Export limit exceeded: 344234 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344234 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-5996 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2026-04-13 | 9.8 Critical |
| A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setAdvancedInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument tty_server leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2026-34853 | 1 Huawei | 2 Emui, Harmonyos | 2026-04-13 | 7.7 High |
| Permission bypass vulnerability in the LBS module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-14545 | 2 Icopydoc, Wordpress | 2 Yml For Yandex Market, Wordpress | 2026-04-13 | 6.5 Medium |
| The YML for Yandex Market WordPress plugin before 5.0.26 is vulnerable to Remote Code Execution via the feed generation process. | ||||
| CVE-2026-40217 | 1 Berriai | 1 Litellm | 2026-04-13 | 8.8 High |
| LiteLLM through 2026-04-08 allows remote attackers to execute arbitrary code via bytecode rewriting at the /guardrails/test_custom_code URI. | ||||
| CVE-2026-23780 | 1 Bmc | 1 Control-m | 2026-04-13 | N/A |
| An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A SQL injection vulnerability in the MFT API's debug interface allows an authenticated attacker to inject malicious queries due to improper input validation and unsafe dynamic SQL handling. Successful exploitation can enable arbitrary file read/write operations and potentially lead to remote code execution. | ||||
| CVE-2026-29861 | 1 Keerti1924 | 1 Php-mysql-user-login-system | 2026-04-13 | N/A |
| PHP-MYSQL-User-Login-System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at login.php. | ||||
| CVE-2026-36236 | 1 Sourcecodester | 1 Engineers Online Portal | 2026-04-13 | N/A |
| SourceCodester Engineers Online Portal v1.0 is vulnerable to SQL Injection in update_password.php via the new_password parameter. | ||||
| CVE-2026-40225 | 1 Systemd | 1 Systemd | 2026-04-13 | 6.4 Medium |
| In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output. | ||||
| CVE-2026-22560 | 1 Rocket.chat | 1 Rocket.chat | 2026-04-13 | N/A |
| An open redirect vulnerability in Rocket.Chat versions prior to 8.4.0 allows users to be redirected to arbitrary URLs by manipulating parameters within a SAML endpoint. | ||||
| CVE-2026-23781 | 1 Bmc | 1 Control-m | 2026-04-13 | N/A |
| An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A set of default debug user credentials is hardcoded in cleartext within the application package. If left unchanged, these credentials can be easily obtained and may allow unauthorized access to the MFT API debug interface. | ||||
| CVE-2026-40226 | 1 Systemd | 1 Systemd | 2026-04-13 | 6.4 Medium |
| In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file. | ||||
| CVE-2026-33118 | 1 Microsoft | 1 Edge Chromium | 2026-04-13 | 4.3 Medium |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | ||||
| CVE-2026-40185 | 1 Mauriceboe | 1 Trek | 2026-04-13 | 7.1 High |
| TREK is a collaborative travel planner. Prior to 2.7.2, TREK was missing authorization checks on the Immich trip photo management routes. This vulnerability is fixed in 2.7.2. | ||||
| CVE-2026-36234 | 1 Itsourcecode | 1 Online Student Enrollment System | 2026-04-13 | N/A |
| itsourcecode Online Student Enrollment System v1.0 is vulnerable to SQL Injection in newCourse.php via the 'coursename' parameter. | ||||
| CVE-2025-44560 | 1 Owntone | 1 Owntone-server | 2026-04-13 | N/A |
| owntone-server 2ca10d9 is vulnerable to Buffer Overflow due to lack of recursive checking. | ||||
| CVE-2026-31262 | 1 Altenar | 1 Sportsbook Software Platform | 2026-04-13 | N/A |
| Cross Site Scripting vulnerability in Altenar Sportsbook Software Platform (SB2) v.2.0 allows a remote attacker to obtain sensitive information and execute arbitrary code via the URL parameter | ||||
| CVE-2026-5479 | 1 Wolfssl | 1 Wolfssl | 2026-04-13 | N/A |
| In wolfSSL's EVP layer, the ChaCha20-Poly1305 AEAD decryption path in wolfSSL_EVP_CipherFinal (and related EVP cipher finalization functions) fails to verify the authentication tag before returning plaintext to the caller. When an application uses the EVP API to perform ChaCha20-Poly1305 decryption, the implementation computes or accepts the tag but does not compare it against the expected value. | ||||
| CVE-2026-33456 | 1 Checkmk | 1 Checkmk | 2026-04-13 | N/A |
| Livestatus injection in the notification test mode in Checkmk <2.5.0b4 and <2.4.0p26 allows an authenticated user with access to the notification test page to inject arbitrary Livestatus commands via a crafted service description. | ||||
| CVE-2026-5999 | 1 Jeecg | 1 Jeecgboot | 2026-04-13 | 6.3 Medium |
| A vulnerability has been found in JeecgBoot up to 3.9.1. This impacts an unknown function of the component SysAnnouncementController. Such manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor confirmed the issue and will provide a fix in the upcoming release. | ||||
| CVE-2026-6003 | 1 Code-projects | 1 Simple It Discussion Forum | 2026-04-13 | 2.4 Low |
| A security vulnerability has been detected in code-projects Simple IT Discussion Forum 1.0. This issue affects some unknown processing of the file /admin/user.php. Such manipulation of the argument fname leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. | ||||