Export limit exceeded: 344155 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344155 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-25697 | 2026-04-12 | 8.2 High | ||
| CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cat_id parameter. Attackers can send GET requests to category.php with malicious cat_id values to extract sensitive database information including usernames and credentials. | ||||
| CVE-2019-25695 | 2026-04-12 | 8.4 High | ||
| R 3.4.4 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by injecting malicious input into the GUI Preferences language field. Attackers can craft a payload with a 292-byte offset and JMP ESP instruction to execute commands like calc.exe when the payload is pasted into the Language for menus and messages field. | ||||
| CVE-2019-25693 | 2026-04-12 | 7.1 High | ||
| ResourceSpace 8.6 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the keywords parameter in collection_edit.php. Attackers can submit POST requests with crafted SQL payloads in the keywords field to extract sensitive database information including schema names, user credentials, and other confidential data. | ||||
| CVE-2019-25689 | 1 Bplugins | 1 Html5 Video Player | 2026-04-12 | 8.4 High |
| HTML5 Video Player 1.2.5 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized key code string. Attackers can craft a malicious payload exceeding 997 bytes and paste it into the KEY CODE field in the Help Register dialog to trigger code execution and spawn a calculator process. | ||||
| CVE-2018-25258 | 2026-04-12 | 8.4 High | ||
| RGui 3.5.0 contains a local buffer overflow vulnerability in the GUI preferences dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Attackers can craft malicious input in the Language for menus and messages field to trigger a stack-based buffer overflow, execute a ROP chain for VirtualAlloc allocation, and achieve arbitrary code execution. | ||||
| CVE-2018-25257 | 2026-04-12 | 7.1 High | ||
| Adianti Framework 5.5.0 and 5.6.0 contains an SQL injection vulnerability that allows authenticated users to manipulate database queries by injecting SQL code through the name field in SystemProfileForm. Attackers can submit crafted SQL statements in the profile edit endpoint to modify user credentials and gain administrative access. | ||||
| CVE-2017-20239 | 2026-04-12 | 6.1 Medium | ||
| MDwiki contains a cross-site scripting vulnerability that allows remote attackers to execute arbitrary JavaScript by injecting malicious code through the location hash parameter. Attackers can craft URLs with JavaScript payloads in the hash fragment that are parsed and rendered without sanitization, causing the injected scripts to execute in the victim's browser context. | ||||
| CVE-2026-6125 | 2026-04-12 | 6.3 Medium | ||
| A security flaw has been discovered in Dromara warm-flow up to 1.8.4. Impacted is the function SpelHelper.parseExpression of the file /warm-flow/save-json of the component Workflow Definition Handler. The manipulation of the argument listenerPath/skipCondition/permissionFlag results in code injection. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2026-6124 | 1 Tenda | 1 F451 Firmware | 2026-04-12 | 8.8 High |
| A vulnerability was determined in Tenda F451 1.0.0.7. This vulnerability affects the function fromSafeMacFilter of the file /goform/SafeMacFilter of the component httpd. Executing a manipulation of the argument page/menufacturer can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-6123 | 1 Tenda | 1 F451 Firmware | 2026-04-12 | 8.8 High |
| A vulnerability was found in Tenda F451 1.0.0.7. This affects the function fromAddressNat of the file /goform/addressNat of the component httpd. Performing a manipulation of the argument entrys results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used. | ||||
| CVE-2026-6122 | 1 Tenda | 1 F451 Firmware | 2026-04-12 | 8.8 High |
| A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this issue is the function frmL7ProtForm of the file /goform/L7Prot of the component httpd. Such manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-6120 | 1 Tenda | 1 F451 Firmware | 2026-04-12 | 8.8 High |
| A vulnerability was detected in Tenda F451 1.0.0.7. Affected is the function fromDhcpListClient of the file /goform/DhcpListClient of the component httpd. The manipulation of the argument page results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used. | ||||
| CVE-2026-6119 | 1 Astrbot | 1 Astrbot | 2026-04-12 | 6.3 Medium |
| A vulnerability was identified in AstrBotDevs AstrBot up to 4.22.1. The affected element is the function post_data.get of the component API Endpoint. Such manipulation leads to server-side request forgery. The attack may be performed from remote. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-5704 | 1 Redhat | 2 Enterprise Linux, Hummingbird | 2026-04-12 | 5 Medium |
| A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files onto a system without detection. | ||||
| CVE-2026-6118 | 1 Astrbot | 1 Astrbot | 2026-04-12 | 6.3 Medium |
| A vulnerability was determined in AstrBotDevs AstrBot up to 4.22.1. Impacted is the function add_mcp_server of the file astrbot/dashboard/routes/tools.py of the component MCP Endpoint. This manipulation of the argument command causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-6117 | 1 Astrbot | 1 Astrbot | 2026-04-12 | 6.3 Medium |
| A vulnerability was found in AstrBotDevs AstrBot up to 4.22.1. This issue affects the function install_plugin_upload of the file astrbot/dashboard/routes/plugin.py of the component install-upload Endpoint. The manipulation of the argument File results in sandbox issue. The attack can be executed remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-6115 | 1 Totolink | 1 A7100ru Firmware | 2026-04-12 | 9.8 Critical |
| A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setAppCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument enable can lead to os command injection. The attack may be launched remotely. The exploit has been published and may be used. | ||||
| CVE-2026-34621 | 2026-04-12 | 8.6 High | ||
| Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-6114 | 1 Totolink | 1 A7100ru Firmware | 2026-04-12 | 9.8 Critical |
| A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setNetworkCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument proto results in os command injection. The attack may be initiated remotely. The exploit is now public and may be used. | ||||
| CVE-2026-6113 | 1 Totolink | 1 A7100ru Firmware | 2026-04-12 | 9.8 Critical |
| A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this vulnerability is the function setTtyServiceCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument ttyEnable leads to os command injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. | ||||