31,467 indexed
CVECVE vulnerabilities
31,467 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 801–850 of 8,314 in Critical · page 17 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2026-3794 | CVE-2026-3794 CVSS 9.8 | A vulnerability was identified in doramart DoraCMS 3.0.x. This issue affects some unknown processing of the file /api/v1/mail/send of the component Email API. … |
| CVE-2026-37749 | CVE-2026-37749 CVSS 9.8 | A SQL injection vulnerability in CodeAstro Simple Attendance Management System v1.0 allows remote unauthenticated attackers to bypass authentication via the us… |
| CVE-2026-37709 | CVE-2026-37709 CVSS 9.8 | Insecure Permissions vulnerability in grokability snipe-it v.8.4.0 and before and fixed after 2026-03-10 commit 676a9958 allows a remote attacker to execute ar… |
| CVE-2026-3765 | CVE-2026-3765 CVSS 9.8 | A vulnerability was identified in itsourcecode University Management System 1.0. This affects an unknown function of the file /att_single_view.php. Such manipu… |
| CVE-2026-3762 | CVE-2026-3762 CVSS 9.8 | A vulnerability has been found in SourceCodester Client Database Management System 1.0/3.1. Impacted is an unknown function of the file /superadmin_delete_mana… |
| CVE-2026-3760 | CVE-2026-3760 CVSS 9.8 | A vulnerability was detected in itsourcecode University Management System 1.0. This vulnerability affects unknown code of the file /view_result.php. Performing… |
| CVE-2026-3759 | CVE-2026-3759 CVSS 9.8 | A security vulnerability has been detected in projectworlds Online Art Gallery Shop 1.0. This affects an unknown part of the file /admin/adminHome.php. Such ma… |
| CVE-2026-3758 | CVE-2026-3758 CVSS 9.8 | A weakness has been identified in projectworlds Online Art Gallery Shop 1.0. Affected by this issue is some unknown functionality of the file /admin/adminHome.… |
| CVE-2026-3757 | CVE-2026-3757 CVSS 9.8 | A security flaw has been discovered in projectworlds Online Art Gallery Shop 1.0. Affected by this vulnerability is an unknown functionality of the file /?pass… |
| CVE-2026-37541 | CVE-2026-37541 CVSS 10.0 | Buffer overflow vulnerability in Open Vehicle Monitoring System 3 (OVMS3) 3.3.005. In canformat_gvret.cpp, the length field in GVRET binary data is not properl… |
| CVE-2026-37539 | CVE-2026-37539 CVSS 9.8 | Buffer overflow vulnerability in cannelloni v2.0.0 in CAN frame parsing in parser.cpp in function parseCANFrame, and decoder.cpp in function decodeFrame allowi… |
| CVE-2026-37534 | CVE-2026-37534 CVSS 9.8 | Integer underflow vulnerability in Open-SAE-J1939 thru commit b6caf884df46435e539b1ecbf92b6c29b345bdfe (2025-11-30) in SAE_J1939_Read_Transport_Protocol_Data_T… |
| CVE-2026-37531 | CVE-2026-37531 CVSS 9.8 | AGL app-framework-main thru 17.1.12 contains a Zip Slip path traversal vulnerability (CWE-22) combined with a TOCTOU race condition (CWE-367) in the widget ins… |
| CVE-2026-3747 | CVE-2026-3747 CVSS 9.8 | A vulnerability was identified in itsourcecode University Management System 1.0. Affected by this issue is some unknown functionality of the file /add_result.p… |
| CVE-2026-3746 | CVE-2026-3746 CVSS 9.8 | A vulnerability was determined in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file … |
| CVE-2026-3744 | CVE-2026-3744 CVSS 9.8 | A vulnerability has been found in code-projects Student Web Portal 1.0. This impacts the function valreg_passwdation of the file signup.php. The manipulation o… |
| CVE-2026-37431 | CVE-2026-37431 CVSS 9.8 | Beauty Parlour Management System v1.1 was discovered to contain a SQL injection vulnerability via the aptnumber parameter in the /appointment-detail.php endpoi… |
| CVE-2026-3740 | CVE-2026-3740 CVSS 9.8 | A weakness has been identified in itsourcecode University Management System 1.0. Impacted is an unknown function of the file /admin_search_student.php. This ma… |
| CVE-2026-3736 | CVE-2026-3736 CVSS 9.8 | A vulnerability was found in code-projects Simple Flight Ticket Booking System 1.0. Affected by this issue is some unknown functionality of the file SearchResu… |
| CVE-2026-3735 | CVE-2026-3735 CVSS 9.8 | A vulnerability has been found in code-projects Simple Flight Ticket Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file… |
| CVE-2026-37347 | CVE-2026-37347 CVSS 9.1 | SourceCodester Payroll Management and Information System v1.0 is vulnerable to SQL Injection in the file /payroll/view_employee.php. |
| CVE-2026-37345 | CVE-2026-37345 CVSS 9.8 | SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manage_park.php. |
| CVE-2026-37340 | CVE-2026-37340 CVSS 9.8 | SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/edit_music.php. |
| CVE-2026-37339 | CVE-2026-37339 CVSS 9.8 | SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/view_genre.php. |
| CVE-2026-37338 | CVE-2026-37338 CVSS 9.4 | SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/view_user.php. |
