Export limit exceeded: 342057 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (342057 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-25613 | 1 Echatserver | 1 Easy Chat Server | 2026-04-02 | 7.5 High |
| Easy Chat Server 3.1 contains a denial of service vulnerability that allows remote attackers to crash the application by sending oversized data in the message parameter. Attackers can establish a session via the chat.ghp endpoint and then send a POST request to body2.ghp with an excessively large message parameter value to cause the service to crash. | ||||
| CVE-2026-4533 | 2 Carmelo, Code-projects | 2 Simple Food Order System, Simple Food Ordering System | 2026-04-02 | 6.3 Medium |
| A vulnerability was detected in code-projects Simple Food Ordering System 1.0. Affected by this issue is some unknown functionality of the file all-tickets.php. The manipulation of the argument Status results in sql injection. It is possible to launch the attack remotely. The exploit is now public and may be used. | ||||
| CVE-2026-4553 | 1 Tenda | 2 F453, F453 Firmware | 2026-04-02 | 8.8 High |
| A vulnerability was identified in Tenda F453 1.0.0.3. Impacted is the function fromNatlimit of the file /goform/Natlimit of the component Parameters Handler. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. | ||||
| CVE-2026-4552 | 1 Tenda | 2 F453, F453 Firmware | 2026-04-02 | 8.8 High |
| A vulnerability was determined in Tenda F453 1.0.0.3. This issue affects the function fromVirtualSer of the file /goform/VirtualSer of the component Parameters Handler. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-4551 | 1 Tenda | 2 F453, F453 Firmware | 2026-04-02 | 8.8 High |
| A vulnerability was found in Tenda F453 1.0.0.3. This vulnerability affects the function fromSafeClientFilter of the file /goform/SafeClientFilter of the component Parameters Handler. Performing a manipulation of the argument menufacturer/Go results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been made public and could be used. | ||||
| CVE-2026-4748 | 1 Freebsd | 1 Freebsd | 2026-04-02 | 7.5 High |
| A regression in the way hashes were calculated caused rules containing the address range syntax (x.x.x.x - y.y.y.y) that only differ in the address range(s) involved to be silently dropped as duplicates. Only the first of such rules is actually loaded into pf. Ranges expressed using the address[/mask-bits] syntax were not affected. Some keywords representing actions taken on a packet-matching rule, such as 'log', 'return tll', or 'dnpipe', may suffer from the same issue. It is unlikely that users have such configurations, as these rules would always be redundant. Affected rules are silently ignored, which can lead to unexpected behaviour including over- and underblocking. | ||||
| CVE-2025-13855 | 3 Ibm, Linux, Microsoft | 4 Aix, Storage Protect Server, Linux Kernel and 1 more | 2026-04-02 | 7.6 High |
| IBM Storage Protect Server 8.2.0 IBM Storage Protect Plus Server is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database. | ||||
| CVE-2026-3207 | 1 Tibco | 1 Bpm Enterprise | 2026-04-02 | 9.8 Critical |
| Configuration issue in Java Management Extensions (JMX) in TIBCO BPM Enterprise version 4.x allows unauthorised access. | ||||
| CVE-2026-4179 | 2 Zephyrproject, Zephyrproject-rtos | 2 Zephyr, Zephyr | 2026-04-02 | 6.1 Medium |
| Issues in stm32 USB device driver (drivers/usb/device/usb_dc_stm32.c) can lead to an infinite while loop. | ||||
| CVE-2026-30280 | 1 Rareprob | 1 Video Player | 2026-04-02 | 5.3 Medium |
| An arbitrary file overwrite vulnerability in RAREPROB SOLUTIONS PRIVATE LIMITED Video player Play All Videos v1.0.135 allows attackers to overwrite critical internal files via the file import process, leading to arbtrary code execution or information exposure. | ||||
| CVE-2026-28265 | 1 Dell | 13 Powerstore 1000t, Powerstore 1200t, Powerstore 3000t and 10 more | 2026-04-02 | 4.4 Medium |
| PowerStore, contains a Path Traversal vulnerability in the Service user. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files. | ||||
| CVE-2026-27101 | 1 Dell | 1 Secure Connect Gateway | 2026-04-02 | 4.7 Medium |
| Dell Secure Connect Gateway (SCG) 5.0 Appliance and Application version(s) 5.28.00.xx to 5.32.00.xx, contain(s) an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. A high privileged attacker within the management network could potentially exploit this vulnerability, leading to remote execution. | ||||
| CVE-2026-2348 | 2 Drupal, Wim-leers | 2 Quick Edit, Quick Edit | 2026-04-02 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Quick Edit allows Cross-Site Scripting (XSS).This issue affects Quick Edit: from 0.0.0 before 1.0.5, from 2.0.0 before 2.0.1. | ||||
| CVE-2026-1917 | 2 Budda, Drupal | 2 Login Disable, Login Disable | 2026-04-02 | 4.3 Medium |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Login Disable allows Functionality Bypass.This issue affects Login Disable: from 0.0.0 before 2.1.3. | ||||
| CVE-2026-3214 | 2 Arnabdotorg, Drupal | 2 Captcha, Captcha | 2026-04-02 | 6.5 Medium |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal CAPTCHA allows Functionality Bypass.This issue affects CAPTCHA: from 0.0.0 before 1.17.0, from 2.0.0 before 2.0.10. | ||||
| CVE-2026-0945 | 2 Drupal, Role Delegation Project | 2 Role Delegation, Role Delegation | 2026-04-02 | 5.4 Medium |
| Privilege Defined With Unsafe Actions vulnerability in Drupal Role Delegation allows Privilege Escalation.This issue affects Role Delegation: from 1.3.0 before 1.5.0. | ||||
| CVE-2026-5017 | 2 Carmelo, Code-projects | 2 Simple Food Order System, Simple Food Order System | 2026-04-02 | 7.3 High |
| A security flaw has been discovered in code-projects Simple Food Order System 1.0. This impacts an unknown function of the file /all-tickets.php of the component Parameter Handler. Performing a manipulation of the argument Status results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2026-1556 | 2 Deciphered, Drupal | 2 Filefield Paths, Drupal File Paths | 2026-04-02 | 6.5 Medium |
| Information disclosure in the file URI processing of File (Field) Paths in Drupal File (Field) Paths 7.x prior to 7.1.3 on Drupal 7.x allows authenticated users to disclose other users’ private files via filename‑collision uploads. This can cause hook_node_insert() consumers (for example, email attachment modules) to receive the wrong file URI, bypassing normal access controls on private files. | ||||
| CVE-2026-5018 | 2 Carmelo, Code-projects | 2 Simple Food Order System, Simple Food Order System | 2026-04-02 | 7.3 High |
| A weakness has been identified in code-projects Simple Food Order System 1.0. Affected is an unknown function of the file register-router.php of the component Parameter Handler. Executing a manipulation of the argument Name can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2026-5019 | 2 Carmelo, Code-projects | 2 Simple Food Order System, Simple Food Order System | 2026-04-02 | 7.3 High |
| A security vulnerability has been detected in code-projects Simple Food Order System 1.0. Affected by this vulnerability is an unknown functionality of the file all-orders.php of the component Parameter Handler. The manipulation of the argument Status leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. | ||||