Export limit exceeded: 341449 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (341449 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-4861 | 1 Wavlink | 2 Wl-nu516u1, Wl-nu516u1 Firmware | 2026-03-30 | 8.8 High |
| A weakness has been identified in Wavlink WL-NU516U1 260227. This vulnerability affects the function ftext of the file /cgi-bin/nas.cgi. This manipulation of the argument Content-Length causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-4331 | 2 Pr-gateway, Wordpress | 2 Blog2social: Social Media Auto Post & Scheduler, Wordpress | 2026-03-30 | 4.3 Medium |
| The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthorized data loss in all versions up to, and including, 8.8.2. This is due to the resetSocialMetaTags() function only verifying that the user has the 'read' capability and a valid b2s_security_nonce, both of which are available to Subscriber-level users, as the plugin grants 'blog2social_access' capability to all roles upon activation, allowing them to access the plugin's admin pages where the nonce is output. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete all _b2s_post_meta records from the wp_postmeta table, permanently removing all custom social media meta tags for every post on the site. | ||||
| CVE-2026-2511 | 2 Rabilal, Wordpress | 2 Js Help Desk – Ai-powered Support & Ticketing System, Wordpress | 2026-03-30 | 7.5 High |
| The JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress is vulnerable to SQL Injection via the `multiformid` parameter in the `storeTickets()` function in all versions up to, and including, 3.0.4. This is due to the user-supplied `multiformid` value being passed to `esc_sql()` without enclosing the result in quotes in the SQL query, rendering the escaping ineffective against payloads that do not contain quote characters. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2026-27663 | 1 Siemens | 2 Cpci85 Central Processing\/communication, Rtum85 rtu Base | 2026-03-30 | 6.5 Medium |
| A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.10), RTUM85 RTU Base (All versions < V26.10). The affected application contains denial-of-service (DoS) vulnerability. The remote operation mode is susceptible to a resource exhaustion condition when subjected to a high volume of requests. Sending multiple requests can exhaust resources, preventing parameterization and requiring a reset or reboot to restore functionality. | ||||
| CVE-2026-4850 | 1 Code-projects | 1 Simple Laundry System | 2026-03-30 | 7.3 High |
| A security flaw has been discovered in code-projects Simple Laundry System 1.0. Affected is an unknown function of the file /checkregisitem.php of the component Parameter Handler. The manipulation of the argument Long-arm-shirtVol results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2026-29976 | 1 Zerbea | 1 Hcxpcapngtool | 2026-03-30 | 6.2 Medium |
| Buffer Overflow vulnerability in ZerBea hcxpcapngtool v. 7.0.1-43-g2ee308e allows a local attacker to obtain sensitive information via the getradiotapfield() function | ||||
| CVE-2026-3116 | 1 Mattermost | 1 Mattermost | 2026-03-30 | 4.9 Medium |
| Mattermost Plugins versions <=11.4 11.0.4 11.1.3 11.3.2 10.11.11.0 fail to validate incoming request size which allows an authenticated attacker to cause service disruption via the webhook endpoint. Mattermost Advisory ID: MMSA-2026-00589 | ||||
| CVE-2026-34071 | 1 Stirlingpdf | 1 Stirling Pdf | 2026-03-30 | 5.4 Medium |
| Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In version 2.7.3, the /api/v1/convert/eml/pdf endpoint with parameter downloadHtml=true returns unsanitized HTML from the email body with Content-Type: text/html. An attacker who sends a malicious email to a Stirling-PDF user can achieve JavaScript execution when that user exports the email using the "Download HTML intermediate file" feature. Version 2.8.0 fixes the issue. | ||||
| CVE-2026-3109 | 1 Mattermost | 1 Mattermost | 2026-03-30 | 2.2 Low |
| Mattermost Plugins versions <=11.4 10.11.11.0 fail to validate webhook request timestamps which allows an attacker to corrupt Zoom meeting state in Mattermost via replayed webhook requests. Mattermost Advisory ID: MMSA-2026-00584 | ||||
| CVE-2026-32846 | 1 Openclaw | 1 Openclaw | 2026-03-30 | N/A |
| OpenClaw through 2026.3.23 (fixed in commit 4797bbc) contains a path traversal vulnerability in media parsing that allows attackers to read arbitrary files by bypassing path validation in the isLikelyLocalPath() and isValidMedia() functions. Attackers can exploit incomplete validation and the allowBareFilename bypass to reference files outside the intended application sandbox, resulting in disclosure of sensitive information including system files, environment files, and SSH keys. | ||||