| CVE-2026-3730 | CVE-2026-3730 CVSS 9.8 | A security flaw has been discovered in itsourcecode Free Hotel Reservation System 1.0. The affected element is an unknown function of the file /hotel/admin/mod… |
| CVE-2026-37281 | CVE-2026-37281 CVSS 9.8 | An OS command injection vulnerability in the /stream-to-vlc Express route in hitarth-gg Zenshin before 2.7.0 allows remote attackers to execute arbitrary comma… |
| CVE-2026-3723 | CVE-2026-3723 CVSS 9.8 | A security flaw has been discovered in code-projects Simple Flight Ticket Booking System 1.0. This affects an unknown function of the file /Admindelete.php. Th… |
| CVE-2026-3709 | CVE-2026-3709 CVSS 9.8 | A weakness has been identified in code-projects Simple Flight Ticket Booking System 1.0. This affects an unknown function of the file /register.php. Executing … |
| CVE-2026-3708 | CVE-2026-3708 CVSS 9.8 | A security flaw has been discovered in code-projects Simple Flight Ticket Booking System 1.0. The impacted element is an unknown function of the file /login.ph… |
| CVE-2026-3705 | CVE-2026-3705 CVSS 9.8 | A vulnerability was found in code-projects Simple Flight Ticket Booking System 1.0. This issue affects some unknown processing of the file /Adminsearch.php. Th… |
| CVE-2026-3703 | CVE-2026-3703 CVSS 9.8 | A flaw has been found in Wavlink NU516U1 251208. This affects the function sub_401A10 of the file /cgi-bin/login.cgi. Executing a manipulation of the argument … |
| CVE-2026-3696 | CVE-2026-3696 CVSS 9.8 | A vulnerability was found in Totolink N300RH 6..1c.1353_B20190305. The affected element is the function setWiFiWpsConfig of the file /cgi-bin/cstecgi.cgi of th… |
| CVE-2026-36841 | CVE-2026-36841 CVSS 9.8 | TOTOLINK N200RE V5 was discovered to contain a command injection vulnerability via the macstr and bandstr parameters in the formMapDelDevice function. |
| CVE-2026-36829 | CVE-2026-36829 CVSS 9.8 | An authentication bypass vulnerability exists in the embedded HTTP server of Panabit PAP-XM320 up to and including v7.7. The server validates session cookies u… |
| CVE-2026-36767 | CVE-2026-36767 CVSS 10.0 | A path traversal vulnerability in the /content/images/add endpoint of shopizer v3.2.5 allows attackers write arbitrary files to any writeable path via a crafte… |
| CVE-2026-36760 | CVE-2026-36760 CVSS 9.6 | An issue in the fileMd5 parameter in the /a/file/upload endpoint of JeeSite v5.15.1 allows authenticated attackers with file upload permissions to execute a pa… |
| CVE-2026-3660 | CVE-2026-3660 CVSS 9.8 | IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an unauthenticated remote attacker to update server property files that would allow th… |
| CVE-2026-36458 | CVE-2026-36458 CVSS 9.8 | ChestnutCMS v1.5.10 has a SQL injection vulnerability. The content parameter of the cms_content tag can be manipulated in the admin backend and injected into a… |
| CVE-2026-36356 | CVE-2026-36356 CVSS 9.1 | The GoAhead web server on MeiG Smart FORGE_SLT711 devices (firmware MDM9607.LE.1.0-00110-STD.PROD-1) allows unauthenticated OS command injection via the /actio… |
| CVE-2026-3630 | CVE-2026-3630 CVSS 9.8 | Delta Electronics COMMGR2 has Stack-based Buffer Overflow vulnerability. |
| CVE-2026-36236 | CVE-2026-36236 CVSS 9.8 | SourceCodester Engineers Online Portal v1.0 is vulnerable to SQL Injection in update_password.php via the new_password parameter. |
| CVE-2026-36235 | CVE-2026-36235 CVSS 9.8 | A SQL injection vulnerability was found in the scheduleSubList.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is tha… |
| CVE-2026-36234 | CVE-2026-36234 CVSS 9.8 | itsourcecode Online Student Enrollment System v1.0 is vulnerable to SQL Injection in newCourse.php via the 'coursename' parameter. |
| CVE-2026-36233 | CVE-2026-36233 CVSS 9.8 | A SQL injection vulnerability was found in the assignInstructorSubjects.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this iss… |
| CVE-2026-36232 | CVE-2026-36232 CVSS 9.8 | A SQL injection vulnerability was found in the instructorClasses.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is t… |
| CVE-2026-3611 | CVE-2026-3611 CVSS 10.0honeywell | The Honeywell IQ4x building management controller, exposes its full web-based HMI without authentication in its factory-default configuration. With no user mod… |
| CVE-2026-3596 | CVE-2026-3596 CVSS 9.8 | The Riaxe Product Customizer plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.2. The plugin registers an un… |
| CVE-2026-3593 | CVE-2026-3593 CVSS 9.8 | A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.… |
| CVE-2026-35903 | CVE-2026-35903 CVSS 9.8 | MERCURY MIPC252W IP camera 1.0.5 Build 230306 Rel.79931n contains an improper authentication vulnerability in the RTSP service. After successful Digest authent… |