Common Vulnerabilities and Exposures (CVE)

CVE-2025-14087

Mar 10, 2026 11:58:31 UTC

A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously...

CVE-2025-5372

Mar 10, 2026 11:48:11 UTC

A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate fail...

CVE-2025-7195

Mar 10, 2026 11:09:05 UTC

Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, user_setup, which modifies the permissions of the /etc/pass...

CVE-2026-3843

Mar 10, 2026 11:07:07 UTC

SQL Injection (CWE-89) in the system configuration module in Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 on Linux allows remote attackers to execute arbitrary SQL commands and potentially achieve remote code execution ...

CVE-2026-22614

Mar 10, 2026 10:24:35 UTC

The encryption mechanism used in Eaton's EasySoft project file was insecure and susceptible to brute force attacks, an attacker with access to this file and the local host machine could potentially read the sensitive information stored and ...

CVE-2026-21791

Mar 10, 2026 10:10:58 UTC

HCL Sametime for Android is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain URL

CVE-2026-3228

Mar 10, 2026 09:58:59 UTC

The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `[nxs_fbembed]` shortcode in all versions up to, and including, 4.4.6. This is due to insufficient input sanitization and...

CVE-2026-2724

Mar 10, 2026 09:58:58 UTC

The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form entry fields in all versions up to, and including, 2.0.5. This is due to insufficient input sanitization and output escaping...

CVE-2026-23907

Mar 10, 2026 09:43:40 UTC

This issue affects the ExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.36, from 3.0.0 through 3.0.7. The ExtractEmbeddedFiles example contains a path traversal vulnerability (CWE-22) because the filename that is o...

CVE-2026-3315

Mar 10, 2026 09:35:42 UTC

Incorrect Default Permissions, : Execution with Unnecessary Privileges, : Incorrect Permission Assignment for Critical Resource vulnerability in ASSA ABLOY Visionline on Windows allows Configuration/Environment Manipulation.This issue affec...

CVE-2026-1261

Mar 10, 2026 09:25:30 UTC

The MetForm Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Quiz feature in all versions up to, and including, 3.9.6 due to insufficient input sanitization and output escaping. This makes it possible for unauth...

CVE-2025-41712

Mar 10, 2026 08:27:10 UTC

An unauthenticated remote attacker who tricks a user to upload a manipulated HTML file can get access to sensitive information on the device. This is a result of incorrect permission assignment for the web server.

CVE-2025-41711

Mar 10, 2026 08:26:48 UTC

An unauthenticated remote attacker can use firmware images to extract password hashes and brute force plaintext passwords of accounts with limited access.

CVE-2025-41710

Mar 10, 2026 08:26:30 UTC

An unauthenticated remote attacker may use hardcodes credentials to get access to the previously activated FTP Server with limited read and write privileges.

CVE-2025-41709

Mar 10, 2026 08:26:14 UTC

[PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATFORMS] allows [ATTACKER] to [IMPACT] via [VECTOR]