Export limit exceeded: 344229 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344229 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-47961 | 1 Synology | 1 Ssl Vpn Client | 2026-04-13 | 8.1 High |
| A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access or influence the user's PIN code due to insecure storage. This may lead to unauthorized VPN configuration and potential interception of subsequent VPN traffic when combined with user interaction. | ||||
| CVE-2026-6015 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2026-04-13 | 8.8 High |
| A vulnerability has been found in Tenda AC9 15.03.02.13. Impacted is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. Such manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-6024 | 1 Tenda | 1 I6 | 2026-04-13 | 7.3 High |
| A vulnerability was determined in Tenda i6 1.0.0.7(2204). Affected by this issue is the function R7WebsSecurityHandlerfunction of the component HTTP Handler. This manipulation causes path traversal. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-6026 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2026-04-13 | 9.8 Critical |
| A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This vulnerability affects the function setPortalConfWeChat of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument enable results in os command injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2026-6027 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2026-04-13 | 9.8 Critical |
| A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. This issue affects the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument enable can lead to os command injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2026-6030 | 1 Itsourcecode | 1 Construction Management System | 2026-04-13 | 6.3 Medium |
| A flaw has been found in itsourcecode Construction Management System 1.0. The impacted element is an unknown function of the file /del1.php. This manipulation of the argument toolname causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used. | ||||
| CVE-2026-6032 | 1 Code-projects | 1 Simple Laundry System | 2026-04-13 | 4.3 Medium |
| A vulnerability was found in code-projects Simple Laundry System 1.0. This impacts an unknown function of the file /checkcheckout.php. Performing a manipulation of the argument serviceId results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made public and could be used. | ||||
| CVE-2026-6034 | 1 Code-projects | 1 Vehicle Showroom Management System | 2026-04-13 | 4.3 Medium |
| A flaw has been found in code-projects Vehicle Showroom Management System 1.0. Impacted is an unknown function of the file /BranchManagement/ProfitAndLossReport.php. Executing a manipulation of the argument BRANCH_ID can lead to cross site scripting. The attack may be launched remotely. The exploit has been published and may be used. | ||||
| CVE-2026-28704 | 1 Japan Computer Emergency Response Team Coordination Center (jpcert/cc) | 1 Emocheck | 2026-04-13 | N/A |
| Emocheck insecurely loads Dynamic Link Libraries (DLLs). If a crafted DLL file is placed to the same directory, an arbitrary code may be executed with the privilege of the user invoking EmoCheck. | ||||
| CVE-2025-5804 | 2 Case-themes, Wordpress | 2 Case Theme User, Wordpress | 2026-04-13 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Case Themes Case Theme User allows PHP Local File Inclusion.This issue affects Case Theme User: from n/a before 1.0.4. | ||||
| CVE-2026-23780 | 1 Bmc | 1 Control-m | 2026-04-13 | N/A |
| An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A SQL injection vulnerability in the MFT API's debug interface allows an authenticated attacker to inject malicious queries due to improper input validation and unsafe dynamic SQL handling. Successful exploitation can enable arbitrary file read/write operations and potentially lead to remote code execution. | ||||
| CVE-2026-23782 | 1 Bmc | 1 Control-m | 2026-04-13 | N/A |
| An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. An API management endpoint allows unauthenticated users to obtain both an API identifier and its corresponding secret value. With these exposed secrets, an attacker could invoke privileged API operations, potentially leading to unauthorized access. | ||||
| CVE-2026-5188 | 1 Wolfssl | 1 Wolfssl | 2026-04-13 | N/A |
| An integer underflow issue exists in wolfSSL when parsing the Subject Alternative Name (SAN) extension of X.509 certificates. A malformed certificate can specify an entry length larger than the enclosing sequence, causing the internal length counter to wrap during parsing. This results in incorrect handling of certificate data. The issue is limited to configurations using the original ASN.1 parsing implementation which is off by default. | ||||
| CVE-2026-36234 | 1 Itsourcecode | 1 Online Student Enrollment System | 2026-04-13 | N/A |
| itsourcecode Online Student Enrollment System v1.0 is vulnerable to SQL Injection in newCourse.php via the 'coursename' parameter. | ||||
| CVE-2026-5500 | 1 Wolfssl | 1 Wolfssl | 2026-04-13 | N/A |
| wolfSSL's wc_PKCS7_DecodeAuthEnvelopedData() does not properly sanitize the AES-GCM authentication tag length received and has no lower bounds check. A man-in-the-middle can therefore truncate the mac field from 16 bytes to 1 byte, reducing the tag check from 2⁻¹²⁸ to 2⁻⁸. | ||||
| CVE-2026-6033 | 1 Codeastro | 1 Online Classroom | 2026-04-13 | 6.3 Medium |
| A vulnerability was determined in CodeAstro Online Classroom 1.0. Affected is an unknown function of the file /updatedetailsfromstudent.php?eno=146891650. Executing a manipulation of the argument fname can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2025-44560 | 1 Owntone | 1 Owntone-server | 2026-04-13 | N/A |
| owntone-server 2ca10d9 is vulnerable to Buffer Overflow due to lack of recursive checking. | ||||
| CVE-2026-23781 | 1 Bmc | 1 Control-m | 2026-04-13 | N/A |
| An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A set of default debug user credentials is hardcoded in cleartext within the application package. If left unchanged, these credentials can be easily obtained and may allow unauthorized access to the MFT API debug interface. | ||||
| CVE-2026-29861 | 1 Keerti1924 | 1 Php-mysql-user-login-system | 2026-04-13 | N/A |
| PHP-MYSQL-User-Login-System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at login.php. | ||||
| CVE-2026-6004 | 1 Code-projects | 1 Simple It Discussion Forum | 2026-04-13 | 7.3 High |
| A vulnerability was detected in code-projects Simple IT Discussion Forum 1.0. Impacted is an unknown function of the file /delete-category.php. Performing a manipulation of the argument cat_id results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. | ||||