Total CVEs

141,492

Critical Severity

3,867

High Severity

13,899

Last 7 Days

1,659
Quick preset (or use dates below)
Clear Filters
Showing 9,341 - 9,360 of 13,899 CVEs
CVE-2026-4235 HIGH - 7.3

A weakness has been identified in itsourcecode Online Enrollment System 1.0. This issue affects some unknown processing of the file /sms/login.php. This manipulation of the argument user_email causes sql injection. The attack is possible to be carried out remotely. The exploit has been made availabl...

Published: Mar 16, 2026
Source: NVD
CVE-2026-4232 HIGH - 7.3

A vulnerability was determined in Tiandy Integrated Management Platform 7.17.0. Affected by this issue is some unknown functionality of the file /rest/user/getAuthorityByUserId. Executing a manipulation of the argument userId can lead to sql injection. The attack may be launched remotely. The exploi...

Published: Mar 16, 2026
Source: NVD
CVE-2026-4231 HIGH - 7.3

A vulnerability was found in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is the function update_sql/run_sql of the file src/vanna/legacy/flask/__init__.py of the component Endpoint. Performing a manipulation results in server-side request forgery. The attack may be initiated remotely....

Published: Mar 16, 2026
Source: NVD
CVE-2026-4229 HIGH - 7.3

A flaw has been found in vanna-ai vanna up to 2.0.2. This impacts the function remove_training_data of the file src/vanna/legacy/google/bigquery_vector.py. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used....

Published: Mar 16, 2026
Source: NVD
CVE-2026-4227 HIGH - 8.8

A security vulnerability has been detected in LB-LINK BL-WR9000 2.4.9. The impacted element is the function sub_44D844 of the file /goform/get_hidessid_cfg. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be u...

Vendor: lb-link
Product: bl-wr9000_firmware
Published: Mar 16, 2026
Source: NVD
CVE-2026-4226 HIGH - 8.8

A weakness has been identified in LB-LINK BL-WR9000 2.4.9. The affected element is the function sub_44E8D0 of the file /goform/get_virtual_cfg. Executing a manipulation can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been made available to the public...

Vendor: lb-link
Product: bl-wr9000_firmware
Published: Mar 16, 2026
Source: NVD
CVE-2026-4223 HIGH - 7.3

A vulnerability was identified in itsourcecode Payroll Management System 1.0. This issue affects some unknown processing of the file /manage_employee.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be ...

Vendor: angeljudesuarez
Product: payroll_management_system
Published: Mar 16, 2026
Source: NVD
CVE-2026-4221 HIGH - 7.3

A vulnerability was found in Tiandy Easy7 Integrated Management Platform 7.17.0. This affects an unknown part of the file /rest/file/uploadLedImage of the component Endpoint. The manipulation of the argument File results in unrestricted upload. The attack may be launched remotely. The exploit has be...

Published: Mar 16, 2026
Source: NVD
CVE-2026-4220 HIGH - 7.3

A vulnerability has been found in Technologies Integrated Management Platform 7.17.0. Affected by this issue is some unknown functionality of the file /SetWebpagePic.jsp. The manipulation of the argument targetPath/Suffix leads to unrestricted upload. The attack may be initiated remotely. The exploi...

Published: Mar 16, 2026
Source: NVD
CVE-2026-4214 HIGH - 8.8

A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This issue affects the function UPnP_AV_Server_Pa...

Vendor: dlink
Product: dnr-202l_firmware
Published: Mar 16, 2026
Source: NVD
CVE-2026-4213 HIGH - 8.8

A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This vulnerability affects the function cg...

Vendor: dlink
Product: dnr-202l_firmware
Published: Mar 16, 2026
Source: NVD
CVE-2026-4212 HIGH - 8.8

A security vulnerability has been detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This affects the function Do...

Vendor: dlink
Product: dnr-202l_firmware
Published: Mar 16, 2026
Source: NVD
CVE-2026-4211 HIGH - 8.8

A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected by this issue is the function L...

Vendor: dlink
Product: dnr-202l_firmware
Published: Mar 16, 2026
Source: NVD
CVE-2026-4201 HIGH - 7.3

A weakness has been identified in glowxq glowxq-oj up to 6f7c723090472057252040fd2bbbdaa1b5ed2393. This vulnerability affects the function Upload of the file business/business-system/src/main/java/com/glowxq/system/admin/controller/SysFileController.java. Executing a manipulation can lead to unrestr...

Published: Mar 16, 2026
Source: NVD
CVE-2026-4200 HIGH - 7.3

A security flaw has been discovered in glowxq glowxq-oj up to 6f7c723090472057252040fd2bbbdaa1b5ed2393. This affects the function uploadTestcaseZipUrl of the file business/business-oj/src/main/java/com/glowxq/oj/problem/controller/ProblemCaseController.java. Performing a manipulation results in serv...

Published: Mar 16, 2026
Source: NVD
CVE-2026-4194 HIGH - 7.3

A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. The impacted element is the function cgi_s...

Vendor: dlink
Product: dnr-202l_firmware
Published: Mar 16, 2026
Source: NVD
CVE-2026-4193 HIGH - 7.3

A security vulnerability has been detected in D-Link DIR-823G 1.0.2B05. The affected element is the function GetDDNSSettings/GetDeviceDomainName/GetDeviceSettings/GetDMZSettings/GetFirewallSettings/GetGuestNetworkSettings/GetLanWanConflictInfo/GetLocalMacAddress/GetNetworkSettings/GetQoSSettings/Get...

Published: Mar 16, 2026
Source: NVD
CVE-2026-4191 HIGH - 7.3

A flaw has been found in JawherKl node-api-postgres up to 2.5. Affected is the function path.extname of the file index.js of the component Profile Picture Handler. This manipulation causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been published and may ...

Published: Mar 16, 2026
Source: NVD
CVE-2026-4190 HIGH - 7.3

A vulnerability was detected in JawherKl node-api-postgres up to 2.5. This impacts the function User.getAll of the file models/user.js. The manipulation of the argument sort results in sql injection. The attack can be executed remotely. The exploit is now public and may be used. The vendor was conta...

Published: Mar 16, 2026
Source: NVD
CVE-2026-4188 HIGH - 8.8

A security flaw has been discovered in D-Link DIR-619L 2.06B01. The affected element is the function formSchedule of the file /goform/formSchedule of the component boa. Performing a manipulation of the argument curTime results in stack-based buffer overflow. The attack may be initiated remotely. The...

Published: Mar 16, 2026
Source: NVD