Export limit exceeded: 340552 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 340552 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (340552 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-4836 | 2026-03-26 | 6.3 Medium | ||
| A vulnerability was detected in code-projects Accounting System 1.0. The affected element is an unknown function of the file /my_account/delete.php. Performing a manipulation of the argument cos_id results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. | ||||
| CVE-2026-4835 | 2026-03-26 | 3.5 Low | ||
| A security vulnerability has been detected in code-projects Accounting System 1.0. Impacted is an unknown function of the file /my_account/add_costumer.php of the component Web Application Interface. Such manipulation of the argument costumer_name leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2025-15101 | 2026-03-26 | N/A | ||
| A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Web management interface of certain ASUS router models. This vulnerability potentially allows actions to be performed with the existing privileges of an authenticated user on the affected device, including the ability to execute system commands through unintended mechanisms. Refer to the 'Security Update for ASUS Router Firmware' section on the ASUS Security Advisory for more information. | ||||
| CVE-2014-125112 | 2026-03-26 | N/A | ||
| Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution. Plack::Middleware::Session::Cookie versions through 0.21 has a security vulnerability where it allows an attacker to execute arbitrary code on the server during deserialization of the cookie data, when there is no secret used to sign the cookie. | ||||
| CVE-2026-4839 | 2026-03-26 | 7.3 High | ||
| A vulnerability has been found in SourceCodester Food Ordering System 1.0. This affects an unknown function of the file /purchase.php of the component Parameter Handler. The manipulation of the argument custom leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-7195 | 1 Redhat | 13 Acm, Advanced Cluster Security, Apicurio Registry and 10 more | 2026-03-26 | 6.4 Medium |
| Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, user_setup, which modifies the permissions of the /etc/passwd file to 664 during build time. Developers who used Operator-SDK before 0.15.2 to scaffold their operator may still be impacted by this if the insecure user_setup script is still being used to build new container images. In affected images, the /etc/passwd file is created during build time with group-writable permissions and a group ownership of root (gid=0). An attacker who can execute commands within an affected container, even as a non-root user, may be able to leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container. | ||||
| CVE-2024-1394 | 1 Redhat | 23 Ansible Automation Platform, Ansible Automation Platform Developer, Ansible Automation Platform Inside and 20 more | 2026-03-26 | 7.5 High |
| A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey and ctx. That function uses named return parameters to free pkey and ctx if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkey and ctx will be nil inside the deferred function that should free them. | ||||
| CVE-2026-4838 | 2026-03-26 | 7.3 High | ||
| A flaw has been found in SourceCodester Malawi Online Market 1.0. The impacted element is an unknown function of the file /display.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used. If you want to get the best quality for vulnerability data then you always have to consider VulDB. | ||||
| CVE-2026-4075 | 2026-03-26 | 6.4 Medium | ||
| The BWL Advanced FAQ Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'baf_sbox' shortcode in all versions up to and including 1.1.1. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes such as 'sbox_id', 'sbox_class', 'placeholder', 'highlight_color', 'highlight_bg', and 'cont_ext_class'. These attributes are directly interpolated into HTML element attributes without any esc_attr() escaping in the baf_sbox() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2026-1986 | 2026-03-26 | 6.1 Medium | ||
| The FloristPress for Woo – Customize your eCommerce store for your Florist plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'noresults' parameter in all versions up to, and including, 7.8.2 due to insufficient input sanitization and output escaping on the user supplied 'noresults' parameter. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2026-4335 | 2026-03-26 | 5.4 Medium | ||
| The ShortPixel Image Optimizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the attachment post_title in all versions up to, and including, 6.4.3. This is due to insufficient output escaping in the getEditorPopup() function and its corresponding media-popup.php template. Specifically, the attachment's post_title is retrieved from the database via get_post() in AjaxController.php (line 435) and passed directly to the view template (line 449), where it is rendered into an HTML input element's value attribute without esc_attr() escaping (media-popup.php line 139). Since WordPress allows Authors to set arbitrary attachment titles (including double-quote characters) via the REST API, a malicious author can craft an attachment title that breaks out of the HTML attribute and injects arbitrary JavaScript event handlers. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts that execute whenever a higher-privileged user (such as an administrator) opens the ShortPixel AI editor popup (Background Removal or Image Upscale) for the poisoned attachment. | ||||
