Total CVEs

141,292

Critical Severity

3,799

High Severity

13,738

Last 7 Days

1,850
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 8,701 - 8,720 of 13,828 CVEs
CVE-2026-4568 MEDIUM - 6.3

A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown function of the file /update_supplier.php of the component HTTP GET Request Handler. The manipulation of the argument sid results in sql injection. The attack may be launched remotely. The exploit has...

Published: Mar 23, 2026
Source: NVD
CVE-2026-4564 MEDIUM - 4.7

A security vulnerability has been detected in yangzongzhuan RuoYi up to 4.8.2. This issue affects some unknown processing of the file /monitor/job/ of the component Quartz Job Handler. Such manipulation of the argument invokeTarget leads to code injection. It is possible to launch the attack remotel...

Published: Mar 23, 2026
Source: NVD
CVE-2026-4563 MEDIUM - 4.3

A weakness has been identified in MacCMS up to 2025.1000.4052. This vulnerability affects the function order_info of the file application/index/controller/User.php of the component Member Order Detail Interface. This manipulation of the argument order_id causes authorization bypass. It is possible t...

Published: Mar 23, 2026
Source: NVD
CVE-2026-4557 MEDIUM - 4.3

A vulnerability was detected in code-projects Exam Form Submission 1.0. This impacts an unknown function of the file /admin/update_s1.php. Performing a manipulation of the argument sname results in cross site scripting. The attack may be initiated remotely. The exploit is now public and may be used.

Published: Mar 22, 2026
Source: NVD
CVE-2026-4554 MEDIUM - 6.3

A security flaw has been discovered in Tenda F453 1.0.0.3. The affected element is the function FormWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac results in command injection. It is possible to launch the attack remotely. The exploit has been released to the publi...

Published: Mar 22, 2026
Source: NVD
CVE-2026-4550 MEDIUM - 4.7

A vulnerability has been found in code-projects Simple Gym Management System up to 1.0. This affects an unknown part of the file /gym/func.php. Such manipulation of the argument Trainer_id/fname leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public...

Published: Mar 22, 2026
Source: NVD
CVE-2026-4548 MEDIUM - 6.3

A vulnerability was detected in mickasmt next-saas-stripe-starter 1.0.0. Affected by this vulnerability is the function updateUserrole of the file actions/update-user-role.ts. The manipulation of the argument userId/role results in improper authorization. The attack may be launched remotely.

Published: Mar 22, 2026
Source: NVD
CVE-2026-4547 MEDIUM - 4.3

A security vulnerability has been detected in mickasmt next-saas-stripe-starter 1.0.0. Affected is the function generateUserStripe of the file actions/generate-user-stripe.ts of the component Checkout Handler. The manipulation of the argument priceId leads to business logic errors. The attack may be...

Published: Mar 22, 2026
Source: NVD
CVE-2019-25618 MEDIUM - 6.2

AdminExpress 1.2.5 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input through the System Compare feature. Attackers can paste a large buffer of characters into the Folder Path field and trigger the comparison function to caus...

Vendor: Admin-Express
Product: AdminExpress
Published: Mar 22, 2026
Source: NVD
CVE-2019-25617 MEDIUM - 6.2

Ease Audio Converter 5.30 contains a denial of service vulnerability in the Audio Cutter function that allows local attackers to crash the application by processing malformed MP4 files. Attackers can create a crafted MP4 file containing an oversized buffer and load it through the Audio Cutter interf...

Vendor: Audiotool
Product: Ease Audio Converter
Published: Mar 22, 2026
Source: NVD
CVE-2019-25616 MEDIUM - 6.2

AnMing MP3 CD Burner 2.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized string. Attackers can paste a 6000-byte payload into the registration name field to trigger a denial of service condition.

Vendor: Ddz1977
Product: AnMing MP3 CD Burner
Published: Mar 22, 2026
Source: NVD
CVE-2019-25610 MEDIUM - 6.5

NetNumber Titan Master 7.9.1 contains a path traversal vulnerability in the drp endpoint that allows authenticated users to download arbitrary files by injecting directory traversal sequences. Attackers can manipulate the path parameter with base64-encoded payloads containing ../ sequences to bypass...

Vendor: Netnumber
Product: NetNumber Titan ENUM/DNS/NP
Published: Mar 22, 2026
Source: NVD
CVE-2019-25606 MEDIUM - 5.5

Fast AVI MPEG Joiner 1.2.0812 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload in the License Name field. Attackers can create a malicious text file containing 6000 bytes of data and paste it into the License Name input f...

Vendor: Alloksoft
Product: Fast AVI MPEG Joiner
Published: Mar 22, 2026
Source: NVD
CVE-2019-25602 MEDIUM - 5.5

GSearch 1.0.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by inputting an excessively long string in the search bar. Attackers can paste a buffer of 2000 characters into the search field, click search, and select any result to trigger an applicat...

Vendor: GSearch
Product: GSearch
Published: Mar 22, 2026
Source: NVD
CVE-2019-25601 MEDIUM - 6.2

UltraVNC Launcher 1.2.2.4 contains a buffer overflow vulnerability in the Path vncviewer.exe property field that allows local attackers to crash the application by supplying an excessively long string. Attackers can input a 300-byte payload of repeated characters through the Properties dialog to tri...

Vendor: Uvnc
Product: UltraVNC Launcher
Published: Mar 22, 2026
Source: NVD
CVE-2019-25600 MEDIUM - 6.5

UltraVNC Viewer 1.2.2.4 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized string to the VNC Server input field. Attackers can paste a malicious string containing 256 repeated characters into the VNC Server field and click Connect to t...

Vendor: Uvnc
Product: UltraVNC Viewer
Published: Mar 22, 2026
Source: NVD
CVE-2019-25599 MEDIUM - 6.2

Backup Key Recovery 2.2.4 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste a buffer of 300 or more characters into the Name field during registration to trigger a crash when ...

Vendor: Nsauditor
Product: Backup Key Recovery
Published: Mar 22, 2026
Source: NVD
CVE-2019-25598 MEDIUM - 6.2

HeidiSQL Portable 10.1.0.5464 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the password field. Attackers can paste a buffer overflow payload into the password input during Microsoft SQL Server login to trig...

Vendor: Heidisql
Product: HeidiSQL Portable
Published: Mar 22, 2026
Source: NVD
CVE-2019-25597 MEDIUM - 6.2

NSauditor 3.1.2.0 contains a buffer overflow vulnerability in the SNMP Auditor Community field that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a large payload into the Community field and trigger the Walk function to cause a denial of...

Vendor: Nsauditor
Product: NSauditor
Published: Mar 22, 2026
Source: NVD
CVE-2019-25596 MEDIUM - 6.2

SpotAuditor 5.2.6 contains a denial of service vulnerability in the registration dialog that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste a buffer of 300 repeated characters into the Name input during registration to t...

Vendor: Nsauditor
Product: SpotAuditor
Published: Mar 22, 2026
Source: NVD