Export limit exceeded: 343760 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (343760 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-31354 | 1 Feehi | 1 Feehi Cms | 2026-04-09 | 5.4 Medium |
| Multiple authenticated stored cross-site scripting (XSS) vulnerabilities in the Permissions module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Group, Category or Description parameters. | ||||
| CVE-2026-31353 | 1 Feehi | 1 Feehi Cms | 2026-04-09 | 5.4 Medium |
| An authenticated stored cross-site scripting (XSS) vulnerability in the Category module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter. | ||||
| CVE-2026-31352 | 1 Feehi | 1 Feehi Cms | 2026-04-09 | 5.4 Medium |
| An authenticated stored cross-site scripting (XSS) vulnerability in the Role Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Role Name parameter. | ||||
| CVE-2026-31350 | 1 Feehi | 1 Feehi Cms | 2026-04-09 | 5.4 Medium |
| An authenticated stored cross-site scripting (XSS) vulnerability in Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Page Sign parameter. | ||||
| CVE-2026-31313 | 1 Feehi | 1 Feehi Cms | 2026-04-09 | 5.4 Medium |
| An authenticated stored cross-site scripting (XSS) vulnerability in the creation/editing module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Content field. | ||||
| CVE-2026-31059 | 1 Utt | 3 520w, 520w Firmware, Hiper 520w | 2026-04-09 | 9.8 Critical |
| A remote command execution (RCE) vulnerability in the /goform/formDia component of UTT Aggressive HiPER 520W v3v1.7.7-180627 allows attackers to execute arbitrary commands via a crafted string. | ||||
| CVE-2026-31040 | 1 Sepinetam | 1 Stata-mcp | 2026-04-09 | 9.8 Critical |
| A vulnerability was identified in stata-mcp prior to v1.13.0 where insufficient validation of user-supplied Stata do-file content can lead to command execution. | ||||
| CVE-2026-31017 | 1 Frappe | 2 Erpnext, Framework | 2026-04-09 | 9.1 Critical |
| A Server-Side Request Forgery (SSRF) vulnerability exists in the Print Format functionality of ERPNext v16.0.1 and Frappe Framework v16.1.1, where user-supplied HTML is insufficiently sanitized before being rendered into PDF. When generating PDFs from user-controlled HTML content, the application allows the inclusion of HTML elements such as <iframe> that reference external resources. The PDF rendering engine automatically fetches these resources on the server side. An attacker can abuse this behavior to force the server to make arbitrary HTTP requests to internal services, including cloud metadata endpoints, potentially leading to sensitive information disclosure. | ||||
| CVE-2026-30478 | 2026-04-09 | 8.8 High | ||
| A Dynamic-link Library Injection vulnerability in GatewayGeo MapServer for Windows version 5 allows attackers to escalate privileges via a crafted executable. | ||||
| CVE-2026-30460 | 2 Daylightstudio, Thedaylightstudio | 2 Fuel Cms, Fuel Cms | 2026-04-09 | 8.8 High |
| Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability in the Blocks module. | ||||
| CVE-2026-30080 | 1 Openairinterface | 1 Oai-cn5g-amf | 2026-04-09 | 7.5 High |
| OpenAirInterface v2.2.0 accepts Security Mode Complete without any integrity protection. Configuration has supported integrity NIA1 and NIA2. But if an UE sends initial registration request with only security capability IA0, OpenAirInterface accepts and proceeds. This downgrade security context can lead to the possibility of replay attack. | ||||
| CVE-2026-30075 | 1 Openairinterface | 1 Oai-cn5g-ausf | 2026-04-09 | 7.5 High |
| OpenAirInterface Version 2.2.0 has a Buffer Overflow vulnerability in processing UplinkNASTransport containing Authentication Response containing a NAS PDU with oversize response (For example 100 byte). The response is decoded by AMF and passed to the AUSF component for verification. AUSF crashes on receiving this oversize response. This can prohibit users from further registration and verification and can cause Denial of Services (DoS). | ||||
| CVE-2025-59710 | 2 Biztalk360, Kovai | 2 Biztalk360, Biztalk360 | 2026-04-09 | 8.8 High |
| An issue was discovered in Biztalk360 before 11.5. Because of incorrect access control, any user is able to request the loading a DLL file. During the loading, a method is called. An attacker can craft a malicious DLL, upload it to the server, and use it to achieve remote code execution on the server. | ||||
| CVE-2025-59709 | 2 Biztalk360, Kovai | 2 Biztalk360, Biztalk360 | 2026-04-09 | 6.8 Medium |
| An issue was discovered in Biztalk360 through 11.5. because of mishandling of user-provided input in a path to be read by the server, a Super User attacker is able to read files on the system and/or coerce an authentication from the service, aka Directory Traversal. | ||||
| CVE-2025-45058 | 1 Dlink | 1 Di-8300 | 2026-04-09 | 7.5 High |
| D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the fx parameter in the jingx_asp function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2025-45057 | 1 Dlink | 1 Di-8300 | 2026-04-09 | 7.5 High |
| D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the ip parameter in the ip_position_asp function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2025-14831 | 2 Red Hat, Redhat | 13 Enterprise Linux, Ai Inference Server, Ceph Storage and 10 more | 2026-04-09 | 5.3 Medium |
| A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs). | ||||
| CVE-2023-54364 | 1 Hikashop | 1 Hikashop | 2026-04-09 | 6.1 Medium |
| Joomla HikaShop 4.7.4 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating GET parameters in the product filter endpoint. Attackers can craft malicious URLs containing XSS payloads in the from_option, from_ctrl, from_task, or from_itemid parameters to steal session tokens or login credentials when victims visit the link. | ||||
| CVE-2023-54363 | 1 Solidres | 1 Solidres | 2026-04-09 | 6.1 Medium |
| Joomla Solidres 2.13.3 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating multiple GET parameters including show, reviews, type_id, distance, facilities, categories, prices, location, and Itemid. Attackers can craft malicious URLs containing JavaScript payloads in these parameters to steal session tokens, login credentials, or manipulate site content when victims visit the crafted links. | ||||
| CVE-2023-54362 | 1 Cs-cart | 1 Cs-cart | 2026-04-09 | 6.1 Medium |
| Joomla VirtueMart Shopping-Cart 4.0.12 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the keyword parameter. Attackers can craft malicious URLs containing script payloads in the keyword parameter of the product-variants endpoint to execute arbitrary JavaScript in victim browsers and steal session tokens or credentials. | ||||