ReportizFlow
Filtered by vendor
Subscriptions
Total
4578 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-3980 | 2 Sourcecodester, Unguardable | 2 Doctor Appointment System, Online Doctor Appointment System | 2026-03-20 | 7.3 High |
| A vulnerability has been found in itsourcecode Online Doctor Appointment System 1.0. This impacts an unknown function of the file /admin/patient_action.php. Such manipulation of the argument patient_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-3981 | 2 Sourcecodester, Unguardable | 2 Doctor Appointment System, Online Doctor Appointment System | 2026-03-20 | 7.3 High |
| A vulnerability was found in itsourcecode Online Doctor Appointment System 1.0. Affected is an unknown function of the file /admin/doctor_action.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used. | ||||
| CVE-2026-29777 | 1 Traefik | 1 Traefik | 2026-03-20 | 6.5 Medium |
| Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.10, A tenant with write access to an HTTPRoute resource can inject backtick-delimited rule tokens into Traefik's router rule language via unsanitized header or query parameter match values. In shared gateway deployments, this can bypass listener hostname constraints and redirect traffic for victim hostnames to attacker-controlled backends. This vulnerability is fixed in 3.6.10. | ||||
| CVE-2026-3944 | 2 Angeljudesuarez, Itsourcecode | 2 University Management System, University Management System | 2026-03-20 | 7.3 High |
| A vulnerability was determined in itsourcecode University Management System 1.0. This vulnerability affects unknown code of the file /att_add.php. This manipulation of the argument Name causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2024-0552 | 1 Intumit | 1 Smartrobot | 2026-03-17 | 9.8 Critical |
| Intumit inc. SmartRobot's web framwork has a remote code execution vulnerability. An unauthorized remote attacker can exploit this vulnerability to execute arbitrary commands on the remote server. | ||||
| CVE-2025-22978 | 1 Eladmin | 1 Eladmin | 2026-03-17 | 9.8 Critical |
| eladmin <=2.7 is vulnerable to CSV Injection in the exception log download module. | ||||
| CVE-2025-10097 | 2 Sim, Simstudioai | 2 Sim, Sim | 2026-03-10 | 6.3 Medium |
| A vulnerability was identified in SimStudioAI sim up to 1.0.0. This impacts an unknown function of the file apps/sim/app/api/function/execute/route.ts. The manipulation of the argument code leads to code injection. The attack is possible to be carried out remotely. | ||||
| CVE-2025-14208 | 2 D-link, Dlink | 3 Dir-823x, Dir-823x, Dir-823x Firmware | 2026-03-09 | 6.3 Medium |
| A security flaw has been discovered in D-Link DIR-823X up to 20250416. This affects the function sub_415028 of the file /goform/set_wan_settings. The manipulation of the argument ppp_username results in command injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited. | ||||
| CVE-2025-15127 | 1 Fantasticlbp | 1 Hotels Server | 2026-03-08 | 7.3 High |
| A security vulnerability has been detected in FantasticLBP Hotels_Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. Affected by this issue is some unknown functionality of the file /controller/api/Room.php. Such manipulation of the argument hotelId leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-14659 | 2 D-link, Dlink | 6 Dir-860lb1, Dir-868lb1, Dir-860l B1 and 3 more | 2026-03-08 | 8.8 High |
| A vulnerability was detected in D-Link DIR-860LB1 and DIR-868LB1 203b01/203b03. Affected is an unknown function of the component DHCP Daemon. The manipulation of the argument Hostname results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used. | ||||
| CVE-2025-14710 | 1 Fantasticlbp | 1 Hotels Server | 2026-03-05 | 7.3 High |
| A vulnerability was detected in FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. This affects an unknown part of the file /controller/api/OrderList.php. The manipulation of the argument telephone results in sql injection. The attack can be executed remotely. The exploit is now public and may be used. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-14711 | 1 Fantasticlbp | 1 Hotels Server | 2026-03-05 | 7.3 High |
| A flaw has been found in FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. This vulnerability affects unknown code of the file /controller/api/hotelList.php. This manipulation of the argument pickedHotelName/type causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. This product adopts a rolling release strategy to maintain continuous delivery The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-20256 | 1 Cisco | 1 Secure Network Analytics | 2026-02-26 | 6.5 Medium |
| A vulnerability in the web-based management interface of Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager could allow an authenticated, remote attacker with valid administrative credentials to execute arbitrary commands as root on the underlying operating system. This vulnerability is due to insufficient input validation in specific fields of the web-based management interface. An attacker with valid administrative credentials could exploit this vulnerability by sending crafted input to an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges. | ||||
| CVE-2025-32711 | 1 Microsoft | 1 365 Copilot | 2026-02-26 | 9.3 Critical |
| Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-47867 | 2 Microsoft, Trendmicro | 2 Windows, Apex Central | 2026-02-26 | 7.5 High |
| A Local File Inclusion vulnerability in a Trend Micro Apex Central widget in versions below 8.0.6955 could allow an attacker to include arbitrary files to execute as PHP code and lead to remote code execution on affected installations. | ||||
| CVE-2025-20283 | 1 Cisco | 3 Identity Services Engine, Identity Services Engine Passive Identity Connector, Identity Services Engine Software | 2026-02-26 | 6.5 Medium |
| A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system as root. This vulnerability is due to insufficient validation of user-supplied input. An attacker with valid credentials could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to execute commands as the root user. To exploit this vulnerability, the attacker must have valid high-privileged credentials. | ||||
| CVE-2025-20284 | 1 Cisco | 3 Identity Services Engine, Identity Services Engine Passive Identity Connector, Identity Services Engine Software | 2026-02-26 | 6.5 Medium |
| A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system as root. This vulnerability is due to insufficient validation of user-supplied input. An attacker with valid credentials could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to execute commands as the root user. To exploit this vulnerability, the attacker must have valid high-privileged credentials. | ||||
| CVE-2025-20337 | 1 Cisco | 2 Identity Services Engine, Identity Services Engine Passive Identity Connector | 2026-02-26 | 10 Critical |
| A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device. | ||||
| CVE-2025-20281 | 1 Cisco | 2 Identity Services Engine, Identity Services Engine Passive Identity Connector | 2026-02-26 | 10 Critical |
| A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device. | ||||
| CVE-2025-20265 | 1 Cisco | 2 Firepower Management Center, Secure Firewall Management Center | 2026-02-26 | 10 Critical |
| A vulnerability in the RADIUS subsystem implementation of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to inject arbitrary shell commands that are executed by the device. This vulnerability is due to a lack of proper handling of user input during the authentication phase. An attacker could exploit this vulnerability by sending crafted input when entering credentials that will be authenticated at the configured RADIUS server. A successful exploit could allow the attacker to execute commands at a high privilege level. Note: For this vulnerability to be exploited, Cisco Secure FMC Software must be configured for RADIUS authentication for the web-based management interface, SSH management, or both. | ||||