Export limit exceeded: 343482 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 343482 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (343482 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-25696 | 2 Kados, Marmotech | 2 Kados R10 Greenbee, Kados | 2026-04-08 | 8.2 High |
| Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the language_tag parameter. Attackers can submit malicious SQL statements in the language_tag parameter to extract sensitive database information or modify data. | ||||
| CVE-2019-25698 | 2 Kados, Marmotech | 2 Kados R10 Greenbee, Kados | 2026-04-08 | 8.2 High |
| Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the id_to_delete parameter. Attackers can send crafted requests with malicious SQL statements in the id_to_delete field to extract or modify sensitive database information. | ||||
| CVE-2019-25700 | 2 Kados, Marmotech | 2 Kados R10 Greenbee, Kados | 2026-04-08 | 8.2 High |
| Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the sort_direction parameter. Attackers can submit malicious SQL statements in the sort_direction parameter to extract sensitive database information or modify data. | ||||
| CVE-2019-25702 | 2 Kados, Marmotech | 2 Kados R10 Greenbee, Kados | 2026-04-08 | 8.2 High |
| Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the id_project parameter. Attackers can send crafted requests with malicious SQL statements in the id_project parameter to extract sensitive database information or modify data. | ||||
| CVE-2019-25704 | 2 Kados, Marmotech | 2 Kados R10 Greenbee, Kados | 2026-04-08 | 8.2 High |
| Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the filter_user_mail parameter. Attackers can send crafted requests with malicious SQL statements to extract sensitive database information or modify data. | ||||
| CVE-2026-31053 | 1 Rizin | 1 Rizin | 2026-04-08 | 6.2 Medium |
| A double free vulnerability exists in librz/bin/format/le/le.c in the function le_load_fixup_record(). When processing malformed or circular LE fixup chains, relocation entries may be freed multiple times during error handling. A specially crafted LE binary can trigger heap corruption and cause the application to crash, resulting in a denial-of-service condition. An attacker with a crafted binary could cause a denial of service when the tool is integrated on a service pipeline. | ||||
| CVE-2026-31058 | 1 Utt | 1 Hiper 1200gw | 2026-04-08 | 4.5 Medium |
| UTT Aggressive HiPER 1200GW v2.5.3-170306 was discovered to contain a buffer overflow in the timeRangeName parameter of the formConfigDnsFilterGlobal function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2026-31059 | 1 Utt | 3 520w, 520w Firmware, Hiper 520w | 2026-04-08 | 9.8 Critical |
| A remote command execution (RCE) vulnerability in the /goform/formDia component of UTT Aggressive HiPER 520W v3v1.7.7-180627 allows attackers to execute arbitrary commands via a crafted string. | ||||
| CVE-2026-31060 | 1 Utt | 1 Hiper 810g | 2026-04-08 | 4.5 Medium |
| UTT Aggressive HiPER 810G v3v1.7.7-171114 was discovered to contain a buffer overflow in the notes parameter of the formGroupConfig function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2026-31061 | 1 Utt | 1 Hiper 810g | 2026-04-08 | 4.5 Medium |
| UTT Aggressive HiPER 810G v3v1.7.7-171114 was discovered to contain a buffer overflow in the timestart parameter of the ConfigAdvideo function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2026-31062 | 1 Utt | 2 520w, 520w Firmware | 2026-04-08 | 4.5 Medium |
| UTT Aggressive 520W v3v1.7.7-180627 was discovered to contain a buffer overflow in the filename parameter of the formFtpServerDirConfig function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2026-31063 | 1 Utt | 1 Hiper 1200gw | 2026-04-08 | 4.5 Medium |
| UTT Aggressive HiPER 1200GW v2.5.3-170306 was discovered to contain a buffer overflow in the pools parameter of the formArpBindConfig function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2026-31065 | 1 Utt | 2 520w, 520w Firmware | 2026-04-08 | 4.5 Medium |
| UTT Aggressive 520W v3v1.7.7-180627 was discovered to contain a buffer overflow in the addCommand parameter of the formConfigCliForEngineerOnly function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2026-31066 | 1 Utt | 1 Hiper 810g | 2026-04-08 | 4.5 Medium |
| UTT Aggressive HiPER 810G v3v1.7.7-171114 was discovered to contain a buffer overflow in the selDateType parameter of the formTaskEdit function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2026-31067 | 1 Utt | 2 520w, 520w Firmware | 2026-04-08 | 6.8 Medium |
| A remote command execution (RCE) vulnerability in the /goform/formReleaseConnect component of UTT Aggressive 520W v3v1.7.7-180627 allows attackers to execute arbitrary commands via a crafted string. | ||||
| CVE-2026-31151 | 1 Kaleris | 1 Yms | 2026-04-08 | 9.8 Critical |
| An issue in the login mechanism of Kaleris YMS v7.2.2.1 allows attackers to bypass login verification to access the application 's resources. | ||||
| CVE-2026-31351 | 1 Feehi | 1 Feehi Cms | 2026-04-08 | 4.8 Medium |
| An authenticated stored cross-site scripting (XSS) vulnerability in the creation/editing module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Title parameter. | ||||
| CVE-2026-31313 | 1 Feehi | 1 Feehi Cms | 2026-04-08 | 5.4 Medium |
| An authenticated stored cross-site scripting (XSS) vulnerability in the creation/editing module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Content field. | ||||
| CVE-2026-31350 | 1 Feehi | 1 Feehi Cms | 2026-04-08 | 5.4 Medium |
| An authenticated stored cross-site scripting (XSS) vulnerability in Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Page Sign parameter. | ||||
| CVE-2026-31352 | 1 Feehi | 1 Feehi Cms | 2026-04-08 | 5.4 Medium |
| An authenticated stored cross-site scripting (XSS) vulnerability in the Role Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Role Name parameter. | ||||