31,509 indexed
CVECVE vulnerabilities
31,509 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 1,251–1,300 of 8,161 in High · page 26 of 164
| ID | Title | Summary |
|---|---|---|
| CVE-2026-3770 | CVE-2026-3770 CVSS 8.8 | A flaw has been found in SourceCodester Computer Laboratory Management System 1.0. This affects an unknown part. This manipulation causes cross-site request fo… |
| CVE-2026-3769 | CVE-2026-3769 CVSS 8.8 | A vulnerability was detected in Tenda F453 1.0.0.3. Affected by this issue is the function WrlclientSet of the file /goform/WrlclientSet. The manipulation of t… |
| CVE-2026-3768 | CVE-2026-3768 CVSS 8.8 | A security vulnerability has been detected in Tenda F453 1.0.0.3. Affected by this vulnerability is the function formWrlExtraSet of the file /goform/WrlExtraSe… |
| CVE-2026-3767 | CVE-2026-3767 CVSS 8.8 | A weakness has been identified in itsourcecode sanitize or validate this input 1.0. Affected is an unknown function of the file /admin/teacher-attendance.php. … |
| CVE-2026-3756 | CVE-2026-3756 CVSS 8.8 | A vulnerability was identified in SourceCodester Sales and Inventory System up to 1.0. Affected is an unknown function of the file /check_item_details.php. The… |
| CVE-2026-37552 | CVE-2026-37552 CVSS 8.4 | Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The sync-invoke TCP server (Server.php:87) receives data from a TCP socket, passes it… |
| CVE-2026-3755 | CVE-2026-3755 CVSS 8.8 | A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This impacts an unknown function of the file /check_customer_details.php of th… |
| CVE-2026-37540 | CVE-2026-37540 CVSS 8.4 | OpenAMP v2025.10.0 ELF loader contains an integer overflow vulnerability in firmware image parsing. In elf_loader.c, it performs multiplication of two attacker… |
| CVE-2026-3754 | CVE-2026-3754 CVSS 8.8 | A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown function of the file /add_stock.php. Performing a manipulat… |
| CVE-2026-37537 | CVE-2026-37537 CVSS 8.1 | collin80/Open-SAE-J1939 thru commit 744024d4306bc387857dfce439558336806acb06 (2023-03-08) contains an integer underflow leading to out-of-bounds write in Trans… |
| CVE-2026-37536 | CVE-2026-37536 CVSS 8.8 | miaofng/uds-c commit e506334e270d77b20c0bc259ac6c7d8c9b702b7a (2016-10-05) contains a stack buffer overflow in send_diagnostic_request. A 6-byte stack buffer (… |
| CVE-2026-3753 | CVE-2026-3753 CVSS 8.8 | A vulnerability has been found in SourceCodester Sales and Inventory System up to 1.0. The impacted element is an unknown function of the file /add_sales_print… |
| CVE-2026-3749 | CVE-2026-3749 CVSS 8.8 | A weakness has been identified in Bytedesk up to 1.3.9. This vulnerability affects the function handleFileUpload of the file source-code/src/main/java/com/byte… |
| CVE-2026-3748 | CVE-2026-3748 CVSS 8.8 | A security flaw has been discovered in Bytedesk up to 1.3.9. This affects the function uploadFile of the file source-code/src/main/java/com/bytedesk/core/uploa… |
| CVE-2026-3745 | CVE-2026-3745 CVSS 8.8 | A vulnerability was found in code-projects Student Web Portal 1.0. Affected is an unknown function of the file profile.php. The manipulation of the argument Us… |
| CVE-2026-3732 | CVE-2026-3732 CVSS 8.8 | A security vulnerability has been detected in Tenda F453 1.0.0.3. This affects the function strcpy of the file /goform/exeCommand. The manipulation of the argu… |
| CVE-2026-3729 | CVE-2026-3729 CVSS 8.8 | A vulnerability was identified in Tenda F453 1.0.0.3/3.As. Impacted is the function fromPptpUserAdd of the file /goform/PPTPDClient. Such manipulation of the a… |
| CVE-2026-3728 | CVE-2026-3728 CVSS 8.8 | A vulnerability was determined in Tenda F453 1.0.0.3/1.If. This issue affects the function fromSetCfm of the file /goform/setcfm. This manipulation of the argu… |
| CVE-2026-3727 | CVE-2026-3727 CVSS 8.8 | A vulnerability was found in Tenda F453 1.0.0.3. This vulnerability affects the function sub_3C6C0 of the file /goform/QuickIndex. The manipulation of the argu… |
| CVE-2026-3726 | CVE-2026-3726 CVSS 8.8 | A vulnerability has been found in Tenda F453 1.0.0.3. This affects the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter. The manipula… |
| CVE-2026-3725 | CVE-2026-3725 CVSS 8.8 | A flaw has been found in 1024-lab/lab1024 SmartAdmin up to 3.29. Affected by this issue is the function freemarkerResolverContent of the file sa-base/src/main/… |
| CVE-2026-3724 | CVE-2026-3724 CVSS 8.8 | A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0. This impacts an unknown function of the file /checkin.php. … |
| CVE-2026-3715 | CVE-2026-3715 CVSS 8.8 | A vulnerability was found in Wavlink WL-WN579X3-C 231124. This affects the function sub_40139C of the file /cgi-bin/firewall.cgi. Performing a manipulation of … |
| CVE-2026-3701 | CVE-2026-3701 CVSS 8.8 | A security vulnerability has been detected in H3C Magic B1 up to 100R004. Affected by this vulnerability is the function Edit_BasicSSID_5G of the file /goform/… |
| CVE-2026-3700 | CVE-2026-3700 CVSS 8.8 | A weakness has been identified in UTT HiPER 810G up to 1.7.7-171114. Affected is the function strcpy of the file /goform/formConfigDnsFilterGlobal. This manipu… |
