Export limit exceeded: 337634 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (337634 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-20444 | 2 Google, Mediatek | 47 Android, Mt6739, Mt6761 and 44 more | 2026-03-04 | 6.7 Medium |
| In display, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10436995; Issue ID: MSV-5721. | ||||
| CVE-2025-47371 | 1 Qualcomm | 251 5g Fixed Wireless Access Platform, 5g Fixed Wireless Access Platform Firmware, Ar8035 and 248 more | 2026-03-04 | 6.5 Medium |
| Transient DOS when an LTE RLC packet with invalid TB is received by UE. | ||||
| CVE-2024-55027 | 1 Weintek | 4 Cmt-3072xh2, Cmt-3072xh2 Firmware, Cmt3072xh and 1 more | 2026-03-04 | 7.5 High |
| Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to stroe credentials in plaintext in the component uac_temp.db. | ||||
| CVE-2024-55019 | 1 Weintek | 4 Cmt-3072xh2, Cmt-3072xh2 Firmware, Cmt3072xh and 1 more | 2026-03-04 | 6.5 Medium |
| Incorrect access control in the component download_wb.cgi of Weintek cMT-3072XH2 easyweb Web Version v2.1.53, OS v20231011 allows unauthenticated attack to download arbitrary files. | ||||
| CVE-2024-55024 | 1 Weintek | 4 Cmt-3072xh2, Cmt-3072xh2 Firmware, Cmt3072xh and 1 more | 2026-03-04 | 8.8 High |
| An authentication bypass vulnerability in the authorization mechanism of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to perform Administrative actions using service accounts. | ||||
| CVE-2024-55026 | 1 Weintek | 4 Cmt-3072xh2, Cmt-3072xh2 Firmware, Cmt3072xh and 1 more | 2026-03-04 | 8.8 High |
| An issue in the reset_pj.cgi endpoint of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to execute arbitrary commands via supplying a crafted GET request. | ||||
| CVE-2025-66945 | 2 Zdir, Zdir Pro | 2 Zdir, Zdir Pro | 2026-03-04 | 9.1 Critical |
| A path traversal vulnerability exists in the ZIP extraction API of Zdir Pro 4.x. When a crafted ZIP archive is processed by the backend at /api/extract, files may be written outside the intended directory, leading to arbitrary file overwrite and potentially remote code execution | ||||
| CVE-2026-26887 | 2 Oretnom23, Sourcecodester | 2 Pharmacy Point Of Sale System, Pharmacy Point Of Sale System | 2026-03-04 | 2.7 Low |
| Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_supplier.php. | ||||
| CVE-2026-26888 | 2 Oretnom23, Sourcecodester | 2 Pharmacy Point Of Sale System, Pharmacy Point Of Sale System | 2026-03-04 | 2.7 Low |
| Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_stock.php. | ||||
| CVE-2026-26889 | 2 Oretnom23, Sourcecodester | 2 Pharmacy Point Of Sale System, Pharmacy Point Of Sale System | 2026-03-04 | 2.7 Low |
| Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_category.php. | ||||
| CVE-2026-26890 | 2 Oretnom23, Sourcecodester | 2 Pharmacy Point Of Sale System, Pharmacy Point Of Sale System | 2026-03-04 | 2.7 Low |
| Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_product.php. | ||||
| CVE-2026-26883 | 2 Oretnom23, Sourcecodester | 2 Simple Online Men\'s Salon Management System, Online Mens Salon Management System | 2026-03-04 | 2.7 Low |
| Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /msms/classes/Master.php?f=delete_appointment. | ||||
| CVE-2026-26884 | 2 Oretnom23, Sourcecodester | 2 Simple Online Men\'s Salon Management System, Online Mens Salon Management System | 2026-03-04 | 2.7 Low |
| Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /msms/admin/appointments/view_appointment.php. | ||||
| CVE-2026-26885 | 2 Oretnom23, Sourcecodester | 2 Simple Online Men\'s Salon Management System, Online Mens Salon Management System | 2026-03-04 | 2.7 Low |
| Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /classes/Master.php?f=delete_service. | ||||
| CVE-2026-26886 | 2 Oretnom23, Sourcecodester | 2 Simple Online Men\'s Salon Management System, Online Mens Salon Management System | 2026-03-04 | 2.7 Low |
| Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /admin/services/manage_service.php. | ||||
| CVE-2025-62815 | 2 Samsung, Samsung Mobile | 12 Exynos, Exynos 1380, Exynos 1380 Firmware and 9 more | 2026-03-04 | 5.5 Medium |
| An issue was discovered in Samsung Mobile Processor Exynos 1380, 1480, 2400, 1580, and 2500. A NULL pointer dereference of npu_proto_drv.ast.thread_ref in set_cpu_affinity() causes a denial of service. | ||||
| CVE-2023-7337 | 2 Rabilal, Wordpress | 2 Js Help Desk – Ai-powered Support & Ticketing System, Wordpress | 2026-03-04 | 7.5 High |
| The JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress is vulnerable to SQL Injection via the 'js-support-ticket-token-tkstatus' cookie in version 2.8.2 due to an incomplete fix for CVE-2023-50839 where a second sink was left with insufficient escaping on the user supplied values and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2026-1706 | 2 Plugins360, Wordpress | 2 All-in-one Video Gallery, Wordpress | 2026-03-04 | 6.1 Medium |
| The All-in-One Video Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'vi' parameter in all versions up to, and including, 4.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2026-2355 | 2 Joedolson, Wordpress | 2 My Calendar – Accessible Event Manager, Wordpress | 2026-03-04 | 6.4 Medium |
| The My Calendar – Accessible Event Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `template` attribute of the `[my_calendar_upcoming]` shortcode in all versions up to, and including, 3.7.3. This is due to the use of `stripcslashes()` on user-supplied shortcode attribute values in the `mc_draw_template()` function, which decodes C-style hex escape sequences (e.g., `\x3c` to `<`) at render time, bypassing WordPress's `wp_kses_post()` content sanitization that runs at save time. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2026-1674 | 2 Saadiqbal, Wordpress | 2 Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, And Custom Form Builder, Wordpress | 2026-03-04 | 6.5 Medium |
| The Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization within the save_gutena_forms_schema() function in all versions up to, and including, 1.6.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to update option values to a structured array value on the WordPress site. This can be leveraged to update an option that would create an error on the site and deny service to legitimate users or be used to set some values, that would, for example enable site user registration when it is explicitly disabled. | ||||