Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,755
Quick preset (or use dates below)
Clear Filters
Showing 10,581 - 10,600 of 14,604 CVEs
CVE-2026-20007 MEDIUM - 5.8

A vulnerability in the Snort 2 and Snort 3 deep packet inspection of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured Snort rules and allow traffic onto the network that should have been dropped. This vulnerability is due to ...

Vendor: Cisco
Product: Cisco Secure Firewall Threat Defense (FTD) Software
Published: Mar 04, 2026
Source: NVD
CVE-2026-20006 MEDIUM - 5.8

A vulnerability in the TLS cryptography functionality of the Snort 3 Detection Engine of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to unexpectedly restart, resulting in a denial of service (DoS) condition...

Vendor: Cisco
Product: Cisco Secure Firewall Threat Defense (FTD) Software
Published: Mar 04, 2026
Source: NVD
CVE-2026-20003 MEDIUM - 4.9

A vulnerability in the REST API of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to inadequate validation of user-supplied input. An attacker could exploit this vulnerability by sending cra...

Vendor: Cisco
Product: Cisco Secure Firewall Management Center (FMC)
Published: Mar 04, 2026
Source: NVD
CVE-2026-20001 MEDIUM - 6.5

A vulnerability in the REST API of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to inadequate validation of user-supplied input. An attacker could exploit this vulnerability by sending cra...

Vendor: Cisco
Product: Cisco Secure Firewall Management Center (FMC)
Published: Mar 04, 2026
Source: NVD
CVE-2019-25502 MEDIUM - 6.1

Simple Job Script contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the job_type_value parameter in the jobs endpoint. Attackers can craft requests with SVG payload injection to execute arbitrary JavaScript in victim brows...

Vendor: niteosoft
Product: Simple Job Script
Published: Mar 04, 2026
Source: NVD
CVE-2026-23812 MEDIUM - 4.3

A vulnerability has been identified where an attacker connecting to an access point as a standard wired or wireless client can impersonate a gateway by leveraging an address-based spoofing technique. Successful exploitation enables the redirection of data streams, allowing for the interception or mo...

Vendor: Hewlett Packard Enterprise (HPE)
Product: HPE Aruba Networking Wireless Operating Systems (AOS-8 & AOS-10)
Published: Mar 04, 2026
Source: NVD
CVE-2026-23811 MEDIUM - 4.3

A vulnerability in the client isolation mechanism may allow an attacker to bypass Layer 2 (L2) communication restrictions between clients and redirect traffic at Layer 3 (L3). In addition to bypassing policy enforcement, successful exploitation - when combined with a port-stealing attack - may enabl...

Vendor: Hewlett Packard Enterprise (HPE)
Product: HPE Aruba Networking Wireless Operating Systems (AOS-8 & AOS-10)
Published: Mar 04, 2026
Source: NVD
CVE-2026-23810 MEDIUM - 4.3

A vulnerability in the packet processing logic may allow an authenticated attacker to craft and transmit a malicious Wi-Fi frame that causes an Access Point (AP) to classify the frame as group-addressed traffic and re-encrypt it using the Group Temporal Key (GTK) associated with the victim's BS...

Vendor: Hewlett Packard Enterprise (HPE)
Product: HPE Aruba Networking Wireless Operating Systems (AOS-8 & AOS-10)
Published: Mar 04, 2026
Source: NVD
CVE-2026-23809 MEDIUM - 5.4

A technique has been identified that adapts a known port-stealing method to Wi-Fi environments that use multiple BSSIDs. By leveraging the relationship between BSSIDs and their associated virtual ports, an attacker could potentially bypass inter-BSSID isolation controls. Successful exploitation may ...

Vendor: Hewlett Packard Enterprise (HPE)
Product: HPE Aruba Networking Wireless Operating System (AOS-10 & AOS-8)
Published: Mar 04, 2026
Source: NVD
CVE-2026-23808 MEDIUM - 5.4

A vulnerability has been identified in a standardized wireless roaming protocol that could enable a malicious actor to install an attacker-controlled Group Temporal Key (GTK) on a client device. Successful exploitation of this vulnerability could allow a remote malicious actor to perform unauthorize...

