Export limit exceeded: 343848 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (343848 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-6013 | 1 D-link | 1 Dir-513 | 2026-04-10 | 8.8 High |
| A vulnerability was detected in D-Link DIR-513 1.10. This vulnerability affects the function formSetRoute of the file /goform/formSetRoute of the component POST Request Handler. The manipulation of the argument curTime results in buffer overflow. The attack may be performed from remote. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2026-4482 | 1 Rapid7 | 1 Insight Agent | 2026-04-10 | N/A |
| The installer certificate files in the …/bootstrap/common/ssl folder do not seem to have restricted permissions on Windows systems (users have read and execute access). For the client.key file in particular, this could potentially lead to exploits, as this exposes agent identity material to any locally authenticated standard user. | ||||
| CVE-2026-6015 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2026-04-10 | 8.8 High |
| A vulnerability has been found in Tenda AC9 15.03.02.13. Impacted is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. Such manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-6024 | 1 Tenda | 1 I6 | 2026-04-10 | 7.3 High |
| A vulnerability was determined in Tenda i6 1.0.0.7(2204). Affected by this issue is the function R7WebsSecurityHandlerfunction of the component HTTP Handler. This manipulation causes path traversal. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-6025 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2026-04-10 | 9.8 Critical |
| A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument enable leads to os command injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used. | ||||
| CVE-2025-14545 | 2 Icopydoc, Wordpress | 2 Yml For Yandex Market, Wordpress | 2026-04-10 | N/A |
| The YML for Yandex Market WordPress plugin before 5.0.26 is vulnerable to Remote Code Execution via the feed generation process. | ||||
| CVE-2026-4432 | 2 Wordpress, Yithemes | 2 Wordpress, Yith Woocommerce Wishlist | 2026-04-10 | N/A |
| The YITH WooCommerce Wishlist WordPress plugin before 4.13.0 does not properly validate wishlist ownership in the save_title() AJAX handler before allowing wishlist renaming operations. The function only checks for a valid nonce, which is publicly exposed in the page source of the /wishlist/ page, making it possible for unauthenticated attackers to rename any wishlist belonging to any user on the site. | ||||
| CVE-2026-6027 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2026-04-10 | 9.8 Critical |
| A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. This issue affects the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument enable can lead to os command injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2026-6029 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2026-04-10 | 9.8 Critical |
| A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setVpnAccountCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument User results in os command injection. The attack may be launched remotely. The exploit is now public and may be used. | ||||
| CVE-2026-6030 | 1 Itsourcecode | 1 Construction Management System | 2026-04-10 | 6.3 Medium |
| A flaw has been found in itsourcecode Construction Management System 1.0. The impacted element is an unknown function of the file /del1.php. This manipulation of the argument toolname causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used. | ||||
| CVE-2026-6032 | 1 Code-projects | 1 Simple Laundry System | 2026-04-10 | 4.3 Medium |
| A vulnerability was found in code-projects Simple Laundry System 1.0. This impacts an unknown function of the file /checkcheckout.php. Performing a manipulation of the argument serviceId results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made public and could be used. | ||||
| CVE-2026-6034 | 2026-04-10 | 4.3 Medium | ||
| A flaw has been found in code-projects Vehicle Showroom Management System 1.0. Impacted is an unknown function of the file /BranchManagement/ProfitAndLossReport.php. Executing a manipulation of the argument BRANCH_ID can lead to cross site scripting. The attack may be launched remotely. The exploit has been published and may be used. | ||||
| CVE-2026-6037 | 2026-04-10 | 7.3 High | ||
| A vulnerability was determined in code-projects Vehicle Showroom Management System 1.0. This affects an unknown function of the file /util/AddVehicleFunction.php. This manipulation of the argument BRANCH_ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-5853 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2026-04-10 | 9.8 Critical |
| A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this vulnerability is the function setIpv6LanCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument addrPrefixLen leads to os command injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2026-6035 | 2026-04-10 | 4.3 Medium | ||
| A vulnerability has been found in code-projects Vehicle Showroom Management System 1.0. The affected element is an unknown function of the file /BranchManagement/ServiceAndSalesReport.php. The manipulation of the argument BRANCH_ID leads to cross site scripting. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-4622 | 1 Nec | 8 Aterm Wf1200cr, Aterm Wg1200cr, Aterm Wg2600hm4 and 5 more | 2026-04-10 | N/A |
| OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute arbitrary OS commands via network. | ||||
| CVE-2026-4621 | 1 Nec | 21 Aterm W1200ex(-ms), Aterm Wf1200cr, Aterm Wg1200cr and 18 more | 2026-04-10 | N/A |
| Hidden Functionality vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to enable telnet via network. | ||||
| CVE-2026-4620 | 1 Nec | 2 Aterm Wx1500hp, Aterm Wx3600hp | 2026-04-10 | N/A |
| OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute arbitrary OS commands via network. | ||||
| CVE-2026-4619 | 1 Nec | 1 Aterm Wx3600hp | 2026-04-10 | N/A |
| Path Traversal vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to wtite over any file via network. | ||||
| CVE-2026-4309 | 1 Nec | 20 Aterm W1200ex(-ms), Aterm Wf1200cr, Aterm Wg1200cr and 17 more | 2026-04-10 | N/A |
| Missing Authorization vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to get a specific device information and change the settings via network. | ||||