Export limit exceeded: 337346 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 337346 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (337346 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-70802 | 2026-03-10 | N/A | ||
| Tenda G1V3.1si V16.01.7.8 Firmware V16.01.7.8 was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root. | ||||
| CVE-2025-70798 | 2026-03-10 | N/A | ||
| Tenda i24V3.0si V3.0.0.5 Firmware V3.0.0.5 was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root. | ||||
| CVE-2025-70251 | 2026-03-10 | 7.5 High | ||
| Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the webPage parameter to goform/formWlanGuestSetup. | ||||
| CVE-2025-70249 | 2026-03-10 | 7.5 High | ||
| Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWizard2. | ||||
| CVE-2025-70247 | 2026-03-10 | 7.5 High | ||
| Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWizard1. | ||||
| CVE-2025-70246 | 2026-03-10 | 7.5 High | ||
| Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formVirtualServ. | ||||
| CVE-2025-70244 | 2026-03-10 | 7.5 High | ||
| Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the webPage parameter to goform/formWlanSetup. | ||||
| CVE-2025-70242 | 2026-03-10 | 7.5 High | ||
| Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the webPage parameter to goform/formSetWanPPTP. | ||||
| CVE-2025-70227 | 2026-03-10 | 7.5 High | ||
| Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the nextPage parameter to goform/formLanguageChange. | ||||
| CVE-2025-66413 | 2026-03-10 | 7.4 High | ||
| Git for Windows is the Windows port of Git. Prior to 2.53.0(2), it is possible to obtain a user's NTLM hash by tricking them into cloning from a malicious server. Since NTLM hashing is weak, it is possible for the attacker to brute-force the user's account name and password. This vulnerability is fixed in 2.53.0(2). | ||||
| CVE-2025-36920 | 2026-03-10 | N/A | ||
| In hyp_alloc of arch/arm64/kvm/hyp/nvhe/alloc.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-13213 | 1 Ibm | 1 Aspera Orchestrator | 2026-03-10 | 5.4 Medium |
| IBM Aspera Orchestrator 3.0.0 through 4.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking | ||||
| CVE-2026-29082 | 2 Kestra, Kestra-io | 2 Kestra, Kestra | 2026-03-10 | 7.3 High |
| Kestra is an event-driven orchestration platform. In versions from 1.1.10 and prior, Kestra’s execution-file preview renders user-supplied Markdown (.md) with markdown-it instantiated as html:true and injects the resulting HTML with Vue’s v-html without sanitisation. At time of publication, there are no publicly available patches. | ||||
| CVE-2025-69644 | 1 Gnu | 1 Binutils | 2026-03-10 | 5 Medium |
| An issue was discovered in Binutils before 2.46. The objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed debug information. A logic flaw in the handling of DWARF location list headers can cause objdump to enter an unbounded loop and produce endless output until manually interrupted. This issue affects versions prior to the upstream fix and allows a local attacker to cause excessive resource consumption by supplying a malicious input file. | ||||
| CVE-2026-3766 | 2 Senior-walter, Sourcecodester | 2 Web-based Pharmacy Product Management System, Web-based Pharmacy Product Management System | 2026-03-10 | 3.5 Low |
| A security flaw has been discovered in SourceCodester Web-based Pharmacy Product Management System 1.0. This impacts an unknown function of the file edit-profile.php. Performing a manipulation of the argument fullname results in cross site scripting. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2026-3765 | 2 Angeljudesuarez, Itsourcecode | 2 University Management System, University Management System | 2026-03-10 | 7.3 High |
| A vulnerability was identified in itsourcecode University Management System 1.0. This affects an unknown function of the file /att_single_view.php. Such manipulation of the argument dt leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used. | ||||
| CVE-2026-3767 | 2 Angeljudesuarez, Itsourcecode | 2 College Management System, Sanitize Or Validate This Input | 2026-03-10 | 6.3 Medium |
| A weakness has been identified in itsourcecode sanitize or validate this input 1.0. Affected is an unknown function of the file /admin/teacher-attendance.php. Executing a manipulation of the argument teacher_id can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2026-3764 | 2 Lerouxyxchire, Sourcecodester | 2 Client Database Management System, Client Database Management System | 2026-03-10 | 7.3 High |
| A vulnerability was determined in SourceCodester Client Database Management System 1.0. The impacted element is an unknown function of the file /superadmin_user_update.php. This manipulation causes improper authorization. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-3763 | 2 Carmelo, Code-projects | 2 Simple Flight Ticket Booking System, Simple Flight Ticket Booking System | 2026-03-10 | 4.3 Medium |
| A vulnerability was found in code-projects Simple Flight Ticket Booking System 1.0. The affected element is an unknown function of the file showhistory.php. The manipulation results in cross site scripting. It is possible to launch the attack remotely. The exploit has been made public and could be used. | ||||
| CVE-2025-68947 | 1 Nsecsoft | 1 Nscknl | 2026-03-10 | 4.7 Medium |
| NSecsoft 'NSecKrnl' is a Windows driver that allows a local, authenticated attacker to terminate processes owned by other users, including SYSTEM and Protected Processes by issuing crafted IOCTL requests to the driver. | ||||