Vendor: Hewlett Packard Enterprise (HPE)
Product: HPE Aruba Networking Wireless Operating System (AOS-10 & AOS-8)
Published: Mar 04, 2026
Source: NVD
CVE-2026-23601 MEDIUM - 5.4

A vulnerability has been identified in the wireless encryption handling of Wi-Fi transmissions. A malicious actor can generate shared-key authenticated transmissions containing targeted payloads while impersonating the identity of a primary BSSID.Successful exploitation allows for the delivery of ta...

Vendor: Hewlett Packard Enterprise (HPE)
Product: HPE Aruba Networking Wireless Operating System (AOS-10 & AOS-8)
Published: Mar 04, 2026
Source: NVD
CVE-2026-20005 MEDIUM - 5.8

Multiple Cisco products are affected by a vulnerability in the Snort 3 Detection Engine that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart, resulting in an interruption of packet inspection. This vulnerability is due to incomplete parsing of the ...

Vendor: Cisco
Product: Cisco Secure Firewall Threat Defense (FTD) Software, Cisco Cyber Vision, Cisco UTD SNORT IPS Engine Software
Published: Mar 04, 2026
Source: NVD
CVE-2026-22285 MEDIUM - 4.4

Dell Device Management Agent (DDMA), versions prior to 26.02, contain a Plaintext Storage of Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized Access.

Vendor: Dell
Product: Device Management Agent (DDMA)
Published: Mar 04, 2026
Source: NVD
CVE-2025-59787 MEDIUM - 6.5

2N Access Commander application version 3.4.2 and prior returns HTTP 500 Internal Server Error responses when receiving malformed or manipulated requests, indicating improper handling of invalid input and potential security or availability impacts.

Vendor: 2N Telekomunikace a.s.
Product: 2N Access Commander
Published: Mar 04, 2026
Source: NVD
CVE-2025-12801 MEDIUM - 6.5

A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, that allows a NFSv3 client to escalate the privileges assigned to it in the /etc/exports file at mount time. In particular, it allows the client to access any subdirectory or subtree of an exported d...

Vendor: Red Hat
Product: Red Hat Enterprise Linux 10, Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, Red Hat OpenShift Container Platform 4
Published: Mar 04, 2026
Source: NVD
CVE-2025-70342 MEDIUM - 6.6

erase-install prior to v40.4 commit 2c31239 writes swiftDialog credential output to a hardcoded path /var/tmp/dialog.json. This allows an unauthenticated attacker to intercept admin credentials entered during reinstall/erase operations via creating a named pipe.

Vendor: grahampugh
Product: erase-install
Published: Mar 04, 2026
Source: NVD
CVE-2026-3103 MEDIUM - 5.4

A logic error in the remove_password() function in Checkmk GmbH's Checkmk versions <2.4.0p23, <2.3.0p43, and 2.2.0 (EOL) allows a low-privileged user to cause data loss.

Vendor: checkmk
Product: checkmk
Published: Mar 04, 2026
Source: NVD
CVE-2025-40896 MEDIUM - 6.5

The server certificate was not verified when an Arc agent connected to a Guardian or CMC. A malicious actor could perform a man-in-the-middle attack and intercept the communication between the Arc agent and the Guardian or CMC. This could result in theft of the client token and sensitive informat...

Vendor: Nozomi Networks
Product: Arc
Published: Mar 04, 2026
Source: NVD
CVE-2025-40895 MEDIUM - 4.8

A Stored HTML Injection vulnerability was discovered in the CMC's Sensor Map functionality due to improper validation on connected Guardians' properties. A malicious authenticated user with administrator privileges on a Guardian connected to a CMC can edit the Guardian's properties...

Vendor: Nozomi Networks
Product: CMC
Published: Mar 04, 2026
Source: NVD
CVE-2025-40894 MEDIUM - 4.4

A Stored HTML Injection vulnerability was discovered in the Alerted Nodes Dashboard functionality due to improper validation on an input parameter. A malicious authenticated user with the required privileges could edit a node label to inject HTML tags. If the system is configured to use the Alert...

Vendor: Nozomi Networks
Product: Guardian, CMC
Published: Mar 04, 2026
Source: NVD