Total CVEs

141,249

Critical Severity

3,795

High Severity

13,708

Last 7 Days

1,933
Quick preset (or use dates below)
Clear Filters
Showing 8,661 - 8,680 of 14,200 CVEs
CVE-2024-51225 MEDIUM - 4.8

A stored cross-site scripting (XSS) vulnerability in the component /admin/add-brand.php of Phpgurukul Vehicle Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the brandname parameter.

Vendor: phpgurukul
Product: vehicle_record_management_system
Published: Mar 23, 2026
Source: NVD
CVE-2024-51224 MEDIUM - 4.8

Multiple cross-site scripting (XSS) vulnerabilities in the component /admin/edit-vehicle.php of Phpgurukul Vehicle Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the vehiclename, modelnumber, regnumber, vehiclesubtype, cha...

Vendor: phpgurukul
Product: vehicle_record_management_system
Published: Mar 23, 2026
Source: NVD
CVE-2024-51223 MEDIUM - 4.8

A stored cross-site scripting (XSS) vulnerability in the component /admin/profile.php of Phpgurukul Vehicle Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Mobile Number parameter.

Vendor: phpgurukul
Product: vehicle_record_management_system
Published: Mar 23, 2026
Source: NVD
CVE-2024-51222 MEDIUM - 4.8

A stored cross-site scripting (XSS) vulnerability in the component /admin/profile.php of Phpgurukul Vehicle Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter.

Vendor: phpgurukul
Product: vehicle_record_management_system
Published: Mar 23, 2026
Source: NVD
CVE-2026-4647 MEDIUM - 6.1

A flaw was found in the GNU Binutils BFD library, a widely used component for handling binary files such as object files and executables. The issue occurs when processing specially crafted XCOFF object files, where a relocation type value is not properly validated before being used. This can cause t...

Vendor: gnu
Product: binutils
Published: Mar 23, 2026
Source: NVD
CVE-2026-4589 MEDIUM - 6.3

A vulnerability was identified in kalcaddle kodbox 1.64. The affected element is the function PathDriverUrl of the file /workspace/source-code/app/controller/explorer/editor.class.php of the component fileGet Endpoint. Such manipulation of the argument path leads to server-side request forgery. The ...

Published: Mar 23, 2026
Source: NVD
CVE-2026-3635 MEDIUM - 6.1

Summary When trustProxy is configured with a restrictive trust function (e.g., a specific IP like trustProxy: '10.0.0.1', a subnet, a hop count, or a custom function), the request.protocol and request.host getters read X-Forwarded-Proto and X-Forwarded-Host headers from any connection โ€” in...

Vendor: npm
Product: fastify
Published: Mar 23, 2026
Source: NVD
CVE-2019-25625 MEDIUM - 6.2

Blob Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the key entry mechanism. Attackers can create a text file with a large buffer of repeated characters and trigger the application to read it, causing t...

Vendor: Pixarra
Product: Blob Studio
Published: Mar 23, 2026
Source: NVD
CVE-2019-25624 MEDIUM - 6.2

Liquid Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the keyboard interface. Attackers can trigger the vulnerability by entering arbitrary characters during application runtime, causing the application...

Vendor: Pixarra
Product: Liquid Studio
Published: Mar 23, 2026
Source: NVD
CVE-2019-25623 MEDIUM - 6.2

Luminance Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the keyboard interface. Attackers can create a text file with arbitrary character sequences and trigger the application to process the input, cau...

Vendor: Pixarra
Product: Luminance Studio
Published: Mar 23, 2026
Source: NVD
CVE-2019-25622 MEDIUM - 6.2

Paint Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the key entry mechanism. Attackers can create a text file with a large buffer of characters and trigger the application to read it, causing the appli...

Vendor: Pixarra
Product: Paint Studio
Published: Mar 23, 2026
Source: NVD
CVE-2019-25621 MEDIUM - 6.2

Pixel Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the keyboard interface. Attackers can trigger the vulnerability by entering arbitrary characters, causing the application to become unresponsive or t...

Vendor: Pixarra
Product: Pixel Studio
Published: Mar 23, 2026
Source: NVD
CVE-2019-25620 MEDIUM - 6.2

Tree Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the keyboard interface. Attackers can trigger the vulnerability by entering arbitrary characters during application runtime, causing the application t...

Vendor: Pixarra
Product: Tree Studio
Published: Mar 23, 2026
Source: NVD
CVE-2026-4586 MEDIUM - 6.3

A vulnerability was found in CodePhiliaX Chat2DB up to 0.3.7. This affects the function Upload of the file chat2db-server/chat2db-server-web/chat2db-server-web-api/src/main/java/ai/chat2db/server/web/api/controller/driver/JdbcDriverController.java of the component JDBC Driver Upload. Performing a ma...

Published: Mar 23, 2026
Source: NVD
CVE-2026-31846 MEDIUM - 6.5

Missing authentication in the /goform/ate endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows an adjacent unauthenticated attacker to retrieve sensitive device information, including the administrator password. The endpoint returns a raw response containing parameters...

Vendor: Nexxt Solutions
Product: Nebula 300+ / Tenda F3 V2.0 Firmware
Published: Mar 23, 2026
Source: NVD
CVE-2026-4583 MEDIUM - 5.0

A vulnerability was detected in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. Affected by this issue is some unknown functionality of the component Bluetooth Handler. Performing a manipulation results in authentication bypass by capture-replay. The attack must originate from the local network. The a...

Published: Mar 23, 2026
Source: NVD
CVE-2026-4582 MEDIUM - 5.0

A security vulnerability has been detected in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. Affected by this vulnerability is an unknown functionality of the component Bluetooth. Such manipulation leads to missing authentication. The attack must be carried out from within the local network. Attacks ...

Published: Mar 23, 2026
Source: NVD
CVE-2026-4628 MEDIUM - 4.3

A flaw was found in Keycloak. An improper Access Control vulnerability in Keycloakโ€™s User-Managed Access (UMA) resource_set endpoint allows attackers with valid credentials to bypass the allowRemoteResourceManagement=false restriction. This occurs due to incomplete enforcement of access control chec...

Published: Mar 23, 2026
Source: NVD
CVE-2025-6229 MEDIUM - 6.4

The Sina Extension for Elementor (Header Builder, Footer Builter, Theme Builder, Slider, Gallery, Form, Modal, Data Table Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `Fancy Text Widget` And `Countdown Widget` DOM attribu...

Published: Mar 23, 2026
Source: NVD
CVE-2025-13997 MEDIUM - 5.3

The King Addons for Elementor โ€“ 4,000+ ready Elementor sections, 650+ templates, 70+ FREE widgets for Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in all versions up to, and including, 51.1.49 due to the plugin adding the API keys to the HTML source code via ren...

Vendor: kingaddons
Product: King Addons for Elementor โ€“ 80+ Elementor Widgets, 4 000+ Elementor Templates, WooCommerce, Mega Menu, Popup Builder
Published: Mar 23, 2026
Source: NVD