Export limit exceeded: 363165 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363165 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-24646 | 1 Oretnom23 | 1 Online Food Ordering System | 2026-03-30 | 9.8 Critical |
| An arbitrary file upload vulnerability in the component /fos/admin/ajax.php of Food Ordering System v2.0 allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2023-24647 | 1 Oretnom23 | 1 Online Food Ordering System | 2026-03-30 | 7.5 High |
| Food Ordering System v2.0 was discovered to contain a SQL injection vulnerability via the email parameter. | ||||
| CVE-2023-27073 | 1 Oretnom23 | 1 Online Food Ordering System | 2026-03-30 | 6.5 Medium |
| A Cross-Site Request Forgery (CSRF) in Online Food Ordering System v1.0 allows attackers to change user details and credentials via a crafted POST request. | ||||
| CVE-2023-30122 | 1 Oretnom23 | 1 Online Food Ordering System | 2026-03-30 | 9.8 Critical |
| An arbitrary file upload vulnerability in the component /admin/ajax.php?action=save_menu of Online Food Ordering System v2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. | ||||
| CVE-2024-0247 | 1 Oretnom23 | 1 Online Food Ordering System | 2026-03-30 | 7.3 High |
| A vulnerability classified as critical was found in CodeAstro Online Food Ordering System 1.0. This vulnerability affects unknown code of the file /admin/ of the component Admin Panel. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249778 is the identifier assigned to this vulnerability. | ||||
| CVE-2016-20039 | 1 Mamedev | 1 Mess Emulator | 2026-03-30 | 8.4 High |
| Multi Emulator Super System 0.154-3.1 contains a buffer overflow vulnerability in the gamma parameter handling that allows local attackers to crash the application or execute arbitrary code. Attackers can supply an oversized gamma parameter value to overflow the stack buffer and overwrite the instruction pointer with a controlled address to achieve code execution. | ||||
| CVE-2016-20041 | 1 Yasr | 1 Yasr Screen Reader | 2026-03-30 | 8.4 High |
| Yasr 0.6.9-5 contains a buffer overflow vulnerability that allows local attackers to crash the application or execute arbitrary code by supplying an oversized argument to the -p parameter. Attackers can invoke yasr with a crafted payload containing junk data, shellcode, and a return address to overwrite the stack and trigger code execution. | ||||
| CVE-2016-20047 | 1 Ekg | 1 Ekg Gadu | 2026-03-30 | 8.4 High |
| EKG Gadu 1.9~pre+r2855-3+b1 contains a local buffer overflow vulnerability in the username handling that allows local attackers to execute arbitrary code by supplying an oversized username string. Attackers can trigger the overflow in the strlcpy function by passing a crafted buffer exceeding 258 bytes to overwrite the instruction pointer and execute shellcode with user privileges. | ||||
| CVE-2026-32978 | 1 Openclaw | 1 Openclaw | 2026-03-30 | 8 High |
| OpenClaw before 2026.3.11 contains an approval integrity vulnerability where system.run approvals fail to bind mutable file operands for certain script runners like tsx and jiti. Attackers can obtain approval for benign script commands, rewrite referenced scripts on disk, and execute modified code under the approved run context. | ||||
| CVE-2026-32975 | 1 Openclaw | 1 Openclaw | 2026-03-30 | 9.8 Critical |
| OpenClaw before 2026.3.12 contains a weak authorization vulnerability in Zalouser allowlist mode that matches mutable group display names instead of stable group identifiers. Attackers can create groups with identical names to allowlisted groups to bypass channel authorization and route messages from unintended groups to the agent. | ||||
| CVE-2026-32973 | 1 Openclaw | 1 Openclaw | 2026-03-30 | 9.8 Critical |
| OpenClaw before 2026.3.11 contains an exec allowlist bypass vulnerability where matchesExecAllowlistPattern improperly normalizes patterns with lowercasing and glob matching that overmatches on POSIX paths. Attackers can exploit the ? wildcard matching across path segments to execute commands or paths not intended by operators. | ||||
| CVE-2026-32979 | 1 Openclaw | 1 Openclaw | 2026-03-30 | 7.3 High |
| OpenClaw before 2026.3.11 contains an approval integrity vulnerability allowing attackers to execute rewritten local code by modifying scripts between approval and execution when exact file binding cannot occur. Remote attackers can change approved local scripts before execution to achieve unintended code execution as the OpenClaw runtime user. | ||||
