Export limit exceeded: 337069 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 337069 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (337069 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-70250 | 1 D-link | 1 Dir-513 | 2026-03-10 | 7.5 High |
| Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formdumpeasysetup. | ||||
| CVE-2026-3843 | 2026-03-10 | 9.8 Critical | ||
| Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 on Linux contains a SQL Injection vulnerability (CWE-89) in the system configuration module. A remote attacker can send specially crafted HTTP POST requests to the /php/request.php endpoint via the sql parameter in application/x-www-form-urlencoded data (e.g., action=do&sql=<query_here>&reload_driver=0) to execute arbitrary SQL commands and potentially achieve remote code execution. | ||||
| CVE-2025-70028 | 1 Sunbird-ed | 1 Sunbirded-portal | 2026-03-10 | N/A |
| An issue pertaining to CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. | ||||
| CVE-2025-70030 | 1 Sunbird-ed | 1 Sunbirded-portal | 2026-03-10 | N/A |
| An issue pertaining to CWE-1333: Inefficient Regular Expression Complexity (4.19) was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. | ||||
| CVE-2025-70031 | 1 Sunbird-ed | 1 Sunbirded-portal | 2026-03-10 | N/A |
| An issue pertaining to CWE-352: Cross-Site Request Forgery was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. | ||||
| CVE-2025-70032 | 1 Sunbird-ed | 1 Sunbirded-portal | 2026-03-10 | N/A |
| An issue pertaining to CWE-601: URL Redirection to Untrusted Site was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. | ||||
| CVE-2026-30140 | 1 Tenda | 1 W15e | 2026-03-10 | N/A |
| An incorrect access control vulnerability exists in Tenda W15E V02.03.01.26_cn. An unauthenticated attacker can access the /cgi-bin/DownloadCfg/RouterCfm.jpg endpoint to download the configuration file containing plaintext administrator credentials, leading to sensitive information disclosure and potential remote administrative access. | ||||
| CVE-2026-3792 | 2 Ahsanriaz26gmailcom, Sourcecodester | 2 Sales And Inventory System, Sales And Inventory System | 2026-03-10 | 6.3 Medium |
| A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file purchase_invoice.php of the component GET Parameter Handler. The manipulation of the argument purchaseid results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used. | ||||
| CVE-2026-3793 | 2 Ahsanriaz26gmailcom, Sourcecodester | 2 Sales And Inventory System, Sales And Inventory System | 2026-03-10 | 6.3 Medium |
| A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file sales_invoice1.php of the component GET Parameter Handler. This manipulation of the argument sellid causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-3797 | 1 Tiandy | 1 Video Surveillance System | 2026-03-10 | 6.3 Medium |
| A security vulnerability has been detected in Tiandy Video Surveillance System 视频监控平台 7.17.0. The impacted element is the function uploadFile of the file /src/com/tiandy/easy7/core/rest/CLS_REST_File.java. The manipulation of the argument fileName leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-3630 | 1 Deltaww | 1 Commgr2 | 2026-03-10 | 9.8 Critical |
| Delta Electronics COMMGR2 has Stack-based Buffer Overflow vulnerability. | ||||
| CVE-2026-3631 | 1 Deltaww | 1 Commgr2 | 2026-03-10 | 7.5 High |
| Delta Electronics COMMGR2 has Buffer Over-read DoS vulnerability. | ||||
| CVE-2026-3822 | 1 Taipower | 1 Taipower App | 2026-03-10 | 6.5 Medium |
| Taipower APP developed by Taipower has an Improper Certificate Validation vulnerability. When establishing an HTTPS connection with the server, the application fails to verify the server-side TLS/SSL certificate. This flaw allows an unauthenticated remote attackers to exploit the vulnerability to perform a Man-in-the-Middle (MITM) attack to read and tamper with network packets. | ||||
| CVE-2026-30896 | 1 Qsee | 1 Qsee Client | 2026-03-10 | N/A |
| The installer for Qsee Client versions 1.0.1 and prior insecurely load Dynamic Link Libraries (DLLs). When a user is directed to place some malicious DLL to the same directory and execute the affected installer, then arbitrary code may be executed with the administrative privilege. | ||||
| CVE-2026-3803 | 1 Tenda | 2 I3, I3 Firmware | 2026-03-10 | 8.8 High |
| A vulnerability was identified in Tenda i3 1.0.0.6(2204). This affects the function formWifiMacFilterGet of the file /goform/WifiMacFilterGet. The manipulation of the argument index leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. | ||||
| CVE-2026-3823 | 1 Atop Technologies | 2 Ehg2408, Ehg2408-2sfp | 2026-03-10 | 8.8 High |
| EHG2408 series switch developed by Atop Technologies has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's execution flow and execute arbitrary code. | ||||
| CVE-2025-41754 | 1 Mbs | 3 Ubr-01 Mk Ii, Ubr-02, Ubr-lon | 2026-03-10 | 6.5 Medium |
| A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to read arbitrary files on the system. | ||||
| CVE-2025-41755 | 1 Mbs | 3 Ubr-01 Mk Ii, Ubr-02, Ubr-lon | 2026-03-10 | 6.5 Medium |
| A low-privileged remote attacker can exploit the ubr-logread method in wwwubr.cgi to read arbitrary files on the system. The endpoint accepts a parameter specifying the log file to open (e.g., /tmp/weblog{some_number}), but this parameter is not properly validated, allowing an attacker to modify it to reference any file and retrieve its contents. | ||||
| CVE-2025-41756 | 1 Mbs | 3 Ubr-01 Mk Ii, Ubr-02, Ubr-lon | 2026-03-10 | 8.1 High |
| A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to write arbitrary files on the system. | ||||
| CVE-2025-41757 | 1 Mbs | 3 Ubr-01 Mk Ii, Ubr-02, Ubr-lon | 2026-03-10 | 8.8 High |
| A low-privileged remote attacker can abuse the backup restore functionality of UBR (ubr-restore) which runs with elevated privileges and does not validate the contents of the backup archive to create or overwrite arbitrary files anywhere on the system. | ||||