| CVE-2026-3699 | CVE-2026-3699 CVSS 8.8 | A security flaw has been discovered in UTT HiPER 810G up to 1.7.7-171114. This impacts the function strcpy of the file /goform/formRemoteControl. The manipulat… |
| CVE-2026-3698 | CVE-2026-3698 CVSS 8.8 | A vulnerability was identified in UTT HiPER 810G up to 1.7.7-171114. This affects the function strcpy of the file /goform/NTP. The manipulation leads to buffer… |
| CVE-2026-36960 | CVE-2026-36960 CVSS 8.8 | A Cross-Site Request Forgery (CSRF) vulnerability exists in the web management interface of the U-SPEED N300 Rounter V1.0.0. The device does not implement CSRF… |
| CVE-2026-36956 | CVE-2026-36956 CVSS 8.8 | A Cross-Site Request Forgery (CSRF) vulnerability exists in the web management interface of the Dbit N300 T1 Pro wireless router V1.0.0. The router fails to im… |
| CVE-2026-3692 | CVE-2026-3692 CVSS 8.8 | In Progress Flowmon versions prior to 12.5.8, a vulnerability exists whereby an authenticated low-privileged user may craft a request during the report generat… |
| CVE-2026-36828 | CVE-2026-36828 CVSS 8.8 | A command injection vulnerability exists in the /cgi-bin/tools/ajax_cmd endpoint of Panabit PAP-XM320 up to and including v7.7. The CGI component allows authen… |
| CVE-2026-3679 | CVE-2026-3679 CVSS 8.8 | A vulnerability was identified in Tenda FH451 1.0.0.9. Affected by this vulnerability is the function formQuickIndex of the file /goform/QuickIndex. Such manip… |
| CVE-2026-3678 | CVE-2026-3678 CVSS 8.8 | A vulnerability was determined in Tenda FH451 1.0.0.9. Affected is the function sub_3C434 of the file /goform/AdvSetWan. This manipulation of the argument wanm… |
| CVE-2026-3677 | CVE-2026-3677 CVSS 8.8 | A vulnerability was found in Tenda FH451 1.0.0.9. This impacts the function fromSetCfm of the file /goform/setcfm. The manipulation of the argument funcname/fu… |
| CVE-2026-36765 | CVE-2026-36765 CVSS 8.8 | An XML external entity (XXE) vulnerability in the /designer/loadReport endpoint of SpringBlade v4.8.0 allows authenticated attackers to execute arbitrary code … |
| CVE-2026-36762 | CVE-2026-36762 CVSS 8.8 | An issue in the fileEntityId parameter in the /a/file/upload endpoint of JeeSite v5.15.1 allows authenticated attackers with file upload permissions to execute… |
| CVE-2026-36734 | CVE-2026-36734 CVSS 8.8 | EDIMAX BR-6428nS V3 1.15 is vulnerable to Command Injection. An authenticated attacker with access to the network can submit crafted input to the WLAN configur… |
| CVE-2026-3666 | CVE-2026-3666 CVSS 8.8 | The wpForo Forum plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 2.4.16. This is due to a missing file name… |
| CVE-2026-36340 | CVE-2026-36340 CVSS 8.1 | An issue in Krayin CRM v.2.1.5 and fixed in v.2.1.6 allows a remote attacker to execute arbitrary code via the compose email function |
| CVE-2026-3629 | CVE-2026-3629 CVSS 8.1 | The Import and export users and customers plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.29.7. This is due … |
| CVE-2026-3614 | CVE-2026-3614 CVSS 8.8 | The AcyMailing plugin for WordPress is vulnerable to privilege escalation in all versions From 9.11.0 up to, and including, 10.8.1 due to a missing capability … |
| CVE-2026-3605 | CVE-2026-3605 CVSS 8.1 | An authenticated user with access to a kvv2 path through a policy containing a glob may be able to delete secrets they were not authorized to read or write, re… |
| CVE-2026-35682 | CVE-2026-35682 CVSS 8.8 | Anviz CX2 Lite is vulnerable to an authenticated command injection via a filename parameter that enables arbitrary command execution (e.g., starting telnetd)… |
| CVE-2026-35670 | CVE-2026-35670 CVSS 8.1 | OpenClaw before 2026.3.22 contains a webhook reply delivery vulnerability that allows attackers to rebind chat replies to unintended users by exploiting mutabl… |
| CVE-2026-35669 | CVE-2026-35669 CVSS 8.8 | OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in gateway-authenticated plugin HTTP routes that incorrectly mint operator.admin runtim… |
| CVE-2026-35666 | CVE-2026-35666 CVSS 8.8 | OpenClaw before 2026.3.22 contains an allowlist bypass vulnerability in system.run approvals that fails to unwrap /usr/bin/time wrappers. Attackers can bypass … |
| CVE-2026-35663 | CVE-2026-35663 CVSS 8.8 | OpenClaw before 2026.3.25 contains a privilege escalation vulnerability allowing non-admin operators to self-request broader scopes during backend reconnect. A… |
| CVE-2026-35660 | CVE-2026-35660 CVSS 8.1 | OpenClaw before 2026.3.23 contains an insufficient access control vulnerability in the Gateway agent /reset endpoint that allows callers with operator.write pe… |
| CVE-2026-35653 | CVE-2026-35653 CVSS 8.1 | OpenClaw before 2026.3.24 contains an incorrect authorization vulnerability in the POST /reset-profile endpoint that allows authenticated callers with operator… |
| CVE-2026-35650 | CVE-2026-35650 CVSS 8.8 | OpenClaw before 2026.3.22 contains an environment variable override handling vulnerability that allows attackers to bypass the shared host environment policy t… |