Export limit exceeded: 337102 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (337102 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-3766 | 2 Senior-walter, Sourcecodester | 2 Web-based Pharmacy Product Management System, Web-based Pharmacy Product Management System | 2026-03-09 | 3.5 Low |
| A security flaw has been discovered in SourceCodester Web-based Pharmacy Product Management System 1.0. This impacts an unknown function of the file edit-profile.php. Performing a manipulation of the argument fullname results in cross site scripting. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2026-3770 | 2 Oretnom23, Sourcecodester | 2 Computer Laboratory Management System, Computer Laboratory Management System | 2026-03-09 | 4.3 Medium |
| A flaw has been found in SourceCodester Computer Laboratory Management System 1.0. This affects an unknown part. This manipulation causes cross-site request forgery. The attack is possible to be carried out remotely. The exploit has been published and may be used. | ||||
| CVE-2026-3723 | 2 Carmelo, Code-projects | 2 Simple Flight Ticket Booking System, Simple Flight Ticket Booking System | 2026-03-09 | 7.3 High |
| A security flaw has been discovered in code-projects Simple Flight Ticket Booking System 1.0. This affects an unknown function of the file /Admindelete.php. The manipulation of the argument flightno results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2026-3711 | 2 Carmelo, Code-projects | 2 Simple Flight Ticket Booking System, Simple Flight Ticket Booking System | 2026-03-09 | 4.7 Medium |
| A vulnerability was detected in code-projects Simple Flight Ticket Booking System 1.0. Affected is an unknown function of the file /Adminupdate.php. The manipulation of the argument flightno/airplaneid/departure/dtime/arrival/atime/ec/ep/bc/bp results in sql injection. The attack can be executed remotely. The exploit is now public and may be used. | ||||
| CVE-2026-3679 | 1 Tenda | 4 F451, F451 Firmware, Fh451 and 1 more | 2026-03-09 | 8.8 High |
| A vulnerability was identified in Tenda FH451 1.0.0.9. Affected by this vulnerability is the function formQuickIndex of the file /goform/QuickIndex. Such manipulation of the argument mit_linktype/PPPOEPassword leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used. | ||||
| CVE-2026-3678 | 1 Tenda | 2 Fh451, Fh451 Firmware | 2026-03-09 | 8.8 High |
| A vulnerability was determined in Tenda FH451 1.0.0.9. Affected is the function sub_3C434 of the file /goform/AdvSetWan. This manipulation of the argument wanmode/PPPOEPassword causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-29082 | 1 Kestra-io | 1 Kestra | 2026-03-09 | 7.3 High |
| Kestra is an event-driven orchestration platform. In versions from 1.1.10 and prior, Kestra’s execution-file preview renders user-supplied Markdown (.md) with markdown-it instantiated as html:true and injects the resulting HTML with Vue’s v-html without sanitisation. At time of publication, there are no publicly available patches. | ||||
| CVE-2026-27411 | 2 Jp-secure, Wordpress | 2 Siteguard Wp Plugin, Wordpress | 2026-03-09 | 5.3 Medium |
| Guessable CAPTCHA vulnerability in jp-secure SiteGuard WP Plugin siteguard allows Functionality Bypass.This issue affects SiteGuard WP Plugin: from n/a through <= 1.7.9. | ||||
| CVE-2026-27396 | 2 E-plugins, Wordpress | 2 Directory Pro, Wordpress | 2026-03-09 | 7.3 High |
| Missing Authorization vulnerability in e-plugins Directory Pro directory-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directory Pro: from n/a through <= 2.5.6. | ||||
| CVE-2026-27389 | 2 Designthemes, Wordpress | 2 Wedesigntech Ultimate Booking Addon, Wordpress | 2026-03-09 | 9.8 Critical |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in designthemes WeDesignTech Ultimate Booking Addon wedesigntech-ultimate-booking-addon allows Authentication Abuse.This issue affects WeDesignTech Ultimate Booking Addon: from n/a through <= 1.0.1. | ||||
| CVE-2026-27386 | 2 Designthemes, Wordpress | 2 Designthemes Directory Addon, Wordpress | 2026-03-09 | 7.5 High |
| Missing Authorization vulnerability in designthemes DesignThemes Directory Addon designthemes-directory-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DesignThemes Directory Addon: from n/a through <= 1.8. | ||||
| CVE-2026-27384 | 2 Boldgrid, Wordpress | 2 W3 Total Cache, Wordpress | 2026-03-09 | 9 Critical |
| Improper Validation of Specified Quantity in Input vulnerability in BoldGrid W3 Total Cache w3-total-cache allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects W3 Total Cache: from n/a through <= 2.9.1. | ||||
| CVE-2026-27382 | 2 Radiustheme, Wordpress | 2 Metro, Wordpress | 2026-03-09 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RadiusTheme Metro metro allows DOM-Based XSS.This issue affects Metro: from n/a through <= 2.13. | ||||
| CVE-2026-27379 | 2 Nextscripts, Wordpress | 2 Nextscripts, Wordpress | 2026-03-09 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in NextScripts NextScripts social-networks-auto-poster-facebook-twitter-g allows Object Injection.This issue affects NextScripts: from n/a through <= 4.4.7. | ||||
| CVE-2026-27332 | 2 Skygroup, Wordpress | 2 Agrofood, Wordpress | 2026-03-09 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Agrofood agrofood allows Reflected XSS.This issue affects Agrofood: from n/a through <= 1.3.0. | ||||
| CVE-2026-22477 | 2 Ancorathemes, Wordpress | 2 Felizia, Wordpress | 2026-03-09 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Felizia felizia allows PHP Local File Inclusion.This issue affects Felizia: from n/a through <= 1.3.4. | ||||
| CVE-2026-22475 | 2 Axiomthemes, Wordpress | 2 Estate, Wordpress | 2026-03-09 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in axiomthemes Estate estate allows Object Injection.This issue affects Estate: from n/a through <= 1.3.4. | ||||
| CVE-2026-22473 | 2 Designthemes, Wordpress | 2 Dental Clinic, Wordpress | 2026-03-09 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in designthemes Dental Clinic dental allows Object Injection.This issue affects Dental Clinic: from n/a through <= 3.7. | ||||
| CVE-2026-22467 | 2 Mwtemplates, Wordpress | 2 Deepdigital, Wordpress | 2026-03-09 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mwtemplates DeepDigital deepdigital allows Reflected XSS.This issue affects DeepDigital: from n/a through <= 1.0.2. | ||||
| CVE-2026-22460 | 2 Wordpress, Wpwax | 2 Wordpress, Formgent | 2026-03-09 | 8.6 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpWax FormGent formgent allows Path Traversal.This issue affects FormGent: from n/a through <= 1.4.2. | ||||