Export limit exceeded: 341328 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (341328 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-24195 | 1 Oretnom23 | 1 Online Food Ordering System | 2026-03-30 | 6.1 Medium |
| Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the page parameter in index.php. | ||||
| CVE-2023-30122 | 1 Oretnom23 | 1 Online Food Ordering System | 2026-03-30 | 9.8 Critical |
| An arbitrary file upload vulnerability in the component /admin/ajax.php?action=save_menu of Online Food Ordering System v2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. | ||||
| CVE-2024-0247 | 1 Oretnom23 | 1 Online Food Ordering System | 2026-03-30 | 7.3 High |
| A vulnerability classified as critical was found in CodeAstro Online Food Ordering System 1.0. This vulnerability affects unknown code of the file /admin/ of the component Admin Panel. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249778 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-24197 | 1 Oretnom23 | 1 Online Food Ordering System | 2026-03-30 | 6.1 Medium |
| Online Food Ordering System v2 was discovered to contain a SQL injection vulnerability via the id parameter at view_order.php. | ||||
| CVE-2023-1432 | 1 Oretnom23 | 1 Online Food Ordering System | 2026-03-30 | 7.3 High |
| A vulnerability was found in SourceCodester Online Food Ordering System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /fos/admin/ajax.php?action=save_settings of the component POST Request Handler. The manipulation leads to improper access controls. The attack may be launched remotely. VDB-223214 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-24647 | 1 Oretnom23 | 1 Online Food Ordering System | 2026-03-30 | 7.5 High |
| Food Ordering System v2.0 was discovered to contain a SQL injection vulnerability via the email parameter. | ||||
| CVE-2023-24192 | 1 Oretnom23 | 1 Online Food Ordering System | 2026-03-30 | 6.1 Medium |
| Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the redirect parameter in login.php. | ||||
| CVE-2020-29297 | 1 Oretnom23 | 1 Online Food Ordering System | 2026-03-30 | 9.8 Critical |
| Multiple SQL Injection vulnerabilities in tourist5 Online-food-ordering-system 1.0. | ||||
| CVE-2023-24191 | 1 Oretnom23 | 1 Online Food Ordering System | 2026-03-30 | 6.1 Medium |
| Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the redirect parameter in signup.php. | ||||
| CVE-2016-20039 | 1 Mamedev | 1 Mess Emulator | 2026-03-30 | 8.4 High |
| Multi Emulator Super System 0.154-3.1 contains a buffer overflow vulnerability in the gamma parameter handling that allows local attackers to crash the application or execute arbitrary code. Attackers can supply an oversized gamma parameter value to overflow the stack buffer and overwrite the instruction pointer with a controlled address to achieve code execution. | ||||
| CVE-2016-20045 | 1 Hnb | 1 Hnb | 2026-03-30 | 8.4 High |
| HNB Organizer 1.9.18-10 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -rc command-line parameter. Attackers can craft a malicious input string exceeding 108 bytes containing shellcode and a return address to overwrite the stack and achieve code execution. | ||||
| CVE-2026-1307 | 2 Kstover, Wordpress | 2 Ninja Forms – The Contact Form Builder That Grows With You, Wordpress | 2026-03-30 | 6.5 Medium |
| The Ninja Forms - The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.14.1 via a callback function for the admin_enqueue_scripts action handler in blocks/bootstrap.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to gain access to an authorization token to view form submissions for arbitrary forms, which could potentially contain sensitive information. | ||||
| CVE-2024-51978 | 2026-03-30 | 9.8 Critical | ||
| An unauthenticated attacker who knows the target device's serial number, can generate the default administrator password for the device. An unauthenticated attacker can first discover the target device's serial number via CVE-2024-51977 over HTTP/HTTPS/IPP, or via a PJL request, or via an SNMP request. | ||||
| CVE-2026-4973 | 1 Sourcecodester | 1 Online Quiz System | 2026-03-30 | 3.5 Low |
| A vulnerability was detected in SourceCodester Online Quiz System up to 1.0. Affected by this vulnerability is an unknown functionality of the file endpoint/add-question.php. Performing a manipulation of the argument quiz_question results in cross site scripting. It is possible to initiate the attack remotely. The exploit is now public and may be used. | ||||
| CVE-2019-25651 | 1 Ubiquiti | 4 Unifi Uap-ac Firmware, Unifi Uap Firmware, Unifi Usg Firmware and 1 more | 2026-03-30 | 8.3 High |
| Ubiquiti UniFi Network Controller prior to 5.10.12 (excluding 5.6.42), UAP FW prior to 4.0.6, UAP-AC, UAP-AC v2, and UAP-AC Outdoor FW prior to 3.8.17, USW FW prior to 4.0.6, USG FW prior to 4.4.34 uses AES-CBC encryption for device-to-controller communication, which contains cryptographic weaknesses that allow attackers to recover encryption keys from captured traffic. Attackers with adjacent network access can capture sufficient encrypted traffic and exploit AES-CBC mode vulnerabilities to derive the encryption keys, enabling unauthorized control and management of network devices. | ||||
| CVE-2026-4994 | 1 Wandb | 1 Openui | 2026-03-30 | 3.5 Low |
| A vulnerability was found in wandb OpenUI up to 1.0/3.5-turb. Affected is the function generic_exception_handler of the file backend/openui/server.py of the component APIStatusError Handler. The manipulation of the argument key results in information exposure through error message. Access to the local network is required for this attack. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2016-20041 | 1 Yasr | 1 Yasr Screen Reader | 2026-03-30 | 8.4 High |
| Yasr 0.6.9-5 contains a buffer overflow vulnerability that allows local attackers to crash the application or execute arbitrary code by supplying an oversized argument to the -p parameter. Attackers can invoke yasr with a crafted payload containing junk data, shellcode, and a return address to overwrite the stack and trigger code execution. | ||||
| CVE-2016-20047 | 1 Ekg | 1 Ekg Gadu | 2026-03-30 | 8.4 High |
| EKG Gadu 1.9~pre+r2855-3+b1 contains a local buffer overflow vulnerability in the username handling that allows local attackers to execute arbitrary code by supplying an oversized username string. Attackers can trigger the overflow in the strlcpy function by passing a crafted buffer exceeding 258 bytes to overwrite the instruction pointer and execute shellcode with user privileges. | ||||
| CVE-2018-25224 | 1 Pms | 1 Pms | 2026-03-30 | 8.4 High |
| PMS 0.42 contains a stack-based buffer overflow vulnerability that allows local unauthenticated attackers to execute arbitrary code by supplying malicious values in the configuration file. Attackers can craft configuration files with oversized input that overflows the stack buffer and execute shell commands via return-oriented programming gadgets. | ||||
| CVE-2017-20228 | 1 Flatassembler | 1 Flat Assembler | 2026-03-30 | 8.4 High |
| Flat Assembler 1.71.21 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying oversized input to the application. Attackers can craft malicious assembly input exceeding 5895 bytes to overwrite the instruction pointer and execute return-oriented programming chains for shell command execution. | ||||