Export limit exceeded: 339026 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 76168 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (76168 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-22457 | 2 Mikado-themes, Wordpress | 2 Wanderland, Wordpress | 2026-03-09 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Wanderland wanderland allows PHP Local File Inclusion.This issue affects Wanderland: from n/a through <= 1.5. | ||||
| CVE-2018-25161 | 1 Warrantytrack | 1 Warranty Tracking System | 2026-03-09 | 8.2 High |
| Warranty Tracking System 11.06.3 contains an SQL injection vulnerability that allows attackers to execute arbitrary SQL queries by injecting malicious code through the txtCustomerCode, txtCustomerName, and txtPhone POST parameters in SearchCustomer.php. Attackers can submit crafted SQL statements using UNION SELECT to extract sensitive database information including usernames, database names, and version details. | ||||
| CVE-2025-15035 | 1 Tp-link | 2 Archer Axe75, Archer Axe75 Firmware | 2026-03-09 | 7.3 High |
| Improper Input Validation vulnerability in TP-Link Archer AXE75 v1.6 (vpn modules) allows an authenticated adjacent attacker to delete arbitrary server file, leading to possible loss of critical system files and service interruption or degraded functionality.This issue affects Archer AXE75 v1.6: ≤ build 20250107. | ||||
| CVE-2018-25173 | 1 Sms | 1 Rmedia Sms | 2026-03-09 | 8.2 High |
| Rmedia SMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the gid parameter. Attackers can send GET requests to editgrp.php with malicious gid values using EXTRACTVALUE and CONCAT functions to retrieve schema names and sensitive database data. | ||||
| CVE-2025-58402 | 1 Cgm | 2 Cgm Clininet, Clininet | 2026-03-09 | 7.5 High |
| The CGM CLININET application uses direct, sequential object identifiers "MessageID" without proper authorization checks. By modifying the parameter in the GET request, an attacker can access messages and attachments belonging to other users. | ||||
| CVE-2018-25175 | 1 Alienor | 1 Alienor Web Libre | 2026-03-09 | 8.2 High |
| Alienor Web Libre 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the identifiant parameter. Attackers can submit crafted POST requests to index.php with SQL injection payloads in the identifiant field to extract sensitive database information including usernames, databases, and version details. | ||||
| CVE-2018-25176 | 1 Demo | 1 Alive Parish | 2026-03-09 | 8.2 High |
| Alive Parish 2.0.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the key parameter in the search endpoint. Attackers can also upload arbitrary files via the person photo upload functionality to the images/uploaded directory for remote code execution. | ||||
| CVE-2025-55848 | 1 Dlink | 3 Dir-823, Dir-823x, Dir-823x Firmware | 2026-03-09 | 8.8 High |
| An issue was discovered in DIR-823 firmware 20250416. There is an RCE vulnerability in the set_cassword settings interface, as the http_casswd parameter is not filtered by '&'to allow injection of reverse connection commands. | ||||
| CVE-2026-2219 | 1 Debian | 1 Dpkg | 2026-03-09 | 7.5 High |
| It was discovered that dpkg-deb (a component of dpkg, the Debian package management system) does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service (infinite loop spinning the CPU). | ||||
| CVE-2026-27541 | 2 Josh Kohlbach, Wordpress | 2 Wholesale Suite, Wordpress | 2026-03-09 | 7.1 High |
| Incorrect Privilege Assignment vulnerability in Josh Kohlbach Wholesale Suite woocommerce-wholesale-prices allows Privilege Escalation.This issue affects Wholesale Suite: from n/a through <= 2.2.6. | ||||
| CVE-2026-27428 | 2 Eagle-themes, Wordpress | 2 Eagle Booking, Wordpress | 2026-03-09 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eagle-Themes Eagle Booking eagle-booking allows SQL Injection.This issue affects Eagle Booking: from n/a through <= 1.3.4.3. | ||||
