Export limit exceeded: 344982 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344982 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-3630 | 1 Deltaww | 1 Commgr2 | 2026-04-16 | 9.8 Critical |
| Delta Electronics COMMGR2 has Stack-based Buffer Overflow vulnerability. | ||||
| CVE-2026-3798 | 1 Comfast | 2 Cf-ac100, Cf-ac100 Firmware | 2026-04-16 | 4.7 Medium |
| A vulnerability was detected in Comfast CF-AC100 2.6.0.8. This affects the function sub_44AC14 of the file /cgi-bin/mbox-config?method=SET§ion=ping_config of the component Request Path Handler. The manipulation results in command injection. The attack may be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-3799 | 1 Tenda | 2 I3, I3 Firmware | 2026-04-16 | 8.8 High |
| A flaw has been found in Tenda i3 1.0.0.6(2204). This impacts the function formSetCfm of the file /goform/setcfm. This manipulation of the argument funcpara1 causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used. | ||||
| CVE-2026-3802 | 1 Tenda | 2 I3, I3 Firmware | 2026-04-16 | 8.8 High |
| A vulnerability was determined in Tenda i3 1.0.0.6(2204). Affected by this issue is the function formexeCommand of the file /goform/exeCommand. Executing a manipulation of the argument cmdinput can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-30896 | 2 Q-see, Qsee | 2 Qsee Client, Qsee Client | 2026-04-16 | N/A |
| The installer for Qsee Client versions 1.0.1 and prior insecurely load Dynamic Link Libraries (DLLs). When a user is directed to place some malicious DLL to the same directory and execute the affected installer, then arbitrary code may be executed with the administrative privilege. | ||||
| CVE-2026-3803 | 1 Tenda | 2 I3, I3 Firmware | 2026-04-16 | 8.8 High |
| A vulnerability was identified in Tenda i3 1.0.0.6(2204). This affects the function formWifiMacFilterGet of the file /goform/WifiMacFilterGet. The manipulation of the argument index leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. | ||||
| CVE-2026-3804 | 1 Tenda | 2 I3, I3 Firmware | 2026-04-16 | 8.8 High |
| A security flaw has been discovered in Tenda i3 1.0.0.6(2204). This vulnerability affects the function formWifiMacFilterSet of the file /goform/WifiMacFilterSet. The manipulation of the argument index results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2026-3806 | 3 Janobe, Oretnom23, Sourcecodester | 3 Resort Reservation System, Resort Reservation System, Resort Reservation System | 2026-04-16 | 6.3 Medium |
| A weakness has been identified in SourceCodester/janobe Resort Reservation System 1.0. This issue affects some unknown processing of the file /room_rates.php. This manipulation of the argument q causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2026-3809 | 1 Tenda | 2 Fh1202, Fh1202 Firmware | 2026-04-16 | 8.8 High |
| A flaw has been found in Tenda FH1202 1.2.0.14(408). The impacted element is the function fromNatStaticSetting of the file /goform/NatSaticSetting. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been published and may be used. | ||||
| CVE-2026-3811 | 1 Tenda | 2 Fh1202, Fh1202 Firmware | 2026-04-16 | 8.8 High |
| A vulnerability was found in Tenda FH1202 1.2.0.14(408). This impacts the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument page results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used. | ||||
| CVE-2026-3814 | 1 Utt | 3 810g, 810g Firmware, Hiper 810g | 2026-04-16 | 8.8 High |
| A security flaw has been discovered in UTT HiPER 810G up to 1.7.7-1711. Affected by this issue is the function strcpy of the file /goform/getOneApConfTempEntry. Performing a manipulation results in buffer overflow. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2026-25604 | 1 Apache | 2 Airflow Providers Amazon, Apache-airflow-providers-amazon | 2026-04-16 | 5.4 Medium |
| In AWS Auth manager, the origin of the SAML authentication has been used as provided by the client and not verified against the actual instance URL. This allowed to gain access to different instances with potentially different access controls by reusing SAML response from other instances. You should upgrade to 9.22.0 version of provider if you use AWS Auth Manager. | ||||
| CVE-2026-3816 | 1 Owasp | 1 Defectdojo | 2026-04-16 | 4.3 Medium |
| A security vulnerability has been detected in OWASP DefectDojo up to 2.55.4. This vulnerability affects the function input_zip.read of the file parser.py of the component SonarQubeParser/MSDefenderParser. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 2.56.0 is able to resolve this issue. The identifier of the patch is e8f1e5131535b8fd80a7b1b3085d676295fdcd41. Upgrading the affected component is recommended. | ||||
| CVE-2026-3817 | 2 Pamzey, Sourcecodester | 2 Patients Waiting Area Queue Management System, Patients Waiting Area Queue Management System | 2026-04-16 | 5.3 Medium |
| A vulnerability was detected in SourceCodester Patients Waiting Area Queue Management System 1.0. This issue affects some unknown processing of the file /patient-search.php. The manipulation results in improper authorization. The attack can be launched remotely. The exploit is now public and may be used. | ||||
| CVE-2026-6361 | 1 Google | 1 Chrome | 2026-04-16 | 7.2 High |
| Heap buffer overflow in PDFium in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High) | ||||
| CVE-2026-6319 | 1 Google | 1 Chrome | 2026-04-16 | 7.5 High |
| Use after free in Payments in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-6318 | 1 Google | 1 Chrome | 2026-04-16 | 8.8 High |
| Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-6308 | 1 Google | 1 Chrome | 2026-04-16 | 7.5 High |
| Out of bounds read in Media in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-6306 | 1 Google | 1 Chrome | 2026-04-16 | 8.8 High |
| Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High) | ||||
| CVE-2026-6303 | 1 Google | 1 Chrome | 2026-04-16 | 8.8 High |
| Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | ||||