4.9

CVSS3.1

CVE-2026-0401 -

A post-authentication NULL Pointer Dereference vulnerability in SonicOS allows a remote attacker to crash a firewall.

πŸ“… Published: Feb. 24, 2026, 2:55 p.m. πŸ”„ Last Modified: Feb. 26, 2026, 9:03 p.m.

4.9

CVSS3.1

CVE-2026-0400 -

A post-authentication Format String vulnerability in SonicOS allows a remote attacker to crash a firewall.

πŸ“… Published: Feb. 24, 2026, 2:54 p.m. πŸ”„ Last Modified: Feb. 26, 2026, 9:03 p.m.

5.1

CVSS4.0

CVE-2026-27568 - AVideo has Stored Cross-Site Scripting via Markdown Comment Injection

WWBN AVideo is an open source video platform. Prior to version 21.0, AVideo allows Markdown in video comments and uses Parsedown (v1.7.4) without Safe Mode enabled. Markdown links are not sufficiently sanitized, allowing `javascript:` URIs to be rendered as clickable links. An authenticated low-pri…

πŸ“… Published: Feb. 24, 2026, 2:53 p.m. πŸ”„ Last Modified: Feb. 27, 2026, 7 p.m.

4.9

CVSS3.1

CVE-2026-0399 -

Multiple post-authentication stack-based buffer overflow vulnerabilities in the SonicOS management interface due to improper bounds checking in a API endpoint.

πŸ“… Published: Feb. 24, 2026, 2:52 p.m. πŸ”„ Last Modified: Feb. 26, 2026, 8 p.m.

5.3

CVSS4.0

CVE-2026-3102 - exiftool PNG File MacOS.pm SetMacOSTags os command injection

A vulnerability was determined in exiftool up to 13.49 on macOS. This issue affects the function SetMacOSTags of the file lib/Image/ExifTool/MacOS.pm of the component PNG File Parser. This manipulation of the argument DateTimeOriginal causes os command injection. The attack is possible to be carrie…

πŸ“… Published: Feb. 24, 2026, 2:32 p.m. πŸ”„ Last Modified: Feb. 27, 2026, 7:01 p.m.

5.3

CVSS4.0

CVE-2026-3101 - Intelbras TIP 635G Ping os command injection

A vulnerability was found in Intelbras TIP 635G 1.12.3.5. This vulnerability affects unknown code of the component Ping Handler. The manipulation results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. The vendor was contacted early …

πŸ“… Published: Feb. 24, 2026, 2:32 p.m. πŸ”„ Last Modified: Feb. 27, 2026, 7:02 p.m.

0.0

CVE-2026-3126 -

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

πŸ“… Published: Feb. 24, 2026, 2:24 p.m. πŸ”„ Last Modified: March 25, 2026, 2:52 p.m.

6.5

CVSS3.1

CVE-2026-27567 - Payload has Server-Side Request Forgery (SSRF) in External File URL Uploads

Payload is a free and open source headless content management system. Prior to 3.75.0, a Server-Side Request Forgery (SSRF) vulnerability exists in Payload's external file upload functionality. When processing external URLs for file uploads, insufficient validation of HTTP redirects could allow an …

πŸ“… Published: Feb. 24, 2026, 2:22 p.m. πŸ”„ Last Modified: Feb. 27, 2026, 7:03 p.m.

6.8

CVSS3.1

CVE-2025-10010 - Integrity Validation Bypass in CryptoPro Secure Disk for BitLocker

The CPSD CryptoPro Secure Disk application boots a small Linux operating system to perform user authentication before using BitLocker to decrypt the Windows partition. The system is located on a separate unencrypted partition which can be reached by anyone with access to the hard disk. Multiple ch…

πŸ“… Published: Feb. 24, 2026, 2:13 p.m. πŸ”„ Last Modified: March 13, 2026, 7:53 p.m.

8.8

CVSS3.1

CVE-2026-27483 - MindsDB has Path Traversal in /api/files Leading to Remote Code Execution

MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.9.1.1, there is a path traversal vulnerability in Mindsdb's /api/files interface, which an authenticated attacker can exploit to achieve remote command execution. The vulnerability exists in the "Up…

πŸ“… Published: Feb. 24, 2026, 2 p.m. πŸ”„ Last Modified: Feb. 27, 2026, 6:19 p.m.
Total resulsts: 344892
Page 1035 of 34,490
Β« previous page Β» next page
Filters