Export limit exceeded: 347826 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347826 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-25264 | 1 Acutesystems | 1 Transmac | 2026-04-27 | 6.2 Medium |
| TransMac 12.2 contains a buffer overflow vulnerability in the license key input field that allows local attackers to crash the application by submitting an oversized string. Attackers can generate a payload file containing 4000 bytes of data, paste it into the License Key field, and trigger a denial of service condition. | ||||
| CVE-2018-25294 | 1 Cewe-photoworld | 1 Cewe Photo Show | 2026-04-27 | 7.5 High |
| CEWE Photoshow 6.3.4 contains a buffer overflow vulnerability in the login dialog that allows attackers to crash the application by submitting oversized input. Attackers can inject 4000 bytes of data into the email address and password fields to trigger a denial of service condition. | ||||
| CVE-2026-7071 | 1 Codeastro | 1 Online Job Portal | 2026-04-27 | 5.3 Medium |
| A security vulnerability has been detected in CodeAstro Online Job Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /users/user-cvs/. The manipulation leads to file and directory information exposure. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2026-7073 | 1 Itsourcecode | 1 Construction Management System | 2026-04-27 | 7.3 High |
| A flaw has been found in itsourcecode Construction Management System 1.0. This affects an unknown part of the file /execute.php. This manipulation of the argument code causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. | ||||
| CVE-2026-7074 | 1 Itsourcecode | 1 Construction Management System | 2026-04-27 | 7.3 High |
| A vulnerability has been found in itsourcecode Construction Management System 1.0. This vulnerability affects unknown code of the file /execute1.php. Such manipulation of the argument code leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-7075 | 1 Itsourcecode | 1 Construction Management System | 2026-04-27 | 7.3 High |
| A vulnerability was found in itsourcecode Construction Management System 1.0. This issue affects some unknown processing of the file /locations.php. Performing a manipulation of the argument address results in sql injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used. | ||||
| CVE-2026-7088 | 1 Sourcecodester | 1 Pharmacy Sales And Inventory System | 2026-04-27 | 7.3 High |
| A weakness has been identified in SourceCodester Pharmacy Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=save_receiving. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2026-3008 | 1 Notepad++ | 1 Notepad++ | 2026-04-27 | 6.6 Medium |
| Successful exploitation of the string injection vulnerability could allow an attacker to obtain memory address information or crash the application. | ||||
| CVE-2025-69809 | 1 P2r3 | 1 Bareiron | 2026-04-27 | 9.8 Critical |
| A write-what-where condition in p2r3 Bareiron commit 8e4d40 allows unauthenticated attackers to write arbitrary values to memory, enabling arbitrary code execution via a crafted packet. | ||||
| CVE-2025-69808 | 1 P2r3 | 1 Bareiron | 2026-04-27 | 9.1 Critical |
| An out-of-bounds memory access (OOB) in p2r3 Bareiron commit 8e4d40 allows unauthenticated attackers to access sensitive information and cause a Denial of Service (DoS) via supplying a crafted packet. | ||||
| CVE-2025-52624 | 1 Hcltech | 1 Aion | 2026-04-27 | 5.4 Medium |
| A vulnerability Bypass of the script allowlist configuration in HCL AION. An incorrectly configured Content-Security-Policy header may allow unauthorized scripts to execute, increasing the risk of cross-site scripting and other injection-based attacks.This issue affects AION: 2.0. | ||||
| CVE-2025-52623 | 1 Hcltech | 1 Aion | 2026-04-27 | 3.7 Low |
| HCL AION is affected by an Autocomplete HTML Attribute Not Disabled for Password Field vulnerability. This can allow autocomplete on password fields may lead to unintended storage or disclosure of sensitive credentials, potentially increasing the risk of unauthorized access. This issue affects AION: 2.0. | ||||
| CVE-2025-52634 | 1 Hcltech | 1 Aion | 2026-04-27 | 3.7 Low |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION This issue affects HCL AION: 2.0. | ||||
| CVE-2025-52633 | 1 Hcltech | 1 Aion | 2026-04-27 | 3.1 Low |
| HCL AION is affected by a Permanent Cookie Containing Sensitive Session Information vulnerability. It is storing sensitive session data in persistent cookies may increase the risk of unauthorized access if the cookies are intercepted or compromised. This issue affects AION: 2.0. | ||||
| CVE-2025-52632 | 1 Hcltech | 1 Aion | 2026-04-27 | 6.5 Medium |
| A Missing Secure Attribute in Encrypted Session (SSL) Cookie vulnerability in HCL AION.This issue affects AION: 2.0. | ||||
| CVE-2025-52631 | 1 Hcltech | 1 Aion | 2026-04-27 | 3.7 Low |
| HCL AION is affected by a Missing or Insecure HTTP Strict-Transport-Security (HSTS) Header vulnerability. This can allow insecure connections, potentially exposing the application to man-in-the-middle and protocol downgrade attacks.. This issue affects AION: 2.0. | ||||
| CVE-2025-52630 | 1 Hcltech | 1 Aion | 2026-04-27 | 3.7 Low |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION.This issue affects AION: 2.0. | ||||
| CVE-2025-52629 | 1 Hcltech | 1 Aion | 2026-04-27 | 3.7 Low |
| HCL AION is susceptible to Missing Content-Security-Policy. An The absence of a CSP header may increase the risk of cross-site scripting and other content injection attacks by allowing unsafe scripts or resources to execute..This issue affects AION: 2.0. | ||||
| CVE-2025-52635 | 1 Hcltech | 1 Aion | 2026-04-27 | 3.7 Low |
| A rusted types in scripts not enforced in CSP vulnerability has been identified in HCL AION.This issue affects AION: 2.0. | ||||
| CVE-2026-31691 | 1 Linux | 1 Linux Kernel | 2026-04-27 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: igb: remove napi_synchronize() in igb_down() When an AF_XDP zero-copy application terminates abruptly (e.g., kill -9), the XSK buffer pool is destroyed but NAPI polling continues. igb_clean_rx_irq_zc() repeatedly returns the full budget, preventing napi_complete_done() from clearing NAPI_STATE_SCHED. igb_down() calls napi_synchronize() before napi_disable() for each queue vector. napi_synchronize() spins waiting for NAPI_STATE_SCHED to clear, which never happens. igb_down() blocks indefinitely, the TX watchdog fires, and the TX queue remains permanently stalled. napi_disable() already handles this correctly: it sets NAPI_STATE_DISABLE. After a full-budget poll, __napi_poll() checks napi_disable_pending(). If set, it forces completion and clears NAPI_STATE_SCHED, breaking the loop that napi_synchronize() cannot. napi_synchronize() was added in commit 41f149a285da ("igb: Fix possible panic caused by Rx traffic arrival while interface is down"). napi_disable() provides stronger guarantees: it prevents further scheduling and waits for any active poll to exit. Other Intel drivers (ixgbe, ice, i40e) use napi_disable() without a preceding napi_synchronize() in their down paths. Remove redundant napi_synchronize() call and reorder napi_disable() before igb_set_queue_napi() so the queue-to-NAPI mapping is only cleared after polling has fully stopped. | ||||