Export limit exceeded: 352599 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (352599 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-9483 | 1 Sourcecodester | 1 Student Grades Management System | 2026-05-26 | 6.3 Medium |
| A vulnerability was found in SourceCodester Student Grades Management System 1.0. Affected is an unknown function of the file grades.php. Performing a manipulation of the argument student_id results in improper authorization. The attack may be initiated remotely. The exploit has been made public and could be used. | ||||
| CVE-2026-5223 | 1 Rust-lang | 1 Cargo | 2026-05-26 | N/A |
| Cargo incorrectly handled symlinks inside of crate tarballs downloaded from third-party registries, allowing a malicious crate to override the source code of another crate from the same registry. The severity of the vulnerability is **medium** for users of third-party registries. Users of crates.io are **not affected**, as crates.io forbids uploading crates containing any symlink. | ||||
| CVE-2018-25359 | 1 Splinterware | 1 Splinterware System Scheduler Pro | 2026-05-26 | 8.4 High |
| Splinterware System Scheduler Pro 5.12 contains an insecure file permissions vulnerability that allows low-privilege users to escalate privileges by modifying service executable files. Attackers can rename the WService.exe file in the installation directory and replace it with a malicious executable that executes with LocalSystem privileges when the service is triggered. | ||||
| CVE-2018-25361 | 1 Soroush | 1 Soroush Messenger | 2026-05-26 | 6.8 Medium |
| Soroush IM Desktop App 0.17.0 contains an authentication bypass vulnerability that allows local attackers to remove passcodes by injecting pre-encrypted database entries using a constant encryption key. Attackers can inject malicious database records into the application's database files to unlock the client and access all stored data, chats, images, and files without knowing the original passcode. | ||||
| CVE-2026-48848 | 1 Roundcube | 1 Webmail | 2026-05-26 | 7.2 High |
| Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7 has insufficient HTML sanitization that could lead to Cascading Style Sheets (CSS) injection via an SVG document that has an animate element with the attributeName attribute. | ||||
| CVE-2018-25363 | 1 Fyffe | 1 Php-twitter-clone | 2026-05-26 | 4.3 Medium |
| Twitter-Clone 1 contains a cross-site request forgery vulnerability that allows remote attackers to force victims to delete posts by crafting malicious HTML forms. Attackers can create hidden forms targeting tweetdel.php with tweet IDs and automatically submit them to delete arbitrary posts from authenticated user sessions. | ||||
| CVE-2018-25365 | 1 Softpedia | 1 Pcviewer | 2026-05-26 | 7.5 High |
| PCViewer vt1000 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by submitting relative path sequences in GET requests. Attackers can use path traversal sequences ../../../../../../../../../../../../etc/passwd to access sensitive system files outside the intended directory. | ||||
| CVE-2018-25367 | 1 Nasa | 1 Openvsp | 2026-05-26 | 6.2 Medium |
| NASA openVSP 3.16.1 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the geometry name field. Attackers can trigger a denial of service by pasting a 5000-byte payload into the name input field within the Geom browser pod addition interface. | ||||
| CVE-2018-25369 | 1 Scanwith | 1 Visual Ping | 2026-05-26 | 6.2 Medium |
| Visual Ping 0.8.0.0 contains a buffer overflow vulnerability in input field handling that allows local attackers to crash the application by supplying oversized data. Attackers can inject malicious payloads exceeding 4108 bytes into the Host, Time Out, Packet Size, Pause, or Loops fields to trigger a denial of service condition. | ||||
| CVE-2018-25373 | 1 Socusoft | 1 Dvd Photo Slideshow Professional | 2026-05-26 | 8.4 High |
| SocuSoft DVD Photo Slideshow Professional 8.07 contains a stack-based buffer overflow vulnerability in the registration name field that allows local attackers to execute arbitrary code by exploiting structured exception handling. Attackers can craft a malicious text file with carefully constructed payload containing junk bytes, SEH chain overwrite, and shellcode, then paste the contents into the Registration Name field via Help > Register to trigger code execution. | ||||
