Export limit exceeded: 337805 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (337805 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-4238 | 1 Itsourcecode | 1 College Management System | 2026-03-30 | 4.7 Medium |
| A vulnerability has been found in itsourcecode College Management System 1.0. This issue affects some unknown processing of the file /admin/courses.php. The manipulation of the argument course_code leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-4909 | 1 Code-projects | 1 Exam Form Submission | 2026-03-30 | 2.4 Low |
| A weakness has been identified in code-projects Exam Form Submission 1.0. This impacts an unknown function of the file /admin/update_s7.php. This manipulation of the argument sname causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2026-3098 | 2 Nextendweb, Wordpress | 2 Smart Slider 3, Wordpress | 2026-03-30 | 6.5 Medium |
| The Smart Slider 3 plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.5.1.33 via the 'actionExportAll' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. | ||||
| CVE-2026-27650 | 1 Buffalo | 1 Wi-fi Router Products | 2026-03-30 | N/A |
| OS Command Injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary OS command may be executed on the products. | ||||
| CVE-2026-32669 | 1 Buffalo | 1 Wi-fi Router Products | 2026-03-30 | N/A |
| Code injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary code may be executed on the products. | ||||
| CVE-2026-32678 | 1 Buffalo | 1 Wi-fi Router Products | 2026-03-30 | N/A |
| Authentication bypass issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to alter critical configuration settings without authentication. | ||||
| CVE-2026-33280 | 1 Buffalo | 1 Wi-fi Router Products | 2026-03-30 | N/A |
| Hidden functionality issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to gain access to the product’s debugging functionality, resulting in the execution of arbitrary OS commands. | ||||
| CVE-2026-33366 | 1 Buffalo | 1 Wi-fi Router Products | 2026-03-30 | N/A |
| Missing authentication for critical function vulnerability in BUFFALO Wi-Fi router products may allow an attacker to forcibly reboot the product without authentication. | ||||
| CVE-2024-14028 | 1 Softing | 2 Smartlink Hw-dp, Smartlink Hw-pn | 2026-03-30 | 6.5 Medium |
| Use after free vulnerability in Softing smartLink HW-DP or smartLink HW-PN webserver allows HTTP DoS. This issue affects: smartLink HW-DP: through 1.31 smartLink HW-PN: before 1.02. | ||||
| CVE-2025-59028 | 1 Open-xchange | 1 Ox Dovecot Pro | 2026-03-30 | 5.3 Medium |
| When sending invalid base64 SASL data, login process is disconnected from the auth server, causing all active authentication sessions to fail. Invalid BASE64 data can be used to DoS a vulnerable server to break concurrent logins. Install fixed version or disable concurrency in login processes (heavy perfomance penalty on large deployments). No publicly available exploits are known. | ||||
| CVE-2026-0394 | 1 Open-xchange | 1 Ox Dovecot Pro | 2026-03-30 | 5.3 Medium |
| When dovecot has been configured to use per-domain passwd files, and they are placed one path component above /etc, or slash has been added to allowed characters, path traversal can happen if the domain component is directory partial. This allows inadvertently reading /etc/passwd (or some other path which ends with passwd). If this file contains passwords, it can be used to authenticate wrongly, or if this is userdb, it can unexpectly make system users appear valid users. Upgrade to fixed version, or use different authentication scheme that does not rely on paths. Alternatively you can also ensure that the per-domain passwd files are in some other location, such as /etc/dovecot/auth/%d. No publicly available exploits are known. | ||||
| CVE-2026-27855 | 1 Open-xchange | 1 Ox Dovecot Pro | 2026-03-30 | 6.8 Medium |
| Dovecot OTP authentication is vulnerable to replay attack under specific conditions. If auth cache is enabled, and username is altered in passdb, then OTP credentials can be cached so that same OTP reply is valid. An attacker able to observe an OTP exchange is able to log in as the user. If authentication happens over unsecure connection, switch to SCRAM protocol. Alternatively ensure the communcations are secured, and if possible switch to OAUTH2 or SCRAM. No publicly available exploits are known. | ||||
| CVE-2026-27857 | 1 Open-xchange | 1 Ox Dovecot Pro | 2026-03-30 | 4.3 Medium |
| Sending "NOOP (((...)))" command with 4000 parenthesis open+close results in ~1MB extra memory usage. Longer commands will result in client disconnection. This 1 MB can be left allocated for longer time periods by not sending the command ending LF. So attacker could connect possibly from even a single IP and create 1000 connections to allocate 1 GB of memory, which would likely result in reaching VSZ limit and killing the process and its other proxied connections. Attacker could connect possibly from even a single IP and create 1000 connections to allocate 1 GB of memory, which would likely result in reaching VSZ limit and killing the process and its other proxied connections. Install fixed version, there is no other remediation. No publicly available exploits are known. | ||||
| CVE-2026-27859 | 1 Open-xchange | 1 Ox Dovecot Pro | 2026-03-30 | 5.3 Medium |
| A mail message containing excessive amount of RFC 2231 MIME parameters causes LMTP to use too much CPU. A suitably formatted mail message causes mail delivery process to consume large amounts of CPU time. Use MTA capabilities to limit RFC 2231 MIME parameters in mail messages, or upgrade to fixed version where the processing is limited. No publicly available exploits are known. | ||||
| CVE-2026-27860 | 1 Open-xchange | 1 Ox Dovecot Pro | 2026-03-30 | 3.7 Low |
| If auth_username_chars is empty, it is possible to inject arbitrary LDAP filter to Dovecot's LDAP authentication. This leads to potentially bypassing restrictions and allows probing of LDAP structure. Do not clear out auth_username_chars, or install fixed version. No publicly available exploits are known. | ||||
| CVE-2026-3457 | 1 Thales | 1 Sentinel Ldk Runtime | 2026-03-30 | N/A |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Thales Sentinel LDK Runtime on Windows allows Stored XSS.This issue affects Sentinel LDK Runtime: before 10.22. | ||||
| CVE-2026-4309 | 1 Nec | 20 Aterm W1200ex(-ms), Aterm Wf1200cr, Aterm Wg1200cr and 17 more | 2026-03-30 | N/A |
| Missing Authorization vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to get a specific device information and change the settings via network. | ||||
| CVE-2026-4621 | 1 Nec | 21 Aterm W1200ex(-ms), Aterm Wf1200cr, Aterm Wg1200cr and 18 more | 2026-03-30 | N/A |
| Hidden Functionality vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to enable telnet via network. | ||||
| CVE-2026-25101 | 1 Bludit | 1 Bludit | 2026-03-30 | N/A |
| Bludit allows user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behavior enables an attacker to fix a session ID for a victim and later hijack the authenticated session. This issue was fixed in version 3.17.2. | ||||
| CVE-2026-25100 | 1 Bludit | 1 Bludit | 2026-03-30 | N/A |
| Bludit is vulnerable to Stored Cross-Site Scripting (XSS) in its image upload functionality. An authenticated attacker with content upload privileges (such as Author, Editor, or Administrator) can upload an SVG file containing a malicious payload, which is executed when a victim visits the URL of the uploaded resource. The uploaded resource itself is accessible without authentication. The vendor was notified early about this vulnerability, but stopped responding in the middle of coordination. All versions up to 3.18.2 are considered to be vulnerable, future versions might also be vulnerable. | ||||