Total
4404 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-53263 | 1 Redhat | 5 Enterprise Linux, Rhel Aus, Rhel E4s and 2 more | 2026-02-26 | 8.1 High |
| Git LFS is a Git extension for versioning large files. When Git LFS requests credentials from Git for a remote host, it passes portions of the host's URL to the `git-credential(1)` command without checking for embedded line-ending control characters, and then sends any credentials it receives back from the Git credential helper to the remote host. By inserting URL-encoded control characters such as line feed (LF) or carriage return (CR) characters into the URL, an attacker may be able to retrieve a user's Git credentials. This problem exists in all previous versions and is patched in v3.6.1. All users should upgrade to v3.6.1. There are no workarounds known at this time. | ||||
| CVE-2025-20256 | 1 Cisco | 1 Secure Network Analytics | 2026-02-26 | 6.5 Medium |
| A vulnerability in the web-based management interface of Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager could allow an authenticated, remote attacker with valid administrative credentials to execute arbitrary commands as root on the underlying operating system. This vulnerability is due to insufficient input validation in specific fields of the web-based management interface. An attacker with valid administrative credentials could exploit this vulnerability by sending crafted input to an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges. | ||||
| CVE-2025-32711 | 1 Microsoft | 1 365 Copilot | 2026-02-26 | 9.3 Critical |
| Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-47867 | 2 Microsoft, Trendmicro | 2 Windows, Apex Central | 2026-02-26 | 7.5 High |
| A Local File Inclusion vulnerability in a Trend Micro Apex Central widget in versions below 8.0.6955 could allow an attacker to include arbitrary files to execute as PHP code and lead to remote code execution on affected installations. | ||||
| CVE-2025-20283 | 1 Cisco | 3 Identity Services Engine, Identity Services Engine Passive Identity Connector, Identity Services Engine Software | 2026-02-26 | 6.5 Medium |
| A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system as root. This vulnerability is due to insufficient validation of user-supplied input. An attacker with valid credentials could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to execute commands as the root user. To exploit this vulnerability, the attacker must have valid high-privileged credentials. | ||||
| CVE-2025-20284 | 1 Cisco | 3 Identity Services Engine, Identity Services Engine Passive Identity Connector, Identity Services Engine Software | 2026-02-26 | 6.5 Medium |
| A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system as root. This vulnerability is due to insufficient validation of user-supplied input. An attacker with valid credentials could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to execute commands as the root user. To exploit this vulnerability, the attacker must have valid high-privileged credentials. | ||||
| CVE-2025-20337 | 1 Cisco | 2 Identity Services Engine, Identity Services Engine Passive Identity Connector | 2026-02-26 | 10 Critical |
| A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device. | ||||
| CVE-2025-20281 | 1 Cisco | 2 Identity Services Engine, Identity Services Engine Passive Identity Connector | 2026-02-26 | 10 Critical |
| A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device. | ||||
| CVE-2025-20265 | 1 Cisco | 2 Firepower Management Center, Secure Firewall Management Center | 2026-02-26 | 10 Critical |
| A vulnerability in the RADIUS subsystem implementation of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to inject arbitrary shell commands that are executed by the device. This vulnerability is due to a lack of proper handling of user input during the authentication phase. An attacker could exploit this vulnerability by sending crafted input when entering credentials that will be authenticated at the configured RADIUS server. A successful exploit could allow the attacker to execute commands at a high privilege level. Note: For this vulnerability to be exploited, Cisco Secure FMC Software must be configured for RADIUS authentication for the web-based management interface, SSH management, or both. | ||||
| CVE-2025-64741 | 2 Google, Zoom | 5 Android, Meeting Software Development Kit, Workplace and 2 more | 2026-02-26 | 8.1 High |
| Improper authorization handling in Zoom Workplace for Android before version 6.5.10 may allow an unauthenticated user to conduct an escalation of privilege via network access. | ||||
