Export limit exceeded: 342973 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 342973 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 342973 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (342973 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-35679 | 1 Zcash | 1 Zcashd | 2026-04-07 | 3.5 Low |
| Zcash zcashd before 6.12.0 allows invalid transactions to be accepted under certain conditions, which potentially could have resulted in the draining of user funds from the Sprout pool. It was sometimes not verifying Sprout proofs. | ||||
| CVE-2026-5542 | 1 Code-projects | 1 Simple Laundry System | 2026-04-07 | 4.3 Medium |
| A vulnerability was determined in code-projects Simple Laundry System 1.0. Impacted is an unknown function of the file /modstaffinfo.php of the component Parameter Handler. Executing a manipulation of the argument userid can lead to cross site scripting. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-5544 | 1 Utt | 1 Hiper 1250gw | 2026-04-07 | 8.8 High |
| A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. The impacted element is an unknown function of the file /goform/formRemoteControl. The manipulation of the argument Profile results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2026-5560 | 1 Phpgurukul | 1 Online Shopping Portal Project | 2026-04-07 | 6.3 Medium |
| A vulnerability was found in PHPGurukul Online Shopping Portal Project 2.1. The impacted element is an unknown function of the file /payment-method.php of the component Parameter Handler. Performing a manipulation of the argument paymethod results in sql injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used. | ||||
| CVE-2026-5570 | 1 Technostrobe | 1 Hi-led-wr120-g2 | 2026-04-07 | 7.3 High |
| A vulnerability was determined in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. The affected element is the function index_config of the file /LoginCB. This manipulation causes improper authentication. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-5572 | 1 Technostrobe | 1 Hi-led-wr120-g2 | 2026-04-07 | 4.3 Medium |
| A security flaw has been discovered in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. This affects an unknown function. Performing a manipulation results in cross-site request forgery. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-5574 | 1 Technostrobe | 1 Hi-led-wr120-g2 | 2026-04-07 | 6.5 Medium |
| A security vulnerability has been detected in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. Affected is the function deletefile of the component FsBrowseClean. The manipulation of the argument dir/path leads to missing authorization. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-5577 | 1 Song-li | 1 Cross Browser | 2026-04-07 | 7.3 High |
| A vulnerability has been found in Song-Li cross_browser up to ca690f0fe6954fd9bcda36d071b68ed8682a786a. This affects an unknown part of the file flask/uniquemachine_app.py of the component details Endpoint. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2019-25662 | 1 Montala | 1 Resourcespace | 2026-04-07 | 8.2 High |
| ResourceSpace 8.6 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'ref' parameter. Attackers can send GET requests to the watched_searches.php endpoint with crafted SQL payloads to extract sensitive database information including usernames and credentials. | ||||
| CVE-2019-25663 | 2 Salesagility, Suitecrm | 2 Suitecrm, Suitecrm | 2026-04-07 | 7.1 High |
| SuiteCRM 7.10.7 contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the parentTab parameter. Attackers can send GET requests to the email module with malicious parentTab values using boolean-based SQL injection techniques to extract sensitive database information. | ||||
| CVE-2026-5583 | 1 Phpgurukul | 1 Online Shopping Portal Project | 2026-04-07 | 6.3 Medium |
| A security vulnerability has been detected in PHPGurukul Online Shopping Portal Project 2.1. This affects an unknown part of the file /my-profile.php of the component Parameter Handler. The manipulation of the argument fullname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2026-5586 | 1 Zhongyu09 | 1 Openchatbi | 2026-04-07 | 6.3 Medium |
| A vulnerability was determined in zhongyu09 openchatbi up to 0.2.1. The impacted element is an unknown function of the component Multi-stage Text2SQL Workflow. Executing a manipulation of the argument keywords can lead to sql injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2019-25656 | 1 R-project | 1 R | 2026-04-07 | 8.4 High |
| R i386 3.5.0 contains a local buffer overflow vulnerability in the GUI Preferences dialog that allows local attackers to trigger a structured exception handler (SEH) overwrite by supplying malicious input. Attackers can craft a payload string in the 'Language for menus and messages' field to overwrite SEH records and achieve code execution with calculator or arbitrary shellcode. | ||||
| CVE-2019-25658 | 1 Amac | 1 Mac Address Change | 2026-04-07 | 5.5 Medium |
| a-Mac Address Change 5.4 contains a local buffer overflow vulnerability that allows local attackers to crash the application by supplying oversized input to registration form fields. Attackers can paste 212 bytes of data into the 'Your Name', 'Your Company', or 'Register Code' fields and click the Register button to trigger a denial of service crash. | ||||
| CVE-2019-25666 | 2 Nsasoft, Nsauditor | 2 Spotauditor, Spotauditor | 2026-04-07 | 6.2 Medium |
| SpotAuditor 3.6.7 contains a local buffer overflow vulnerability in the Base64 Password Decoder component that allows attackers to crash the application. Attackers can supply an oversized Base64 string through the decoder interface to trigger a denial of service condition. | ||||
| CVE-2019-25667 | 1 Iarsn | 1 Taskinfo | 2026-04-07 | 6.2 Medium |
| TaskInfo 8.2.0.280 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying oversized input to registration fields. Attackers can paste excessively long strings into the New User Name or New Serial Number textboxes in the Help menu's registration dialog to trigger a denial of service condition. | ||||
| CVE-2019-25674 | 1 Victoralagwu | 1 Cmssite | 2026-04-07 | 8.2 High |
| CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'post' parameter. Attackers can send GET requests to post.php with malicious 'post' values to extract sensitive database information or perform time-based blind SQL injection attacks. | ||||
| CVE-2019-25677 | 1 Rarlab | 1 Winrar | 2026-04-07 | 6.2 Medium |
| WinRAR 5.61 contains a denial of service vulnerability that allows local attackers to crash the application by placing a malformed winrar.lng language file in the installation directory. Attackers can trigger the crash by opening an archive and pressing the test button, causing an access violation at memory address 004F1DB8 when the application attempts to read invalid data. | ||||
| CVE-2019-25684 | 1 Opendocman | 1 Opendocman | 2026-04-07 | 8.2 High |
| OpenDocMan 1.3.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'where' parameter. Attackers can send GET requests to search.php with malicious SQL payloads in the 'where' parameter to extract sensitive database information. | ||||
| CVE-2019-25671 | 1 Va Max | 1 Va Max | 2026-04-07 | 8.8 High |
| VA MAX 8.3.4 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by injecting shell metacharacters into the mtu_eth0 parameter. Attackers can send POST requests to the changeip.php endpoint with malicious payload in the mtu_eth0 field to execute commands as the apache user. | ||||