| CVE-2026-23798 | 2 Blubrry, Wordpress | 2 Powerpress Podcasting, Wordpress | 2026-03-09 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in blubrry PowerPress Podcasting powerpress allows Object Injection.This issue affects PowerPress Podcasting: from n/a through <= 11.15.10. | ||||
| CVE-2026-22479 | 2 Themeruby, Wordpress | 2 Easy Post Submission, Wordpress | 2026-03-09 | 7.5 High |
| Missing Authorization vulnerability in ThemeRuby Easy Post Submission easy-post-submission allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Post Submission: from n/a through <= 2.2.0. | ||||
| CVE-2025-15602 | 1 Grokability, Inc. | 1 Snipe-it | 2026-03-09 | 8.8 High |
| Snipe-IT versions prior to 8.3.7 contain sensitive user attributes related to account privileges that are insufficiently protected against mass assignment. An authenticated, low-privileged user can craft a malicious API request to modify restricted fields of another user account, including the Super Admin account. By changing the email address of the Super Admin and triggering a password reset, an attacker can fully take over the Super Admin account, resulting in complete administrative control of the Snipe-IT instance. | ||||
| CVE-2022-40619 | 1 Netgear | 22 R6230, R6230 Firmware, R6260 and 19 more | 2026-03-09 | 7.7 High |
| FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, exposes an HTTP server over the LAN interface of affected devices. This interface is vulnerable to unauthenticated arbitrary command injection through the funjsq_access_token parameter. This affects R6230 before 1.1.0.112, R6260 before 1.1.0.88, R7000 before 1.0.11.134, R8900 before 1.0.5.42, R9000 before 1.0.5.42, and XR300 before 1.0.3.72 and Orbi RBR20 before 2.7.2.26, RBR50 before 2.7.4.26, RBS20 before 2.7.2.26, and RBS50 before 2.7.4.26. | ||||
| CVE-2022-40620 | 1 Netgear | 22 R6230, R6230 Firmware, R6260 and 19 more | 2026-03-09 | 7.7 High |
| FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, does not properly validate TLS certificates when downloading update packages through its auto-update mechanism. An attacker (suitably positioned on the network) could intercept the update request and deliver a malicious update package in order to gain arbitrary code execution on affected devices. This affects R6230 before 1.1.0.112, R6260 before 1.1.0.88, R7000 before 1.0.11.134, R8900 before 1.0.5.42, R9000 before 1.0.5.42, and XR300 before 1.0.3.72 and Orbi RBR20 before 2.7.2.26, RBR50 before 2.7.4.26, RBS20 before 2.7.2.26, and RBS50 before 2.7.4.26. | ||||
| CVE-2026-0750 | 2 Drupal, Verifone | 2 Drupal Commerce Paybox, Commerce Paybox | 2026-03-09 | 7.5 High |
| Improper Verification of Cryptographic Signature vulnerability in Drupal Drupal Commerce Paybox Commerce Paybox on Drupal 7.X allows Authentication Bypass.This issue affects Drupal Commerce Paybox: from 7-x-1.0 through 7.X-1.5. | ||||
| CVE-2025-46691 | 1 Dell | 2 Premiercolor, Premiercolor Panel Driver | 2026-03-09 | 7.8 High |
| Dell PremierColor Panel Driver, versions prior to 1.0.0.1 A01, contains an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges. | ||||
| CVE-2026-27383 | 2 Radiustheme, Wordpress | 2 Metro, Wordpress | 2026-03-09 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme Metro metro allows PHP Local File Inclusion.This issue affects Metro: from n/a through <= 2.13. | ||||
| CVE-2026-27337 | 2 Ancorathemes, Wordpress | 2 Chronicle - Lifestyle Magazine & Blog Wordpress Theme, Wordpress | 2026-03-09 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Chronicle - Lifestyle Magazine & Blog WordPress Theme chronicle allows PHP Local File Inclusion.This issue affects Chronicle - Lifestyle Magazine & Blog WordPress Theme: from n/a through <= 1.0. | ||||