Total CVEs

141,292

Critical Severity

3,799

High Severity

13,738

Last 7 Days

1,850
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 8,721 - 8,740 of 13,828 CVEs
CVE-2019-25595 MEDIUM - 6.2

jetAudio 8.1.7.20702 Basic contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string through the URL input handler. Attackers can trigger the crash by pasting a buffer of 5000 characters into the Open URL dialog, causing t...

Vendor: Jetaudio
Product: jetAudio
Published: Mar 22, 2026
Source: NVD
CVE-2019-25594 MEDIUM - 6.2

ASPRunner.NET 10.1 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the table name field. Attackers can input a buffer of 10000 characters in the table name parameter during database table creation to trigger a...

Vendor: Xlinesoft
Product: ASPRunner.NET
Published: Mar 22, 2026
Source: NVD
CVE-2019-25593 MEDIUM - 5.5

jetCast Server 2.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Log directory configuration field. Attackers can paste a buffer of 5000 characters into the Log directory input, then click Start to trigg...

Vendor: Jetaudio
Product: jetCast Server
Published: Mar 22, 2026
Source: NVD
CVE-2019-25592 MEDIUM - 6.2

PHPRunner 10.1 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the dashboard name field. Attackers can paste a buffer of 10000 characters into the Name field during dashboard creation to trigger an application...

Vendor: Xlinesoft
Product: PHPRunner
Published: Mar 22, 2026
Source: NVD
CVE-2019-25591 MEDIUM - 6.2

DNSS Domain Name Search Software 2.1.8 contains a buffer overflow vulnerability in the registration code input field that allows local attackers to crash the application by submitting an excessively long string. Attackers can trigger a denial of service by pasting a malicious registration code conta...

Vendor: nsauditor
Product: DNSS Domain Name Search Software
Published: Mar 22, 2026
Source: NVD
CVE-2019-25590 MEDIUM - 6.2

Axessh 4.2 contains a denial of service vulnerability in the logging configuration that allows local attackers to crash the application by supplying an excessively long string in the log file name field. Attackers can enable session logging, paste a buffer of 500 or more characters into the log file...

Vendor: Labf
Product: Axessh
Published: Mar 22, 2026
Source: NVD
CVE-2026-4543 MEDIUM - 6.3

A vulnerability was found in Wavlink WL-WN578W2 221110. The impacted element is an unknown function of the file /cgi-bin/firewall.cgi of the component POST Request Handler. Performing a manipulation of the argument dmz_flag/del_flag results in command injection. It is possible to initiate the attack...

Published: Mar 22, 2026
Source: NVD
CVE-2026-4542 MEDIUM - 5.4

A vulnerability has been found in SSCMS 4.7.0. The affected element is an unknown function of the file LayerImageController.Submit.cs of the component layerImage Endpoint. Such manipulation of the argument filePaths leads to path traversal. The attack may be performed from remote. The exploit has be...

Published: Mar 22, 2026
Source: NVD
CVE-2026-4538 MEDIUM - 5.3

A vulnerability was identified in PyTorch 2.10.0. The affected element is an unknown function of the component pt2 Loading Handler. The manipulation leads to deserialization. The attack can only be performed from a local environment. The exploit is publicly available and might be used. The project w...

Published: Mar 22, 2026
Source: NVD
CVE-2026-4537 MEDIUM - 4.7

A vulnerability was determined in Cudy TR1200 R46-2.4.15-20250721-164017. Impacted is the function action_ipsec_conn of the file /usr/bin/lib/lua/luci/controller/ipsec.lua. Executing a manipulation can lead to command injection. The attack may be launched remotely. The exploit has been publicly disc...

Published: Mar 22, 2026
Source: NVD
CVE-2026-3427 MEDIUM - 6.4

The Yoast SEO โ€“ Advanced SEO with real-time guidance and built-in AI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the `jsonText` block attribute in all versions up to, and including, 27.1.1 due to insufficient input sanitization and output escaping. This makes it possibl...

Published: Mar 22, 2026
Source: NVD
CVE-2026-4533 MEDIUM - 6.3

A vulnerability was detected in code-projects Simple Food Ordering System 1.0. Affected by this issue is some unknown functionality of the file all-tickets.php. The manipulation of the argument Status results in sql injection. It is possible to launch the attack remotely. The exploit is now public a...

Published: Mar 22, 2026
Source: NVD
CVE-2026-33549 MEDIUM - 6.7

SPIP 4.4.10 through 4.4.12 before 4.4.13 allows unintended privilege assignment (of administrator privileges) during the editing of an author data structure because of STATUT mishandling.

Vendor: SPIP
Product: SPIP
Published: Mar 22, 2026
Source: NVD
CVE-2025-71276 MEDIUM - 6.4

SOGo before 5.12.5 is prone to a XSS vulnerability with events, tasks, and contacts categories.

Vendor: Alinto
Product: SOGo
Published: Mar 22, 2026
Source: NVD
CVE-2026-4532 MEDIUM - 5.3

A security vulnerability has been detected in code-projects Simple Food Ordering System up to 1.0. Affected by this vulnerability is an unknown functionality of the file /food/sql/food.sql of the component Database Backup Handler. The manipulation leads to files or directories accessible. It is poss...

Published: Mar 22, 2026
Source: NVD
CVE-2026-4531 MEDIUM - 5.3

A weakness has been identified in Free5GC 4.1.0. Affected is the function HandleRegistrationComplete of the file internal/gmm/handler.go of the component AMF. Executing a manipulation can lead to denial of service. The attack may be performed from remote. This patch is called 52e9386401ce56ea773c5aa...

Published: Mar 22, 2026
Source: NVD
CVE-2019-25589 MEDIUM - 6.2

ZOC Terminal 7.23.4 contains a buffer overflow vulnerability in the Shell field of Program Settings that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a crafted payload into the Shell configuration field and trigger a crash when accessin...

Vendor: Emtec
Product: ZOC Terminal
Published: Mar 22, 2026
Source: NVD
CVE-2019-25588 MEDIUM - 6.2

BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the DNS Address field that allows local attackers to crash the application by supplying an excessively long string. Attackers can enable the DNS Address option in the Firewall settings and paste a buffer of 700 bytes to...

Vendor: Bpftpserver
Product: BulletProof FTP Server
Published: Mar 22, 2026
Source: NVD
CVE-2019-25587 MEDIUM - 6.2

BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the Storage-Path configuration parameter that allows local attackers to crash the application by supplying an excessively long string value. Attackers can enable the Override Storage-Path setting and paste a buffer of 5...

Vendor: Bpftpserver
Product: BulletProof FTP Server
Published: Mar 22, 2026
Source: NVD
CVE-2019-25586 MEDIUM - 6.2

Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the URL field. Attackers can paste a buffer of 5000 characters into the 'From URL' field during torrent addition to trigger an applicatio...

Vendor: Dev
Product: Deluge
Published: Mar 22, 2026
Source: NVD