Search

Search Results (366361 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-24194 1 Oretnom23 1 Online Food Ordering System 2026-03-30 6.1 Medium
Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the page parameter in navbar.php.
CVE-2023-24195 1 Oretnom23 1 Online Food Ordering System 2026-03-30 6.1 Medium
Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the page parameter in index.php.
CVE-2023-24197 1 Oretnom23 1 Online Food Ordering System 2026-03-30 6.1 Medium
Online Food Ordering System v2 was discovered to contain a SQL injection vulnerability via the id parameter at view_order.php.
CVE-2023-24646 1 Oretnom23 1 Online Food Ordering System 2026-03-30 9.8 Critical
An arbitrary file upload vulnerability in the component /fos/admin/ajax.php of Food Ordering System v2.0 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2023-24647 1 Oretnom23 1 Online Food Ordering System 2026-03-30 7.5 High
Food Ordering System v2.0 was discovered to contain a SQL injection vulnerability via the email parameter.
CVE-2023-27073 1 Oretnom23 1 Online Food Ordering System 2026-03-30 6.5 Medium
A Cross-Site Request Forgery (CSRF) in Online Food Ordering System v1.0 allows attackers to change user details and credentials via a crafted POST request.
CVE-2023-30122 1 Oretnom23 1 Online Food Ordering System 2026-03-30 9.8 Critical
An arbitrary file upload vulnerability in the component /admin/ajax.php?action=save_menu of Online Food Ordering System v2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.
CVE-2024-0247 1 Oretnom23 1 Online Food Ordering System 2026-03-30 7.3 High
A vulnerability classified as critical was found in CodeAstro Online Food Ordering System 1.0. This vulnerability affects unknown code of the file /admin/ of the component Admin Panel. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249778 is the identifier assigned to this vulnerability.
CVE-2016-20039 1 Mamedev 1 Mess Emulator 2026-03-30 8.4 High
Multi Emulator Super System 0.154-3.1 contains a buffer overflow vulnerability in the gamma parameter handling that allows local attackers to crash the application or execute arbitrary code. Attackers can supply an oversized gamma parameter value to overflow the stack buffer and overwrite the instruction pointer with a controlled address to achieve code execution.
CVE-2016-20041 1 Yasr 1 Yasr Screen Reader 2026-03-30 8.4 High
Yasr 0.6.9-5 contains a buffer overflow vulnerability that allows local attackers to crash the application or execute arbitrary code by supplying an oversized argument to the -p parameter. Attackers can invoke yasr with a crafted payload containing junk data, shellcode, and a return address to overwrite the stack and trigger code execution.
CVE-2016-20047 1 Ekg 1 Ekg Gadu 2026-03-30 8.4 High
EKG Gadu 1.9~pre+r2855-3+b1 contains a local buffer overflow vulnerability in the username handling that allows local attackers to execute arbitrary code by supplying an oversized username string. Attackers can trigger the overflow in the strlcpy function by passing a crafted buffer exceeding 258 bytes to overwrite the instruction pointer and execute shellcode with user privileges.
CVE-2026-32978 1 Openclaw 1 Openclaw 2026-03-30 8 High
OpenClaw before 2026.3.11 contains an approval integrity vulnerability where system.run approvals fail to bind mutable file operands for certain script runners like tsx and jiti. Attackers can obtain approval for benign script commands, rewrite referenced scripts on disk, and execute modified code under the approved run context.
CVE-2026-32975 1 Openclaw 1 Openclaw 2026-03-30 9.8 Critical
OpenClaw before 2026.3.12 contains a weak authorization vulnerability in Zalouser allowlist mode that matches mutable group display names instead of stable group identifiers. Attackers can create groups with identical names to allowlisted groups to bypass channel authorization and route messages from unintended groups to the agent.
CVE-2026-32973 1 Openclaw 1 Openclaw 2026-03-30 9.8 Critical
OpenClaw before 2026.3.11 contains an exec allowlist bypass vulnerability where matchesExecAllowlistPattern improperly normalizes patterns with lowercasing and glob matching that overmatches on POSIX paths. Attackers can exploit the ? wildcard matching across path segments to execute commands or paths not intended by operators.
CVE-2026-32979 1 Openclaw 1 Openclaw 2026-03-30 7.3 High
OpenClaw before 2026.3.11 contains an approval integrity vulnerability allowing attackers to execute rewritten local code by modifying scripts between approval and execution when exact file binding cannot occur. Remote attackers can change approved local scripts before execution to achieve unintended code execution as the OpenClaw runtime user.
CVE-2026-33573 1 Openclaw 1 Openclaw 2026-03-30 8.8 High
OpenClaw before 2026.3.11 contains an authorization bypass vulnerability in the gateway agent RPC that allows authenticated operators with operator.write permission to override workspace boundaries by supplying attacker-controlled spawnedBy and workspaceDir values. Remote operators can escape the configured workspace boundary and execute arbitrary file and exec operations from any process-accessible directory.
CVE-2026-33575 1 Openclaw 1 Openclaw 2026-03-30 7.5 High
OpenClaw before 2026.3.12 embeds long-lived shared gateway credentials directly in pairing setup codes generated by /pair endpoint and OpenClaw qr command. Attackers with access to leaked setup codes from chat history, logs, or screenshots can recover and reuse the shared gateway credential outside the intended one-time pairing flow.
CVE-2016-20038 1 Werner 1 Ytree 2026-03-30 8.4 High
yTree 1.94-1.1 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an excessively long argument to the application. Attackers can craft a malicious command-line argument containing shellcode and a return address to overwrite the stack and execute code in the application context.
CVE-2026-23813 1 Hpe 1 Arubaos-cx 2026-03-30 9.8 Critical
A vulnerability has been identified in the web-based management interface of AOS-CX switches that could potentially allow an unauthenticated remote actor to circumvent existing authentication controls. In some cases this could enable resetting the admin password.
CVE-2017-20226 1 Msk 1 Mapscrn 2026-03-30 8.4 High
Mapscrn 2.0.3 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized input buffer. Attackers can craft a malicious buffer with junk data, return address, NOP instructions, and shellcode to overflow the stack and achieve code execution or denial of service.