Export limit exceeded: 342600 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 342600 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (342600 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-1509 | 1 Broadcom | 1 Brocade Active Support Connectivity Gateway | 2026-04-06 | 9.1 Critical |
| Brocade ASCG before 3.2.0 Web Interface is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections. | ||||
| CVE-2026-5660 | 2026-04-06 | 6.3 Medium | ||
| A vulnerability was determined in itsourcecode Construction Management System 1.0. The impacted element is an unknown function of the file /borrowed_equip.php of the component Parameter Handler. This manipulation of the argument emp causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-30571 | 2 Ahsanriaz26gmailcom, Sourcecodester | 2 Inventory System, Inventory System | 2026-04-06 | 6.1 Medium |
| A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0 in the view_category.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL. | ||||
| CVE-2026-30570 | 2 Ahsanriaz26gmailcom, Sourcecodester | 2 Inventory System, Inventory System | 2026-04-06 | 6.1 Medium |
| A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0 in the view_sales.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL | ||||
| CVE-2026-30569 | 2 Ahsanriaz26gmailcom, Sourcecodester | 2 Inventory System, Inventory System | 2026-04-06 | 6.1 Medium |
| A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the view_stock_availability.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL. | ||||
| CVE-2026-30567 | 2 Ahsanriaz26gmailcom, Sourcecodester | 2 Inventory System, Inventory System | 2026-04-06 | 6.1 Medium |
| A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0 in the view_product.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL. | ||||
| CVE-2026-30561 | 2 Ahsanriaz26gmailcom, Sourcecodester | 2 Sales And Inventory System, Sales And Inventory System | 2026-04-06 | 6.1 Medium |
| A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_purchase.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL. | ||||
| CVE-2026-30560 | 2 Ahsanriaz26gmailcom, Sourcecodester | 2 Sales And Inventory System, Sales And Inventory System | 2026-04-06 | 6.1 Medium |
| A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_supplier.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL. | ||||
| CVE-2026-30559 | 2 Ahsanriaz26gmailcom, Sourcecodester | 2 Sales And Inventory System, Sales And Inventory System | 2026-04-06 | 6.1 Medium |
| A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_sales.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL. | ||||
| CVE-2026-30558 | 2 Ahsanriaz26gmailcom, Sourcecodester | 2 Sales And Inventory System, Sales And Inventory System | 2026-04-06 | 6.1 Medium |
| A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_customer.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL. | ||||
| CVE-2026-30557 | 2 Ahsanriaz26gmailcom, Sourcecodester | 2 Sales And Inventory System, Sales And Inventory System | 2026-04-06 | 6.1 Medium |
| A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_category.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL. | ||||
| CVE-2026-30527 | 2 Oretnom23, Sourcecodester | 2 Online Food Ordering System, Online Food Ordering System | 2026-04-06 | 4.8 Medium |
| A Stored Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Category management module within the admin panel. The application fails to properly sanitize user input supplied to the "Category Name" field when creating or updating a category. When an administrator or user visits the Category list page (or any page where this category is rendered), the injected JavaScript executes immediately in their browser. | ||||
| CVE-2026-30520 | 2 Oretnom23, Sourcecodester | 2 Loan Management System, Loan Management System | 2026-04-06 | 5.4 Medium |
| A Blind SQL Injection vulnerability exists in SourceCodester Loan Management System v1.0. The vulnerability is located in the ajax.php file (specifically the save_loan action). The application fails to properly sanitize user input supplied to the "borrower_id" parameter in a POST request, allowing an authenticated attacker to inject malicious SQL commands. | ||||
| CVE-2025-56216 | 1 Phpgurukul | 1 Hospital Management System | 2026-04-06 | 8.5 High |
| phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in about-us.php via the pagetitle parameter. | ||||
| CVE-2025-56215 | 1 Phpgurukul | 1 Hospital Management System | 2026-04-06 | 6.5 Medium |
| phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in contact.php via the pagetitle parameter. | ||||
| CVE-2025-56214 | 1 Phpgurukul | 1 Hospital Management System | 2026-04-06 | 9.8 Critical |
| phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in index.php via the username parameter. | ||||
| CVE-2025-56212 | 1 Phpgurukul | 1 Hospital Management System | 2026-04-06 | 9.8 Critical |
| phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in add-doctor.php via the docname parameter. | ||||
| CVE-2026-31890 | 2 Inspektor-gadget, Linuxfoundation | 2 Inspektor-gadget, Inspektor Gadget | 2026-04-06 | 5.5 Medium |
| Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. Prior to 0.50.1, in a situation where the ring-buffer of a gadget is – incidentally or maliciously – already full, the gadget will silently drop events. The include/gadget/buffer.h file contains definitions for the Buffer API that gadgets can use to, among the other things, transfer data from eBPF programs to userspace. For hosts running a modern enough Linux kernel (>= 5.8), this transfer mechanism is based on ring-buffers. The size of the ring-buffer for the gadgets is hard-coded to 256KB. When a gadget_reserve_buf fails because of insufficient space, the gadget silently cleans up without producing an alert. The lost count reported by the eBPF operator, when using ring-buffers – the modern choice – is hardcoded to zero. The vulnerability can be used by a malicious event source (e.g. a compromised container) to cause a Denial Of Service, forcing the system to drop events coming from other containers (or the same container). This vulnerability is fixed in 0.50.1. | ||||
| CVE-2026-4181 | 2 D-link, Dlink | 3 Dir-816, Dir-816, Dir-816 Firmware | 2026-04-06 | 9.8 Critical |
| A security flaw has been discovered in D-Link DIR-816 1.10CNB05. This affects an unknown function of the file /goform/form2RepeaterStep2.cgi of the component goahead. The manipulation of the argument key1/key2/key3/key4/pskValue results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2001-0631 | 1 Opentext | 1 Firstclass | 2026-04-06 | N/A |
| Centrinity First Class Internet Services 5.50 allows for the circumventing of the default 'spam' filters via the presence of '<@>' in the 'From:' field, which allows remote attackers to send spoofed email with the identity of local users. | ||||