Total CVEs

141,292

Critical Severity

3,799

High Severity

13,738

Last 7 Days

1,850
Quick preset (or use dates below)
Clear Filters
Showing 8,661 - 8,680 of 13,738 CVEs
CVE-2019-25627 HIGH - 8.4

FlexHEX 2.71 contains a local buffer overflow vulnerability in the Stream Name field that allows local attackers to execute arbitrary code by triggering a structured exception handler (SEH) overflow. Attackers can craft a malicious text file with carefully aligned shellcode and SEH chain pointers, p...

Vendor: Flexhex
Product: FlexHEX
Published: Mar 24, 2026
Source: NVD
CVE-2019-25626 HIGH - 8.4

River Past Cam Do 3.7.6 contains a local buffer overflow vulnerability in the activation code input field that allows local attackers to execute arbitrary code by supplying a malicious activation code string. Attackers can craft a buffer containing 608 bytes of junk data followed by shellcode and SE...

Vendor: Flexhex
Product: River Past Cam Do
Published: Mar 24, 2026
Source: NVD
CVE-2026-3509 HIGH - 7.5

An unauthenticated remote attacker may be able to control the format string of messages processed by the Audit Log of the CODESYS Control runtime system, potentially resulting in a denial‑of‑service (DoS) condition.

Published: Mar 24, 2026
Source: NVD
CVE-2025-41660 HIGH - 8.8

A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enabling unauthorized code execution.

Published: Mar 24, 2026
Source: NVD
CVE-2026-4756 HIGH - 7.8

Out-of-bounds Write vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11.

Vendor: molotovcherry
Product: android-imagemagick7
Published: Mar 24, 2026
Source: NVD
CVE-2026-33852 HIGH - 7.5

Missing Release of Memory after Effective Lifetime vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11.

Vendor: MolotovCherry
Product: Android-ImageMagick7
Published: Mar 24, 2026
Source: NVD
CVE-2026-33856 HIGH - 7.5

Missing Release of Memory after Effective Lifetime vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11.

Vendor: MolotovCherry
Product: Android-ImageMagick7
Published: Mar 24, 2026
Source: NVD
CVE-2026-33854 HIGH - 8.8

Out-of-bounds Write vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-10.

Vendor: MolotovCherry
Product: Android-ImageMagick7
Published: Mar 24, 2026
Source: NVD
CVE-2026-33851 HIGH - 7.8

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in joncampbell123 doslib.This issue affects doslib: before doslib-20250729.

Vendor: joncampbell123
Product: doslib
Published: Mar 24, 2026
Source: NVD
CVE-2026-33850 HIGH - 7.8

Out-of-bounds Write vulnerability in WujekFoliarz DualSenseY-v2.This issue affects DualSenseY-v2: before 54.

Vendor: WujekFoliarz
Product: DualSenseY-v2
Published: Mar 24, 2026
Source: NVD
CVE-2026-33849 HIGH - 8.8

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in linkingvision rapidvms.This issue affects rapidvms: before PR#96.

Vendor: linkingvision
Product: rapidvms
Published: Mar 24, 2026
Source: NVD
CVE-2026-33848 HIGH - 8.8

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in linkingvision rapidvms.This issue affects rapidvms: before PR#96.

Vendor: linkingvision
Product: rapidvms
Published: Mar 24, 2026
Source: NVD
CVE-2026-33847 HIGH - 7.8

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in linkingvision rapidvms.This issue affects rapidvms: before PR#96.

Vendor: linkingvision
Product: rapidvms
Published: Mar 24, 2026
Source: NVD
CVE-2026-4662 HIGH - 7.5

The JetEngine plugin for WordPress is vulnerable to SQL Injection via the `listing_load_more` AJAX action in all versions up to, and including, 3.8.6.1. This is due to the `filtered_query` parameter being excluded from the HMAC signature validation (allowing attacker-controlled input to bypass secur...

Published: Mar 24, 2026
Source: NVD
CVE-2026-4640 HIGH - 7.5

Vitals ESP developed by Galaxy Software Services has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to execute certain functions to obtain sensitive information.

Published: Mar 24, 2026
Source: NVD
CVE-2026-4639 HIGH - 8.8

Vitals ESP developed by Galaxy Software Services has a Incorrect Authorization vulnerability, allowing authenticated remote attackers to perform certain administrative functions, thereby escalating privileges.

Published: Mar 24, 2026
Source: NVD
CVE-2026-4632 HIGH - 7.3

A weakness has been identified in itsourcecode Online Enrollment System 1.0. This vulnerability affects unknown code of the file /sms/user/index.php?view=add of the component Parameter Handler. Executing a manipulation of the argument Name can lead to sql injection. The attack may be performed from ...

Published: Mar 24, 2026
Source: NVD
CVE-2026-4627 HIGH - 7.2

A vulnerability was found in D-Link DIR-825 and DIR-825R 1.0.5/4.5.1. Affected is the function handler_update_system_time of the file libdeuteron_modules.so of the component NTP Service. The manipulation results in os command injection. The attack may be launched remotely. This vulnerability only af...

Published: Mar 24, 2026
Source: NVD
CVE-2026-4625 HIGH - 7.3

A flaw has been found in SourceCodester Online Admission System 1.0. This affects an unknown function of the file /programmes.php. Executing a manipulation of the argument program can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used.

Published: Mar 24, 2026
Source: NVD
CVE-2026-4624 HIGH - 7.3

A vulnerability was detected in SourceCodester Online Library Management System 1.0. The impacted element is an unknown function of the file /home.php of the component Parameter Handler. Performing a manipulation of the argument searchField results in sql injection. The attack can be initiated remot...

Published: Mar 24, 2026
Source: NVD