Export limit exceeded: 363555 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363555 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-59709 2 Biztalk360, Kovai 2 Biztalk360, Biztalk360 2026-04-09 6.8 Medium
An issue was discovered in Biztalk360 through 11.5. because of mishandling of user-provided input in a path to be read by the server, a Super User attacker is able to read files on the system and/or coerce an authentication from the service, aka Directory Traversal.
CVE-2022-45315 1 Mikrotik 1 Routeros 2026-04-09 6.4 Medium
Mikrotik RouterOs before stable v7.6 was discovered to contain an out-of-bounds read in the snmp process. This vulnerability allows authenticated attackers to execute arbitrary code via a crafted packet.
CVE-2025-54659 1 Fortinet 2 Fortisoar Agent Communication Bridge, Fortisoaragentcommunicationbridge 2026-04-09 5.5 Medium
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] vulnerability in Fortinet FortiSOAR Agent Communication Bridge 1.1.0, FortiSOAR Agent Communication Bridge 1.0 all versions may allow an unauthenticated attacker to read files accessible to the fortisoar user on a system where the agent is deployed, via sending a crafted request to the agent port.
CVE-2025-61648 2 Mediawiki, Wikimedia 2 Checkuser, Checkuser 2026-04-09 6.1 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files modules/ext.CheckUser.TempAccounts/components/ShowIPButton.Vue, modules/ext.CheckUser.TempAccounts/SpecialBlock.Js. This issue affects CheckUser: from * before 1.44.1.
CVE-2025-61651 2 Mediawiki, Wikimedia 2 Checkuser, Checkuser 2026-04-09 6.1 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files modules/ext.CheckUser/checkuser/checkUserHelper/buildUserElement.Js. This issue affects CheckUser: from * before 1.44.1.
CVE-2025-61655 2 Mediawiki, Wikimedia 2 Visual Editor, Visualeditor 2026-04-09 6.1 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation VisualEditor. This vulnerability is associated with program files includes/ApiVisualEditorEdit.Php, modules/ve-mw/init/targets/ve.Init.Mw.DesktopArticleTarget.Js, modules/ve-mw/ui/dialogs/ve.Ui.MWSaveDialog.Js. This issue affects VisualEditor: from * before 1.39.14, 1.43.4, 1.44.1.
CVE-2025-61656 2 Mediawiki, Wikimedia 2 Visual Editor, Visualeditor 2026-04-09 6.1 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation VisualEditor. This vulnerability is associated with program files src/ce/ve.Ce.ClipboardHandler.Js. This issue affects VisualEditor: from * before 1.39.14, 1.43.4, 1.44.1.
CVE-2025-67475 2 Mediawiki, Wikimedia 2 Mediawiki, Mediawiki 2026-04-09 6.1 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/CommentFormatter/CommentParser.Php. This issue affects MediaWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1.
CVE-2025-67477 2 Mediawiki, Wikimedia 2 Mediawiki, Mediawiki 2026-04-09 6.1 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Special.Apisandbox/ApiSandboxLayout.Js. This issue affects MediaWiki: from * before 1.44.3, 1.45.1.
CVE-2025-67481 2 Mediawiki, Wikimedia 2 Mediawiki, Mediawiki 2026-04-09 6.1 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.JqueryMsg/mediawiki.JqueryMsg.Js. This issue affects MediaWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1.
CVE-2025-67483 2 Mediawiki, Wikimedia 2 Mediawiki, Mediawiki 2026-04-09 6.1 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Page.Preview.Js. This issue affects MediaWiki: from * before 1.43.6, 1.44.3, 1.45.1.
CVE-2025-70802 1 Tenda 2 G1, G1 Firmware 2026-04-09 8.4 High
Tenda G1V3.1si V16.01.7.8 Firmware V16.01.7.8 was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root.
CVE-2025-70798 1 Tenda 2 I24, I24 Firmware 2026-04-09 8.4 High
Tenda i24V3.0si V3.0.0.5 Firmware V3.0.0.5 was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root.
CVE-2025-9920 1 Campcodes 1 Online Recruitment Management System 2026-04-09 4.7 Medium
A security flaw has been discovered in Campcodes Recruitment Management System 1.0. This impacts the function include of the file /admin/index.php. The manipulation of the argument page results in file inclusion. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.
CVE-2025-3783 1 Senior-walter 1 Web-based Pharmacy Product Management System 2026-04-09 6.3 Medium
A vulnerability classified as critical was found in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /add-product.php. The manipulation of the argument Avatar leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-56018 2 Senior-walter, Sourcecodester 2 Web-based Pharmacy Product Management System, Web-based Pharmacy Product Management System 2026-04-09 6.1 Medium
SourceCodester Web-based Pharmacy Product Management System V1.0 is vulnerable to Cross Site Scripting (XSS) in Category Management via the category name field.
CVE-2025-56274 1 Senior-walter 1 Web-based Pharmacy Product Management System 2026-04-09 8.1 High
SourceCodester Web-based Pharmacy Product Management System 1.0 is vulnerable to Incorrect Access Control, which allows low-privileged users to forge high privileged (such as admin) sessions and perform sensitive operations such as adding new users.
CVE-2026-30976 1 Sonarr 1 Sonarr 2026-04-09 8.6 High
Sonarr is a PVR for Usenet and BitTorrent users. In versions on the 4.x branch prior to 4.0.17.2950, an unauthenticated remote attacker can potentially read any file readable by the Sonarr process. These include application configuration files (containing API keys and database credentials), Windows system files, and any user-accessible files on the same drive This issue only impacts Windows systems; macOS and Linux are unaffected. Files returned from the API were not limited to the directory on disk they were intended to be served from. This problem has been patched in 4.0.17.2950 in the nightly/develop branch or 4.0.17.2952 for stable/main releases. It's possible to work around the issue by only hosting Sonarr on a secure internal network and accessing it via VPN, Tailscale or similar solution outside that network.
CVE-2019-25672 2 Kartatopia, Pilus 2 Piluscart, Piluscart 2026-04-09 8.2 High
PilusCart 1.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'send' parameter. Attackers can submit POST requests to the comment submission endpoint with RLIKE-based boolean SQL injection payloads to extract sensitive database information.
CVE-2019-25686 1 Coreftp 1 Core Ftp 2026-04-09 7.5 High
Core FTP 2.0 build 653 contains a denial of service vulnerability in the PBSZ command that allows unauthenticated attackers to crash the service by sending a malformed command with an oversized buffer. Attackers can send a PBSZ command with a payload exceeding 211 bytes to trigger an access violation and crash the FTP server process.