Export limit exceeded: 74545 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (74545 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-2689 | 2 Admerc, Itsourcecode | 2 Event Management System, Event Management System | 2026-02-24 | 7.3 High |
| A vulnerability was detected in itsourcecode Event Management System 1.0. Affected is an unknown function of the file /admin/manage_booking.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit is now public and may be used. | ||||
| CVE-2025-70329 | 1 Totolink | 2 X5000r, X5000r Firmware | 2026-02-24 | 8 High |
| TOTOLink X5000R v9.1.0cu_2415_B20250515 contains an OS command injection vulnerability in the setIptvCfg handler of the /usr/sbin/lighttpd executable. The vlanVidLan1 (and other vlanVidLanX) parameters are retrieved via Uci_Get_Str and passed to the CsteSystem function without adequate validation or filtering. This allows an authenticated attacker to execute arbitrary shell commands with root privileges by injecting shell metacharacters into the affected parameters. | ||||
| CVE-2025-69700 | 1 Tenda | 2 Fh1203, Fh1203 Firmware | 2026-02-24 | 7.5 High |
| Tenda FH1203 V2.0.1.6 contains a stack-based buffer overflow vulnerability in the modify_add_client_prio function, which is reachable via the formSetClientPrio CGI handler. | ||||
| CVE-2026-24853 | 1 Caido | 1 Caido | 2026-02-24 | 8.1 High |
| Caido is a web security auditing toolkit. Prior to 0.55.0, Caido blocks non whitelisted domains to reach out through the 8080 port, and shows Host/IP is not allowed to connect to Caido on all endpoints. But this is bypassable by injecting a X-Forwarded-Host: 127.0.0.1:8080 header. This vulnerability is fixed in 0.55.0. | ||||
| CVE-2026-23805 | 2 Wordpress, Yoren Chang | 2 Wordpress, Media Search Enhanced | 2026-02-24 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yoren Chang Media Search Enhanced media-search-enhanced allows SQL Injection.This issue affects Media Search Enhanced: from n/a through <= 0.9.1. | ||||
| CVE-2026-22354 | 2 Dotstore, Wordpress | 2 Woocommerce Category Banner Management, Wordpress | 2026-02-24 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in Dotstore Woocommerce Category Banner Management banner-management-for-woocommerce allows Object Injection.This issue affects Woocommerce Category Banner Management: from n/a through <= 2.5.1. | ||||
| CVE-2025-69328 | 2 Magepeople, Wordpress | 2 Booking & Rental Manager, Wordpress | 2026-02-24 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Object Injection.This issue affects Booking and Rental Manager: from n/a through <= 2.5.9. | ||||
| CVE-2025-67987 | 2 Expresstech, Wordpress | 2 Quiz And Survey Master, Wordpress | 2026-02-24 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows SQL Injection.This issue affects Quiz And Survey Master: from n/a through <= 10.3.1. | ||||
| CVE-2019-11253 | 2 Kubernetes, Redhat | 5 Kubernetes, Openshift, Openshift Container Platform and 2 more | 2026-02-24 | 7.5 High |
| Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming unavailable. Prior to v1.14.0, default RBAC policy authorized anonymous users to submit requests that could trigger this vulnerability. Clusters upgraded from a version prior to v1.14.0 keep the more permissive policy by default for backwards compatibility. | ||||
| CVE-2022-22988 | 1 Westerndigital | 1 Edgerover | 2026-02-24 | 7.7 High |
| File and directory permissions have been corrected to prevent unintended users from modifying or accessing resources. It would be more difficult for an authenticated attacker to now traverse through the files and directories. This can only be exploited once an attacker has already found a way to get authenticated access to the device. | ||||
| CVE-2022-22531 | 1 Sap | 1 S\/4hana | 2026-02-24 | 8.1 High |
| The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to run arbitrary script code, resulting in sensitive information being disclosed or modified. | ||||
| CVE-2022-22530 | 1 Sap | 1 S\/4hana | 2026-02-24 | 8.1 High |
| The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to inject dangerous content or malicious code which could result in critical information being modified or completely compromise the availability of the application. | ||||
| CVE-2022-22528 | 2 Microsoft, Sap | 2 Windows, Adaptive Server Enterprise | 2026-02-24 | 7.8 High |
| SAP Adaptive Server Enterprise (ASE) - version 16.0, installation makes an entry in the system PATH environment variable in Windows platform which, under certain conditions, allows a Standard User to execute malicious Windows binaries which may lead to privilege escalation on the local system. The issue is with the ASE installer and does not impact other ASE binaries. | ||||
| CVE-2022-1650 | 3 Debian, Eventsource, Redhat | 11 Debian Linux, Eventsource, Ceph Storage and 8 more | 2026-02-24 | 8.1 High |
| Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository eventsource/eventsource prior to v2.0.2. | ||||
| CVE-2022-1316 | 2 Microsoft, Zerotier | 2 Windows, Zerotierone | 2026-02-24 | 8.8 High |
| Incorrect Permission Assignment for Critical Resource in GitHub repository zerotier/zerotierone prior to 1.8.8. Local Privilege Escalation | ||||
| CVE-2022-1252 | 1 Sir | 1 Gnuboard | 2026-02-24 | 8.2 High |
| Use of a Broken or Risky Cryptographic Algorithm in GitHub repository gnuboard/gnuboard5 prior to and including 5.5.5. A vulnerability in gnuboard v5.5.5 and below uses weak encryption algorithms leading to sensitive information exposure. This allows an attacker to derive the email address of any user, including when the 'Let others see my information.' box is ticked off. Or to send emails to any email address, with full control of its contents | ||||
| CVE-2026-2086 | 1 Utt | 3 810g, 810g Firmware, Hiper 810g | 2026-02-24 | 8.8 High |
| A vulnerability was detected in UTT HiPER 810G up to 1.7.7-171114. Affected by this vulnerability is the function strcpy of the file /goform/formFireWall of the component Management Interface. The manipulation of the argument GroupName results in buffer overflow. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-2980 | 1 Utt | 3 810g, 810g Firmware, Hiper 810g | 2026-02-24 | 7.2 High |
| A vulnerability has been found in UTT HiPER 810G up to 1.7.7-1711. Impacted is the function strcpy of the file /goform/setSysAdm. The manipulation of the argument passwd1 leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-65027 | 2 Romm.app, Rommapp | 2 Romm, Romm | 2026-02-24 | 7.6 High |
| RomM (ROM Manager) allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. RomM contains multiple unrestricted file upload vulnerabilities that allow authenticated users to upload malicious SVG or HTML files. When these files are accessed the browser executes embedded JavaScript, leading to stored Cross-Site Scripting (XSS) which when combined with a CSRF misconfiguration they lead to achieve full administrative account takeover, creating a rogue admin account, escalating the attacker account role to admin, and much more. This vulnerability is fixed in 4.4.1 and 4.4.1-beta.2. | ||||
| CVE-2026-2981 | 1 Utt | 3 810g, 810g Firmware, Hiper 810g | 2026-02-24 | 8.8 High |
| A vulnerability was found in UTT HiPER 810G up to 1.7.7-1711. The affected element is the function strcpy of the file /goform/formTaskEdit_ap. The manipulation of the argument txtMin2 results in buffer overflow. The attack may be launched remotely. The exploit has been made public and could be used. | ||||