, Mariadb, Redhat | 17 Fedora, Mariadb, Enterprise Linux and 14 more | 2026-03-03 | 7.5 High |
| A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service. | ||||
| CVE-2025-55749 | 1 Xwiki | 2 Xwiki, Xwiki-platform | 2026-03-03 | 7.5 High |
| XWiki is an open-source wiki software platform. From 16.7.0 to 16.10.11, 17.4.4, or 17.7.0, in an instance which is using the XWiki Jetty package (XJetty), a context is exposed to statically access any file located in the webapp/ folder. It allows accessing files which might contains credentials. Fixed in 16.10.11, 17.4.4, and 17.7.0. | ||||
| CVE-2026-21718 | 1 Copeland | 9 Copeland Xweb 300d Pro, Copeland Xweb 500b Pro, Copeland Xweb 500d Pro and 6 more | 2026-03-02 | 10 Critical |
| An authentication bypass vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, enabling any attackers to bypass the authentication requirement and achieve pre-authenticated code execution on the system. | ||||
| CVE-2024-22021 | 1 Veeam | 3 Availability Orchestrator, Disaster Recovery Orchestrator, Recovery Orchestrator | 2026-03-02 | 4.3 Medium |
| Vulnerability CVE-2024-22021 allows a Veeam Recovery Orchestrator user with a low privileged role (Plan Author) to retrieve plans from a Scope other than the one they are assigned to. | ||||
| CVE-2023-26323 | 1 Mi | 1 App Market | 2026-03-02 | 7.6 High |
| A code execution vulnerability exists in the Xiaomi App market product. The vulnerability is caused by unsafe configuration and can be exploited by attackers to execute arbitrary code. | ||||
| CVE-2023-42896 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2026-03-02 | 5.5 Medium |
| An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Sonoma 14.2. An app may be able to modify protected parts of the file system. | ||||
| CVE-2023-5870 | 2 Postgresql, Redhat | 22 Postgresql, Advanced Cluster Security, Codeready Linux Builder Eus and 19 more | 2026-03-02 | 2.2 Low |
| A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack. | ||||