| CVE-2018-25375 | 1 Socusoft | 1 Ipod Photo Slideshow | 2026-05-26 | 8.4 High |
| SocuSoft iPod Photo Slideshow 8.05 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by overwriting the structured exception handler. Attackers can craft malicious input in the Registration Name and Registration Key fields to trigger a stack-based buffer overflow and execute a reverse shell payload. | ||||
| CVE-2018-25378 | 1 Stokedonit | 1 Notebook Pro | 2026-05-26 | 6.2 Medium |
| Notebook Pro 2.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the notebook name field. Attackers can create a malicious text file containing 500 or more characters, paste the content into the New Notebook Name field, and trigger an application crash when attempting to create and save the notebook. | ||||
| CVE-2018-25379 | 1 Ourenergy | 1 Collectric Cmu | 2026-05-26 | 8.2 High |
| Collectric CMU 1.0 contains a boolean-based blind SQL injection vulnerability in the lang parameter that allows unauthenticated attackers to manipulate database queries during authentication. Attackers can inject SQL code through the lang parameter in login requests to extract sensitive information from the database using time-based blind techniques. | ||||
| CVE-2018-25381 | 2 Almera Responsive Portfolio Project, Extro | 2 Almera Responsive Portfolio, Responsive Portfolio | 2026-05-26 | 7.1 High |
| Joomla Responsive Portfolio 1.6.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL commands through multiple filter parameters. Attackers can inject malicious SQL code via the filter_type_id, filter_pid_id, and filter_search parameters in POST requests to extract sensitive database information including credentials and server details. | ||||
| CVE-2026-44598 | 1 Apache | 1 Shiro | 2026-05-26 | N/A |
| With valid login credentials, URL Redirection to Untrusted Site ('Open Redirect'), Server-Side Request Forgery (SSRF) vulnerability in Apache Shiro. This issue affects Apache Shiro from 2.0-alpha to 2.1.0, and 3.0.0-alpha-1, only when using shiro-jakarta-ee integration module. Users are recommended to upgrade to version 2.1.1, or 3.0.0-alpha-2 or later, which fixes the issue by encrypting the cookie. After successful login, Jakarta EE integration module uses shiroSavedRequest cookie to redirect to a particular web page after login. This cookie was not validated, and can be forged to send a HTTP GET request from the server itself to an arbitrary URL from the cookie. | ||||
| CVE-2026-24545 | 2 Nikki Blight, Wordpress | 2 Qr Redirector, Wordpress | 2026-05-26 | 4.3 Medium |
| Missing Authorization vulnerability in Nikki Blight QR Redirector allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects QR Redirector: from n/a through 2.0.3. | ||||
| CVE-2026-24582 | 2 Wordpress, Wppool | 2 Wordpress, Flextable | 2026-05-26 | 4.3 Medium |
| Missing Authorization vulnerability in WPPOOL FlexTable allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects FlexTable: from n/a through 3.24.0. | ||||
| CVE-2026-24592 | 2 Lucian Apostol, Wordpress | 2 Auto Affiliate Links, Wordpress | 2026-05-26 | 5.3 Medium |
| Missing Authorization vulnerability in Lucian Apostol Auto Affiliate Links allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Auto Affiliate Links: from n/a through 6.8.8.3. | ||||
| CVE-2026-24527 | 2 Patterns In The Cloud, Wordpress | 2 Autoship Cloud For Woocommerce Subscription Products, Wordpress | 2026-05-26 | 4.3 Medium |
| Missing Authorization vulnerability in Patterns in the cloud Autoship Cloud for WooCommerce Subscription Products allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Autoship Cloud for WooCommerce Subscription Products: from n/a through 2.14.0. | ||||
| CVE-2026-39436 | 2 Bgermann, Wordpress | 2 Cformsii, Wordpress | 2026-05-26 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in bgermann CformsII allows Cross Site Request Forgery. This issue affects CformsII: from n/a through 15.1.3. | ||||