ReportizFlow
Filtered by vendor
Subscriptions
Total
4637 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-3940 | 1 Google | 1 Chrome | 2026-03-14 | 4.3 Medium |
| Insufficient policy enforcement in DevTools in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-3939 | 1 Google | 1 Chrome | 2026-03-14 | 6.5 Medium |
| Insufficient policy enforcement in PDF in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted PDF file. (Chromium security severity: Low) | ||||
| CVE-2026-3938 | 1 Google | 1 Chrome | 2026-03-14 | 6.5 Medium |
| Insufficient policy enforcement in Clipboard in Google Chrome prior to 146.0.7680.71 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-3932 | 1 Google | 1 Chrome | 2026-03-14 | 6.5 Medium |
| Insufficient policy enforcement in PDF in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-25176 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-03-14 | 7.8 High |
| Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-24290 | 1 Microsoft | 22 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 19 more | 2026-03-14 | 7.8 High |
| Improper access control in Windows Projected File System allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-23660 | 1 Microsoft | 2 Azure Portal Windows Admin Center, Windows Admin Center In Azure Portal | 2026-03-14 | 7.8 High |
| Improper access control in Azure Portal Windows Admin Center allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-21262 | 1 Microsoft | 15 Microsoft Sql Server 2016 Service Pack 3 (gdr), Microsoft Sql Server 2016 Service Pack 3 Azure Connect Feature Pack, Microsoft Sql Server 2017 (cu 31) and 12 more | 2026-03-14 | 8.8 High |
| Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-32720 | 2026-03-14 | N/A | ||
| The CTFer.io Monitoring component is in charge of the collection, process and storage of various signals (i.e. logs, metrics and distributed traces). Prior to 0.2.1, due to a mis-written NetworkPolicy, a malicious actor can pivot from a component to any other namespace. This breaks the security-by-default property expected as part of the deployment program, leading to a potential lateral movement. This vulnerability is fixed in 0.2.1. | ||||
| CVE-2026-0977 | 1 Ibm | 1 Cics Transaction Gateway | 2026-03-13 | 5.1 Medium |
| IBM CICS Transaction Gateway for Multiplatforms 9.3 and 10.1 could allow a user to transfer or view files due to improper access controls. | ||||
| CVE-2026-4105 | 1 Redhat | 2 Enterprise Linux, Openshift | 2026-03-13 | 6.7 Medium |
| A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system. | ||||
| CVE-2026-0653 | 1 Tp-link | 3 Tapo C260, Tapo C260 Firmware, Tapo C260 V1 | 2026-03-13 | 6.5 Medium |
| On TP-Link Tapo C260 v1 and D235 v1, a guest‑level authenticated user can bypass intended access restrictions by sending crafted requests to a synchronization endpoint. This allows modification of protected device settings despite limited privileges. An attacker may change sensitive configuration parameters without authorization, resulting in unauthorized device state manipulation but not full code execution. | ||||
| CVE-2025-66956 | 1 Asseco | 1 See Live | 2026-03-13 | 9.9 Critical |
| Insecure Access Control in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote attackers to access and execute attachments via a computable URL. | ||||
| CVE-2026-30140 | 1 Tenda | 2 W15e, W15e Firmware | 2026-03-13 | 7.5 High |
| An incorrect access control vulnerability exists in Tenda W15E V02.03.01.26_cn. An unauthenticated attacker can access the /cgi-bin/DownloadCfg/RouterCfm.jpg endpoint to download the configuration file containing plaintext administrator credentials, leading to sensitive information disclosure and potential remote administrative access. | ||||
| CVE-2025-62166 | 1 Freshrss | 1 Freshrss | 2026-03-13 | 7.5 High |
| FreshRSS is a free, self-hostable RSS aggregator. Prior 1.28.0, a bug in the auth logic related to master authentication tokens, this restriction is bypassed. Usually only the default user's feed should be viewable if anonymous viewing is enabled, and feeds of other users should be private. This vulnerability is fixed in 1.28.0. | ||||
| CVE-2026-31872 | 2 Parse Community, Parseplatform | 2 Parse Server, Parse-server | 2026-03-13 | 7.5 High |
| Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.6 and 8.6.32, the protectedFields class-level permission (CLP) can be bypassed using dot-notation in query WHERE clauses and sort parameters. An attacker can use dot-notation to query or sort by sub-fields of a protected field, enabling a binary oracle attack to enumerate protected field values. This affects both MongoDB and PostgreSQL deployments. This vulnerability is fixed in 9.6.0-alpha.6 and 8.6.32. | ||||
| CVE-2026-21238 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-03-13 | 7.8 High |
| Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-21255 | 1 Microsoft | 25 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 22 more | 2026-03-13 | 8.8 High |
| Improper access control in Windows Hyper-V allows an authorized attacker to bypass a security feature locally. | ||||
| CVE-2026-21535 | 1 Microsoft | 1 Teams | 2026-03-13 | 8.2 High |
| Improper access control in Microsoft Teams allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-24302 | 1 Microsoft | 1 Azure Arc | 2026-03-13 | 8.6 High |
| Azure Arc Elevation of Privilege Vulnerability | ||||