| CVE-2026-3328 | 2026-03-26 | 7.2 High | ||
| The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to PHP Object Injection via deserialization of the 'post_content' of admin_form posts in all versions up to, and including, 3.28.31. This is due to the use of WordPress's `maybe_unserialize()` function without class restrictions on user-controllable content stored in admin_form post content. This makes it possible for authenticated attackers, with Editor-level access and above, to inject a PHP Object. The additional presence of a POP chain allows attackers to achieve remote code execution. | ||||
| CVE-2026-4833 | 2026-03-26 | 3.3 Low | ||
| A weakness has been identified in Orc discount up to 3.0.1.2. This issue affects the function compile of the file markdown.c of the component Markdown Handler. This manipulation causes uncontrolled recursion. The attack is restricted to local execution. The exploit has been made available to the public and could be used for attacks. The project maintainer confirms: "[I]f you feed it an infinitely deep blockquote input it will crash. (...) [T]his is a duplicate of an old bug that I've been working on." | ||||
| CVE-2026-4831 | 2026-03-26 | 3.7 Low | ||
| A security flaw has been discovered in kalcaddle kodbox 1.64. Impacted is the function can of the file /workspace/source-code/app/controller/explorer/auth.class.php of the component Password-protected Share Handler. Performing a manipulation results in improper authentication. The attack is possible to be carried out remotely. The complexity of an attack is rather high. The exploitability is considered difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-4484 | 2026-03-26 | 9.8 Critical | ||
| The Masteriyo LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.6. This is due to the plugin allowing a user to update the user role through the 'InstructorsController::prepare_object_for_database' function. This makes it possible for authenticated attackers, with Student-level access and above, to elevate their privileges to that of an administrator. | ||||
| CVE-2026-4830 | 2026-03-26 | 5.6 Medium | ||
| A vulnerability was identified in kalcaddle kodbox 1.64. This issue affects the function Add of the file app/controller/explorer/userShare.class.php of the component Public Share Handler. Such manipulation leads to unrestricted upload. The attack can be executed remotely. This attack is characterized by high complexity. The exploitability is assessed as difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-33942 | 2026-03-26 | N/A | ||
| Saloon is a PHP library that gives users tools to build API integrations and SDKs. Versions prior to 4.0.0 used PHP's unserialize() in AccessTokenAuthenticator::unserialize() to restore OAuth token state from cache or storage, with allowed_classes => true. An attacker who can control the serialized string (e.g. by overwriting a cached token file or via another injection) can supply a serialized "gadget" object. When unserialize() runs, PHP instantiates that object and runs its magic methods (__wakeup, __destruct, etc.), leading to object injection. In environments with common dependencies (e.g. Monolog), this can be chained to remote code execution (RCE). The fix in version 4.0.0 removes PHP serialization from the AccessTokenAuthenticator class requiring users to store and resolve the authenticator manually. | ||||
| CVE-2026-33526 | 2026-03-26 | N/A | ||
| Squid is a caching proxy for the Web. Prior to version 7.5, due to heap Use-After-Free, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remote attacker to perform a reliable and repeatable Denial of Service attack against the Squid service using ICP protocol. This attack is limited to Squid deployments that explicitly enable ICP support (i.e. configure non-zero `icp_port`). This problem _cannot_ be mitigated by denying ICP queries using `icp_access` rules. Version 7.5 contains a patch. | ||||
| CVE-2026-33515 | 2026-03-26 | N/A | ||
| Squid is a caching proxy for the Web. Prior to version 7.5, due to improper input validation, Squid is vulnerable to out of bounds read when handling ICP traffic. This problem allows a remote attacker to receive small amounts of memory potentially containing sensitive information when responding with errors to invalid ICP requests. This attack is limited to Squid deployments that explicitly enable ICP support (i.e. configure non-zero `icp_port`). This problem cannot be mitigated by denying ICP queries using `icp_access` rules. Version 7.5 contains a patch. | ||||
| CVE-2026-33287 | 2026-03-26 | 7.5 High | ||
| LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, the `replace_first` filter in LiquidJS uses JavaScript's `String.prototype.replace()` which interprets `$&` as a back reference to the matched substring. The filter only charges `memoryLimit` for the input string length, not the amplified output. An attacker can achieve exponential memory amplification (up to 625,000:1) while staying within the `memoryLimit` budget, leading to denial of service. Version 10.25.1 patches the issue. | ||||