Total
341112 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-4633 | 2026-03-23 | N/A | 3.7 LOW | ||
| A flaw was found in Keycloak. A remote attacker can exploit differential error messages during the identity-first login flow when Organizations are enabled. This vulnerability allows an attacker to determine the existence of users, leading to information disclosure through user enumeration. | |||||
| CVE-2019-25554 | 2026-03-23 | N/A | 5.5 MEDIUM | ||
| Tomabo MP4 Converter 3.25.22 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can trigger a buffer overflow by pasting a large payload into the Name parameter when adding a preset in the Video/Audio Formats options, causing the application to crash when Reset All is clicked. | |||||
| CVE-2026-4543 | 2026-03-23 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was found in Wavlink WL-WN578W2 221110. The impacted element is an unknown function of the file /cgi-bin/firewall.cgi of the component POST Request Handler. Performing a manipulation of the argument dmz_flag/del_flag results in command injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2019-25603 | 2026-03-23 | N/A | 8.4 HIGH | ||
| TuneClone 2.20 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious license code string. Attackers can craft a payload with a controlled buffer, NSEH jump instruction, and SEH handler address pointing to a ROP gadget, then paste it into the license code field to trigger code execution and establish a bind shell. | |||||
| CVE-2026-4562 | 2026-03-23 | 7.5 HIGH | 7.3 HIGH | ||
| A security flaw has been discovered in MacCMS 2025.1000.4052. This affects an unknown part of the file application/api/controller/Timming.php of the component Timming API Endpoint. The manipulation results in missing authentication. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. | |||||
| CVE-2026-4569 | 2026-03-23 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This impacts an unknown function of the file /view_category.php of the component HTTP POST Request Handler. This manipulation of the argument searchtxt causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2019-25616 | 2026-03-23 | N/A | 6.2 MEDIUM | ||
| AnMing MP3 CD Burner 2.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized string. Attackers can paste a 6000-byte payload into the registration name field to trigger a denial of service condition. | |||||
| CVE-2026-4579 | 2026-03-23 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability was identified in code-projects Simple Laundry System 1.0. This affects an unknown function of the file /viewdetail.php of the component Parameters Handler. The manipulation of the argument serviceId leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. | |||||
| CVE-2019-25606 | 2026-03-23 | N/A | 5.5 MEDIUM | ||
| Fast AVI MPEG Joiner 1.2.0812 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload in the License Name field. Attackers can create a malicious text file containing 6000 bytes of data and paste it into the License Name input field to trigger a denial of service condition when the Register button is clicked. | |||||
| CVE-2026-4574 | 2026-03-23 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was detected in SourceCodester Simple E-learning System 1.0. This vulnerability affects unknown code of the component User Profile Update Handler. The manipulation of the argument firstName results in sql injection. It is possible to launch the attack remotely. The exploit is now public and may be used. | |||||
| CVE-2019-25594 | 2026-03-23 | N/A | 6.2 MEDIUM | ||
| ASPRunner.NET 10.1 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the table name field. Attackers can input a buffer of 10000 characters in the table name parameter during database table creation to trigger an application crash. | |||||
| CVE-2026-4538 | 2026-03-23 | 4.3 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability was identified in PyTorch 2.10.0. The affected element is an unknown function of the component pt2 Loading Handler. The manipulation leads to deserialization. The attack can only be performed from a local environment. The exploit is publicly available and might be used. The project was informed of the problem early through a pull request but has not reacted yet. | |||||
| CVE-2026-4515 | 2026-03-23 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability has been found in Foundation Agents MetaGPT up to 0.8.1. This affects the function code_generate of the file metagpt/ext/aflow/scripts/operator.py. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-32969 | 2026-03-23 | N/A | 7.5 HIGH | ||
| An unauthenticated remote attacker can exploit a Pre-Auth blind SQL Injection vulnerability in the userinfo endpoint’s authentication method due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | |||||
| CVE-2026-4582 | 2026-03-23 | 4.3 MEDIUM | 5.0 MEDIUM | ||
| A security vulnerability has been detected in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. Affected by this vulnerability is an unknown functionality of the component Bluetooth. Such manipulation leads to missing authentication. The attack must be carried out from within the local network. Attacks of this nature are highly complex. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data. | |||||
| CVE-2026-4509 | 2026-03-23 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A security flaw has been discovered in PbootCMS up to 3.2.12. This affects an unknown function of the file core/function/file.php of the component File Upload. The manipulation of the argument black results in incomplete blacklist. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. | |||||
| CVE-2026-4573 | 2026-03-23 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A security vulnerability has been detected in SourceCodester Simple E-learning System 1.0. This affects an unknown part of the file /includes/form_handlers/delete_post.php of the component HTTP GET Parameter Handler. The manipulation of the argument post_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2019-25600 | 2026-03-23 | N/A | 6.5 MEDIUM | ||
| UltraVNC Viewer 1.2.2.4 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized string to the VNC Server input field. Attackers can paste a malicious string containing 256 repeated characters into the VNC Server field and click Connect to trigger a buffer overflow that crashes the viewer. | |||||
| CVE-2025-13997 | 2026-03-23 | N/A | 5.3 MEDIUM | ||
| The King Addons for Elementor – 4,000+ ready Elementor sections, 650+ templates, 70+ FREE widgets for Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in all versions up to, and including, 51.1.49 due to the plugin adding the API keys to the HTML source code via render_full_form function. This makes it possible for unauthenticated attackers to extract site's Mailchimp, Facebook and Google API keys and secrets. This vulnerability requires the Premium license to be installed | |||||
| CVE-2026-4529 | 2026-03-23 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability was identified in D-Link DHP-1320 1.00WWB04. This affects the function redirect_count_down_page of the component SOAP Handler. Such manipulation leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||