Total CVEs

141,249

Critical Severity

3,795

High Severity

13,708

Last 7 Days

2,220
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 8,081 - 8,100 of 13,819 CVEs
CVE-2026-30563 MEDIUM - 6.1

A Stored Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the update_details.php file. The application fails to sanitize the "website" parameter provided in a POST request. This allows authenticated attackers ...

Vendor: ahsanriaz26gmailcom
Product: sales_and_inventory_system
Published: Mar 30, 2026
Source: NVD
CVE-2026-30082 MEDIUM - 6.1

Multiple stored cross-site scripting (XSS) vulnerabilities in the Edit feature of the Software Package List page of IngEstate Server v11.14.0 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the About application, What's news, or Release note paramet...

Published: Mar 30, 2026
Source: NVD
CVE-2026-28528 MEDIUM - 4.6

BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Browsing Target GET_FOLDER_ITEMS handler that fails to validate packet boundaries and attribute count data. An attacker with a paired Bluetooth Classic connection can exploit insufficient bounds chec...

Vendor: BlueKitchen GmbH
Product: BTstack
Published: Mar 30, 2026
Source: NVD
CVE-2019-25655 MEDIUM - 6.2

Device Monitoring Studio 8.10.00.8925 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the server connection dialog. Attackers can trigger the crash by entering a malformed server name or address containing rep...

Vendor: hdd
Product: Device Monitoring Studio
Published: Mar 30, 2026
Source: NVD
CVE-2019-25653 MEDIUM - 6.2

Navicat for Oracle 12.1.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the password field. Attackers can paste a buffer of 550 repeated characters into the password parameter during Oracle connection confi...

Vendor: Navicat
Product: Navicat for Oracle
Published: Mar 30, 2026
Source: NVD
CVE-2018-25235 MEDIUM - 6.2

NetworkActiv Web Server 4.0 contains a buffer overflow vulnerability in the username field of the Security options that allows local attackers to crash the application by supplying an excessively long string. Attackers can trigger a denial of service by entering a crafted username value exceeding th...

Vendor: Networkactiv
Product: NetworkActiv Web Server
Published: Mar 30, 2026
Source: NVD
CVE-2018-25234 MEDIUM - 6.2

SmartFTP Client 9.0.2615.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Host field. Attackers can paste a buffer of 300 repeated characters into the Host connection parameter to trigger an application c...

Vendor: Smartftp
Product: SmartFTP Client
Published: Mar 30, 2026
Source: NVD
CVE-2018-25233 MEDIUM - 6.2

WebDrive 18.00.5057 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the username field during Secure WebDAV connection setup. Attackers can input a buffer-overflow payload of 5000 bytes in the username paramet...

Vendor: Webdrive
Product: WebDrive
Published: Mar 30, 2026
Source: NVD
CVE-2018-25232 MEDIUM - 5.5

Softros LAN Messenger 9.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the custom log files location field. Attackers can input a buffer of 2000 characters in the Log Files Location custom path parameter to...

Vendor: Messenger
Product: Softros LAN Messenger
Published: Mar 30, 2026
Source: NVD
CVE-2018-25231 MEDIUM - 6.2

HeidiSQL 9.5.0.5196 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long file path in the logging preferences. Attackers can input a buffer-overflow payload through the SQL log file path field in Preferences > Logging to ...

Vendor: Heidisql
Product: HeidiSQL
Published: Mar 30, 2026
Source: NVD
CVE-2018-25230 MEDIUM - 5.5

Free IP Switcher 3.1 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Computer Name field. Attackers can paste a malicious payload into the Computer Name input field and click Activate to trigger a denial of ...

Vendor: Eusing
Product: Free IP Switcher
Published: Mar 30, 2026
Source: NVD
CVE-2018-25229 MEDIUM - 5.5

BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the SMTP configuration interface that allows local attackers to crash the application by supplying an oversized string. Attackers can input a buffer of 257 'A' characters in the SMTP Server field and trigger a...

Vendor: Bpftpserver
Product: BulletProof FTP Server
Published: Mar 30, 2026
Source: NVD
CVE-2018-25228 MEDIUM - 6.2

NetSetMan 4.7.1 contains a buffer overflow vulnerability in the Workgroup feature that allows local attackers to crash the application by supplying oversized input. Attackers can create a malicious configuration file with excessive data and paste it into the Workgroup field to trigger a denial of se...

Vendor: Netsetman
Product: NetSetMan
Published: Mar 30, 2026
Source: NVD
CVE-2018-25227 MEDIUM - 6.2

Valentina Studio 9.0.4 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Host field. Attackers can trigger the crash by pasting a 256-byte buffer of repeated characters into the Host parameter during server ...

Vendor: Valentina-Db
Product: Valentina Studio
Published: Mar 30, 2026
Source: NVD
CVE-2018-25226 MEDIUM - 6.2

FTPShell Server 6.83 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the account name field. Attackers can trigger a denial of service by pasting a 417-byte payload into the 'Account name to ban' param...

Vendor: Ftpshell
Product: FTPShell Server
Published: Mar 30, 2026
Source: NVD
CVE-2026-5119 MEDIUM - 5.9

A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential sess...

Vendor: gnome
Product: libsoup
Published: Mar 30, 2026
Source: NVD
CVE-2026-5107 MEDIUM - 4.2

A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the function process_type2_route of the file bgpd/bgp_evpn.c of the component EVPN Type-2 Route Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The attack is considered to ha...

Published: Mar 30, 2026
Source: NVD
CVE-2026-5105 MEDIUM - 6.3

A vulnerability was detected in Totolink A3300R 17.0.0cu.557_b20221024. The affected element is the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. Performing a manipulation of the argument pptpPassThru results in command injection. It is possible to initi...

Vendor: totolink
Product: a3300r_firmware
Published: Mar 30, 2026
Source: NVD
CVE-2026-5104 MEDIUM - 6.3

A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_b20221024. Impacted is the function setStaticRoute of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument ip leads to command injection. The attack may be performed from remote. The exploit has been disclosed pub...

Vendor: totolink
Product: a3300r_firmware
Published: Mar 30, 2026
Source: NVD
CVE-2026-5103 MEDIUM - 6.3

A weakness has been identified in Totolink A3300R 17.0.0cu.557_b20221024. This issue affects the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument enable causes command injection. The attack is possible to be carried out remotely. The exploit has been made avail...

Vendor: totolink
Product: a3300r_firmware
Published: Mar 30, 2026
Source: NVD