| CVE-2026-33573 | 1 Openclaw | 1 Openclaw | 2026-03-30 | 8.8 High |
| OpenClaw before 2026.3.11 contains an authorization bypass vulnerability in the gateway agent RPC that allows authenticated operators with operator.write permission to override workspace boundaries by supplying attacker-controlled spawnedBy and workspaceDir values. Remote operators can escape the configured workspace boundary and execute arbitrary file and exec operations from any process-accessible directory. | ||||
| CVE-2026-33575 | 1 Openclaw | 1 Openclaw | 2026-03-30 | 7.5 High |
| OpenClaw before 2026.3.12 embeds long-lived shared gateway credentials directly in pairing setup codes generated by /pair endpoint and OpenClaw qr command. Attackers with access to leaked setup codes from chat history, logs, or screenshots can recover and reuse the shared gateway credential outside the intended one-time pairing flow. | ||||
| CVE-2016-20038 | 1 Werner | 1 Ytree | 2026-03-30 | 8.4 High |
| yTree 1.94-1.1 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an excessively long argument to the application. Attackers can craft a malicious command-line argument containing shellcode and a return address to overwrite the stack and execute code in the application context. | ||||
| CVE-2026-23813 | 1 Hpe | 1 Arubaos-cx | 2026-03-30 | 9.8 Critical |
| A vulnerability has been identified in the web-based management interface of AOS-CX switches that could potentially allow an unauthenticated remote actor to circumvent existing authentication controls. In some cases this could enable resetting the admin password. | ||||
| CVE-2017-20226 | 1 Msk | 1 Mapscrn | 2026-03-30 | 8.4 High |
| Mapscrn 2.0.3 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized input buffer. Attackers can craft a malicious buffer with junk data, return address, NOP instructions, and shellcode to overflow the stack and achieve code execution or denial of service. | ||||
| CVE-2026-4946 | 1 Nsa | 1 Ghidra | 2026-03-30 | 8.8 High |
| Ghidra versions prior to 12.0.3 improperly process annotation directives embedded in automatically extracted binary data, resulting in arbitrary command execution when an analyst interacts with the UI. Specifically, the @execute annotation (which is intended for trusted, user-authored comments) is also parsed in comments generated during auto-analysis (such as CFStrings in Mach-O binaries). This allows a crafted binary to present seemingly benign clickable text which, when clicked, executes attacker-controlled commands on the analyst’s machine. | ||||
| CVE-2020-19513 | 1 Aida64 | 1 Aida64 | 2026-03-30 | 7.8 High |
| Buffer overflow in FinalWire Ltd AIDA64 Engineer 6.00.5100 allows attackers to execute arbitrary code by creating a crafted input that will overwrite the SEH handler. | ||||
| CVE-2025-7741 | 1 Yokogawa | 1 Centum Vp | 2026-03-30 | N/A |
| Hardcoded Password Vulnerability have been found in CENTUM. Affected products contain a hardcoded password for the user account (PROG) used for CENTUM Authentication Mode within the system. Under the following conditions, there is a risk that an attacker could log in as the PROG user. The default permission for the PROG users is S1 permission (equivalent to OFFUSER). Therefore, for properly permission-controlled targets of operation and monitoring, even if an attacker user in as the PROG user, the risk of critical operations or configuration changes being performed is considered low. (If the PROG user's permissions have been changed for any reason, there is a risk that operations or configuration changes may be performed under the modified permissions. The CVSS values below are for the default permissions.) Additionally, exploiting this vulnerability requires an attacker to already have access to the HIS screen controls. Therefore, an attacker can already operate and monitor at that point, regardless of this vulnerability. The conditions under which this vulnerability is exploited: If all of the following conditions are met, the affected products are vulnerable to this vulnerability. -An attacker obtains the hardcoded password using a certain method. -The HIS with the affected product installed is configured in CTM authentication mode. -An attacker must have direct access to the aforementioned HIS or be able to break into it remotely using a certain method and perform screen operations. The affected products and versions are as follows: CENTUM VP R5.01.00 to R5.04.20, R6.01.00 to R6.12.00 and R7.01.00. | ||||