Export limit exceeded: 336222 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (336222 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-10990 | 1 Redhat | 4 Rhel Satellite Client, Satellite, Satellite Capsule and 1 more | 2026-03-02 | 7.5 High |
| A flaw was found in REXML. A remote attacker could exploit inefficient regular expression (regex) parsing when processing hex numeric character references (&#x...;) in XML documents. This could lead to a Regular Expression Denial of Service (ReDoS), impacting the availability of the affected component. This issue is the result of an incomplete fix for CVE-2024-49761. | ||||
| CVE-2019-25494 | 1 Doditsolutions | 1 Homey Bnb (airbnb Clone Script) | 2026-03-02 | 8.2 High |
| Homey BNB V4 contains an SQL injection vulnerability in the administration panel login that allows unauthenticated attackers to bypass authentication by injecting SQL syntax into username and password fields. Attackers can submit SQL operators like '=' 'or' in both credentials to manipulate the authentication query and gain unauthorized access to the admin panel. | ||||
| CVE-2019-25493 | 1 Doditsolutions | 1 Homey Bnb (airbnb Clone Script) | 2026-03-02 | 8.2 High |
| Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'val' parameter. Attackers can send GET requests to the admin/getrecord.php endpoint with malicious 'val' values to extract sensitive database information. | ||||
| CVE-2019-25492 | 1 Doditsolutions | 1 Homey Bnb (airbnb Clone Script) | 2026-03-02 | 8.2 High |
| Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'pt' parameter. Attackers can send GET requests to the admin/getcmsdata.php endpoint with malicious 'pt' values to extract sensitive database information. | ||||
| CVE-2019-25491 | 1 Doditsolutions | 1 Homey Bnb (airbnb Clone Script) | 2026-03-02 | 8.2 High |
| Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the catid parameter. Attackers can send GET requests to the admin/cms_getpagetitle.php endpoint with malicious catid values to extract sensitive database information. | ||||
| CVE-2019-25490 | 1 Doditsolutions | 1 Homey Bnb (airbnb Clone Script) | 2026-03-02 | 8.2 High |
| Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'id' parameter. Attackers can send GET requests to the admin/edit.php endpoint with time-based SQL injection payloads to extract sensitive database information. | ||||
| CVE-2019-25489 | 1 Doditsolutions | 1 Homey Bnb (airbnb Clone Script) | 2026-03-02 | 8.2 High |
| Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the hosting_id parameter. Attackers can send GET requests to the rooms/ajax_refresh_subtotal endpoint with malicious hosting_id values to extract sensitive database information or cause denial of service. | ||||
| CVE-2026-3304 | 1 Expressjs | 1 Multer | 2026-03-02 | 7.5 High |
| Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of Service (DoS) by sending malformed requests, potentially causing resource exhaustion. Users should upgrade to version 2.1.0 to receive a patch. No known workarounds are available. | ||||
| CVE-2026-2880 | 1 Fastify | 1 Middie | 2026-03-02 | N/A |
| A vulnerability in @fastify/middie versions < 9.2.0 can result in authentication/authorization bypass when using path-scoped middleware (for example, app.use('/secret', auth)). When Fastify router normalization options are enabled (such as ignoreDuplicateSlashes, useSemicolonDelimiter, and related trailing-slash behavior), crafted request paths may bypass middleware checks while still being routed to protected handlers. | ||||
| CVE-2026-28288 | 1 Langgenius | 1 Dify | 2026-03-02 | N/A |
| Dify is an open-source LLM app development platform. Prior to 1.9.0, responses from the Dify API to existing and non-existent accounts differ, allowing an attacker to enumerate email addresses registered with Dify. Version 1.9.0 fixes the issue. | ||||
| CVE-2026-2293 | 1 Nest.js | 1 Nest.js | 2026-03-02 | 7.5 High |
| A NestJS application using @nestjs/platform-fastify can allow bypass of authentication/authorization middleware when Fastify path-normalization options are enabled. This issue affects nest.Js: 11.1.13. | ||||
| CVE-2026-1542 | 2 Super Stage Wp, Wordpress | 2 Super Stage Wp, Wordpress | 2026-03-02 | 6.5 Medium |
| The Super Stage WP WordPress plugin through 1.0.1 unserializes user input via REQUEST, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog. | ||||
| CVE-2026-3404 | 2 Jeesite, Thinkgem | 2 Jeesite, Jeesite | 2026-03-02 | 5 Medium |
| A flaw has been found in thinkgem JeeSite up to 5.15.1. Impacted is an unknown function of the file /com/jeesite/common/shiro/cas/CasOutHandler.java of the component Endpoint. Executing a manipulation can lead to xml external entity reference. The attack may be performed from remote. Attacks of this nature are highly complex. The exploitability is considered difficult. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-2750 | 1 Centreon | 1 Centreon Open Tickets On Central Server | 2026-03-02 | 9.1 Critical |
| Improper Input Validation vulnerability in Centreon Centreon Open Tickets on Central Server on Linux (Centreon Open Tickets modules).This issue affects Centreon Open Tickets on Central Server: from all before 25.10; 24.10;24.04. | ||||
| CVE-2026-3277 | 1 Devolutions | 1 Powershell Universal | 2026-03-02 | N/A |
| The OpenID Connect (OIDC) authentication configuration in PowerShell Universal before 2026.1.3 stores the OIDC client secret in cleartext in the .universal/authentication.ps1 script, which allows an attacker with read access to that file to obtain the OIDC client credentials | ||||
| CVE-2026-3382 | 1 Chaiscript | 1 Chaiscript | 2026-03-02 | 3.3 Low |
| A security flaw has been discovered in ChaiScript up to 6.1.0. The impacted element is the function chaiscript::Boxed_Number::get_as of the file include/chaiscript/dispatchkit/boxed_number.hpp. Performing a manipulation results in memory corruption. The attack requires a local approach. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-3385 | 1 Wren-lang | 1 Wren | 2026-03-02 | 3.3 Low |
| A vulnerability was detected in wren-lang wren up to 0.4.0. Affected is the function resolveLocal of the file src/vm/wren_compiler.c. The manipulation results in uncontrolled recursion. Attacking locally is a requirement. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-3327 | 1 Datocms | 1 Web Previews | 2026-03-02 | N/A |
| Authenticated Iframe Injection in Dato CMS Web Previews plugin. This vulnerability permits a malicious authenticated user to circumvent the restriction enforced on the configured frontend URL, enabling the loading of arbitrary external resources or origins. This issue affects Web Previews < v1.0.31. | ||||
| CVE-2026-3407 | 1 Yosyshq | 1 Yosys | 2026-03-02 | 3.3 Low |
| A vulnerability was determined in YosysHQ yosys up to 0.62. This affects the function Yosys::RTLIL::Const::set of the file kernel/rtlil.h of the component BLIF File Parser. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. Applying a patch is the recommended action to fix this issue. It appears that the issue is not reproducible all the time. | ||||
| CVE-2026-3409 | 1 Eosphoros-ai | 1 Db-gpt | 2026-03-02 | 7.3 High |
| A security flaw has been discovered in eosphoros-ai db-gpt 0.7.5. Affected is the function importlib.machinery.SourceFileLoader.exec_module of the file /api/v1/serve/awel/flow/import of the component Flow Import Endpoint. Performing a manipulation as part of File results in code injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | ||||