Export limit exceeded: 342624 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (342624 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-25834 | 2 Arm, Mbed-tls | 2 Mbed Tls, Mbedtls | 2026-04-06 | 6.5 Medium |
| Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade. | ||||
| CVE-2025-7398 | 1 Broadcom | 1 Brocade Active Support Connectivity Gateway | 2026-04-06 | 9.1 Critical |
| Brocade ASCG before 3.3.0 allows for the use of medium strength cryptography algorithms on internal ports ports 9000 and 8036. | ||||
| CVE-2025-6391 | 1 Broadcom | 1 Brocade Active Support Connectivity Gateway | 2026-04-06 | 9.1 Critical |
| Brocade ASCG before 3.3.0 logs JSON Web Tokens (JWT) in log files. An attacker with access to the log files can withdraw the unencrypted tokens with security implications, such as unauthorized access, session hijacking, and information disclosure. | ||||
| CVE-2024-1509 | 1 Broadcom | 1 Brocade Active Support Connectivity Gateway | 2026-04-06 | 9.1 Critical |
| Brocade ASCG before 3.2.0 Web Interface is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections. | ||||
| CVE-2026-5660 | 2026-04-06 | 6.3 Medium | ||
| A vulnerability was determined in itsourcecode Construction Management System 1.0. The impacted element is an unknown function of the file /borrowed_equip.php of the component Parameter Handler. This manipulation of the argument emp causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-30571 | 2 Ahsanriaz26gmailcom, Sourcecodester | 2 Inventory System, Inventory System | 2026-04-06 | 6.1 Medium |
| A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0 in the view_category.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL. | ||||
| CVE-2026-30570 | 2 Ahsanriaz26gmailcom, Sourcecodester | 2 Inventory System, Inventory System | 2026-04-06 | 6.1 Medium |
| A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0 in the view_sales.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL | ||||
| CVE-2026-30569 | 2 Ahsanriaz26gmailcom, Sourcecodester | 2 Inventory System, Inventory System | 2026-04-06 | 6.1 Medium |
| A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the view_stock_availability.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL. | ||||
| CVE-2026-30567 | 2 Ahsanriaz26gmailcom, Sourcecodester | 2 Inventory System, Inventory System | 2026-04-06 | 6.1 Medium |
| A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0 in the view_product.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL. | ||||
| CVE-2026-30561 | 2 Ahsanriaz26gmailcom, Sourcecodester | 2 Sales And Inventory System, Sales And Inventory System | 2026-04-06 | 6.1 Medium |
| A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_purchase.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL. | ||||
| CVE-2026-30560 | 2 Ahsanriaz26gmailcom, Sourcecodester | 2 Sales And Inventory System, Sales And Inventory System | 2026-04-06 | 6.1 Medium |
| A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_supplier.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL. | ||||
| CVE-2026-30559 | 2 Ahsanriaz26gmailcom, Sourcecodester | 2 Sales And Inventory System, Sales And Inventory System | 2026-04-06 | 6.1 Medium |
| A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_sales.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL. | ||||
| CVE-2026-30558 | 2 Ahsanriaz26gmailcom, Sourcecodester | 2 Sales And Inventory System, Sales And Inventory System | 2026-04-06 | 6.1 Medium |
| A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_customer.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL. | ||||
| CVE-2026-30557 | 2 Ahsanriaz26gmailcom, Sourcecodester | 2 Sales And Inventory System, Sales And Inventory System | 2026-04-06 | 6.1 Medium |
| A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_category.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL. | ||||
| CVE-2026-30527 | 2 Oretnom23, Sourcecodester | 2 Online Food Ordering System, Online Food Ordering System | 2026-04-06 | 4.8 Medium |
| A Stored Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Category management module within the admin panel. The application fails to properly sanitize user input supplied to the "Category Name" field when creating or updating a category. When an administrator or user visits the Category list page (or any page where this category is rendered), the injected JavaScript executes immediately in their browser. | ||||
| CVE-2026-30520 | 2 Oretnom23, Sourcecodester | 2 Loan Management System, Loan Management System | 2026-04-06 | 5.4 Medium |
| A Blind SQL Injection vulnerability exists in SourceCodester Loan Management System v1.0. The vulnerability is located in the ajax.php file (specifically the save_loan action). The application fails to properly sanitize user input supplied to the "borrower_id" parameter in a POST request, allowing an authenticated attacker to inject malicious SQL commands. | ||||
| CVE-2025-56216 | 1 Phpgurukul | 1 Hospital Management System | 2026-04-06 | 8.5 High |
| phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in about-us.php via the pagetitle parameter. | ||||
| CVE-2025-56215 | 1 Phpgurukul | 1 Hospital Management System | 2026-04-06 | 6.5 Medium |
| phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in contact.php via the pagetitle parameter. | ||||
| CVE-2025-56214 | 1 Phpgurukul | 1 Hospital Management System | 2026-04-06 | 9.8 Critical |
| phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in index.php via the username parameter. | ||||
| CVE-2025-56212 | 1 Phpgurukul | 1 Hospital Management System | 2026-04-06 | 9.8 Critical |
| phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in add-doctor.php via the docname parameter. | ||||