Export limit exceeded: 342362 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (342362 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-28772 | 2 Datacast, International Datacasting Corporation (idc) | 3 Sfx2100, Sfx2100 Firmware, Sfx Series Superflex Satellitereceiver Web Management Interface | 2026-03-09 | 6.1 Medium |
| A Reflected Cross-Site Scripting (XSS) vulnerability in the /IDC_Logging/index.cgi endpoint of International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver Web Management Interface version 101 allows a remote attacker to execute arbitrary web scripts or HTML. The vulnerability is triggered by sending a crafted payload through the `submitType` parameter, which is reflected directly into the DOM without proper escaping. | ||||
| CVE-2026-28771 | 2 Datacast, International Datacasting Corporation (idc) | 3 Sfx2100, Sfx2100 Firmware, Sfx Series Superflex Satellite Receiver Web Management Interface | 2026-03-09 | 6.1 Medium |
| A Reflected Cross-Site Scripting (XSS) vulnerability exists in the /index.cgi endpoint of International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver Web Management Interface version 101. The application fails to adequately sanitize user-supplied input provided via the `cat` parameter before reflecting it in the HTTP response, allowing a remote attacker to execute arbitrary HTML or JavaScript in the victim's browser context. | ||||
| CVE-2026-28770 | 2 Datacast, International Datacasting Corporation (idc) | 3 Sfx2100, Sfx2100 Firmware, Sfx Series Superflex Satellite Receiver Web Management Interface | 2026-03-09 | 8.8 High |
| Improper neutralization of special elements in the /IDC_Logging/checkifdone.cgi script in International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver Web management Interface version 101 allows for XML Injection. The application reflects un-sanitized user input from the `file` parameter directly into a CDATA block, allowing an authenticated attacker to break out of the tags and inject arbitrary XML elements. An actor is confirmed to be able to turn this into an reflected XSS but further abuse such as XXE may be possible | ||||
| CVE-2026-28769 | 2 Datacast, International Datacasting Corporation (idc) | 3 Sfx2100, Sfx2100 Firmware, Sfx Series Superflex Satellite Receiver Web Management Interface | 2026-03-09 | 6.5 Medium |
| A path traversal vulnerability exists in the /IDC_Logging/checkifdone.cgi script in International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver Web management portal version 101. An authenticated attacker can manipulate the `file` parameter to traverse directories and enumerate arbitrary files on the underlying filesystem. Due to the insecure perl file path handling function in use, a authenticated actor is able to preform directory traversal, with the backup endpoint confirming a file exists by indicating that a backup operation was successful or when using the path of a non existent file, the returned status is failed. | ||||
| CVE-2024-55021 | 1 Weintek | 4 Cmt-3072xh2, Cmt-3072xh2 Firmware, Cmt3072xh and 1 more | 2026-03-09 | 7.5 High |
| Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded password in the FTP protocol. | ||||
| CVE-2024-55022 | 1 Weintek | 4 Cmt-3072xh2, Cmt-3072xh2 Firmware, Cmt3072xh and 1 more | 2026-03-09 | 8.8 High |
| Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain an authenticated command injection vulnerability via the HMI Name parameter. | ||||
| CVE-2024-55023 | 1 Weintek | 4 Cmt-3072xh2, Cmt-3072xh2 Firmware, Cmt3072xh and 1 more | 2026-03-09 | 5.3 Medium |
| Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded encryption key which could allow attackers to access sensitive information. | ||||
| CVE-2026-0869 | 2 Broadcom, Brocade | 2 Brocade Active Support Connectivity Gateway, Ascg | 2026-03-09 | 8.8 High |
| Authentication bypass in Brocade ASCG 3.4.0 Could allow an unauthorized user to perform ASCG operations related to Brocade Support Link(BSL) and streaming configuration. and could even disable the ASCG application or disable use of BSL data collection on Brocade switches within the fabric. | ||||
| CVE-2026-2915 | 2 Hp, Hp Inc | 2 System Event Utility, Hp System Event Utility | 2026-03-09 | 7.1 High |
| HP System Event Utility might allow denial of service with elevated arbitrary file writes. This potential vulnerability was remediated with HP System Event Utility version 3.2.16. | ||||
| CVE-2026-0925 | 1 Tanium | 3 Discover, Service Asset, Tanium | 2026-03-09 | 2.7 Low |
| Tanium addressed an improper input validation vulnerability in Discover. | ||||
| CVE-2026-28476 | 1 Openclaw | 1 Openclaw | 2026-03-09 | 8.3 High |
| OpenClaw versions prior to 2026.2.14 contain a server-side request forgery vulnerability in the optional Tlon Urbit extension that accepts user-provided base URLs for authentication without proper validation. Attackers who can influence the configured Urbit URL can induce the gateway to make HTTP requests to arbitrary hosts including internal addresses. | ||||
| CVE-2025-15288 | 1 Tanium | 2 Interact, Service Interact | 2026-03-09 | 3.1 Low |
| Tanium addressed an improper access controls vulnerability in Interact. | ||||
| CVE-2026-1224 | 1 Tanium | 3 Discover, Service Asset, Tanium | 2026-03-09 | 4.9 Medium |
| Tanium addressed an uncontrolled resource consumption vulnerability in Discover. | ||||
| CVE-2025-15322 | 1 Tanium | 1 Server | 2026-03-09 | 4.3 Medium |
| Tanium addressed an improper access controls vulnerability in Tanium Server. | ||||
| CVE-2026-28474 | 1 Openclaw | 1 Nextcloud-talk | 2026-03-09 | 9.8 Critical |
| OpenClaw's Nextcloud Talk plugin versions prior to 2026.2.6 accept equality matching on the mutable actor.name display name field for allowlist validation, allowing attackers to bypass DM and room allowlists. An attacker can change their Nextcloud display name to match an allowlisted user ID and gain unauthorized access to restricted conversations. | ||||
| CVE-2025-15320 | 1 Tanium | 2 Client, Tanium | 2026-03-09 | 3.3 Low |
| Tanium addressed a denial of service vulnerability in Tanium Client. | ||||
| CVE-2025-15315 | 1 Tanium | 3 Module Server, Moduleserver, Server | 2026-03-09 | 6.7 Medium |
| Tanium addressed a local privilege escalation vulnerability in Tanium Module Server. | ||||
| CVE-2025-15316 | 1 Tanium | 2 Module Server, Server | 2026-03-09 | 6.7 Medium |
| Tanium addressed a local privilege escalation vulnerability in Tanium Server. | ||||
| CVE-2025-15317 | 1 Tanium | 1 Server | 2026-03-09 | 6.5 Medium |
| Tanium addressed an uncontrolled resource consumption vulnerability in Tanium Server. | ||||
| CVE-2025-15318 | 1 Tanium | 3 End-user Notifications, End-user Notifications Endpoint Tools, Endpoint End-user-notifications | 2026-03-09 | 5.1 Medium |
| Tanium addressed an arbitrary file deletion vulnerability in End-User Notifications Endpoint Tools. | ||||