Export limit exceeded: 363527 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363527 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363527 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-50765 1 Koha 1 Library Management System 2026-07-05 6.1 Medium
A stored cross-site scripting (XSS) vulnerability in the patron restriction type administration page of Koha Library Management System 0 through 25.11 versions allow an authenticated remote attacker with administrator privileges to inject arbitrary web scripts via the restriction type label (display_text field).
CVE-2026-14690 1 Sourcecodester 1 Multi-vendor Online Grocery Management System 2026-07-05 7.3 High
A weakness has been identified in SourceCodester Multi-Vendor Online Grocery Management System 1.0. This affects the function save_users of the file classes/Users.php. This manipulation causes improper authorization. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.
CVE-2026-14689 1 Codeastro 1 Apartment Visitor Management System 2026-07-05 6.3 Medium
A security flaw has been discovered in CodeAstro Apartment Visitor Management System 1.0. The impacted element is an unknown function of the file /apartment-visitor/add-apartment.php. The manipulation of the argument apartmentno results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.
CVE-2026-14688 1 Itsourcecode 1 Online Hotel Management System 2026-07-05 7.3 High
A vulnerability was identified in itsourcecode Online Hotel Management System 1.0. The affected element is an unknown function of the file /admin/login.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used.
CVE-2023-31493 1 Zoneminder 1 Zoneminder 2026-07-05 6.6 Medium
RCE (Remote Code Execution) exists in ZoneMinder through 1.36.33 as an attacker can create a new .php log file in language folder, while executing a crafted payload and escalate privileges allowing execution of any commands on the remote system.
CVE-2024-44667 1 Shenzhen Haichangxing Technology 1 Hcx H822 Firmware 2026-07-05 8 High
Shenzhen Haichangxing Technology Co., Ltd HCX H822 4G LTE Router M7628NNxISPxUIv2_v1.0.1557.15.35_P0 is vulnerable to Incorrect Access Control. Unauthenticated factory mode reset and command injection leads to information exposure and root shell access.
CVE-2021-25679 1 Adtran 3 Netvanta 7060, Netvanta 7100, Personal Phone Manager 2026-07-05 5.4 Medium
The AdTran Personal Phone Manager software is vulnerable to an authenticated stored cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later versions as well since they have not previously been disclosed. Only version 10.8.1 was able to be confirmed during primary research. NOTE: The affected appliances NetVanta 7060 and NetVanta 7100 are considered End of Life and as such this issue will not be patched.
CVE-2022-27406 3 Fedoraproject, Freetype, Redhat 4 Fedora, Freetype, Enterprise Linux and 1 more 2026-07-05 7.5 High
FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation via the function FT_Request_Size.
CVE-2022-27405 3 Fedoraproject, Freetype, Redhat 4 Fedora, Freetype, Enterprise Linux and 1 more 2026-07-05 7.5 High
FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request.
CVE-2023-26998 1 Netscout 1 Ngeniusone 2026-07-05 5.4 Medium
Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code via the creator parameter of the Alert Configuration page.
CVE-2023-43336 1 Sangoma 1 Freepbx 2026-07-05 8.8 High
Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to contain an access control issue via a modified parameter value, e.g., changing extension=self to extension=101.
CVE-2023-41013 1 Icewarp 1 Icewarp 2026-07-05 6.1 Medium
Cross Site Scripting (XSS) in Webmail Calendar in IceWarp 10.3.1 allows remote attackers to inject arbitrary web script or HTML via the "p4" field.
CVE-2026-14687 1 666ghj 1 Bettafish 2026-07-05 5.3 Medium
A vulnerability was determined in 666ghj BettaFish up to 1.2.1. Impacted is the function _deduplicate_results of the file InsightEngine/agent.py of the component InsightEngine search-result Deduplication. Executing a manipulation can lead to partial string comparison. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The pull request to fix this issue awaits acceptance.
CVE-2023-37728 1 Icewarp 1 Icewarp 2026-07-05 6.1 Medium
IceWarp v10.2.1 was discovered to contain cross-site scripting (XSS) vulnerability via the color parameter.
CVE-2020-26037 1 Evenbalance 1 Punkbuster 2026-07-05 9.8 Critical
Directory Traversal vulnerability in Server functionalty in Even Balance Punkbuster version 1.902 before 1.905 allows remote attackers to execute arbitrary code.
CVE-2021-36580 1 Icewarp 2 Icewarp Server, Mail Server 2026-07-05 6.1 Medium
Open Redirect vulnerability exists in IceWarp MailServer IceWarp Server Deep Castle 2 Update 1 (13.0.1.2) via the referer parameter.
CVE-2020-22623 1 Insightsoftware 1 Jreport 2026-07-05 7.5 High
Directory traversal vulnerability in Jinfornet Jreport 15.6 allows unauthenticated attackers to gain sensitive information.
CVE-2023-29863 1 Medisys 1 Weblab 2026-07-05 9.8 Critical
Medical Systems Co. Medisys Weblab Products v19.4.03 was discovered to contain a SQL injection vulnerability via the tem:statement parameter in the WSDL files.
CVE-2023-22985 1 Simple Guestbook Management System Project 1 Simple Guestbook Management System 2026-07-05 6.1 Medium
Sourcecodester Simple Guestbook Management System version 1 is vulnerable to Cross Site Scripting (XSS) via Name, Referrer, Location, and Comments.
CVE-2022-45551 1 Zbt 2 We1626, We1626 Firmware 2026-07-05 9.8 Critical
An issue discovered in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers to escalate privileges via WGET command to the Network Diagnosis endpoint.