| CVE-2026-1050 | 1 Risesoft-y9 | 1 Digital-infrastructure | 2026-02-26 | 7.3 High |
| A flaw has been found in risesoft-y9 Digital-Infrastructure up to 9.6.7. This affects an unknown function of the file source-code/src/main/java/net/risesoft/util/Y9PlatformUtil.java of the component REST Authenticate Endpoint. Executing a manipulation can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-3046 | 2 Emiloi, Itsourcecode | 2 E-logbook With Health Monitoring System For Covid-19, E-logbook With Health Monitoring System For Covid-19 | 2026-02-26 | 7.3 High |
| A security vulnerability has been detected in itsourcecode E-Logbook with Health Monitoring System for COVID-19 1.0. This vulnerability affects unknown code of the file /check_profile_old.php. The manipulation of the argument profile_id leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2026-2865 | 2 Adonesevangelista, Itsourcecode | 2 Agri-trading Online Shopping System, Agri-trading Online Shopping System | 2026-02-26 | 7.3 High |
| A vulnerability was found in itsourcecode Agri-Trading Online Shopping System 1.0. This impacts an unknown function of the file admin/productcontroller.php of the component HTTP POST Request Handler. Performing a manipulation of the argument Product results in sql injection. The attack may be initiated remotely. The exploit has been made public and could be used. | ||||
| CVE-2026-27203 | 1 Yosefhayim | 1 Ebay-mcp | 2026-02-25 | 8.3 High |
| eBay API MCP Server is an open source local MCP server providing AI assistants with comprehensive access to eBay's Sell APIs. All versions are vulnerable to Environment Variable Injection through the updateEnvFile function. The ebay_set_user_tokens tool allows updating the .env file with new tokens. The updateEnvFile function in src/auth/oauth.ts blindly appends or replaces values without validating them for newlines or quotes. This allows an attacker to inject arbitrary environment variables into the configuration file. An attacker can inject arbitrary environment variables into the .env file. This could lead to configuration overwrites, Denial of Service, and potential RCE. There was no fix for this issue at the time of publication. | ||||
| CVE-2026-3164 | 2 Clive 21, Itsourcecode | 2 News Portal Project, News Portal Project | 2026-02-25 | 7.3 High |
| A vulnerability was found in itsourcecode News Portal Project 1.0. This issue affects some unknown processing of the file /admin/contactus.php. The manipulation of the argument pagetitle results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. | ||||
| CVE-2026-3148 | 2 Haben-cs9, Sourcecodester | 2 Simple And Nice Shopping Cart Script, Simple And Nice Shopping Cart Script | 2026-02-25 | 7.3 High |
| A vulnerability was determined in SourceCodester Simple and Nice Shopping Cart Script 1.0. This impacts an unknown function of the file /signup.php. This manipulation of the argument Username causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2023-6134 | 1 Redhat | 9 Build Keycloak, Enterprise Linux, Keycloak and 6 more | 2026-02-25 | 4.6 Medium |
| A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748. | ||||
| CVE-2023-22522 | 1 Atlassian | 2 Confluence Data Center, Confluence Server | 2026-02-25 | 8.8 High |
| This Template Injection vulnerability allows an authenticated attacker, including one with anonymous access, to inject unsafe user input into a Confluence page. Using this approach, an attacker is able to achieve Remote Code Execution (RCE) on an affected instance. Publicly accessible Confluence Data Center and Server versions as listed below are at risk and require immediate attention. See the advisory for additional details Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue. | ||||
| CVE-2026-3149 | 2 Angeljudesuarez, Itsourcecode | 2 College Management System, College Management System | 2026-02-25 | 6.3 Medium |
| A weakness has been identified in itsourcecode College Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/asign-single-student-subjects.php. Executing a manipulation of the argument course_code can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2026-3150 | 2 Angeljudesuarez, Itsourcecode | 2 College Management System, College Management System | 2026-02-25 | 6.3 Medium |
| A security vulnerability has been detected in itsourcecode College Management System 1.0. This affects an unknown part of the file /admin/display-teacher.php. The manipulation of the argument teacher_id leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. | ||||