Export limit exceeded: 346637 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346637 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-50660 | 2 D-link, Dlink | 3 Di-8003, Di-8003, Di-8003 Firmware | 2026-04-22 | 7.5 High |
| A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /url_member.asp endpoint. | ||||
| CVE-2025-50659 | 2 D-link, Dlink | 3 Di-8003, Di-8003, Di-8003 Firmware | 2026-04-22 | 7.5 High |
| A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the custom_error parameter in the /user.asp endpoint. | ||||
| CVE-2025-50657 | 1 Dlink | 2 Di-8003, Di-8003 Firmware | 2026-04-22 | 7.5 High |
| A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the pid parameter in the /trace.asp endpoint. | ||||
| CVE-2025-50655 | 1 Dlink | 2 Di-8003, Di-8003 Firmware | 2026-04-22 | 7.5 High |
| A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /thd_group.asp endpoint. | ||||
| CVE-2025-50654 | 2 D-link, Dlink | 3 Di-8003, Di-8003, Di-8003 Firmware | 2026-04-22 | 7.5 High |
| A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper validation of the id parameter in the /thd_member.asp endpoint. | ||||
| CVE-2025-50653 | 1 Dlink | 2 Di-8003, Di-8003 Firmware | 2026-04-22 | 7.5 High |
| A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name and mem parameters in the /time_group.asp endpoint. | ||||
| CVE-2025-50652 | 1 Dlink | 2 Di-8003, Di-8003 Firmware | 2026-04-22 | 7.5 High |
| An issue in D-Link DI-8003 16.07.26A1 related to improper handling of the id parameter in the /saveparm_usb.asp endpoint. | ||||
| CVE-2025-50650 | 1 Dlink | 2 Di-8003, Di-8003 Firmware | 2026-04-22 | 7.5 High |
| A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to inadequate validation of input size in the routes_static parameter in the /router.asp endpoint. | ||||
| CVE-2025-50649 | 1 Dlink | 2 Di-8003, Di-8003 Firmware | 2026-04-22 | 7.5 High |
| A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper input validation in the vlan_name parameter in the /shut_set.asp endpoint. | ||||
| CVE-2025-50648 | 2 D-link, Dlink | 3 Di-8003, Di-8003, Di-8003 Firmware | 2026-04-22 | 7.5 High |
| A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to inadequate input validation in the /tggl.asp endpoint. | ||||
| CVE-2025-50647 | 1 Dlink | 2 Di-8003, Di-8003 Firmware | 2026-04-22 | 7.5 High |
| A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1, specifically in the handling of the wans parameter in the qos.asp endpoint. | ||||
| CVE-2025-50646 | 1 Dlink | 2 Di-8003, Di-8003 Firmware | 2026-04-22 | 7.5 High |
| A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to insufficient input validation on the name parameter in the /qos_type_asp.asp endpoint. | ||||
| CVE-2025-50645 | 1 Dlink | 2 Di-8003, Di-8003 Firmware | 2026-04-22 | 7.5 High |
| A vulnerability has been discovered in D-Link DI-8003 16.07.26A1, which can lead to a buffer overflow when the s parameter in the pppoe_list_opt.asp endpoint is manipulated. By sending a crafted request with an excessively large value for the s parameter, an attacker can trigger a buffer overflow condition. | ||||
| CVE-2025-50644 | 2 D-link, Dlink | 3 Di-8003, Di-8003, Di-8003 Firmware | 2026-04-22 | 7.5 High |
| A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper validation of user input in the qj.asp endpoint. | ||||
| CVE-2015-2546 | 1 Microsoft | 9 Windows 10 1507, Windows 7, Windows 8 and 6 more | 2026-04-22 | 8.2 High |
| The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2511, CVE-2015-2517, and CVE-2015-2518. | ||||
| CVE-2025-14129 | 1 Wordpress | 1 Wordpress | 2026-04-22 | 6.1 Medium |
| The Like DisLike Voting plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` variable in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2025-14048 | 1 Wordpress | 1 Wordpress | 2026-04-22 | 4.4 Medium |
| The SimplyConvert plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'simplyconvert_hash' option in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-12883 | 2 Campay, Wordpress | 2 Woocommerce Payment Gateway, Wordpress | 2026-04-22 | 5.3 Medium |
| The Campay Woocommerce Payment Gateway plugin for WordPress is vulnerable to Unauthenticated Payment Bypass in all versions up to, and including, 1.2.2. This is due to the plugin not properly validating that a transaction has occurred through the payment gateway. This makes it possible for unauthenticated attackers to bypass payments and mark orders as successfully completed resulting in a loss of income. | ||||
| CVE-2025-13660 | 1 Wordpress | 1 Wordpress | 2026-04-22 | 5.3 Medium |
| The Guest Support plugin for WordPress is vulnerable to User Email Disclosure in versions up to, and including, 1.2.3. This is due to the plugin exposing a public AJAX endpoint that allows anyone to search for and retrieve user email addresses without any authentication or capability checks. This makes it possible for unauthenticated attackers to enumerate user accounts and extract email addresses via the guest_support_handler=ajax endpoint with the request=get_users parameter. | ||||
| CVE-2025-14065 | 1 Wordpress | 1 Wordpress | 2026-04-22 | 4.3 Medium |
| The Simple Bike Rental plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'simpbire_carica_prenotazioni' AJAX action in all versions up to, and including, 1.0.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve all booking records containing customers' personally identifiable information (PII), including names, email addresses, and phone numbers. | ||||