Export limit exceeded: 337999 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (337999 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-25535 | 1 Netartmedia | 1 Php Dating Site | 2026-03-13 | 8.2 High |
| Netartmedia PHP Dating Site contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can send POST requests to loginaction.php with time-based SQL injection payloads in the Email field to extract sensitive database information. | ||||
| CVE-2019-25536 | 1 Netartmedia | 1 Php Real Estate Agency | 2026-03-13 | 8.2 High |
| Netartmedia PHP Real Estate Agency 4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the features[] parameter. Attackers can send POST requests to index.php with crafted SQL payloads in the features[] parameter to extract sensitive database information or manipulate database queries. | ||||
| CVE-2019-25537 | 1 Netartmedia | 1 Event Portal | 2026-03-13 | 8.2 High |
| Netartmedia Event Portal 2.0 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can send POST requests to loginaction.php with malicious SQL payloads in the Email field to extract sensitive database information. | ||||
| CVE-2019-25538 | 1 Sourceforge | 1 202cms | 2026-03-13 | 8.2 High |
| 202CMS v10 beta contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the log_user parameter. Attackers can send crafted requests with malicious SQL statements in the log_user field to extract sensitive database information or modify database contents. | ||||
| CVE-2019-25539 | 1 Sourceforge | 1 202cms | 2026-03-13 | 8.2 High |
| 202CMS v10 beta contains a blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the log_user parameter. Attackers can send POST requests to index.php with crafted SQL payloads using time-based blind injection techniques to extract sensitive database information. | ||||
| CVE-2019-25540 | 1 Netartmedia | 1 Php Mall | 2026-03-13 | 8.2 High |
| Netartmedia PHP Mall 4.1 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through various parameters. Attackers can craft malicious requests with SQL payloads to extract sensitive database information including user credentials and system data. | ||||
| CVE-2019-25541 | 1 Netartmedia | 1 Php Mall | 2026-03-13 | 8.2 High |
| Netartmedia PHP Mall 4.1 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through unvalidated parameters. Attackers can inject time-based blind SQL payloads via the 'id' parameter in index.php or the 'Email' parameter in loginaction.php to extract sensitive database information. | ||||
| CVE-2019-25542 | 1 Netartmedia | 1 Real Estate Portal | 2026-03-13 | 8.2 High |
| Netartmedia Real Estate Portal 5.0 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the user_email parameter. Attackers can send POST requests to index.php with malicious payloads in the user_email field to bypass authentication, extract sensitive data, or modify database contents. | ||||
| CVE-2019-25543 | 1 Netartmedia | 1 Real Estate Portal | 2026-03-13 | 8.2 High |
| Netartmedia Real Estate Portal 5.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the page parameter. Attackers can submit POST requests to index.php with malicious SQL payloads in the page field to bypass authentication, extract sensitive data, or modify database contents. | ||||
| CVE-2026-4045 | 1 Projectsend | 1 Projectsend | 2026-03-13 | 3.7 Low |
| A flaw has been found in projectsend up to r1945. This impacts an unknown function of the file includes/Classes/Auth.php. Executing a manipulation of the argument ldap_email can lead to observable response discrepancy. The attack can be executed remotely. A high complexity level is associated with this attack. The exploitability is said to be difficult. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-21672 | 1 Veeam | 1 Backup And Recovery | 2026-03-13 | 8.8 High |
| A vulnerability allowing local privilege escalation on Windows-based Veeam Backup & Replication servers. | ||||
| CVE-2026-21708 | 1 Veeam | 1 Backup And Recovery | 2026-03-13 | 10 Critical |
| A vulnerability allowing a Backup Viewer to perform remote code execution (RCE) as the postgres user. | ||||
| CVE-2026-25529 | 1 Postalserver | 1 Postal | 2026-03-13 | 8.1 High |
| Postal is an open source SMTP server. Postal versions less than 3.3.5 had a HTML injection vulnerability that allowed unescaped data to be included in the admin interface. The primary way for unescaped data to be added is via the API's "send/raw" method. This could allow arbitrary HTML to be injected in to the page which may modify the page in a misleading way or allow for unauthorised javascript to be executed. Fixed in 3.3.5 and higher. | ||||
| CVE-2026-27940 | 1 Ggml | 1 Llama.cpp | 2026-03-13 | 7.8 High |
| llama.cpp is an inference of several LLM models in C/C++. Prior to b8146, the gguf_init_from_file_impl() in gguf.cpp is vulnerable to an Integer overflow, leading to an undersized heap allocation. Using the subsequent fread() writes 528+ bytes of attacker-controlled data past the buffer boundary. This is a bypass of a similar bug in the same file - CVE-2025-53630, but the fix overlooked some areas. This vulnerability is fixed in b8146. | ||||
| CVE-2026-21887 | 1 Opencti-platform | 1 Opencti | 2026-03-13 | 7.7 High |
| OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.8.16, the OpenCTI platform’s data ingestion feature accepts user-supplied URLs without validation and uses the Axios HTTP client with its default configuration (allowAbsoluteUrls: true). This allows attackers to craft requests to arbitrary endpoints, including internal services, because Axios will accept and process absolute URLs. This results in a semi-blind SSRF, as responses may not be fully visible but can still impact internal systems. This vulnerability is fixed in 6.8.16. | ||||
| CVE-2026-31841 | 1 Hyperterse | 1 Hyperterse | 2026-03-13 | 6.5 Medium |
| Hyperterse is a tool-first MCP framework for building AI-ready backend surfaces from declarative config. Prior to v2.2.0, the search tool allows LLMs to search for tools using natural language. While returning results, Hyperterse also returned the raw SQL queries, exposing statements which were supposed to be executed under the hood, and protected from being displayed publicly. This issue has been fixed as of v2.2.0. | ||||
| CVE-2026-31873 | 1 Unjs | 1 Unhead | 2026-03-13 | 0 Low |
| Unhead is a document head and template manager. Prior to 2.1.11, The link.href check in makeTagSafe (safe.ts) uses String.includes(), which is case-sensitive. Browsers treat URI schemes case-insensitively. DATA:text/css,... is the same as data:text/css,... to the browser, but 'DATA:...'.includes('data:') returns false. An attacker can inject arbitrary CSS for UI redressing or data exfiltration via CSS attribute selectors with background-image callbacks. This vulnerability is fixed in 2.1.11. | ||||
| CVE-2026-28254 | 1 Trane | 2 Tracer Concierge, Tracer Sc | 2026-03-13 | N/A |
| A Missing Authorization vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to access sensitive information through unprotected APIs. | ||||
| CVE-2026-28255 | 1 Trane | 2 Tracer Concierge, Tracer Sc | 2026-03-13 | N/A |
| A Use of Hard-coded Credentials vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to disclose sensitive information and take over accounts. | ||||
| CVE-2026-28256 | 1 Trane | 2 Tracer Concierge, Tracer Sc | 2026-03-13 | N/A |
| A Use of Hard-coded, Security-relevant Constants vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to disclose sensitive information and take over accounts. | ||||