Export limit exceeded: 363576 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363576 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363576 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-24913 | 1 Qcubed | 1 Qcubed | 2026-07-04 | 9.8 Critical |
| A SQL injection vulnerability in qcubed (all versions including 3.1.1) in profile.php via the strQuery parameter allows an unauthenticated attacker to access the database by injecting SQL code via a crafted POST request. | ||||
| CVE-2020-24036 | 1 Fork-cms | 1 Fork Cms | 2026-07-04 | 8.8 High |
| PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code. | ||||
| CVE-2020-27509 | 1 Galaxkey | 1 Galaxkey | 2026-07-04 | 5.4 Medium |
| Persistent XSS in Galaxkey Secure Mail Client in Galaxkey up to 5.6.11.5 allows an attacker to perform an account takeover by intercepting the HTTP Post request when sending an email and injecting a specially crafted XSS payload in the 'subject' field. The payload executes when the recipient logs into their mailbox. | ||||
| CVE-2021-42912 | 1 Fiberhome | 12 Aan5506-04-g2g Firmware, An5506-01-a, An5506-01-a Firmware and 9 more | 2026-07-04 | 8.8 High |
| FiberHome ONU GPON AN5506-04-F RP2617 is affected by an OS command injection vulnerability. This vulnerability allows the attacker, once logged in, to send commands to the operating system as the root user via the ping diagnostic tool, bypassing the IP address field, and concatenating OS commands with a semicolon. | ||||
| CVE-2022-37700 | 1 Easycorp | 1 Zentao | 2026-07-04 | 7.5 High |
| Zentao Demo15 is vulnerable to Directory Traversal. The impact is: obtain sensitive information (remote). The component is: URL : view-source:https://demo15.zentao.pm/user-login.html/zentao/index.php?mode=getconfig. | ||||
| CVE-2020-22983 | 1 Microstrategy | 1 Microstrategy Web | 2026-07-04 | 8.1 High |
| A Server-Side Request Forgery (SSRF) vulnerability exists in MicroStrategy Web SDK 11.1 and earlier, allows remote unauthenticated attackers to conduct a server-side request forgery (SSRF) attack via the srcURL parameter to the shortURL task. | ||||
| CVE-2022-25521 | 1 Nuuo | 1 Network Video Recorder Firmware | 2026-07-04 | 9.8 Critical |
| NUUO v03.11.00 was discovered to contain access control issue. | ||||
| CVE-2022-33077 | 1 Nopcommerce | 1 Nopcommerce | 2026-07-04 | 7.5 High |
| An access control issue in nopcommerce v4.50.2 allows attackers to arbitrarily modify any customer's address via the addressedit endpoint. | ||||
| CVE-2022-41542 | 1 Devhubapp | 1 Devhub | 2026-07-04 | 5.4 Medium |
| devhub 0.102.0 was discovered to contain a broken session control. | ||||
| CVE-2026-14683 | 1 Hdrhistogram | 1 Hdrhistogram | 2026-07-04 | 3.3 Low |
| A vulnerability was detected in HdrHistogram up to 2.2.2. Affected by this issue is the function org.HdrHistogram.AbstractHistogram.decodeFromCompressedByteBuffer of the file src/main/java/org/HdrHistogram/AbstractHistogram.java. The manipulation of the argument lengthOfCompressedContents results in uncontrolled memory allocation. The attack needs to be approached locally. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-14655 | 1 Code-projects | 1 Assessment Management | 2026-07-04 | 2.4 Low |
| A weakness has been identified in code-projects Assessment Management 1.0. Affected by this issue is some unknown functionality of the file admin/view-users.php. Executing a manipulation of the argument User can lead to cross site scripting. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2026-14649 | 1 Code-projects | 1 Online Voting System | 2026-07-04 | 7.3 High |
| A vulnerability was detected in code-projects Online Voting System 1.0. Impacted is the function test_input of the file /saveVote.php. Performing a manipulation of the argument voterName/voterEmail/voterID/selectedCandidate results in sql injection. The attack can be initiated remotely. | ||||
| CVE-2023-25309 | 1 Fetlife | 1 Rollout-ui | 2026-07-04 | 6.1 Medium |
| Cross Site Scripting (XSS) Vulnerability in Fetlife rollout-ui version 0.5, allows attackers to execute arbitrary code via a crafted url to the delete a feature functionality. | ||||
| CVE-2023-52070 | 1 Jfree | 1 Jfreechart | 2026-07-04 | 8.4 High |
| JFreeChart v1.5.4 was discovered to be vulnerable to ArrayIndexOutOfBounds via the 'setSeriesNeedle(int index, int type)' method. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification. | ||||
| CVE-2023-33677 | 2 Oretnom23, Sourcecodester | 2 Lost And Found Information System, Lost And Found Information System | 2026-07-04 | 5.4 Medium |
| Sourcecodester Lost and Found Information System's Version 1.0 is vulnerable to unauthenticated SQL Injection at "?page=items/view&id=*". | ||||
| CVE-2026-14639 | 1 Codeastro | 1 Ecommerce Website | 2026-07-04 | 6.3 Medium |
| A vulnerability has been found in CodeAstro Ecommerce Website 1.0. This impacts an unknown function of the file /ecommerce-website-php/customer/my_account.php?edit_account. Such manipulation of the argument c_name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-43261 | 1 Milesight | 12 Ur32, Ur32 Firmware, Ur32l and 9 more | 2026-07-04 | 7.5 High |
| An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components. | ||||
| CVE-2026-14633 | 1 Kirilkirkov | 1 Ecommerce-codeigniter-bootstrap | 2026-07-04 | 4.3 Medium |
| A vulnerability was determined in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 49b20f53de2b7ec34e920b11c863f1491d911a04. This affects an unknown part of the file /index.php/api/product/set of the component Hidden REST API Endpoint. This manipulation of the argument title/description causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. Patch name: d9785f995da77bdc62fb2d34bad5f7a162c9ad23. To fix this issue, it is recommended to deploy a patch. | ||||
| CVE-2024-21522 | 1 Almoghamdani | 1 Audify | 2026-07-04 | 7.5 High |
| All versions of the package audify are vulnerable to Improper Validation of Array Index when frameSize is provided to the new OpusDecoder().decode or new OpusDecoder().decodeFloat functions it is not checked for negative values. This can lead to a process crash. | ||||
| CVE-2024-21488 | 1 Forkhq | 1 Network | 2026-07-04 | 7.3 High |
| Versions of the package network before 0.7.0 are vulnerable to Arbitrary Command Injection due to use of the child_process exec function without input sanitization. If (attacker-controlled) user input is given to the mac_address_for function of the package, it is possible for the attacker to execute arbitrary commands on the operating system that this package is being run on. | ||||