| CVE-2026-33442 | 1 Kysely-org | 1 Kysely | 2026-03-30 | 8.1 High |
| Kysely is a type-safe TypeScript SQL query builder. In versions 0.28.12 and 0.28.13, the `sanitizeStringLiteral` method in Kysely's query compiler escapes single quotes (`'` → `''`) but does not escape backslashes. On MySQL with the default `BACKSLASH_ESCAPES` SQL mode, an attacker can inject a backslash before a single quote to neutralize the escaping, breaking out of the JSON path string literal and injecting arbitrary SQL. Version 0.28.14 fixes the issue. | ||||
| CVE-2026-2931 | 2 Ameliabooking, Wordpress | 2 Booking For Appointments And Events Calendar, Wordpress | 2026-03-30 | 8.8 High |
| The Amelia Booking plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 9.1.2. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for authenticated attackers with customer-level permissions or above to change user passwords and potentially take over administrator accounts. The vulnerability is in the pro plugin, which has the same slug. | ||||
| CVE-2026-33732 | 1 H3js | 1 Srvx | 2026-03-30 | 4.8 Medium |
| srvx is a universal server based on web standards. Prior to version 0.11.13, a pathname parsing discrepancy in srvx's `FastURL` allows middleware bypass on the Node.js adapter when a raw HTTP request uses an absolute URI with a non-standard scheme (e.g. `file://`). Starting in version 0.11.13, the `FastURL` constructor now deopts to native `URL` for any string not starting with `/`, ensuring consistent pathname resolution. | ||||
| CVE-2026-29934 | 1 Eddy8 | 1 Lightcms | 2026-03-30 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in the /admin/menus component of Lightcms v2.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying the referer value in the request header. | ||||
| CVE-2026-4926 | 1 Path-to-regexp | 1 Path-to-regexp | 2026-03-30 | 7.5 High |
| Impact: A bad regular expression is generated any time you have multiple sequential optional groups (curly brace syntax), such as `{a}{b}{c}:z`. The generated regex grows exponentially with the number of groups, causing denial of service. Patches: Fixed in version 8.4.0. Workarounds: Limit the number of sequential optional groups in route patterns. Avoid passing user-controlled input as route patterns. | ||||
| CVE-2026-33486 | 1 Roadiz | 1 Core-bundle-dev-app | 2026-03-30 | 6.8 Medium |
| Roadiz is a polymorphic content management system based on a node system that can handle many types of services. A vulnerability in roadiz/documents prior to versions 2.7.9, 2.6.28, 2.5.44, and 2.3.42 allows an authenticated attacker to read any file on the server's local file system that the web server process has access to, including highly sensitive environment variables, database credentials, and internal configuration files. Versions 2.7.9, 2.6.28, 2.5.44, and 2.3.42 contain a patch. | ||||
| CVE-2026-33506 | 1 Ory | 1 Polis | 2026-03-30 | 8.8 High |
| Ory Polis, formerly known as BoxyHQ Jackson, bridges or proxies a SAML login flow to OAuth 2.0 or OpenID Connect. Versions prior to 26.2.0 contain a DOM-based Cross-Site Scripting (XSS) vulnerability in Ory Polis's login functionality. The application improperly trusts a URL parameter (`callbackUrl`), which is passed to `router.push`. An attacker can craft a malicious link that, when opened by an authenticated user (or an unauthenticated user that later logs in), performs a client-side redirect and executes arbitrary JavaScript in the context of their browser. This could lead to credential theft, internal network pivoting, and unauthorized actions performed on behalf of the victim. Version 26.2.0 contains a patch for the issue. | ||||
| CVE-2026-4847 | 1 Dameng100 | 1 Muucmf | 2026-03-30 | 4.3 Medium |
| A vulnerability was found in dameng100 muucmf 1.9.5.20260309. The impacted element is an unknown function of the file /admin/config/list.html. Performing a manipulation of the argument Name results in cross site scripting. The attack can be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-4877 | 1 Itsourcecode | 1 Payroll Management System | 2026-03-30 | 4.3 Medium |
| A security flaw has been discovered in itsourcecode Payroll Management System up to 1.0. This affects an unknown function of the file /index.php. Performing a manipulation of the argument page results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2026-29905 | 1 Getkirby | 1 Kirby | 2026-03-30 | 6.5 Medium |
| Kirby CMS through 5.1.4 allows an authenticated user with 'Editor' permissions to cause a persistent Denial of Service (DoS) via a malformed image upload. The application fails to properly validate the return value of the PHP getimagesize() function. When the system attempts to process this file for metadata or thumbnail generation, it triggers a fatal TypeError. | ||||