Export limit exceeded: 347659 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347659 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-25315 | 1 Alloksoft | 1 Video Joiner | 2026-04-30 | 8.4 High |
| Alloksoft Video joiner 4.6.1217 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the License Name field. Attackers can craft a payload with structured exception handler (SEH) overwrite and shellcode to achieve code execution when the application processes the license registration input. | ||||
| CVE-2018-25309 | 1 Mybb | 1 Mybb | 2026-04-30 | 7.2 High |
| MyBB Recent threads 17.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts by creating threads with crafted subject lines. Attackers can create threads with script tags in the subject parameter to execute arbitrary JavaScript in the browsers of all users viewing the index page. | ||||
| CVE-2018-25303 | 1 Alloksoft | 1 Allok Video To Dvd Burner | 2026-04-30 | 8.4 High |
| Allok Video to DVD Burner 2.6.1217 contains a stack-based buffer overflow vulnerability in the License Name field that allows local attackers to execute arbitrary code by triggering a structured exception handler (SEH) overwrite. Attackers can craft a malicious input string with 780 bytes of junk data followed by SEH chain pointers and shellcode, then paste it into the License Name field during registration to achieve code execution. | ||||
| CVE-2026-7466 | 1 Berabuddies | 1 Agentflow | 2026-04-30 | 8.8 High |
| AgentFlow contains an arbitrary code execution vulnerability that allows attackers to execute local Python pipeline files by supplying a user-controlled pipeline_path parameter to the POST /api/runs and POST /api/runs/validate endpoints. Attackers can induce requests to the local AgentFlow API to load and execute existing Python pipeline files on disk, resulting in code execution in the context of the user running AgentFlow. | ||||
| CVE-2026-6531 | 1 Wireshark | 1 Wireshark | 2026-04-30 | 5.5 Medium |
| SANE protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | ||||
| CVE-2026-7398 | 1 Florensiawidjaja | 1 Bioinfomcp | 2026-04-30 | 7.3 High |
| A weakness has been identified in florensiawidjaja BioinfoMCP up to 7ada7918b9e515604d3c0ae264d3a9af10bf6e54. This vulnerability affects the function Upload of the file bioinfo_mcp_platform/app.py of the component Upload Endpoint. This manipulation of the argument Name causes path traversal. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-5654 | 1 Wireshark | 1 Wireshark | 2026-04-30 | 5.5 Medium |
| AMR-NB codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | ||||
| CVE-2026-7391 | 1 Sourcecodester | 1 Pharmacy Sales And Inventory System | 2026-04-30 | 6.3 Medium |
| A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects the function save_supplier of the file /ajax.php?action=save_supplier. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used. | ||||
| CVE-2024-39847 | 1 4d | 2 4d Server, Server | 2026-04-30 | N/A |
| Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP endpoints in 4D server. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services. | ||||
| CVE-2026-5401 | 1 Wireshark | 1 Wireshark | 2026-04-30 | 5.5 Medium |
| AFP Spotlight protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | ||||
| CVE-2026-42644 | 2 Wordpress, Wpdeveloper | 2 Wordpress, Betterdocs | 2026-04-30 | 5.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPDeveloper BetterDocs betterdocs allows Retrieve Embedded Sensitive Data.This issue affects BetterDocs: from n/a through <= 4.3.10. | ||||
| CVE-2026-7319 | 1 Elinsky | 1 Execution-system-mcp | 2026-04-30 | 7.3 High |
| A flaw has been found in elinsky execution-system-mcp 0.1.0. The impacted element is the function _get_context_file_path of the file src/execution_system_mcp/server.py of the component add_action Tool. This manipulation of the argument context causes path traversal. The attack can be initiated remotely. The exploit has been published and may be used. | ||||
| CVE-2026-7306 | 1 Xuxueli | 1 Xxl-job | 2026-04-30 | 5.6 Medium |
| A security vulnerability has been detected in Xuxueli xxl-job up to 3.3.2. The impacted element is an unknown function of the file xxl-job-admin/src/main/java/com/xxl/job/admin/scheduler/openapi/OpenApiController.java of the component OpenAPI Endpoint. Such manipulation of the argument default_token leads to use of hard-coded cryptographic key . It is possible to launch the attack remotely. A high complexity level is associated with this attack. The exploitability is regarded as difficult. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2026-5409 | 1 Wireshark | 1 Wireshark | 2026-04-30 | 5.5 Medium |
| Monero protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | ||||
| CVE-2026-5406 | 1 Wireshark | 1 Wireshark | 2026-04-30 | 5.5 Medium |
| FC-SWILS protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | ||||
| CVE-2026-5402 | 1 Wireshark | 1 Wireshark | 2026-04-30 | 8.8 High |
| TLS protocol dissector heap overflow in Wireshark 4.6.0 to 4.6.4 allows denial of service and possible code execution | ||||
| CVE-2026-41407 | 1 Openclaw | 1 Openclaw | 2026-04-30 | 3.7 Low |
| OpenClaw before 2026.4.2 contains a timing side channel vulnerability in shared-secret comparison call sites that use early length-mismatch checks instead of fixed-length comparison helpers. Attackers can measure timing differences to leak secret-length information, weakening constant-time handling for shared secrets. | ||||
| CVE-2026-5655 | 1 Wireshark | 1 Wireshark | 2026-04-30 | 5.5 Medium |
| SDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 allows denial of service | ||||
| CVE-2026-41400 | 1 Openclaw | 1 Openclaw | 2026-04-30 | 5.3 Medium |
| OpenClaw before 2026.3.31 contains an incomplete fix for CVE-2026-32062 where the voice-call component parses large WebSocket frames before start validation. Remote attackers can send oversized pre-start WebSocket frames to cause resource consumption and denial of service. | ||||
| CVE-2026-5408 | 1 Wireshark | 1 Wireshark | 2026-04-30 | 5.5 Medium |
| BT-DHT protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | ||||