Total CVEs

141,249

Critical Severity

3,795

High Severity

13,708

Last 7 Days

1,901
Quick preset (or use dates below)
Clear Filters
Showing 8,681 - 8,700 of 14,200 CVEs
CVE-2026-4603 MEDIUM - 5.9

Versions of the package jsrsasign before 11.1.1 are vulnerable to Division by zero due to the RSASetPublic/KEYUTIL parsing path in ext/rsa.js and the BigInteger.modPowInt reduction logic in ext/jsbn.js. An attacker can force RSA public-key operations (e.g., verify and encryption) to collapse to dete...

Vendor: jsrsasign_project
Product: jsrsasign
Published: Mar 23, 2026
Source: NVD
CVE-2026-4574 MEDIUM - 6.3

A vulnerability was detected in SourceCodester Simple E-learning System 1.0. This vulnerability affects unknown code of the component User Profile Update Handler. The manipulation of the argument firstName results in sql injection. It is possible to launch the attack remotely. The exploit is now pub...

Published: Mar 23, 2026
Source: NVD
CVE-2026-4573 MEDIUM - 6.3

A security vulnerability has been detected in SourceCodester Simple E-learning System 1.0. This affects an unknown part of the file /includes/form_handlers/delete_post.php of the component HTTP GET Parameter Handler. The manipulation of the argument post_id leads to sql injection. It is possible to ...

Published: Mar 23, 2026
Source: NVD
CVE-2026-1969 MEDIUM - 5.3

The trx_addons WordPress plugin before 2.38.5 does not correctly validate file types in one of its AJAX action, allowing unauthenticated users to upload arbitrary file. This is due to an incorrect fix of CVE-2024-13448

Published: Mar 23, 2026
Source: NVD
CVE-2025-10734 MEDIUM - 5.3

The ReviewX โ€“ WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.12 via the syncedData function. This makes it possible for unauthenticated ...

Vendor: reviewx
Product: ReviewX โ€“ Multi-Criteria Reviews for WooCommerce with Google Reviews & Schema
Published: Mar 23, 2026
Source: NVD
CVE-2025-10731 MEDIUM - 5.3

The ReviewX โ€“ WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.12 via the allReminderSettings function. This makes it possible for unauthe...

Vendor: reviewx
Product: ReviewX โ€“ Multi-Criteria Reviews for WooCommerce with Google Reviews & Schema
Published: Mar 23, 2026
Source: NVD
CVE-2026-4572 MEDIUM - 6.3

A weakness has been identified in SourceCodester Sales and Inventory System 1.0. Affected by this issue is some unknown functionality of the file /view_product.php of the component HTTP POST Request Handler. Executing a manipulation of the argument searchtxt can lead to sql injection. The attack may...

Published: Mar 23, 2026
Source: NVD
CVE-2026-4571 MEDIUM - 6.3

A security flaw has been discovered in SourceCodester Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /view_payments.php of the component HTTP POST Request Handler. Performing a manipulation of the argument searchtxt results in sql injection. Th...

Published: Mar 23, 2026
Source: NVD
CVE-2026-4570 MEDIUM - 6.3

A vulnerability was identified in SourceCodester Sales and Inventory System 1.0. Affected is an unknown function of the file /view_customers.php of the component HTTP POST Request Handler. Such manipulation of the argument searchtxt leads to sql injection. The attack can be executed remotely. The ex...

Published: Mar 23, 2026
Source: NVD
CVE-2025-10736 MEDIUM - 6.5

The ReviewX โ€“ WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to unauthorized access of data due to improper authorization checks on the userAccessibility() function in all versions up to, and including, 2.2.10. T...

Vendor: reviewx
Product: ReviewX โ€“ Multi-Criteria Reviews for WooCommerce with Google Reviews & Schema
Published: Mar 23, 2026
Source: NVD
CVE-2026-4569 MEDIUM - 6.3

A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This impacts an unknown function of the file /view_category.php of the component HTTP POST Request Handler. This manipulation of the argument searchtxt causes sql injection. Remote exploitation of the attack is possible...

Published: Mar 23, 2026
Source: NVD
CVE-2026-4568 MEDIUM - 6.3

A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown function of the file /update_supplier.php of the component HTTP GET Request Handler. The manipulation of the argument sid results in sql injection. The attack may be launched remotely. The exploit has...

Published: Mar 23, 2026
Source: NVD
CVE-2026-4564 MEDIUM - 4.7

A security vulnerability has been detected in yangzongzhuan RuoYi up to 4.8.2. This issue affects some unknown processing of the file /monitor/job/ of the component Quartz Job Handler. Such manipulation of the argument invokeTarget leads to code injection. It is possible to launch the attack remotel...

Published: Mar 23, 2026
Source: NVD
CVE-2026-4563 MEDIUM - 4.3

A weakness has been identified in MacCMS up to 2025.1000.4052. This vulnerability affects the function order_info of the file application/index/controller/User.php of the component Member Order Detail Interface. This manipulation of the argument order_id causes authorization bypass. It is possible t...

Published: Mar 23, 2026
Source: NVD
CVE-2026-4557 MEDIUM - 4.3

A vulnerability was detected in code-projects Exam Form Submission 1.0. This impacts an unknown function of the file /admin/update_s1.php. Performing a manipulation of the argument sname results in cross site scripting. The attack may be initiated remotely. The exploit is now public and may be used.

Published: Mar 22, 2026
Source: NVD
CVE-2026-4554 MEDIUM - 6.3

A security flaw has been discovered in Tenda F453 1.0.0.3. The affected element is the function FormWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac results in command injection. It is possible to launch the attack remotely. The exploit has been released to the publi...

Published: Mar 22, 2026
Source: NVD
CVE-2026-4550 MEDIUM - 4.7

A vulnerability has been found in code-projects Simple Gym Management System up to 1.0. This affects an unknown part of the file /gym/func.php. Such manipulation of the argument Trainer_id/fname leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public...

Published: Mar 22, 2026
Source: NVD
CVE-2026-4548 MEDIUM - 6.3

A vulnerability was detected in mickasmt next-saas-stripe-starter 1.0.0. Affected by this vulnerability is the function updateUserrole of the file actions/update-user-role.ts. The manipulation of the argument userId/role results in improper authorization. The attack may be launched remotely.

Published: Mar 22, 2026
Source: NVD
CVE-2026-4547 MEDIUM - 4.3

A security vulnerability has been detected in mickasmt next-saas-stripe-starter 1.0.0. Affected is the function generateUserStripe of the file actions/generate-user-stripe.ts of the component Checkout Handler. The manipulation of the argument priceId leads to business logic errors. The attack may be...

Published: Mar 22, 2026
Source: NVD
CVE-2019-25618 MEDIUM - 6.2

AdminExpress 1.2.5 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input through the System Compare feature. Attackers can paste a large buffer of characters into the Folder Path field and trigger the comparison function to caus...

Vendor: Admin-Express
Product: AdminExpress
Published: Mar 22, 2026
Source: NVD