Export limit exceeded: 342084 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 342084 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (342084 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-71279 | 1 Xenforo | 1 Xenforo | 2026-04-02 | 9.8 Critical |
| XenForo before 2.3.7 contains a security issue affecting Passkeys that have been added to user accounts. An attacker may be able to compromise the security of Passkey-based authentication. | ||||
| CVE-2025-71280 | 1 Xenforo | 1 Xenforo | 2026-04-02 | 6.2 Medium |
| XenForo before 2.3.7 allows information disclosure via local account page caching on shared systems. On systems where multiple users share a browser or machine, cached account pages could expose sensitive user information to other local users. | ||||
| CVE-2025-71281 | 1 Xenforo | 1 Xenforo | 2026-04-02 | 8.8 High |
| XenForo before 2.3.7 does not properly restrict methods callable from within templates. A loose prefix match was used instead of a stricter first-word match for methods accessible through callbacks and variable method calls in templates, potentially allowing unauthorized method invocations. | ||||
| CVE-2025-71282 | 1 Xenforo | 1 Xenforo | 2026-04-02 | 7.5 High |
| XenForo before 2.3.7 discloses filesystem paths through exception messages triggered by open_basedir restrictions. This allows an attacker to obtain information about the server's directory structure. | ||||
| CVE-2026-35054 | 1 Xenforo | 1 Xenforo | 2026-04-02 | 6.4 Medium |
| XenForo before 2.3.9 is vulnerable to stored cross-site scripting (XSS) related to BB code rendering. An attacker can inject malicious scripts through BB code that are stored and executed when other users view the content. | ||||
| CVE-2026-3970 | 1 Tenda | 2 I3, I3 Firmware | 2026-04-02 | 8.8 High |
| A flaw has been found in Tenda i3 1.0.0.6(2204). Affected is the function formwrlSSIDget of the file /goform/wifiSSIDget. Executing a manipulation of the argument index can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been published and may be used. | ||||
| CVE-2026-3971 | 1 Tenda | 2 I3, I3 Firmware | 2026-04-02 | 8.8 High |
| A vulnerability has been found in Tenda i3 1.0.0.6(2204). Affected by this vulnerability is the function formwrlSSIDset of the file /goform/wifiSSIDset. The manipulation of the argument index/GO leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-3972 | 1 Tenda | 2 W3, W3 Firmware | 2026-04-02 | 8.8 High |
| A vulnerability was found in Tenda W3 1.0.0.3(2204). Affected by this issue is the function formSetCfm of the file /goform/setcfm of the component HTTP Handler. The manipulation of the argument funcpara1 results in stack-based buffer overflow. The attack can only be performed from the local network. The exploit has been made public and could be used. | ||||
| CVE-2026-3973 | 1 Tenda | 2 W3, W3 Firmware | 2026-04-02 | 8.8 High |
| A vulnerability was determined in Tenda W3 1.0.0.3(2204). This affects the function formSetAutoPing of the file /goform/setAutoPing of the component POST Parameter Handler. This manipulation of the argument ping1/ping2 causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-3974 | 1 Tenda | 2 W3, W3 Firmware | 2026-04-02 | 8.8 High |
| A vulnerability was identified in Tenda W3 1.0.0.3(2204). This vulnerability affects the function formexeCommand of the file /goform/exeCommand of the component HTTP Handler. Such manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be performed from remote. The exploit is publicly available and might be used. | ||||
| CVE-2026-3975 | 1 Tenda | 2 W3, W3 Firmware | 2026-04-02 | 8.8 High |
| A security flaw has been discovered in Tenda W3 1.0.0.3(2204). This issue affects the function formWifiMacFilterGet of the file /goform/WifiMacFilterGet of the component POST Parameter Handler. Performing a manipulation of the argument wl_radio results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2026-3976 | 1 Tenda | 2 W3, W3 Firmware | 2026-04-02 | 8.8 High |
| A weakness has been identified in Tenda W3 1.0.0.3(2204). Impacted is the function formWifiMacFilterSet of the file /goform/WifiMacFilterSet of the component POST Parameter Handler. Executing a manipulation of the argument index/GO can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2026-4007 | 1 Tenda | 2 W3, W3 Firmware | 2026-04-02 | 8.8 High |
| A vulnerability was detected in Tenda W3 1.0.0.3(2204). This vulnerability affects unknown code of the file /goform/wifiSSIDget of the component POST Parameter Handler. Performing a manipulation of the argument index results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is now public and may be used. | ||||
| CVE-2026-4008 | 1 Tenda | 2 W3, W3 Firmware | 2026-04-02 | 8.8 High |
| A flaw has been found in Tenda W3 1.0.0.3(2204). This issue affects some unknown processing of the file /goform/wifiSSIDset of the component POST Parameter Handler. Executing a manipulation of the argument index/GO can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used. | ||||
| CVE-2026-4041 | 1 Tenda | 2 I12, I12 Firmware | 2026-04-02 | 8.8 High |
| A security flaw has been discovered in Tenda i12 1.0.0.6(2204). Impacted is the function vos_strcpy of the file /goform/exeCommand. The manipulation of the argument cmdinput results in stack-based buffer overflow. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2026-4042 | 1 Tenda | 2 I12, I12 Firmware | 2026-04-02 | 8.8 High |
| A weakness has been identified in Tenda i12 1.0.0.6(2204). The affected element is the function formWifiMacFilterGet of the file /goform/WifiMacFilterGet. This manipulation of the argument index causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2026-4043 | 1 Tenda | 2 I12, I12 Firmware | 2026-04-02 | 8.8 High |
| A security vulnerability has been detected in Tenda i12 1.0.0.6(2204). The impacted element is the function formwrlSSIDget of the file /goform/wifiSSIDget. Such manipulation of the argument index leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2026-33643 | 1 Schemahero | 1 Schemahero | 2026-04-02 | 7.4 High |
| SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the mysqlColumnAsInsert function in file plugins/mysql/lib/column.go. | ||||
| CVE-2026-30302 | 2 Coderider, Coderider-kilo | 2 Coderider-kilo, Coderider | 2026-04-02 | 10 Critical |
| The command auto-approval module in CodeRider-Kilo contains an OS Command Injection vulnerability, rendering its whitelist security mechanism ineffective. The vulnerability stems from the incorrect use of an incompatible command parser (the Unix-based shell-quote library) to analyze commands on the Windows platform, coupled with a failure to correctly handle Windows CMD-specific escape sequences (^). Attackers can exploit this discrepancy between the parsing logic and the execution environment by constructing payloads such as git log ^" & malicious_command ^". The CodeRider-Kilo parser is deceived by the escape characters, misinterpreting the malicious command connector (&) as being within a protected string argument and thus auto-approving the command. However, the underlying Windows CMD interpreter ignores the escaped quotes, parsing and executing the subsequent malicious command directly. This allows attackers to achieve arbitrary Remote Code Execution (RCE) after bypassing what appears to be a legitimate Git whitelist check. | ||||
| CVE-2026-30689 | 1 Anjoy8 | 1 Blog.admin | 2026-04-02 | 7.5 High |
| A blog.admin v.8.0 and before system's getinfobytoken API interface contains an improper access control which leads to sensitive data exposure. Unauthorized parties can obtain sensitive administrator account information via a valid token, threatening system security. | ||||