Total CVEs

141,537

Critical Severity

3,871

High Severity

13,923

Last 7 Days

1,590
Quick preset (or use dates below)
Clear Filters
Showing 10,121 - 10,140 of 14,444 CVEs
CVE-2026-3798 MEDIUM - 4.7

A vulnerability was detected in Comfast CF-AC100 2.6.0.8. This affects the function sub_44AC14 of the file /cgi-bin/mbox-config?method=SET&section=ping_config of the component Request Path Handler. The manipulation results in command injection. The attack may be launched remotely. The exploit is...

Vendor: encomfast
Product: comfast_cf-ac100_firmware
Published: Mar 09, 2026
Source: NVD
CVE-2026-3797 MEDIUM - 6.3

A security vulnerability has been detected in Tiandy Video Surveillance System ่ง†้ข‘็›‘ๆŽงๅนณๅฐ 7.17.0. The impacted element is the function uploadFile of the file /src/com/tiandy/easy7/core/rest/CLS_REST_File.java. The manipulation of the argument fileName leads to unrestricted upload. The attack may be init...

Vendor: tiandy
Product: video_surveillance_system_firmware
Published: Mar 09, 2026
Source: NVD
CVE-2026-3796 MEDIUM - 5.3

A weakness has been identified in Qi-ANXIN QAX Virus Removal up to 2025-10-22. The affected element is the function ZwTerminateProcess in the library QKSecureIO_Imp.sys of the component Mini Filter Driver. Executing a manipulation can lead to improper access controls. The attack is restricted to loc...

Vendor: qianxin
Product: qax_internet_control_gateway
Published: Mar 09, 2026
Source: NVD
CVE-2026-3795 MEDIUM - 6.3

A security flaw has been discovered in doramart DoraCMS 3.0.x. Impacted is the function createFileBypath of the file /DoraCMS/server/app/router/api/v1.js. Performing a manipulation results in path traversal. The attack can be initiated remotely. The exploit has been released to the public and may be...

Vendor: html-js
Product: doracms
Published: Mar 09, 2026
Source: NVD
CVE-2026-3793 MEDIUM - 6.3

A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file sales_invoice1.php of the component GET Parameter Handler. This manipulation of the argument sellid causes sql injection. It is possible to initiate the attack remotel...

Vendor: ahsanriaz26gmailcom
Product: sales_and_inventory_system
Published: Mar 09, 2026
Source: NVD
CVE-2026-3792 MEDIUM - 6.3

A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file purchase_invoice.php of the component GET Parameter Handler. The manipulation of the argument purchaseid results in sql injection. The attack may be performed from remote. The exploit...

Vendor: ahsanriaz26gmailcom
Product: sales_and_inventory_system
Published: Mar 09, 2026
Source: NVD
CVE-2026-3791 MEDIUM - 6.3

A vulnerability has been found in SourceCodester Sales and Inventory System 1.0. Affected by this issue is some unknown functionality of the file dashboard.php of the component Search. The manipulation of the argument searchtxt leads to sql injection. The attack is possible to be carried out remotel...

Vendor: ahsanriaz26gmailcom
Product: sales_and_inventory_system
Published: Mar 09, 2026
Source: NVD
CVE-2026-3790 MEDIUM - 6.3

A flaw has been found in SourceCodester Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file check_supplier_details.php of the component POST Parameter Handler. Executing a manipulation of the argument stock_name1 can lead to sql injection. The attac...

Vendor: ahsanriaz26gmailcom
Product: sales_and_inventory_system
Published: Mar 09, 2026
Source: NVD
CVE-2026-3789 MEDIUM - 6.3

A vulnerability was detected in Bytedesk up to 1.3.9. Affected is the function getModels of the file source-code/src/main/java/com/bytedesk/ai/springai/providers/gitee/SpringAIGiteeRestService.java of the component SpringAIGiteeRestController. Performing a manipulation of the argument apiUrl results...

