Export limit exceeded: 363683 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363683 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-10004 1 Cacti 1 Cacti 2026-04-07 8.8 High
Cacti versions prior to 0.8.6-d contain a remote command execution vulnerability in the graph_view.php script. An authenticated user can inject arbitrary shell commands via the graph_start GET parameter, which is improperly handled during graph rendering. This flaw allows attackers to execute commands on the underlying operating system with the privileges of the web server process, potentially compromising system integrity.
CVE-2026-5676 1 Totolink 1 A8000r 2026-04-07 7.3 High
A vulnerability was identified in Totolink A8000R 5.9c.681_B20180413. This issue affects the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument langType leads to missing authentication. The attack can be launched remotely. The exploit is publicly available and might be used.
CVE-2026-5682 1 Meesho 1 Online Shopping App 2026-04-07 3.7 Low
A vulnerability has been found in Meesho Online Shopping App up to 27.3 on Android. Affected is an unknown function of the file /api/endpoint of the component com.meesho.supply. Such manipulation leads to risky cryptographic algorithm. The attack may be performed from remote. The attack requires a high level of complexity. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.
CVE-2017-20234 1 Belden 1 Garrettcom Magnum 6k And 10k Managed Switches 2026-04-07 9.8 Critical
GarrettCom Magnum 6K and 10K managed switches contain an authentication bypass vulnerability that allows unauthenticated attackers to gain unauthorized access by exploiting a hardcoded string in the authentication mechanism. Attackers can bypass login controls to access administrative functions and sensitive switch configuration without valid credentials.
CVE-2017-20237 1 Belden 1 Hirschmann Industrial Hivision 2026-04-07 9.8 Critical
Hirschmann Industrial HiVision versions prior to 06.0.07 and 07.0.03 contains an authentication bypass vulnerability in the master service that allows unauthenticated remote attackers to execute arbitrary commands with administrative privileges. Attackers can invoke exposed interface methods over the remote service to bypass authentication and achieve remote code execution on the underlying operating system.
CVE-2018-25236 1 Belden 2 Hirschmann Hios, Hirschmann Hisecos 2026-04-07 9.8 Critical
Hirschmann HiOS and HiSecOS products RSP, RSPE, RSPS, RSPL, MSP, EES, EESX, GRS, OS, RED, EAGLE contain an authentication bypass vulnerability in the HTTP(S) management module that allows unauthenticated remote attackers to gain administrative access by crafting specially formed HTTP requests. Attackers can exploit improper authentication handling to obtain the authentication status and privileges of a previously authenticated user without providing valid credentials.
CVE-2018-25237 1 Belden 2 Hirschmann Eagle One, Hirschmann Hisecos 2026-04-07 9.8 Critical
Hirschmann HiSecOS devices versions prior to 05.3.03 contain a buffer overflow vulnerability in the HTTPS login interface when RADIUS authentication is enabled that allows remote attackers to crash the device or execute arbitrary code by submitting a password longer than 128 characters. Attackers can exploit improper bounds checking in password handling to overflow a fixed-size buffer and achieve denial of service or remote code execution.
CVE-2020-37216 1 Belden 1 Hirschmann Hios 2026-04-07 7.5 High
Hirschmann HiOS devices versions prior to 08.1.00 and 07.1.01 contain a denial of service vulnerability in the EtherNet/IP stack where improper handling of packet length fields allows remote attackers to crash or hang the device. Attackers can send specially crafted UDP EtherNet/IP packets with a length value larger than the actual packet size to render the device inoperable.
CVE-2021-4477 1 Belden 1 Hirschmann Hilcos Openbat 2026-04-07 9.1 Critical
Hirschmann HiLCOS OpenBAT and BAT450 products contain a firewall bypass vulnerability in IPv6 IPsec deployments that allows traffic from VPN connections to bypass configured firewall rules. Attackers can exploit this vulnerability by establishing IPv6 IPsec connections (IKEv1 or IKEv2) while simultaneously using an IPv6 Internet connection to circumvent firewall policy enforcement.
CVE-2025-10681 1 Gardyn 2 Cloud Api, Mobile Application 2026-04-07 8.6 High
Storage credentials are hardcoded in the mobile app and device firmware. These credentials do not adequately limit end user permissions and do not expire within a reasonable amount of time. This vulnerability may grant unauthorized access to production storage containers.
CVE-2026-5661 1 Free5gc 1 Free5gc 2026-04-07 5.3 Medium
A vulnerability was identified in Free5GC 4.2.0. This affects an unknown function of the component NGSetupRequest Handler. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit is publicly available and might be used.
CVE-2026-5660 1 Itsourcecode 1 Construction Management System 2026-04-07 6.3 Medium
A vulnerability was determined in itsourcecode Construction Management System 1.0. The impacted element is an unknown function of the file /borrowed_equip.php of the component Parameter Handler. This manipulation of the argument emp causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.
CVE-2026-5659 1 Pytries 1 Datrie 2026-04-07 6.3 Medium
A vulnerability was found in pytries datrie up to 0.8.3. The affected element is the function Trie.load/Trie.read/Trie.__setstate__ of the file src/datrie.pyx of the component trie File Handler. The manipulation results in deserialization. The attack can be launched remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.
CVE-2026-5650 1 Code-projects 1 Online Application System For Admission 2026-04-07 5.3 Medium
A vulnerability was found in code-projects Online Application System for Admission 1.0. Impacted is an unknown function of the file /enrollment/database/oas.sql. Performing a manipulation results in insecure storage of sensitive information. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
CVE-2026-5649 1 Code-projects 1 Online Application System For Admission 2026-04-07 6.3 Medium
A vulnerability has been found in code-projects Online Application System for Admission 1.0. This issue affects some unknown processing of the file /enrollment/admsnform.php of the component Endpoint. Such manipulation leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
CVE-2026-5648 1 Code-projects 1 Simple Laundry System 2026-04-07 7.3 High
A flaw has been found in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /userfinishregister.php of the component Parameter Handler. This manipulation of the argument firstName causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used.
CVE-2026-5647 1 Code-projects 1 Online Shoe Store 2026-04-07 2.4 Low
A vulnerability was detected in code-projects Online Shoe Store 1.0. This affects an unknown part of the file /admin/admin_feature.php of the component Add Product Page. The manipulation of the argument product_name results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be used.
CVE-2026-5646 1 Code-projects 1 Eblog Site 2026-04-07 7.3 High
A security vulnerability has been detected in code-projects Easy Blog Site 1.0. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.
CVE-2026-5645 1 Projectworlds 1 Car Rental System 2026-04-07 7.3 High
A weakness has been identified in projectworlds Car Rental System 1.0. Affected by this vulnerability is an unknown functionality of the file /pay.php of the component Parameter Handler. Executing a manipulation of the argument mpesa can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.
CVE-2026-5644 1 Cyber-iii 1 Student-management-system 2026-04-07 2.4 Low
A security flaw has been discovered in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. Affected is an unknown function of the file /admin/Add%20notice/batch-notice.php. Performing a manipulation of the argument $_SERVER['PHP_SELF'] results in cross site scripting. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.