Export limit exceeded: 338064 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 338064 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (338064 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-0809 | 1 Streamsoft | 1 Streamsoft Prestiż | 2026-03-13 | N/A |
| Use of a custom token encoding algorithm in Streamsoft Prestiż software allows the value of the KSeF (Krajowy System e-Faktur) token to be guessed after analyzing how tokens with know values are encoded. This issue was fixed in version 20.0.380.92. | ||||
| CVE-2026-4041 | 1 Tenda | 2 I12, I12 Firmware | 2026-03-13 | 8.8 High |
| A security flaw has been discovered in Tenda i12 1.0.0.6(2204). Impacted is the function vos_strcpy of the file /goform/exeCommand. The manipulation of the argument cmdinput results in stack-based buffer overflow. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2026-4042 | 1 Tenda | 2 I12, I12 Firmware | 2026-03-13 | 8.8 High |
| A weakness has been identified in Tenda i12 1.0.0.6(2204). The affected element is the function formWifiMacFilterGet of the file /goform/WifiMacFilterGet. This manipulation of the argument index causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2026-21667 | 1 Veeam | 1 Backup And Replication | 2026-03-13 | 10 Critical |
| A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server. | ||||
| CVE-2026-21666 | 1 Veeam | 1 Backup And Replication | 2026-03-13 | 10 Critical |
| A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server. | ||||
| CVE-2026-21670 | 1 Veeam | 1 Backup And Replication | 2026-03-13 | 7.7 High |
| A vulnerability allowing a low-privileged user to extract saved SSH credentials. | ||||
| CVE-2026-21671 | 1 Veeam | 1 Software Appliance | 2026-03-13 | 9.1 Critical |
| A vulnerability allowing an authenticated user with the Backup Administrator role to perform remote code execution (RCE) in high availability (HA) deployments of Veeam Backup & Replication. | ||||
| CVE-2026-21669 | 1 Veeam | 1 Backup And Replication | 2026-03-13 | 10 Critical |
| A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server. | ||||
| CVE-2026-21668 | 1 Veeam | 1 Backup And Replication | 2026-03-13 | 8.8 High |
| A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository. | ||||
| CVE-2026-4043 | 1 Tenda | 2 I12, I12 Firmware | 2026-03-13 | 8.8 High |
| A security vulnerability has been detected in Tenda i12 1.0.0.6(2204). The impacted element is the function formwrlSSIDget of the file /goform/wifiSSIDget. Such manipulation of the argument index leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2026-4044 | 1 Projectsend | 1 Projectsend | 2026-03-13 | 3.8 Low |
| A vulnerability was detected in projectsend up to r1945. This affects the function realpath of the file /import-orphans.php of the component Delete Handler. Performing a manipulation of the argument files[] results in path traversal. Remote exploitation of the attack is possible. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2019-25508 | 1 Jettweb | 1 Hazir Ilan Sitesi Scripti | 2026-03-13 | 8.2 High |
| Jettweb Php Hazir Ilan Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'kat' parameter. Attackers can send GET requests to the katgetir.php endpoint with malicious 'kat' values to extract sensitive database information. | ||||
| CVE-2019-25509 | 1 Xooscripts | 1 Xoodigital | 2026-03-13 | 8.2 High |
| XooDigital Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to extract sensitive database information. | ||||
| CVE-2019-25510 | 1 Jettweb | 1 Hazir Haber Sitesi Scripti | 2026-03-13 | 8.2 High |
| Jettweb PHP Hazir Haber Sitesi Scripti V2 contains an authentication bypass vulnerability in the administration panel that allows unauthenticated attackers to gain administrative access by exploiting improper SQL query validation. Attackers can submit SQL injection payloads in the username and password fields of the admingiris.php login form to bypass authentication and access the administrative interface. | ||||
| CVE-2019-25511 | 1 Jettweb | 1 Hazir Haber Sitesi Scripti | 2026-03-13 | 8.2 High |
| Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the videoid parameter. Attackers can send GET requests to fonksiyonlar.php with malicious videoid values using UNION-based injection to extract sensitive database information. | ||||
| CVE-2019-25512 | 1 Jettweb | 1 Hazir Haber Sitesi Scripti | 2026-03-13 | 8.2 High |
| Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests. Attackers can manipulate the kelime parameter with UNION-based SQL injection payloads to extract sensitive database information or modify database contents. | ||||
| CVE-2019-25513 | 1 Jettweb | 1 Hazir Haber Sitesi Scripti | 2026-03-13 | 8.2 High |
| Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' parameter. Attackers can send GET requests to datagetir.php with malicious 'q' values using time-based blind SQL injection techniques to extract sensitive database information or bypass authentication. | ||||
| CVE-2019-25514 | 1 Jettweb | 1 Hazir Haber Sitesi Scripti | 2026-03-13 | 8.2 High |
| Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests. Attackers can manipulate the kelime parameter with UNION-based SQL injection payloads to extract sensitive data from the database or bypass authentication controls. | ||||
| CVE-2019-25515 | 1 Jettweb | 1 Hazir Haber Sitesi Scripti | 2026-03-13 | 7.5 High |
| Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an authentication bypass vulnerability in the login.php administration panel that allows unauthenticated attackers to gain administrative access by submitting crafted SQL syntax. Attackers can bypass authentication by submitting equals signs and 'or' operators as username and password parameters to access the administration panel without valid credentials. | ||||
| CVE-2019-25516 | 1 Jettweb | 1 Hazir Haber Sitesi Scripti | 2026-03-13 | 8.2 High |
| Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the gallery_id parameter. Attackers can send GET requests to gallery.php with malicious gallery_id values using UNION-based SQL injection to extract sensitive database information. | ||||