Vendor: bytedesk
Product: bytedesk
Published: Mar 09, 2026
Source: NVD
CVE-2026-3788 MEDIUM - 6.3

A security vulnerability has been detected in Bytedesk up to 1.3.9. This impacts the function getModels of the file source-code/src/main/java/com/bytedesk/ai/springai/providers/openrouter/SpringAIOpenrouterRestService.java of the component SpringAIOpenrouterRestController. Such manipulation of the a...

Vendor: bytedesk
Product: bytedesk
Published: Mar 09, 2026
Source: NVD
CVE-2026-3786 MEDIUM - 6.3

A security flaw has been discovered in EasyCMS up to 1.6. The impacted element is an unknown function of the file /RbacuserAction.class.php of the component Request Parameter Handler. The manipulation of the argument _order results in sql injection. The attack can be launched remotely. The exploit h...

Vendor: easycms
Product: easycms
Published: Mar 08, 2026
Source: NVD
CVE-2026-3785 MEDIUM - 6.3

A vulnerability was identified in EasyCMS up to 1.6. The affected element is an unknown function of the file /RbacnodeAction.class.php of the component Request Parameter Handler. The manipulation of the argument _order leads to sql injection. The attack can be initiated remotely. The exploit is publ...

Vendor: easycms
Product: easycms
Published: Mar 08, 2026
Source: NVD
CVE-2026-3771 MEDIUM - 6.3

A vulnerability has been found in SourceCodester/janobe Resort Reservation System 1.0. This vulnerability affects unknown code of the file /accomodation.php. Such manipulation of the argument q leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the pub...

Vendor: oretnom23
Product: resort_reservation_system
Published: Mar 08, 2026
Source: NVD
CVE-2026-3770 MEDIUM - 4.3

A flaw has been found in SourceCodester Computer Laboratory Management System 1.0. This affects an unknown part. This manipulation causes cross-site request forgery. The attack is possible to be carried out remotely. The exploit has been published and may be used.

Vendor: oretnom23
Product: computer_laboratory_management_system
Published: Mar 08, 2026
Source: NVD
CVE-2026-3767 MEDIUM - 6.3

A weakness has been identified in itsourcecode sanitize or validate this input 1.0. Affected is an unknown function of the file /admin/teacher-attendance.php. Executing a manipulation of the argument teacher_id can lead to sql injection. The attack may be launched remotely. The exploit has been made...

Vendor: angeljudesuarez
Product: college_management_system
Published: Mar 08, 2026
Source: NVD
CVE-2026-3763 MEDIUM - 4.3

A vulnerability was found in code-projects Simple Flight Ticket Booking System 1.0. The affected element is an unknown function of the file showhistory.php. The manipulation results in cross site scripting. It is possible to launch the attack remotely. The exploit has been made public and could be u...

Vendor: carmelo
Product: simple_flight_ticket_booking_system
Published: Mar 08, 2026
Source: NVD
CVE-2026-3761 MEDIUM - 5.4

A flaw has been found in SourceCodester Client Database Management System 1.0. This issue affects some unknown processing of the file /superadmin_user_delete.php of the component Endpoint. Executing a manipulation of the argument user_id can lead to improper authorization. The attack may be performe...

Vendor: lerouxyxchire
Product: client_database_management_system
Published: Mar 08, 2026
Source: NVD
CVE-2026-3756 MEDIUM - 6.3

A vulnerability was identified in SourceCodester Sales and Inventory System up to 1.0. Affected is an unknown function of the file /check_item_details.php. The manipulation of the argument stock_name1 leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and...

Vendor: ahsanriaz26gmailcom
Product: sales_and_inventory_system
Published: Mar 08, 2026
Source: NVD
CVE-2026-3755 MEDIUM - 6.3

A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This impacts an unknown function of the file /check_customer_details.php of the component POST Handler. Executing a manipulation of the argument stock_name1 can lead to sql injection. The attack can be launched remotely...

Vendor: ahsanriaz26gmailcom
Product: sales_and_inventory_system
Published: Mar 08, 2026
Source: NVD
CVE-2026-3754 MEDIUM - 6.3

A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown function of the file /add_stock.php. Performing a manipulation of the argument cost results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used.

Vendor: ahsanriaz26gmailcom
Product: sales_and_inventory_system
Published: Mar 08, 2026
Source: NVD