Export limit exceeded: 365312 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 365312 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (365312 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-69645 1 Gnu 1 Binutils 2026-03-20 5.5 Medium
Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug information. A logic error in the handling of DWARF compilation units can result in an invalid offset_size value being used inside byte_get_little_endian, leading to an abort (SIGABRT). The issue was observed in binutils 2.44. A local attacker can trigger the crash by supplying a malicious input file.
CVE-2025-69646 1 Gnu 1 Binutils 2026-03-20 5.5 Medium
Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug_rnglists data. A logic error in the handling of the debug_rnglists header can cause objdump to repeatedly print the same warning message and fail to terminate, resulting in an unbounded logging loop until the process is interrupted. The issue was observed in binutils 2.44. A local attacker can exploit this vulnerability by supplying a malicious input file, leading to excessive CPU and I/O usage and preventing completion of the objdump analysis.
CVE-2025-56421 1 Limesurvey 1 Limesurvey 2026-03-20 7.5 High
SQL Injection vulnerability in LimeSurvey before v.6.15.4+250710 allows a remote attacker to obtain sensitive information from the database.
CVE-2025-56422 1 Limesurvey 1 Limesurvey 2026-03-20 9.8 Critical
A deserialization vulnerability in LimeSurvey before v6.15.0+250623 allows a remote attacker to execute arbitrary code on the server.
CVE-2026-4014 2 Itsourcecode, Luffypirates 2 Cafe Reservation System, Cafe Reservation System 2026-03-20 7.3 High
A security flaw has been discovered in itsourcecode Cafe Reservation System 1.0. This impacts an unknown function of the file /curvus2/signup.php of the component Registration. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks.
CVE-2026-4039 1 Openclaw 1 Openclaw 2026-03-20 6.3 Medium
A vulnerability was determined in OpenClaw 2026.2.19-2. This vulnerability affects the function applySkillConfigenvOverrides of the component Skill Env Handler. Executing a manipulation can lead to code injection. It is possible to launch the attack remotely. Upgrading to version 2026.2.21-beta.1 is able to resolve this issue. This patch is called 8c9f35cdb51692b650ddf05b259ccdd75cc9a83c. It is recommended to upgrade the affected component.
CVE-2026-4040 1 Openclaw 1 Openclaw 2026-03-20 3.3 Low
A vulnerability was identified in OpenClaw up to 2026.2.17. This issue affects the function tools.exec.safeBins of the component File Existence Handler. The manipulation leads to information exposure through discrepancy. The attack needs to be performed locally. Upgrading to version 2026.2.19-beta.1 is capable of addressing this issue. The identifier of the patch is bafdbb6f112409a65decd3d4e7350fbd637c7754. Upgrading the affected component is advised.
CVE-2026-2513 1 Progress Software 1 Flowmon Ads 2026-03-20 N/A
A vulnerability exists in Progress Flowmon ADS versions prior to 12.5.5 and 13.0.3, whereby an administrator who clicks a malicious link provided by an attacker may inadvertently trigger unintended actions within their authenticated web session.
CVE-2026-2514 1 Progress Software 1 Flowmon Ads 2026-03-20 N/A
In Progress Flowmon ADS versions prior to 12.5.5 and 13.0.3, a vulnerability exists whereby an adversary with access to Flowmon monitoring ports may craft malicious network data that, when processed by Flowmon ADS and viewed by an authenticated user, could result in unintended actions being executed in the user's browser context.
CVE-2026-0809 1 Streamsoft 1 Streamsoft Prestiż 2026-03-20 N/A
Use of a custom token encoding algorithm in Streamsoft Prestiż software allows the value of the KSeF (Krajowy System e-Faktur) token to be guessed after analyzing how tokens with know values are encoded. This issue was fixed in version 20.0.380.92.
CVE-2026-28384 1 Canonical 1 Lxd 2026-03-20 N/A
An improper sanitization of the compression_algorithm parameter in Canonical LXD allows an authenticated, unprivileged user to execute commands as the LXD daemon on the LXD server via API calls to the image and backup endpoints. This issue affected LXD from 4.12 through 6.6 and was fixed in the snap versions 5.0.6-e49d9f4 (channel 5.0/stable), 5.21.4-1374f39 (channel 5.21/stable), and 6.7-1f11451 (channel 6.0 stable). The channel 4.0/stable is not affected as it contains version 4.0.10.
CVE-2019-25482 1 Jettweb 2 Hazir Rent A Car Sitesi Scripti, Php Ready Rent A Car Site Script 2026-03-20 8.2 High
Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the arac_kategori_id parameter. Attackers can send POST requests to the endpoint with malicious SQL payloads to extract sensitive database information.
CVE-2019-25488 1 Jettweb 2 Php Ready Rent A Car Site Script, Rent A Car Scripti 2026-03-20 8.2 High
Jettweb Hazir Rent A Car Scripti V4 contains multiple SQL injection vulnerabilities in the admin panel that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into the 'tur', 'id', and 'ozellikdil' parameters of the admin/index.php endpoint to extract sensitive database information or cause denial of service.
CVE-2019-25508 1 Jettweb 2 Hazir Ilan Sitesi Scripti, Php Ready Advertisement Site Script 2026-03-20 8.2 High
Jettweb Php Hazir Ilan Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'kat' parameter. Attackers can send GET requests to the katgetir.php endpoint with malicious 'kat' values to extract sensitive database information.
CVE-2019-25510 1 Jettweb 2 Hazir Haber Sitesi Scripti, Php Stock News Site Script 2026-03-20 8.2 High
Jettweb PHP Hazir Haber Sitesi Scripti V2 contains an authentication bypass vulnerability in the administration panel that allows unauthenticated attackers to gain administrative access by exploiting improper SQL query validation. Attackers can submit SQL injection payloads in the username and password fields of the admingiris.php login form to bypass authentication and access the administrative interface.
CVE-2019-25512 1 Jettweb 2 Hazir Haber Sitesi Scripti, Php Stock News Site Script 2026-03-20 8.2 High
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests. Attackers can manipulate the kelime parameter with UNION-based SQL injection payloads to extract sensitive database information or modify database contents.
CVE-2019-25513 1 Jettweb 2 Hazir Haber Sitesi Scripti, Php Stock News Site Script 2026-03-20 8.2 High
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' parameter. Attackers can send GET requests to datagetir.php with malicious 'q' values using time-based blind SQL injection techniques to extract sensitive database information or bypass authentication.
CVE-2019-25514 1 Jettweb 2 Hazir Haber Sitesi Scripti, Php Stock News Site Script 2026-03-20 8.2 High
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests. Attackers can manipulate the kelime parameter with UNION-based SQL injection payloads to extract sensitive data from the database or bypass authentication controls.
CVE-2019-25515 1 Jettweb 2 Hazir Haber Sitesi Scripti, Php Stock News Site Script 2026-03-20 7.5 High
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an authentication bypass vulnerability in the login.php administration panel that allows unauthenticated attackers to gain administrative access by submitting crafted SQL syntax. Attackers can bypass authentication by submitting equals signs and 'or' operators as username and password parameters to access the administration panel without valid credentials.
CVE-2019-25516 1 Jettweb 2 Hazir Haber Sitesi Scripti, Php Stock News Site Script 2026-03-20 8.2 High
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the gallery_id parameter. Attackers can send GET requests to gallery.php with malicious gallery_id values using UNION-based SQL injection to extract sensitive database information.