Export limit exceeded: 346086 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346086 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346086 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-50661 | 2 D-link, Dlink | 3 Di-8003, Di-8003, Di-8003 Firmware | 2026-04-22 | 7.5 High |
| A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of multiple parameters in the /url_rule.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request with parameters name, en, ips, u, time, act, rpri, and log. | ||||
| CVE-2025-50660 | 2 D-link, Dlink | 3 Di-8003, Di-8003, Di-8003 Firmware | 2026-04-22 | 7.5 High |
| A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /url_member.asp endpoint. | ||||
| CVE-2025-50659 | 2 D-link, Dlink | 3 Di-8003, Di-8003, Di-8003 Firmware | 2026-04-22 | 7.5 High |
| A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the custom_error parameter in the /user.asp endpoint. | ||||
| CVE-2025-50657 | 1 Dlink | 2 Di-8003, Di-8003 Firmware | 2026-04-22 | 7.5 High |
| A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the pid parameter in the /trace.asp endpoint. | ||||
| CVE-2025-50655 | 1 Dlink | 2 Di-8003, Di-8003 Firmware | 2026-04-22 | 7.5 High |
| A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /thd_group.asp endpoint. | ||||
| CVE-2025-50654 | 2 D-link, Dlink | 3 Di-8003, Di-8003, Di-8003 Firmware | 2026-04-22 | 7.5 High |
| A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper validation of the id parameter in the /thd_member.asp endpoint. | ||||
| CVE-2025-50653 | 1 Dlink | 2 Di-8003, Di-8003 Firmware | 2026-04-22 | 7.5 High |
| A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name and mem parameters in the /time_group.asp endpoint. | ||||
| CVE-2025-50652 | 1 Dlink | 2 Di-8003, Di-8003 Firmware | 2026-04-22 | 7.5 High |
| An issue in D-Link DI-8003 16.07.26A1 related to improper handling of the id parameter in the /saveparm_usb.asp endpoint. | ||||
| CVE-2025-50650 | 1 Dlink | 2 Di-8003, Di-8003 Firmware | 2026-04-22 | 7.5 High |
| A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to inadequate validation of input size in the routes_static parameter in the /router.asp endpoint. | ||||
| CVE-2025-50649 | 1 Dlink | 2 Di-8003, Di-8003 Firmware | 2026-04-22 | 7.5 High |
| A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper input validation in the vlan_name parameter in the /shut_set.asp endpoint. | ||||
| CVE-2025-50648 | 2 D-link, Dlink | 3 Di-8003, Di-8003, Di-8003 Firmware | 2026-04-22 | 7.5 High |
| A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to inadequate input validation in the /tggl.asp endpoint. | ||||
| CVE-2025-50647 | 1 Dlink | 2 Di-8003, Di-8003 Firmware | 2026-04-22 | 7.5 High |
| A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1, specifically in the handling of the wans parameter in the qos.asp endpoint. | ||||
| CVE-2025-50646 | 1 Dlink | 2 Di-8003, Di-8003 Firmware | 2026-04-22 | 7.5 High |
| A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to insufficient input validation on the name parameter in the /qos_type_asp.asp endpoint. | ||||
| CVE-2025-50645 | 1 Dlink | 2 Di-8003, Di-8003 Firmware | 2026-04-22 | 7.5 High |
| A vulnerability has been discovered in D-Link DI-8003 16.07.26A1, which can lead to a buffer overflow when the s parameter in the pppoe_list_opt.asp endpoint is manipulated. By sending a crafted request with an excessively large value for the s parameter, an attacker can trigger a buffer overflow condition. | ||||
| CVE-2025-50644 | 2 D-link, Dlink | 3 Di-8003, Di-8003, Di-8003 Firmware | 2026-04-22 | 7.5 High |
| A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper validation of user input in the qj.asp endpoint. | ||||
| CVE-2024-58344 | 2026-04-22 | 6.4 Medium | ||
| Carbon Forum 5.9.0 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript code through the Forum Name field in dashboard settings. Attackers with admin privileges can store JavaScript payloads in the Forum Name field that execute in the browsers of all users visiting the forum, enabling session hijacking and data theft. | ||||
| CVE-2018-25272 | 2026-04-22 | 9.8 Critical | ||
| ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain database credentials and execute arbitrary commands with SYSTEM level permissions. Attackers can connect to the database using default connector credentials, decrypt the DBA password, and execute commands via the xp_cmdshell stored procedure or add backdoor users to the BEDIENER table. | ||||
| CVE-2018-25271 | 1 Helios | 1 Textpad | 2026-04-22 | 6.2 Medium |
| Textpad 8.1.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long buffer string through the Run command interface. Attackers can paste a 5000-byte payload into the Command field via Tools > Run to trigger a buffer overflow that crashes the application. | ||||
| CVE-2018-25270 | 1 Thinkphp | 1 Thinkphp | 2026-04-22 | 9.8 Critical |
| ThinkPHP 5.0.23 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by invoking functions through the routing parameter. Attackers can craft requests to the index.php endpoint with malicious function parameters to execute system commands with application privileges. | ||||
| CVE-2018-25269 | 1 Icewarp | 1 Icewarp | 2026-04-22 | 6.1 Medium |
| ICEWARP 11.0.0.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious HTML elements into emails by embedding base64-encoded payloads in object and embed tags. Attackers can craft emails containing data URIs with embedded scripts that execute in the client when the email is viewed, compromising user sessions and stealing sensitive information. | ||||