Total CVEs

144,218

Critical Severity

4,148

High Severity

14,965

Last 7 Days

1,646
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 21,861 - 21,880 of 40,623 CVEs
CVE-2019-25707 HIGH - 7.1

eBrigade ERP 4.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to pdf.php with crafted SQL payloads in the 'id' parameter to extr...

Vendor: Ebrigade
Product: eBrigade ERP
Published: Apr 12, 2026
Source: NVD
CVE-2019-25706 HIGH - 7.5

Across DR-810 contains an unauthenticated file disclosure vulnerability that allows remote attackers to download the rom-0 backup file containing sensitive information by sending a simple GET request. Attackers can access the rom-0 endpoint without authentication to retrieve and decompress the backu...

Vendor: Across
Product: DR-810
Published: Apr 12, 2026
Source: NVD
CVE-2019-25705 HIGH - 8.4

Echo Mirage 3.1 contains a stack buffer overflow vulnerability that allows local attackers to crash the application or execute arbitrary code by supplying an oversized string in the Rules action field. Attackers can create a malicious text file with a crafted payload exceeding buffer boundaries and ...

Vendor: Sourceforge
Product: Echo Mirage
Published: Apr 12, 2026
Source: NVD
CVE-2019-25703 HIGH - 7.1

ImpressCMS 1.3.11 contains a time-based blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'bid' parameter. Attackers can send POST requests to the admin.php endpoint with malicious 'bid' values c...

Vendor: Impresscms
Product: ImpressCMS
Published: Apr 12, 2026
Source: NVD
CVE-2019-25701 HIGH - 8.4

Easy Video to iPod Converter 1.6.20 contains a local buffer overflow vulnerability in the user registration field that allows local attackers to overwrite the structured exception handler. Attackers can input a crafted payload exceeding 996 bytes in the username field to trigger SEH overwrite and ex...

Vendor: Divxtodvd
Product: Easy Video to iPod Converter
Published: Apr 12, 2026
Source: NVD
CVE-2019-25699 HIGH - 7.1

Newsbull Haber Script 1.0.0 contains multiple SQL injection vulnerabilities in the search parameter that allow authenticated attackers to extract database information through time-based, blind, and boolean-based injection techniques. Attackers can inject malicious SQL code through the search paramet...

Vendor: Newsbull
Product: Newsbull Haber Script
Published: Apr 12, 2026
Source: NVD
CVE-2019-25697 HIGH - 8.2

CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cat_id parameter. Attackers can send GET requests to category.php with malicious cat_id values to extract sensitive database information includin...

Vendor: VictorAlagwu
Product: CMSsite
Published: Apr 12, 2026
Source: NVD
CVE-2019-25695 HIGH - 8.4

R 3.4.4 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by injecting malicious input into the GUI Preferences language field. Attackers can craft a payload with a 292-byte offset and JMP ESP instruction to execute commands like calc.exe when the payload...

Vendor: r-project
Product: R
Published: Apr 12, 2026
Source: NVD
CVE-2019-25693 HIGH - 7.1

ResourceSpace 8.6 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the keywords parameter in collection_edit.php. Attackers can submit POST requests with crafted SQL payloads in the keywords field to extr...

Vendor: Resourcespace
Product: ResourceSpace
Published: Apr 12, 2026
Source: NVD
CVE-2019-25691 HIGH - 8.4

Faleemi Desktop Software 1.8 contains a local buffer overflow vulnerability in the System Setup dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Attackers can inject a crafted payload into the Save Path for Snapshot and Record file field to t...

Vendor: Faleemi
Product: Faleemi Desktop Software
Published: Apr 12, 2026
Source: NVD
CVE-2019-25689 HIGH - 8.4

HTML5 Video Player 1.2.5 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized key code string. Attackers can craft a malicious payload exceeding 997 bytes and paste it into the KEY CODE field in the Help Register dialog to trigger c...

Vendor: Html5Videoplayer
Product: HTML5 Video Player
Published: Apr 12, 2026
Source: NVD
CVE-2018-25258 HIGH - 8.4

RGui 3.5.0 contains a local buffer overflow vulnerability in the GUI preferences dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Attackers can craft malicious input in the Language for menus and messages field to trigger a stack-based buffer...

Vendor: R-Project
Product: RGui
Published: Apr 12, 2026
Source: NVD
CVE-2018-25257 HIGH - 7.1

Adianti Framework 5.5.0 and 5.6.0 contains an SQL injection vulnerability that allows authenticated users to manipulate database queries by injecting SQL code through the name field in SystemProfileForm. Attackers can submit crafted SQL statements in the profile edit endpoint to modify user credenti...

Vendor: adianti
Product: Adianti Framework
Published: Apr 12, 2026
Source: NVD
CVE-2017-20239 MEDIUM - 6.1

MDwiki contains a cross-site scripting vulnerability that allows remote attackers to execute arbitrary JavaScript by injecting malicious code through the location hash parameter. Attackers can craft URLs with JavaScript payloads in the hash fragment that are parsed and rendered without sanitization,...

Vendor: Dynalon
Product: MDwiki
Published: Apr 12, 2026
Source: NVD
CVE-2026-6126 HIGH - 7.3

A weakness has been identified in zhayujie chatgpt-on-wechat CowAgent 2.0.4. The affected element is an unknown function of the component Administrative HTTP Endpoint. This manipulation causes missing authentication. It is possible to initiate the attack remotely. The exploit has been made available...

Published: Apr 12, 2026
Source: NVD
CVE-2026-6125 MEDIUM - 6.3

A security flaw has been discovered in Dromara warm-flow up to 1.8.4. Impacted is the function SpelHelper.parseExpression of the file /warm-flow/save-json of the component Workflow Definition Handler. The manipulation of the argument listenerPath/skipCondition/permissionFlag results in code injectio...

Vendor: maven
Product: org.dromara.warm:warm-flow-plugin-modes-sb
Published: Apr 12, 2026
Source: NVD
CVE-2026-6124 HIGH - 8.8

A vulnerability was determined in Tenda F451 1.0.0.7. This vulnerability affects the function fromSafeMacFilter of the file /goform/SafeMacFilter of the component httpd. Executing a manipulation of the argument page/menufacturer can lead to stack-based buffer overflow. The attack can be executed rem...

Published: Apr 12, 2026
Source: NVD
CVE-2026-6123 HIGH - 8.8

A vulnerability was found in Tenda F451 1.0.0.7. This affects the function fromAddressNat of the file /goform/addressNat of the component httpd. Performing a manipulation of the argument entrys results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has bee...

Published: Apr 12, 2026
Source: NVD
CVE-2026-6122 HIGH - 8.8

A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this issue is the function frmL7ProtForm of the file /goform/L7Prot of the component httpd. Such manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclos...

Published: Apr 12, 2026
Source: NVD
CVE-2026-6121 HIGH - 8.8

A flaw has been found in Tenda F451 1.0.0.7. Affected by this vulnerability is the function WrlclientSet of the file /goform/WrlclientSet of the component httpd. This manipulation of the argument GO causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been publis...

Published: Apr 12, 2026
Source: NVD