Total CVEs

141,292

Critical Severity

3,799

High Severity

13,738

Last 7 Days

1,855
Quick preset (or use dates below)
Clear Filters
Showing 8,641 - 8,660 of 13,738 CVEs
CVE-2026-4690 HIGH - 8.6

Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

Vendor: mozilla
Product: firefox
Published: Mar 24, 2026
Source: NVD
CVE-2026-4687 HIGH - 8.6

Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

Vendor: mozilla
Product: firefox
Published: Mar 24, 2026
Source: NVD
CVE-2026-4686 HIGH - 7.5

Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

Vendor: mozilla
Product: firefox
Published: Mar 24, 2026
Source: NVD
CVE-2026-4685 HIGH - 7.5

Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

Vendor: mozilla
Product: firefox
Published: Mar 24, 2026
Source: NVD
CVE-2026-4684 HIGH - 7.5

Race condition, use-after-free in the Graphics: WebRender component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

Vendor: mozilla
Product: firefox
Published: Mar 24, 2026
Source: NVD
CVE-2019-25647 HIGH - 8.8

PhreeBooks ERP 5.2.3 contains a remote code execution vulnerability in the image manager that allows authenticated attackers to upload and execute arbitrary PHP files by bypassing file extension controls. Attackers can upload malicious PHP files through the image manager endpoint and execute them to...

Vendor: Phreesoft
Product: PhreeBooks ERP
Published: Mar 24, 2026
Source: NVD
CVE-2019-25643 HIGH - 8.2

eNdonesia Portal v8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the bid parameter. Attackers can send GET requests to banners.php with crafted SQL payloads in the bid parameter to extract ...

Vendor: Endonesia
Product: eNdonesia Portal
Published: Mar 24, 2026
Source: NVD
CVE-2019-25642 HIGH - 8.2

Bootstrapy CMS contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through POST parameters. Attackers can inject SQL payloads into the thread_id parameter of forum-thread.php, the subject parameter of conta...

Vendor: Bootstrapy
Product: Bootstrapy CMS
Published: Mar 24, 2026
Source: NVD
CVE-2019-25641 HIGH - 8.2

Netartmedia Vlog System contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers can send POST requests to index.php with malicious email values in the forgotten_password module to extrac...

Vendor: Netartmedia
Product: Netartmedia Vlog System
Published: Mar 24, 2026
Source: NVD
CVE-2019-25640 HIGH - 8.2

Inout Article Base CMS contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through the 'p' and 'u' parameters. Attackers can inject SQL code using XOR-based payloads in GET requests to portalLogin.php to extract sensitive dat...

Vendor: Inoutscripts
Product: Inout Article Base CMS
Published: Mar 24, 2026
Source: NVD
CVE-2019-25639 HIGH - 8.2

Matrimony Website Script M-Plus contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through various POST parameters. Attackers can inject malicious SQL payloads into parameters like txtGender, religion, Fage, and c...

Vendor: Matri4Web
Product: Matrimony Website Script
Published: Mar 24, 2026
Source: NVD
CVE-2019-25638 HIGH - 7.1

Meeplace Business Review Script contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to the addclick.php endpoint with crafted SQL payloads in t...

Vendor: Meeplace
Product: Meeplace Business Review Script
Published: Mar 24, 2026
Source: NVD
CVE-2019-25637 HIGH - 8.4

X-NetStat Pro 5.63 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the EIP register through a 264-byte buffer overflow. Attackers can inject shellcode into memory and use an egg hunter technique to locate and execute the payload whe...

Vendor: Freshsoftware
Product: NetStat Pro
Published: Mar 24, 2026
Source: NVD
CVE-2019-25636 HIGH - 8.2

Zeeways Jobsite CMS contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'id' GET parameter. Attackers can send crafted requests to news_details.php, jobs_details.php, or job_cmp_details.php with mali...

Vendor: Zeeways
Product: Zeeways Jobsite CMS
Published: Mar 24, 2026
Source: NVD
CVE-2019-25635 HIGH - 8.2

Zeeways Matrimony CMS contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through the profile_list endpoint. Attackers can inject SQL code via the up_cast, s_mother, and s_religion parameters to extract sensitive database information us...

Vendor: Zeeways
Product: Zeeways Matrimony CMS
Published: Mar 24, 2026
Source: NVD
CVE-2019-25634 HIGH - 8.4

Base64 Decoder 1.1.2 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by triggering a structured exception handler (SEH) overwrite. Attackers can craft a malicious input file that overflows a buffer, overwrites the SEH chain with a POP-POP-RE...

Vendor: 4Mhz
Product: Base64 Decoder
Published: Mar 24, 2026
Source: NVD
CVE-2019-25633 HIGH - 8.4

AIDA64 Extreme 5.99.4900 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input through the email preferences and report wizard interfaces. Attackers can inject crafted payloads into the Display name f...

Vendor: Aida64
Product: AIDA64 Extreme
Published: Mar 24, 2026
Source: NVD
CVE-2019-25631 HIGH - 8.4

AIDA64 Business 5.99.4900 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting SEH pointers with malicious shellcode. Attackers can inject egg hunter shellcode through the SMTP display name field in preferences or...

Vendor: Aida64
Product: AIDA64 Business
Published: Mar 24, 2026
Source: NVD
CVE-2019-25630 HIGH - 8.8

PhreeBooks ERP 5.2.3 contains an arbitrary file upload vulnerability in the Image Manager component that allows authenticated attackers to upload malicious files by submitting requests to the image upload endpoint. Attackers can upload PHP files through the imgFile parameter to the bizuno/image/mana...

Vendor: Phreesoft
Product: PhreeBooks ERP
Published: Mar 24, 2026
Source: NVD
CVE-2019-25629 HIGH - 8.4

AIDA64 Extreme 5.99.4900 contains a structured exception handler buffer overflow vulnerability in the logging functionality that allows local attackers to execute arbitrary code by supplying a malicious CSV log file path. Attackers can inject shellcode through the Hardware Monitoring logging prefere...

Vendor: Aida64
Product: AIDA64 Extreme
Published: Mar 24, 2026
Source: NVD