Common Vulnerabilities and Exposures (CVE)

CVE-2025-20096

Mar 11, 2026 13:54:01 UTC

Improper input validation in the UEFI firmware for some Intel Reference Platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable data manipulation. Th...

CVE-2026-3719

Mar 11, 2026 13:53:35 UTC

A vulnerability was identified in Tsinghua Unigroup Electronic Archives System 3.2.210802(62532). This issue affects some unknown processing of the file /System/Cms/downLoad. The manipulation of the argument path leads to path traversal. Th...

CVE-2026-31838

Mar 11, 2026 13:53:28 UTC

Istio is an open platform to connect, manage, and secure microservices. Prior to 1.29.1, 1.28.5, and 1.27.8, a vulnerability in Envoy RBAC header matching could allow authorization policy bypass when policies rely on HTTP headers that may c...

CVE-2025-20005

Mar 11, 2026 13:52:59 UTC

Improper buffer restrictions in some UEFI firmware for some Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable data manipulat...

CVE-2025-20027

Mar 11, 2026 13:52:37 UTC

Improper input validation in the UEFI WheaERST module for some Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable escalation ...

CVE-2024-14025

Mar 11, 2026 13:52:24 UTC

An SQL injection vulnerability has been reported to affect Video Station. If an attacker gains local network access who have also gained an administrator account, they can then exploit the vulnerability to execute unauthorized code or comma...

CVE-2025-20028

Mar 11, 2026 13:52:08 UTC

Time-of-check time-of-use race condition in the WheaERST SMM module for some Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enab...

CVE-2024-14026

Mar 11, 2026 13:51:54 UTC

A command injection vulnerability has been reported to affect several QNAP operating system versions. If an attacker gains local network access who have also gained a user account, they can then exploit the vulnerability to execute arbitrar...

CVE-2025-20064

Mar 11, 2026 13:51:40 UTC

Improper input validation in the UEFI FlashUcAcmSmm module for some Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable local ...

CVE-2026-0120

Mar 11, 2026 13:51:33 UTC

In modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-20068

Mar 11, 2026 13:51:08 UTC

Improper input validation in the UEFI ImcErrorHandler module for some Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable esca...

CVE-2026-1708

Mar 11, 2026 13:50:40 UTC

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to blind SQL Injection in all versions up to, and including, 1.6.9.27. This is due to the `db_where_conditions` method in the ...

CVE-2025-20073

Mar 11, 2026 13:50:31 UTC

Improper buffer restrictions in the UEFI DXE module for some Intel(R) Reference Platforms within UEFI may allow an information disclosure. System software adversary with a privileged user combined with a high complexity attack may enable da...

CVE-2026-3716

Mar 11, 2026 13:50:31 UTC

A vulnerability was determined in Wavlink WL-WN579X3-C 231124. This vulnerability affects the function sub_401AD4 of the file /cgi-bin/adm.cgi. Executing a manipulation of the argument Hostname can lead to cross site scripting. It is possib...

CVE-2026-2917

Mar 11, 2026 13:50:03 UTC

The Happy Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.21.0 via the `ha_duplicate_thing` admin action handler. This is due to the `can_clone()` method on...