Export limit exceeded: 344286 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344286 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-25205 | 1 Samsung Open Source | 1 Escargot | 2026-04-13 | 7.4 High |
| Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows out-of-bounds write.This issue affects Escargot:commit hash 97e8115ab1110bc502b4b5e4a0c689a71520d335 . | ||||
| CVE-2026-25207 | 1 Samsung Open Source | 1 Escargot | 2026-04-13 | 7.4 High |
| Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335. | ||||
| CVE-2026-34855 | 1 Huawei | 2 Emui, Harmonyos | 2026-04-13 | 5.7 Medium |
| Out-of-bounds write vulnerability in the kernel module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. | ||||
| CVE-2026-34859 | 1 Huawei | 2 Emui, Harmonyos | 2026-04-13 | 5.9 Medium |
| UAF vulnerability in the kernel module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. | ||||
| CVE-2026-34849 | 1 Huawei | 1 Harmonyos | 2026-04-13 | 2.5 Low |
| UAF vulnerability in the screen management module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-34863 | 1 Huawei | 1 Harmonyos | 2026-04-13 | 6.7 Medium |
| Out-of-bounds write vulnerability in the file system. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-6160 | 1 Code-projects | 1 Simple Chatbox | 2026-04-13 | 5.3 Medium |
| A vulnerability was found in code-projects Simple ChatBox 1.0. Affected by this issue is the function SimpleChatbox_PHP of the file chatbox.sql of the component Endpoint. Performing a manipulation results in file and directory information exposure. It is possible to initiate the attack remotely. The exploit has been made public and could be used. | ||||
| CVE-2019-25691 | 1 Faleemi | 1 Faleemi Desktop Software | 2026-04-13 | 8.4 High |
| Faleemi Desktop Software 1.8 contains a local buffer overflow vulnerability in the System Setup dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Attackers can inject a crafted payload into the Save Path for Snapshot and Record file field to trigger a buffer overflow and execute arbitrary code via ROP chain gadgets. | ||||
| CVE-2019-25689 | 2 Bplugins, Html5videoplayer | 2 Html5 Video Player, Html5 Video Player | 2026-04-13 | 8.4 High |
| HTML5 Video Player 1.2.5 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized key code string. Attackers can craft a malicious payload exceeding 997 bytes and paste it into the KEY CODE field in the Help Register dialog to trigger code execution and spawn a calculator process. | ||||
| CVE-2019-25709 | 1 Scripteen | 1 Free Image Hosting Script | 2026-04-13 | 9.8 Critical |
| CF Image Hosting Script 1.6.5 allows unauthenticated attackers to download and decode the application database by accessing the imgdb.db file in the upload/data directory. Attackers can extract delete IDs stored in plaintext from the deserialized database and use them to delete all pictures via the d parameter. | ||||
| CVE-2026-6112 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2026-04-13 | 9.8 Critical |
| A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setRadvdCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument maxRtrAdvInterval causes os command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2026-6118 | 1 Astrbot | 1 Astrbot | 2026-04-13 | 6.3 Medium |
| A vulnerability was determined in AstrBotDevs AstrBot up to 4.22.1. Impacted is the function add_mcp_server of the file astrbot/dashboard/routes/tools.py of the component MCP Endpoint. This manipulation of the argument command causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-6119 | 1 Astrbot | 1 Astrbot | 2026-04-13 | 6.3 Medium |
| A vulnerability was identified in AstrBotDevs AstrBot up to 4.22.1. The affected element is the function post_data.get of the component API Endpoint. Such manipulation leads to server-side request forgery. The attack may be performed from remote. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-6143 | 1 Farion1231 | 1 Cc-switch | 2026-04-13 | 6.3 Medium |
| A security flaw has been discovered in farion1231 cc-switch up to 3.12.3. Affected by this issue is some unknown functionality of the file src-tauri/src/proxy/server.rs of the component ProxyServer. The manipulation results in permissive cross-domain policy with untrusted domains. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2026-6150 | 1 Code-projects | 1 Simple Laundry System | 2026-04-13 | 4.3 Medium |
| A vulnerability has been found in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /checkupdatestatus.php. The manipulation of the argument serviceId leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-34866 | 1 Huawei | 1 Harmonyos | 2026-04-13 | 5.1 Medium |
| Out-of-bounds write vulnerability in the WEB module.Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. | ||||
| CVE-2026-6164 | 1 Code-projects | 1 Lost And Found Thing Management | 2026-04-13 | 7.3 High |
| A security flaw has been discovered in code-projects Lost and Found Thing Management 1.0. This affects an unknown part of the file /addcat.php. Performing a manipulation of the argument cata results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2026-40354 | 1 Flatpak | 1 Xdg-desktop-portal | 2026-04-13 | 2.9 Low |
| Flatpak xdg-desktop-portal before 1.20.4 and 1.21.x before 1.21.1 allows any Flatpak app to trash any file in the host context via a symlink attack on g_file_trash. | ||||
| CVE-2026-40447 | 1 Samsung Open Source | 1 Escargot | 2026-04-13 | 5.1 Medium |
| Integer overflow or wraparound vulnerability in Samsung Open Source Escargot allows undefined behavior.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335. | ||||
| CVE-2026-6108 | 2 1panel, Maxkb | 2 Maxkb, Maxkb | 2026-04-13 | 6.3 Medium |
| A vulnerability was found in 1Panel-dev MaxKB up to 2.6.1. The affected element is the function execute of the file apps/application/flow/step_node/mcp_node/impl/base_mcp_node.py of the component Model Context Protocol Node. Performing a manipulation results in os command injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used. You should upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product. | ||||