Browse CVEs

This SQL injection vulnerability in Martcode Software's Delta Course Automation allows attackers to execute arbitrary SQL commands on the database. Al...

A stack-based buffer overflow vulnerability in ELECOM wireless LAN access point devices allows remote attackers to execute arbitrary code by sending s...

The NixOS Odoo package exposes the database manager without authentication, allowing unauthorized actors to delete or download the entire database and...

CVE-2026-25142 is a critical sandbox escape vulnerability in SandboxJS library versions before 0.8.27. Attackers can use the __lookupGetter__ method t...

Signal K Server versions before 1.5.0 contain a command injection vulnerability in the set-system-time plugin that allows authenticated users with wri...

This vulnerability in vLLM allows attackers to leak heap memory addresses by sending invalid images to the multimodal endpoint, which reduces ASLR ent...

CVE-2022-50981 allows unauthenticated remote attackers to gain full administrative access to affected devices because they ship without a default pass...

In lunary-ai/lunary version 1.2.2, a privilege escalation vulnerability allows users with 'viewer' role to hijack other user accounts by obtaining pas...

This vulnerability in h2o-3 allows remote attackers to write arbitrary data to any file on the server, potentially leading to remote code execution an...

This CVE describes a Local File Inclusion vulnerability in the lollms-webui application that allows attackers to execute arbitrary Python code remotel...

CVE-2026-20418 is a critical out-of-bounds write vulnerability in Thread protocol implementations that allows remote attackers to execute arbitrary co...

This CVE describes a privilege escalation vulnerability in MediaTek wlan STA drivers where missing bounds checks allow local attackers to gain elevate...

The User Profile Builder WordPress plugin before version 3.15.2 has an improper password reset mechanism that allows unauthenticated attackers to rese...

MagicINFO 9 Server versions below 21.1090.1 contain hardcoded database credentials, allowing attackers to authenticate and manipulate the database. Th...

A vulnerability in MagicInfo9 Server allows authorized users to upload HTML files without proper authentication, leading to stored cross-site scriptin...

This vulnerability allows remote attackers to upload malicious files to the Soar Cloud HRD Human Resource Management System, which can lead to arbitra...

A critical deserialization vulnerability in Soar Cloud HRD Human Resource Management System allows remote attackers to execute arbitrary system comman...