CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

20 matches found

CVE•added 2026/06/15 5:0 a.m.•16 views

CVE-2026-12221

Yealink SIP-T46U (version 108.86.0.118) is affected by a stack-based buffer overflow in the Firmware Chunk Upload Handler, caused by a faulty sprintf in /api/upgrade/upgrade when manipulating uid/start_offset. Exploitation requires local-network access; the exploit is publicly available. No remed...

8.6CVSS8.2AI score0.00371EPSS

Exploits0References5

EUVD•added 2026/06/15 4:45 a.m.•9 views

EUVD-2026-36693

A vulnerability has been found in Yealink SIP-T46U 108.86.0.118. This affects the function modupgrade.SparePartsUpload of the file /api/upgrade/accupgradebychunk of the component Firmware Chunk Upload handler. Such manipulation of the argument uid leads to stack-based buffer overflow. The attack...

8.6CVSS8.2AI score0.00371EPSS

Exploits0References5

Positive Technologies•added 2026/06/15 12:0 a.m.•8 views

PT-2026-49181

A vulnerability has been found in Yealink SIP-T46U 108.86.0.118. This affects the function mod upgrade.SparePartsUpload of the file /api/upgrade/accupgradebychunk of the component Firmware Chunk Upload handler. Such manipulation of the argument uid leads to stack-based buffer overflow. The attack...

8.6CVSS5.8AI score0.00371EPSS

Exploits0References6

RedhatCVE•added 2026/06/05 7:48 p.m.•6 views

CVE-2026-10271

A flaw has been found in a4m4 Student-Management-System up to f0c5f6842c5e8c431ff02b5260a565ca844df3a0. The affected element is an unknown function of the file admin/ of the component Admin Endpoint. This manipulation of the argument uid causes execution after redirect. It is possible to initiate...

7.5CVSS6.3AI score0.00299EPSS

Exploits0References1

NVD•added 2026/06/01 5:16 p.m.•15 views

CVE-2026-10271

7.5CVSS0.00299EPSS

Exploits0References5

Vulnrichment•added 2026/06/01 3:45 p.m.•8 views

CVE-2026-10271 a4m4 Student-Management-System Admin Endpoint admin redirect

7.5CVSS6.3AI score0.00299EPSS

Exploits0References5

Cvelist•added 2026/06/01 3:45 p.m.•28 views

CVE-2026-10271 a4m4 Student-Management-System Admin Endpoint admin redirect

7.5CVSS0.00299EPSS

Exploits0References5

EUVD•added 2026/06/01 3:45 p.m.•9 views

EUVD-2026-33695

7.5CVSS6.3AI score0.00299EPSS

Exploits0References5

Positive Technologies•added 2026/06/01 12:0 a.m.•14 views

PT-2026-45447

7.5CVSS6.3AI score0.00299EPSS

Exploits0References6

RedhatCVE•added 2026/01/21 1:32 a.m.•11 views

CVE-2026-1203

A weakness has been identified in CRMEB up to 5.6.3. The impacted element is the function remoteRegister of the file crmeb/app/services/user/LoginServices.php of the component JSON Token Handler. Executing a manipulation of the argument uid can lead to improper authentication. The attack may be...

8.1CVSS5.2AI score0.00703EPSS

Exploits1References1

OSV•added 2026/01/20 1:15 a.m.•3 views

CVE-2026-1203

8.1CVSS5.4AI score

Exploits0References4

NVD•added 2026/01/20 1:15 a.m.•7 views

CVE-2026-1203

8.1CVSS0.00703EPSS

Exploits1References4

Cvelist•added 2026/01/20 1:2 a.m.•25 views

CVE-2026-1203 CRMEB JSON Token LoginServices.php remoteRegister improper authentication

6.3CVSS0.00703EPSS

Exploits1References4

Vulnrichment•added 2026/01/20 1:2 a.m.•5 views

CVE-2026-1203 CRMEB JSON Token LoginServices.php remoteRegister improper authentication

6.3CVSS4.8AI score0.00703EPSS

Exploits1References4

CVE•added 2026/01/20 1:2 a.m.•23 views

CVE-2026-1203

CVE-2026-1203 affects CRMEB up to version 5.6.3. The vulnerability resides in the function remoteRegister in crmeb/app/services/user/LoginServices.php of the JSON Token Handler . Manipulating the argument uid can lead to improper authentication, with the attack possible remotely and reportedly of...

8.1CVSS4.8AI score0.00703EPSS

Exploits1References4Affected Software1

OSV•added 2023/09/30 10:15 a.m.•1 views

CVE-2023-5300

A vulnerability classified as critical has been found in TTSPlanning up to 20230925. This affects an unknown part. The manipulation of the argument uid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The...

9.8CVSS5.6AI score

Exploits0References3

Cvelist•added 2023/09/30 10:0 a.m.•15 views

CVE-2023-5300 TTSPlanning sql injection

6.5CVSS10AI score0.00481EPSS

Exploits0References3

CVE•added 2005/10/18 4:0 a.m.•53 views

CVE-2005-3254

The CVE-2005-3254 issue affects CGIwrap prior to 3.9 on Debian GNU/Linux, where the minimum UID checked for seteuid operations is incorrectly set to 100 instead of 1000. This mismatch can allow an attacker to execute code as other system UIDs greater than the minimum value, as described in multip...

10CVSS7AI score0.02645EPSS

Exploits0References1Affected Software1

Cvelist•added 2002/03/09 5:0 a.m.•16 views

CVE-1999-1021

NFS on SunOS 4.1 through 4.1.2 ignores the high order 16 bits in a 32 bit UID, which allows a local user to gain root access if the lower 16 bits are set to 0, as fixed by the NFS jumbo patch upgrade...

6.6AI score0.00414EPSS

Exploits0References4

exploitpack•added 1999/07/13 12:0 a.m.•19 views

Linux Kernel 2.0.37 - Segment Limit Privilege Escalation

Linux Kernel 2.0.37 - Segment Limit Privilege Escalation / source: https://www.securityfocus.com/bid/523/info This vulnerability has to do with the division of the address space between a user process and the kernel. Because of a bug, if you select a non-standard memory configuration, sometimes...

0.6AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by