Export limit exceeded: 343492 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 343492 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (343492 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-5827 | 2026-04-09 | 7.3 High | ||
| A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. Impacted is an unknown function of the file /question-function.php. The manipulation of the argument content leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-5826 | 2026-04-09 | 4.3 Medium | ||
| A flaw has been found in code-projects Simple IT Discussion Forum 1.0. This issue affects some unknown processing of the file /edit-category.php. Executing a manipulation of the argument Category can lead to cross site scripting. The attack can be launched remotely. The exploit has been published and may be used. | ||||
| CVE-2026-5825 | 1 Code-projects | 1 Simple Laundry System | 2026-04-09 | 4.3 Medium |
| A vulnerability was detected in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /delmemberinfo.php. Performing a manipulation of the argument userid results in cross site scripting. The attack can be initiated remotely. The exploit is now public and may be used. | ||||
| CVE-2026-5829 | 2026-04-09 | 7.3 High | ||
| A vulnerability was determined in code-projects Simple IT Discussion Forum 1.0. The impacted element is an unknown function of the file /pages/content.php. This manipulation of the argument post_id causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-30251 | 2 Interzen, Interzen Consulting | 2 Zenshare Suite, Zenshare Suite | 2026-04-09 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in the login_newpwd.php endpoint of Interzen Consulting S.r.l ZenShare Suite v17.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via a crafted URL injected into the codice_azienda parameter. | ||||
| CVE-2026-35544 | 1 Roundcube | 1 Webmail | 2026-04-09 | 5.3 Medium |
| An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Insufficient Cascading Style Sheets (CSS) sanitization in HTML e-mail messages may lead to a fixed-position mitigation bypass via the use of !important. | ||||
| CVE-2026-5467 | 1 Casbin | 1 Casdoor | 2026-04-09 | 4.3 Medium |
| A vulnerability was identified in Casdoor 2.356.0. Affected by this issue is some unknown functionality of the component OAuth Authorization Request Handler. Such manipulation of the argument redirect_uri leads to open redirect. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-5828 | 2026-04-09 | 7.3 High | ||
| A vulnerability was found in code-projects Simple IT Discussion Forum 1.0. The affected element is an unknown function of the file /functions/addcomment.php. The manipulation of the argument postid results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used. | ||||
| CVE-2026-5468 | 1 Casbin | 1 Casdoor | 2026-04-09 | 3.5 Low |
| A security flaw has been discovered in Casdoor 2.356.0. This affects the function dangerouslySetInnerHTML. Performing a manipulation of the argument formCss/formCssMobile/formSideHtml results in cross site scripting. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-59709 | 2 Biztalk360, Kovai | 2 Biztalk360, Biztalk360 | 2026-04-09 | 6.8 Medium |
| An issue was discovered in Biztalk360 through 11.5. because of mishandling of user-provided input in a path to be read by the server, a Super User attacker is able to read files on the system and/or coerce an authentication from the service, aka Directory Traversal. | ||||
| CVE-2025-59710 | 2 Biztalk360, Kovai | 2 Biztalk360, Biztalk360 | 2026-04-09 | 8.8 High |
| An issue was discovered in Biztalk360 before 11.5. Because of incorrect access control, any user is able to request the loading a DLL file. During the loading, a method is called. An attacker can craft a malicious DLL, upload it to the server, and use it to achieve remote code execution on the server. | ||||
| CVE-2025-59711 | 2 Biztalk360, Kovai | 2 Biztalk360, Biztalk360 | 2026-04-09 | 8.3 High |
| An issue was discovered in Biztalk360 before 11.5. Because of mishandling of user-provided input in an upload mechanism, an authenticated attacker is able to write files outside of the destination directory and/or coerce an authentication from the service, aka Directory Traversal. | ||||
| CVE-2026-5824 | 1 Code-projects | 1 Simple Laundry System | 2026-04-09 | 7.3 High |
| A security vulnerability has been detected in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /userchecklogin.php. Such manipulation of the argument userid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2026-5823 | 2026-04-09 | 6.3 Medium | ||
| A weakness has been identified in itsourcecode Construction Management System 1.0. Affected by this issue is some unknown functionality of the file /borrowed_tool_report.php. This manipulation of the argument Home causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2026-5815 | 2026-04-09 | 8.8 High | ||
| A vulnerability was detected in D-Link DIR-645 1.01/1.02/1.03. Impacted is the function hedwigcgi_main of the file /cgi-bin/hedwig.cgi. The manipulation results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2026-5814 | 1 Phpgurukul | 1 Online Course Registration | 2026-04-09 | 7.3 High |
| A security vulnerability has been detected in PHPGurukul Online Course Registration 3.1. This issue affects some unknown processing of the file /admin/check_availability.php. The manipulation of the argument regno leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2026-26477 | 2 Dokuwiki, Wiki | 2 Dokuwiki, Dokuwiki | 2026-04-09 | 4.3 Medium |
| An issue in Dokuwiki v.2025-05-14b "Librarian" [56.2] allows a remote attacker to cause a denial of service via the media_upload_xhr() function in the media.php file | ||||
| CVE-2026-5469 | 1 Casbin | 1 Casdoor | 2026-04-09 | 4.7 Medium |
| A weakness has been identified in Casdoor 2.356.0. This vulnerability affects unknown code of the component Webhook URL Handler. Executing a manipulation can lead to server-side request forgery. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-5813 | 1 Phpgurukul | 1 Online Course Registration | 2026-04-08 | 7.3 High |
| A weakness has been identified in PHPGurukul Online Course Registration 3.1. This vulnerability affects unknown code of the file /check_availability.php. Executing a manipulation of the argument cid can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2026-5812 | 2026-04-08 | 5.4 Medium | ||
| A security flaw has been discovered in SourceCodester Pharmacy Product Management System 1.0. This affects an unknown part of the file add-sales.php of the component POST Parameter Handler. Performing a manipulation of the argument txtqty results in business logic errors. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks. | ||||