Export limit exceeded: 344863 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 344863 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344863 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-37590 | 1 Sourcecodester | 1 Storage Unit Rental Management System | 2026-04-15 | 2.7 Low |
| SourceCodester Storage Unit Rental Management System v1.0 is vulnerable to SQL Injection in the file /storage/admin/rents/manage_rent.php. | ||||
| CVE-2026-37591 | 1 Sourcecodester | 1 Storage Unit Rental Management System | 2026-04-15 | 2.7 Low |
| Sourcecodester Storage Unit Rental Management System v1.0 is vulnerable to SQL injection in the file /storage/admin/tenants/view_details.php. | ||||
| CVE-2026-37592 | 1 Sourcecodester | 1 Storage Unit Rental Management System | 2026-04-15 | 2.7 Low |
| Sourcecodester Storage Unit Rental Management System v1.0 is vulnerable to SQL in the file /storage/admin/maintenance/manage_pricing.php. | ||||
| CVE-2026-37593 | 1 Sourcecodester | 1 Online Employees Work From Home Attendance System | 2026-04-15 | 2.7 Low |
| SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/view_att.php. | ||||
| CVE-2026-37594 | 1 Sourcecodester | 1 Online Employees Work From Home Attendance System | 2026-04-15 | 2.7 Low |
| SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/view_employee.php. | ||||
| CVE-2026-37595 | 1 Sourcecodester | 1 Online Employees Work From Home Attendance System | 2026-04-15 | 2.7 Low |
| SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/manage_employee.php. | ||||
| CVE-2026-37596 | 1 Sourcecodester | 1 Online Employees Work From Home Attendance System | 2026-04-15 | 2.7 Low |
| SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/manage_department.php. | ||||
| CVE-2026-37597 | 1 Sourcecodester | 1 Online Employees Work From Home Attendance System | 2026-04-15 | 2.7 Low |
| SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/attendance_list.php. | ||||
| CVE-2026-37598 | 1 Sourcecodester | 1 Patient Appointment Scheduler System | 2026-04-15 | 2.7 Low |
| SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to arbitrary code execution (RCE) via /scheduler/classes/SystemSettings.php?f=update_settings. | ||||
| CVE-2026-37600 | 1 Sourcecodester | 1 Patient Appointment Scheduler System | 2026-04-15 | 2.7 Low |
| SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/appointments/view_details.php. | ||||
| CVE-2026-3649 | 2 Colbeinformatik, Wordpress | 2 Katalogportal-pdf-sync Widget, Wordpress | 2026-04-15 | 5.3 Medium |
| The Katalogportal PDF Sync plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.0.0. The katalogportal_popup_shortcode() function is registered as an AJAX handler via wp_ajax_katalogportal_shortcodePrinter but lacks any capability check (current_user_can()) or nonce verification. This allows any authenticated user, including Subscribers, to call the endpoint and retrieve a list of all synchronized PDF attachments (including those attached to private or draft posts) along with their titles, actual filenames, and the katalogportal_userid configuration value. The WP_Query uses post_status => 'any' which returns attachments regardless of the parent post's visibility status. | ||||
| CVE-2026-28741 | 1 Mattermost | 1 Mattermost | 2026-04-15 | 6.8 Medium |
| Mattermost versions 10.11.x <= 10.11.12, 11.5.x <= 11.5.0, 11.4.x <= 11.4.2, 11.3.x <= 11.3.2 fail to validate CSRF tokens on an authentication endpoint which allows an attacker to update a user's authentication method via a CSRF attack by tricking a user into visiting a malicious page. Mattermost Advisory ID: MMSA-2026-00625 | ||||
| CVE-2026-2762 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-04-15 | 9.8 Critical |
| Integer overflow in the JavaScript: Standard Library component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | ||||
| CVE-2026-6134 | 1 Tenda | 2 F451, F451 Firmware | 2026-04-15 | 8.8 High |
| A security flaw has been discovered in Tenda F451 1.0.0.7_cn_svn7958. This vulnerability affects the function fromqossetting of the file /goform/qossetting. Performing a manipulation of the argument qos results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2026-6129 | 1 Zhayujie | 1 Chatgpt-on-wechat Cowagent | 2026-04-15 | 7.3 High |
| A vulnerability was detected in zhayujie chatgpt-on-wechat CowAgent up to 2.0.4. This affects an unknown function of the component Agent Mode Service. Performing a manipulation results in missing authentication. The attack can be initiated remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2019-25709 | 1 Scripteen | 1 Free Image Hosting Script | 2026-04-15 | 9.8 Critical |
| CF Image Hosting Script 1.6.5 allows unauthenticated attackers to download and decode the application database by accessing the imgdb.db file in the upload/data directory. Attackers can extract delete IDs stored in plaintext from the deserialized database and use them to delete all pictures via the d parameter. | ||||
| CVE-2019-25701 | 1 Ether Software | 1 Easy Video To Ipod Converter | 2026-04-15 | 8.4 High |
| Easy Video to iPod Converter 1.6.20 contains a local buffer overflow vulnerability in the user registration field that allows local attackers to overwrite the structured exception handler. Attackers can input a crafted payload exceeding 996 bytes in the username field to trigger SEH overwrite and execute arbitrary code with user privileges. | ||||
| CVE-2019-25689 | 2 Bplugins, Html5videoplayer | 2 Html5 Video Player, Html5 Video Player | 2026-04-15 | 8.4 High |
| HTML5 Video Player 1.2.5 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized key code string. Attackers can craft a malicious payload exceeding 997 bytes and paste it into the KEY CODE field in the Help Register dialog to trigger code execution and spawn a calculator process. | ||||
| CVE-2026-6117 | 1 Astrbot | 1 Astrbot | 2026-04-15 | 6.3 Medium |
| A vulnerability was found in AstrBotDevs AstrBot up to 4.22.1. This issue affects the function install_plugin_upload of the file astrbot/dashboard/routes/plugin.py of the component install-upload Endpoint. The manipulation of the argument File results in sandbox issue. The attack can be executed remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-6112 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2026-04-15 | 9.8 Critical |
| A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setRadvdCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument maxRtrAdvInterval causes os command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. | ||||