Export limit exceeded: 343831 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 343831 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (343831 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-6031 | 1 Code-projects | 1 Simple It Discussion Forum | 2026-04-10 | 7.3 High |
| A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. This affects an unknown function of the file /add-category-function.php. Such manipulation of the argument Category leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-6032 | 1 Code-projects | 1 Simple Laundry System | 2026-04-10 | 4.3 Medium |
| A vulnerability was found in code-projects Simple Laundry System 1.0. This impacts an unknown function of the file /checkcheckout.php. Performing a manipulation of the argument serviceId results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made public and could be used. | ||||
| CVE-2026-6035 | 2026-04-10 | 4.3 Medium | ||
| A vulnerability has been found in code-projects Vehicle Showroom Management System 1.0. The affected element is an unknown function of the file /BranchManagement/ServiceAndSalesReport.php. The manipulation of the argument BRANCH_ID leads to cross site scripting. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-6034 | 2026-04-10 | 4.3 Medium | ||
| A flaw has been found in code-projects Vehicle Showroom Management System 1.0. Impacted is an unknown function of the file /BranchManagement/ProfitAndLossReport.php. Executing a manipulation of the argument BRANCH_ID can lead to cross site scripting. The attack may be launched remotely. The exploit has been published and may be used. | ||||
| CVE-2026-6033 | 2026-04-10 | 6.3 Medium | ||
| A vulnerability was determined in CodeAstro Online Classroom 1.0. Affected is an unknown function of the file /updatedetailsfromstudent.php?eno=146891650. Executing a manipulation of the argument fname can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-5525 | 2026-04-10 | 6 Medium | ||
| A stack-based buffer overflow vulnerability exists in Notepad++ version 8.9.3 in the file drop handler component. When a user drags and drops a directory path of exactly 259 characters without a trailing backslash, the application appends a backslash and null terminator without proper bounds checking, resulting in a stack buffer overflow and application crash (STATUS_STACK_BUFFER_OVERRUN). | ||||
| CVE-2026-40212 | 2026-04-10 | 5.4 Medium | ||
| OpenStack Skyline before 5.0.1, 6.0.0, and 7.0.0 has a DOM-based Cross-Site Scripting (XSS) vulnerability in the console because document.write is used unsafely, which is relevant in scenarios where administrators use the console web interface to view instance console logs. | ||||
| CVE-2026-22750 | 2026-04-10 | 7.5 High | ||
| When configuring SSL bundles in Spring Cloud Gateway by using the configuration property spring.ssl.bundle, the configuration was silently ignored and the default SSL configuration was used instead. Note: The 4.2.x branch is no longer under open source support. If you are using Spring Cloud Gateway 4.2.0 and are not an enterprise customer, you can upgrade to any Spring Cloud Gateway 4.2.x release newer than 4.2.0 available on Maven Centeral https://repo1.maven.org/maven2/org/springframework/cloud/spring-cloud-gateway/ . Ideally if you are not an enterprise customer, you should be upgrading to 5.0.2 or 5.1.1 which are the current supported open source releases. | ||||
| CVE-2026-4622 | 1 Nec | 8 Aterm Wf1200cr, Aterm Wg1200cr, Aterm Wg2600hm4 and 5 more | 2026-04-10 | N/A |
| OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute arbitrary OS commands via network. | ||||
| CVE-2026-4621 | 1 Nec | 21 Aterm W1200ex(-ms), Aterm Wf1200cr, Aterm Wg1200cr and 18 more | 2026-04-10 | N/A |
| Hidden Functionality vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to enable telnet via network. | ||||
| CVE-2026-4620 | 1 Nec | 2 Aterm Wx1500hp, Aterm Wx3600hp | 2026-04-10 | N/A |
| OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute arbitrary OS commands via network. | ||||
| CVE-2026-4619 | 1 Nec | 1 Aterm Wx3600hp | 2026-04-10 | N/A |
| Path Traversal vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to wtite over any file via network. | ||||
| CVE-2026-4309 | 1 Nec | 20 Aterm W1200ex(-ms), Aterm Wf1200cr, Aterm Wg1200cr and 17 more | 2026-04-10 | N/A |
| Missing Authorization vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to get a specific device information and change the settings via network. | ||||
| CVE-2026-33466 | 1 Elastic | 1 Logstash | 2026-04-10 | 8.1 High |
| Improper Limitation of a Pathname to a Restricted Directory (CWE-22) in Logstash can lead to arbitrary file write and potentially remote code execution via Relative Path Traversal (CAPEC-139). The archive extraction utilities used by Logstash do not properly validate file paths within compressed archives. An attacker who can serve a specially crafted archive to Logstash through a compromised or attacker-controlled update endpoint can write arbitrary files to the host filesystem with the privileges of the Logstash process. In certain configurations where automatic pipeline reloading is enabled, this can be escalated to remote code execution. | ||||
| CVE-2026-5884 | 1 Google | 1 Chrome | 2026-04-10 | N/A |
| Insufficient validation of untrusted input in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-5883 | 1 Google | 1 Chrome | 2026-04-10 | 8.8 High |
| Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-5879 | 1 Google | 1 Chrome | 2026-04-10 | N/A |
| Insufficient validation of untrusted input in ANGLE in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-5873 | 1 Google | 1 Chrome | 2026-04-10 | N/A |
| Out of bounds read and write in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-5872 | 1 Google | 1 Chrome | 2026-04-10 | N/A |
| Use after free in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-5871 | 1 Google | 1 Chrome | 2026-04-10 | N/A |
| Type Confusion in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | ||||