Export limit exceeded: 342797 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (342797 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-5569 | 1 Technostrobe | 1 Hi-led-wr120-g2 | 2026-04-07 | 7.3 High |
| A vulnerability was found in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. Impacted is an unknown function of the file /Technostrobe/ of the component Endpoint. The manipulation results in improper access controls. The attack may be performed from remote. The exploit has been made public and could be used. Multiple endpoints are affected. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-5605 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2026-04-07 | 8.8 High |
| A weakness has been identified in Tenda CH22 1.0.0.1. This affects the function formWrlExtraSet of the file /goform/WrlExtraSet. Executing a manipulation of the argument GO can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2026-5612 | 1 Belkin | 2 F9k1015, F9k1015 Firmware | 2026-04-07 | 8.8 High |
| A vulnerability was determined in Belkin F9K1015 1.00.10. This vulnerability affects the function formWlEncrypt of the file /goform/formWlEncrypt. Executing a manipulation of the argument webpage can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-5543 | 1 Phpgurukul | 1 User Registration & Login And User Management System | 2026-04-07 | 6.3 Medium |
| A vulnerability was identified in PHPGurukul User Registration & Login and User Management System 3.3. The affected element is an unknown function of the file /admin/yesterday-reg-users.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. | ||||
| CVE-2026-5549 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2026-04-07 | 5.3 Medium |
| A vulnerability was determined in Tenda AC10 16.03.10.10_multi_TDE01. Affected by this issue is some unknown functionality of the file /webroot_ro/pem/privkeySrv.pem of the component RSA 2048-bit Private Key Handler. Executing a manipulation can lead to use of hard-coded cryptographic key . The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-5579 | 1 Codeastro | 1 Online Classroom | 2026-04-07 | 6.3 Medium |
| A vulnerability was determined in CodeAstro Online Classroom 1.0. This issue affects some unknown processing of the file /OnlineClassroom/updatedetailsfromfaculty.php?myfid=108 of the component Parameter Handler. Executing a manipulation of the argument fname can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2019-25660 | 1 Hainsoft | 1 Lanhelper | 2026-04-07 | 6.2 Medium |
| LanHelper 1.74 contains a local buffer overflow vulnerability that allows attackers to crash the application by sending excessively long input strings. Attackers can exploit the Form Send Message feature by pasting 6000 bytes of data into the Message text field to trigger a denial of service condition. | ||||
| CVE-2019-25672 | 2 Kartatopia, Pilus | 2 Piluscart, Piluscart | 2026-04-07 | 8.2 High |
| PilusCart 1.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'send' parameter. Attackers can submit POST requests to the comment submission endpoint with RLIKE-based boolean SQL injection payloads to extract sensitive database information. | ||||
| CVE-2019-25687 | 1 Wisdom | 1 Pegasus Cms | 2026-04-07 | 9.8 Critical |
| Pegasus CMS 1.0 contains a remote code execution vulnerability in the extra_fields.php plugin that allows unauthenticated attackers to execute arbitrary commands by exploiting unsafe eval functionality. Attackers can send POST requests to the submit.php endpoint with malicious PHP code in the action parameter to achieve code execution and obtain an interactive shell. | ||||
| CVE-2026-26263 | 1 Glpi-project | 1 Glpi | 2026-04-07 | 8.1 High |
| GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, an unauthenticated time-based blind SQL injection exists in GLPI's Search engine. This vulnerability is fixed in 11.0.6. | ||||
| CVE-2026-5558 | 1 Phpgurukul | 1 Online Shopping Portal Project | 2026-04-07 | 6.3 Medium |
| A flaw has been found in PHPGurukul PHPGurukul Online Shopping Portal Project up to 2.1. Impacted is an unknown function of the file /pending-orders.php of the component Parameter Handler. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. | ||||
| CVE-2026-5563 | 1 Autohomecorp | 1 Frostmourne | 2026-04-07 | 6.3 Medium |
| A security flaw has been discovered in AutohomeCorp frostmourne up to 1.0. Affected is the function httpTest of the file /api/monitor-api/alarm/previewData of the component Alarm Preview. The manipulation results in sql injection. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2026-5568 | 1 Akaunting | 1 Akaunting | 2026-04-07 | 3.5 Low |
| A vulnerability has been found in Akaunting up to 3.1.21. This issue affects some unknown processing of the component Invoice/Billing. The manipulation of the argument notes leads to cross site scripting. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2019-25661 | 1 Lizardsystems | 1 Remote Process Explorer | 2026-04-07 | 6.2 Medium |
| Remote Process Explorer 1.0.0.16 contains a local buffer overflow vulnerability that allows attackers to cause a denial of service by sending a crafted payload to the Add Computer dialog. Attackers can paste a malicious string into the computer name textbox and trigger a crash by connecting to the added computer, overwriting the SEH chain and corrupting exception handlers. | ||||
| CVE-2019-25675 | 1 Edirectory | 1 Edirectory | 2026-04-07 | 8.2 High |
| eDirectory contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to bypass administrator authentication and disclose sensitive files by injecting SQL code into parameters. Attackers can exploit the key parameter in the login endpoint with union-based SQL injection to authenticate as administrator, then leverage authenticated file disclosure vulnerabilities in language_file.php to read arbitrary PHP files from the server. | ||||
| CVE-2019-25681 | 1 Xlightftpd | 1 Xlight Ftp | 2026-04-07 | 8.4 High |
| Xlight FTP Server 3.9.1 contains a structured exception handler (SEH) overwrite vulnerability that allows local attackers to crash the application and overwrite SEH pointers by supplying a crafted buffer string. Attackers can inject a 428-byte payload through the program execution field in virtual server configuration to trigger a buffer overflow that corrupts the SEH chain and enables potential code execution. | ||||
| CVE-2019-25685 | 1 Phpbb | 1 Phpbb | 2026-04-07 | 8.8 High |
| phpBB contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by exploiting the plupload functionality and phar:// stream wrapper. Attackers can upload a crafted zip file containing serialized PHP objects that execute arbitrary code when deserialized through the imagick parameter in attachment settings. | ||||
| CVE-2019-25698 | 1 Kados | 1 Kados R10 Greenbee | 2026-04-07 | 8.2 High |
| Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the id_to_delete parameter. Attackers can send crafted requests with malicious SQL statements in the id_to_delete field to extract or modify sensitive database information. | ||||
| CVE-2026-29047 | 1 Glpi-project | 1 Glpi | 2026-04-07 | 7.2 High |
| GLPI is a free asset and IT management software package. From 10.0.0 to before 10.0.24 and 11.0.6, an authenticated user can perform a SQL injection via the logs export feature. This vulnerability is fixed in 10.0.24 and 11.0.6. | ||||
| CVE-2026-30078 | 1 Openairinterface | 1 Oai-cn5g-amf | 2026-04-07 | 7.5 High |
| OpenAirInterface V2.2.0 AMF crashes when it receives an NGAP message with invalid procedure code or invalid PDU-type. For example when the message specification requires InitiatingMessage but sent with successfulOutcome. | ||||