Total CVEs

141,292

Critical Severity

3,799

High Severity

13,738

Last 7 Days

1,844
Quick preset (or use dates below)
Clear Filters
Showing 8,741 - 8,760 of 13,738 CVEs
CVE-2026-4601 HIGH - 8.7

Versions of the package jsrsasign before 11.1.1 are vulnerable to Missing Cryptographic Step via the KJUR.crypto.DSA.signWithMessageHash process in the DSA signing implementation. An attacker can recover the private key by forcing r or s to be zero, so the library emits an invalid signature without ...

Vendor: jsrsasign_project
Product: jsrsasign
Published: Mar 23, 2026
Source: NVD
CVE-2026-4600 HIGH - 7.4

Versions of the package jsrsasign before 11.1.1 are vulnerable to Improper Verification of Cryptographic Signature via the DSA domain-parameter validation in KJUR.crypto.DSA.setPublic (and the related DSA/X509 verification flow in src/dsa-2.0.js). An attacker can forge DSA signatures or X.509 certif...

Vendor: jsrsasign_project
Product: jsrsasign
Published: Mar 23, 2026
Source: NVD
CVE-2026-4598 HIGH - 7.5

Versions of the package jsrsasign before 11.1.1 are vulnerable to Infinite loop via the bnModInverse function in ext/jsbn2.js when the BigInteger.modInverse implementation receives zero or negative inputs, allowing an attacker to hang the process permanently by supplying such crafted values (e.g., m...

Vendor: jsrsasign_project
Product: jsrsasign
Published: Mar 23, 2026
Source: NVD
CVE-2025-10679 HIGH - 7.3

The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to arbitrary method calls in all versions up to, and including, 2.2.12. This is due to insufficient input validation in the bulkTenReviews function tha...

Vendor: reviewx
Product: ReviewX – Multi-Criteria Reviews for WooCommerce with Google Reviews & Schema
Published: Mar 23, 2026
Source: NVD
CVE-2026-4566 HIGH - 8.8

A flaw has been found in Belkin F9K1122 1.00.33. The affected element is the function formWISP5G of the file /goform/formWISP5G. Executing a manipulation of the argument webpage can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been published and may be us...

Published: Mar 23, 2026
Source: NVD
CVE-2026-4565 HIGH - 8.8

A vulnerability was detected in Tenda AC21 16.03.08.16. Impacted is the function formSetQosBand of the file /goform/SetNetControlList. Performing a manipulation of the argument list results in buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used.

Published: Mar 23, 2026
Source: NVD
CVE-2026-4562 HIGH - 7.3

A security flaw has been discovered in MacCMS 2025.1000.4052. This affects an unknown part of the file application/api/controller/Timming.php of the component Timming API Endpoint. The manipulation results in missing authentication. The attack may be performed from remote. The exploit has been relea...

Published: Mar 23, 2026
Source: NVD
CVE-2026-2580 HIGH - 7.5

The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to time-based SQL Injection via the β€˜orderby’ parameter in all versions up to, and including, 4.9.1 due to insufficient escaping on the user supplied parameter and lack of ...

Published: Mar 23, 2026
Source: NVD
CVE-2026-4558 HIGH - 8.8

A flaw has been found in Linksys MR9600 2.0.6.206937. Affected is the function smartConnectConfigure of the file SmartConnect.lua. Executing a manipulation of the argument configApSsid/configApPassphrase/srpLogin/srpPassword can lead to os command injection. The attack may be launched remotely. The ...

Published: Mar 22, 2026
Source: NVD
CVE-2026-4555 HIGH - 8.8

A weakness has been identified in D-Link DIR-513 1.10. The impacted element is the function formEasySetTimezone of the file /goform/formEasySetTimezone of the component boa. This manipulation of the argument curTime causes stack-based buffer overflow. The attack can be initiated remotely. The exploi...

Published: Mar 22, 2026
Source: NVD
CVE-2026-4553 HIGH - 8.8

A vulnerability was identified in Tenda F453 1.0.0.3. Impacted is the function fromNatlimit of the file /goform/Natlimit of the component Parameters Handler. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is pub...

Published: Mar 22, 2026
Source: NVD
CVE-2026-4552 HIGH - 8.8

A vulnerability was determined in Tenda F453 1.0.0.3. This issue affects the function fromVirtualSer of the file /goform/VirtualSer of the component Parameters Handler. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack may be performed from remote. The...

Published: Mar 22, 2026
Source: NVD
CVE-2026-4551 HIGH - 8.8

A vulnerability was found in Tenda F453 1.0.0.3. This vulnerability affects the function fromSafeClientFilter of the file /goform/SafeClientFilter of the component Parameters Handler. Performing a manipulation of the argument menufacturer/Go results in stack-based buffer overflow. The attack is poss...

Published: Mar 22, 2026
Source: NVD
CVE-2026-4546 HIGH - 7.0

A weakness has been identified in Flos Freeware Notepad2 4.2.25. This impacts an unknown function in the library TextShaping.dll. Executing a manipulation can lead to uncontrolled search path. The attack is restricted to local execution. The attack requires a high level of complexity. The exploitabi...

Published: Mar 22, 2026
Source: NVD
CVE-2019-25619 HIGH - 8.4

FTP Shell Server 6.83 contains a buffer overflow vulnerability in the 'Account name to ban' field that allows local attackers to execute arbitrary code by supplying a crafted string. Attackers can inject shellcode through the account name parameter in the Manage FTP Accounts dialog to over...

Vendor: Ftpshell
Product: FTP Shell Server
Published: Mar 22, 2026
Source: NVD
CVE-2019-25615 HIGH - 8.4

Lavavo CD Ripper 4.20 contains a structured exception handling (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the License Activation Name field. Attackers can craft a payload with controlled buffer data, NSEH jump instruct...

Vendor: Lavavosoftware
Product: Lavavo CD Ripper
Published: Mar 22, 2026
Source: NVD
CVE-2019-25613 HIGH - 7.5

Easy Chat Server 3.1 contains a denial of service vulnerability that allows remote attackers to crash the application by sending oversized data in the message parameter. Attackers can establish a session via the chat.ghp endpoint and then send a POST request to body2.ghp with an excessively large me...

Vendor: Echatserver
Product: Easy Chat
Published: Mar 22, 2026
Source: NVD
CVE-2019-25612 HIGH - 7.8

Admin Express 1.2.5.485 contains a local structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an alphanumeric encoded payload in the Folder Path field. Attackers can trigger the vulnerability through the System Compare feature...

Vendor: Admin-Express
Product: Admin-Express
Published: Mar 22, 2026
Source: NVD
CVE-2019-25611 HIGH - 8.4

MiniFtp contains a buffer overflow vulnerability in the parseconf_load_setting function that allows local attackers to execute arbitrary code by supplying oversized configuration values. Attackers can craft a miniftpd.conf file with values exceeding 128 bytes to overflow stack buffers and overwrite ...

Vendor: skyqinsc
Product: MiniFtp
Published: Mar 22, 2026
Source: NVD
CVE-2019-25609 HIGH - 8.4

JetAudio jetCast Server 2.0 contains a stack-based buffer overflow vulnerability in the Log Directory configuration field that allows local attackers to overwrite structured exception handling pointers. Attackers can inject alphanumeric encoded shellcode through the Log Directory field to trigger an...

Vendor: Jetaudio
Product: Server
Published: Mar 22, 2026
Source: NVD