Export limit exceeded: 363163 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363163 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-33758 1 Openbao 1 Openbao 2026-03-30 6.1 Medium
OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao installations that have an OIDC/JWT authentication method enabled and a role with `callback_mode=direct` configured are vulnerable to XSS via the `error_description` parameter on the page for a failed authentication. This allows an attacker access to the token used in the Web UI by a victim. The `error_description` parameter has been replaced with a static error message in v2.5.2. The vulnerability can be mitigated by removing any roles with `callback_mode` set to `direct`.
CVE-2026-33869 1 Joinmastodon 1 Mastodon 2026-03-30 4.8 Medium
Mastodon is a free, open-source social network server based on ActivityPub. In versions on the 4.5.x branch prior to 4.5.8 and on the 4.4.x branch prior to 4.4.15, an attacker that knows of a quote before it has reached a server can prevent it from being correctly processed on that server. The vulnerability has been patched in Mastodon 4.5.8 and 4.4.15. Mastodon 4.3 and earlier are not affected because they do not support quotes.
CVE-2026-4988 1 Open5gs 1 Open5gs 2026-03-30 3.7 Low
A security flaw has been discovered in Open5GS 2.7.6. This issue affects the function smf_gx_cca_cb/smf_gy_cca_cb/smf_s6b of the component CCA Message Handler. The manipulation results in denial of service. The attack may be launched remotely. Attacks of this nature are highly complex. The exploitability is assessed as difficult. The exploit has been released to the public and may be used for attacks.
CVE-2026-5021 1 Tenda 2 F453, F453 Firmware 2026-03-30 8.8 High
A flaw has been found in Tenda F453 1.0.0.3. This affects the function fromPPTPUserSetting of the file /goform/PPTPUserSetting of the component httpd. This manipulation of the argument delno causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used.
CVE-2026-5030 1 Totolink 2 Nr1800x, Nr1800x Firmware 2026-03-30 6.3 Medium
A vulnerability has been found in Totolink NR1800X 9.1.0u.6279_B20210910. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Telnet Service. The manipulation of the argument host_time leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2026-5033 2 Code-projects, Sherlock 2 Accounting System, Accounting System 2026-03-30 7.3 High
A vulnerability was detected in code-projects Accounting System 1.0. Affected by this vulnerability is an unknown functionality of the file /view_costumer.php of the component Parameter Handler. The manipulation of the argument cos_id results in sql injection. The attack may be performed from remote. The exploit is now public and may be used.
CVE-2026-5034 2 Code-projects, Sherlock 2 Accounting System, Accounting System 2026-03-30 7.3 High
A flaw has been found in code-projects Accounting System 1.0. Affected by this issue is some unknown functionality of the file /edit_costumer.php of the component Parameter Handler. This manipulation of the argument cos_id causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.
CVE-2026-5035 2 Code-projects, Sherlock 2 Accounting System, Accounting System 2026-03-30 7.3 High
A vulnerability has been found in code-projects Accounting System 1.0. This affects an unknown part of the file /view_work.php of the component Parameter Handler. Such manipulation of the argument en_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2026-5036 1 Tenda 2 4g06, 4g06 Firmware 2026-03-30 8.8 High
A vulnerability was found in Tenda 4G06 04.06.01.29. This vulnerability affects the function fromDhcpListClient of the file /goform/DhcpListClient of the component Endpoint. Performing a manipulation of the argument page results in stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made public and could be used.
CVE-2026-5042 1 Belkin 2 F9k1122, F9k1122 Firmware 2026-03-30 8.8 High
A security flaw has been discovered in Belkin F9K1122 1.00.33. The affected element is the function formCrossBandSwitch of the file /goform/formCrossBandSwitch of the component Parameter Handler. The manipulation of the argument webpage results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2026-5044 1 Belkin 2 F9k1122, F9k1122 Firmware 2026-03-30 8.8 High
A security vulnerability has been detected in Belkin F9K1122 1.00.33. This affects the function formSetSystemSettings of the file /goform/formSetSystemSettings of the component Setting Handler. Such manipulation of the argument webpage leads to stack-based buffer overflow. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2026-5046 1 Tenda 2 Fh1201, Fh1201 Firmware 2026-03-30 8.8 High
A flaw has been found in Tenda FH1201 1.2.0.14(408). Affected is the function formWrlExtraSet of the file /goform/WrlExtraSet of the component Parameter Handler. Executing a manipulation of the argument GO can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been published and may be used.
CVE-2026-5101 1 Totolink 2 A3300r, A3300r Firmware 2026-03-30 6.3 Medium
A vulnerability was identified in Totolink A3300R 17.0.0cu.557_b20221024. This affects the function setLanCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument lanIp leads to command injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
CVE-2026-2370 1 Gitlab 1 Gitlab 2026-03-30 8.1 High
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.3 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 affecting Jira Connect installations that could have allowed an authenticated user with minimal workspace permissions to obtain installation credentials and impersonate the GitLab app due to improper authorization checks.
CVE-2026-5102 1 Totolink 2 A3300r, A3300r Firmware 2026-03-30 6.3 Medium
A security flaw has been discovered in Totolink A3300R 17.0.0cu.557_b20221024. This vulnerability affects the function setSmartQosCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument qos_up_bw results in command injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.
CVE-2026-5103 1 Totolink 2 A3300r, A3300r Firmware 2026-03-30 6.3 Medium
A weakness has been identified in Totolink A3300R 17.0.0cu.557_b20221024. This issue affects the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument enable causes command injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks.
CVE-2026-5105 1 Totolink 2 A3300r, A3300r Firmware 2026-03-30 6.3 Medium
A vulnerability was detected in Totolink A3300R 17.0.0cu.557_b20221024. The affected element is the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. Performing a manipulation of the argument pptpPassThru results in command injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.
CVE-2026-5106 1 Code-projects 1 Exam Form Submission 2026-03-30 2.4 Low
A flaw has been found in code-projects Exam Form Submission 1.0. The impacted element is an unknown function of the file /admin/update_fst.php. Executing a manipulation of the argument sname can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been published and may be used.
CVE-2022-34132 1 Jorani 1 Jorani 2026-03-30 9.8 Critical
Jorani v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at application/controllers/Leaves.php.
CVE-2022-34133 1 Jorani 1 Jorani 2026-03-30 6.1 Medium
Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Comment parameter at application/controllers/Leaves.php.