Export limit exceeded: 344602 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344602 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-6187 | 1 Sourcecodester | 1 Pharmacy Sales And Inventory System | 2026-04-14 | 7.3 High |
| A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. This issue affects some unknown processing of the file /ajax.php?action=chk_prod_availability. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit is now public and may be used. | ||||
| CVE-2026-6231 | 1 Mongodb | 1 C Driver | 2026-04-14 | 4.3 Medium |
| The bson_validate function may return early on specific inputs and incorrectly report success. This behavior could result in skipping validation for BSON data, allowing malformed or invalid UTF-8 sequences to bypass validation and be processed incorrectly. The issue may affect applications that rely on these functions to validate untrusted BSON data before further processing. This issue affects MongoDB C Driver versions prior to 1.30.5, MongoDB C Driver version 2.0.0 and MongoDB C Driver version 2.0.1 | ||||
| CVE-2026-30804 | 1 Pandora Fms | 1 Pandora Fms | 2026-04-14 | N/A |
| Unrestricted Upload of File with Dangerous Type vulnerability allows Remote Code Execution via file upload. This issue affects Pandora FMS: from 777 through 800 | ||||
| CVE-2026-6188 | 1 Sourcecodester | 1 Pharmacy Sales And Inventory System | 2026-04-14 | 7.3 High |
| A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Impacted is an unknown function of the file /ajax.php?action=delete_sales. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. | ||||
| CVE-2026-5973 | 1 Foundation Agents | 1 Metagpt | 2026-04-14 | 7.3 High |
| A vulnerability was found in FoundationAgents MetaGPT up to 0.8.1. Impacted is the function get_mime_type of the file metagpt/utils/common.py. The manipulation results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. The project was informed of the problem early through a pull request but has not reacted yet. | ||||
| CVE-2026-30806 | 1 Pandora Fms | 1 Pandora Fms | 2026-04-14 | N/A |
| Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via Network Report. This issue affects Pandora FMS: from 777 through 800 | ||||
| CVE-2026-30809 | 1 Pandora Fms | 1 Pandora Fms | 2026-04-14 | N/A |
| Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via WebServerModuleDebug. This issue affects Pandora FMS: from 777 through 800 | ||||
| CVE-2026-30811 | 1 Pandora Fms | 1 Pandora Fms | 2026-04-14 | N/A |
| Missing Authorization vulnerability allows Exposure of Sensitive Information via configuration endpoint. This issue affects Pandora FMS: from 777 through 800 | ||||
| CVE-2026-30812 | 1 Pandora Fms | 1 Pandora Fms | 2026-04-14 | N/A |
| Improper Neutralization of Input During Web Page Generation vulnerability allows Stored Cross-Site Scripting via event comments. This issue affects Pandora FMS: from 777 through 800 | ||||
| CVE-2026-30813 | 1 Pandora Fms | 1 Pandora Fms | 2026-04-14 | N/A |
| Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via module search. This issue affects Pandora FMS: from 777 through 800 | ||||
| CVE-2026-5978 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2026-04-14 | 9.8 Critical |
| A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument mode leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2026-34186 | 1 Pandora Fms | 1 Pandora Fms | 2026-04-14 | N/A |
| Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via custom fields. This issue affects Pandora FMS: from 777 through 800 | ||||
| CVE-2026-34188 | 1 Pandora Fms | 1 Pandora Fms | 2026-04-14 | N/A |
| Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via Event Response execution. This issue affects Pandora FMS: from 777 through 800 | ||||
| CVE-2025-31991 | 1 Hclsoftware | 1 Velocity | 2026-04-14 | 6.8 Medium |
| Rate Limiting for attempting a user login is not being properly enforced, making HCL DevOps Velocity susceptible to brute-force attacks past the unsuccessful login attempt limit. This vulnerability is fixed in 5.1.7. | ||||
| CVE-2026-6189 | 1 Sourcecodester | 1 Pharmacy Sales And Inventory System | 2026-04-14 | 7.3 High |
| A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=login. Such manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-6190 | 1 Itsourcecode | 1 Construction Management System | 2026-04-14 | 6.3 Medium |
| A vulnerability was found in itsourcecode Construction Management System 1.0. The impacted element is an unknown function of the file /employees.php. Performing a manipulation of the argument Name results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used. | ||||
| CVE-2026-6191 | 1 Itsourcecode | 1 Construction Management System | 2026-04-14 | 6.3 Medium |
| A vulnerability was determined in itsourcecode Construction Management System 1.0. This affects an unknown function of the file /equipments.php. Executing a manipulation of the argument Name can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-5983 | 1 D-link | 1 Dir-605l | 2026-04-14 | 8.8 High |
| A vulnerability was determined in D-Link DIR-605L 2.13B01. This issue affects the function formSetDDNS of the file /goform/formSetDDNS of the component POST Request Handler. Executing a manipulation of the argument curTime can lead to buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2026-39940 | 1 Churchcrm | 1 Churchcrm | 2026-04-14 | N/A |
| ChurchCRM is an open-source church management system. Prior to 7.0.0, it was possible in many places across the ChurchCRM application to create a link that, when visited by an authenticated user, would redirect them to any URL chosen by an attacker if they clicked 'Cancel' button on the page. For this write-up the DonatedItemEditor.php will be used as an example, however wherever all instances of 'linkBack' should be assessed. This vulnerability is fixed in 7.0.0. | ||||
| CVE-2026-6192 | 1 Uclouvain | 1 Openjpeg | 2026-04-14 | 3.3 Low |
| A vulnerability was identified in uclouvain openjpeg up to 2.5.4. This impacts the function opj_pi_initialise_encode in the library src/lib/openjp2/pi.c. The manipulation leads to integer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. The identifier of the patch is 839936aa33eb8899bbbd80fda02796bb65068951. It is suggested to install a patch to address this issue. | ||||