Streamsoft Prestiż CVEs and Security Vulnerabilities

Search

Expected end of text, found 'ż' (at char 47), (line:1, col:48)

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (338367 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2017-20221	1 Telesquare	2 Sdt-cs3b1, Sdt-cs3b1 Firmware	2026-03-16	4.3 Medium
Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains a cross-site request forgery vulnerability that allows authenticated attackers to execute arbitrary system commands by exploiting missing request validation. Attackers can craft malicious web pages that perform administrative actions when visited by logged-in users, enabling command execution with router privileges.
CVE-2017-20223	1 Telesquare	2 Sdt-cs3b1, Sdt-cs3b1 Firmware	2026-03-16	9.8 Critical
Telesquare SKT LTE Router SDT-CS3B1 firmware version 1.2.0 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization and access resources by manipulating user-supplied input parameters. Attackers can directly reference objects in the system to retrieve sensitive information and access functionalities without proper access controls.
CVE-2016-20027	1 Zkteco	1 Zkbiosecurity	2026-03-16	6.1 Medium
ZKTeco ZKBioSecurity 3.0 contains multiple reflected cross-site scripting vulnerabilities that allow attackers to execute arbitrary HTML and script code by injecting malicious payloads through unsanitized parameters in multiple scripts. Attackers can craft malicious URLs with XSS payloads in vulnerable parameters to execute scripts in a user's browser session within the context of the affected application.
CVE-2016-20025	1 Zkteco	1 Zkaccess Professional	2026-03-16	8.8 High
ZKTeco ZKAccess Professional 3.5.3 contains an insecure file permissions vulnerability that allows authenticated users to escalate privileges by modifying executable files. Attackers can leverage the Modify permission granted to the Authenticated Users group to replace executable binaries with malicious code for privilege escalation.
CVE-2015-20121	1 Next Click Ventures	1 Realtyscripts	2026-03-16	8.2 High
Next Click Ventures RealtyScript 4.0.2 contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting arbitrary SQL code through the GET parameter 'u_id' in /admin/users.php and the POST parameter 'agent[]' in /admin/mailer.php. Attackers can exploit time-based blind SQL injection techniques to extract sensitive database information or cause denial of service through sleep-based payloads.
CVE-2015-20120	1 Next Click Ventures	1 Realtyscript	2026-03-16	8.2 High
Next Click Ventures RealtyScript 4.0.2 contains multiple time-based blind SQL injection vulnerabilities that allow unauthenticated attackers to extract database information by injecting SQL code into application parameters. Attackers can craft requests with time-delay payloads to infer database contents character by character based on response timing differences.
CVE-2015-20119	1 Next Click Ventures	1 Realtyscript	2026-03-16	6.4 Medium
Next Click Ventures RealtyScript 4.0.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious HTML and iframe elements through the text parameter in the pages.php admin interface. Attackers can submit POST requests to the add page action with crafted iframe payloads in the text parameter to store malicious content that executes in the browsers of users viewing the affected pages.
CVE-2015-20116	1 Next Click Ventures	1 Realtyscript	2026-03-16	6.1 Medium
Next Click Ventures RealtyScript 4.0.2 fails to properly sanitize CSV file uploads, allowing attackers to inject malicious scripts through filename parameters in multipart form data. Attackers can upload files with XSS payloads in the filename field to execute arbitrary JavaScript in users' browsers when the file is processed or displayed.
CVE-2026-32330	2 10web, Wordpress	2 Photo Gallery, Wordpress	2026-03-16	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in 10Web Photo Gallery by 10Web photo-gallery allows Cross Site Request Forgery.This issue affects Photo Gallery by 10Web: from n/a through <= 1.8.37.
CVE-2026-3873	1 Syslink Software Ag	1 Avantra	2026-03-16	7.2 High
Use of Hard-coded Credentials vulnerability in Avantra allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Avantra: before 25.3.0.
CVE-2026-32348	2 Madrasthemes, Wordpress	2 Mas Videos, Wordpress	2026-03-16	5.3 Medium
Missing Authorization vulnerability in MadrasThemes MAS Videos masvideos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MAS Videos: from n/a through <= 1.3.2.
CVE-2026-32376	2 Raratheme, Wordpress	2 Kalon, Wordpress	2026-03-16	5.3 Medium
Missing Authorization vulnerability in raratheme Kalon kalon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kalon: from n/a through <= 1.2.9.
CVE-2026-32404	2 Studio99, Wordpress	2 Studio99 Wp Monitor, Wordpress	2026-03-16	5.3 Medium
Missing Authorization vulnerability in Studio99 Studio99 WP Monitor studio99-wp-monitor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Studio99 WP Monitor: from n/a through <= 1.0.3.
CVE-2026-32543	2 Cyberchimps, Wordpress	2 Responsive Blocks, Wordpress	2026-03-16	5.3 Medium
Missing Authorization vulnerability in CyberChimps Responsive Blocks responsive-block-editor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Blocks: from n/a through <= 2.2.0.
CVE-2026-32334	2 Rarathemes, Wordpress	2 Jobscout, Wordpress	2026-03-16	5.3 Medium
Missing Authorization vulnerability in raratheme JobScout jobscout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobScout: from n/a through <= 1.1.7.
CVE-2026-32354	2 Magepeopleteam, Wordpress	2 Wpevently, Wordpress	2026-03-16	N/A
Insertion of Sensitive Information Into Sent Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Retrieve Embedded Sensitive Data.This issue affects WpEvently: from n/a through < 5.1.9.
CVE-2026-32416	2 Bplugins, Wordpress	2 Pdf Poster, Wordpress	2026-03-16	5.4 Medium
Missing Authorization vulnerability in bPlugins PDF Poster pdf-poster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDF Poster: from n/a through <= 2.4.0.
CVE-2026-32421	2 Agilelogix, Wordpress	2 Post Timeline, Wordpress	2026-03-16	5.3 Medium
Missing Authorization vulnerability in Agile Logix Post Timeline post-timeline allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Timeline: from n/a through <= 2.4.1.
CVE-2026-32423	2 Bowo, Wordpress	2 Admin And Site Enhancements Ase, Wordpress	2026-03-16	5.4 Medium
Missing Authorization vulnerability in Bowo Admin and Site Enhancements (ASE) admin-site-enhancements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin and Site Enhancements (ASE): from n/a through <= 8.4.0.
CVE-2026-32428	2 Ays-pro, Wordpress	2 Popup Like Box, Wordpress	2026-03-16	5.3 Medium
Missing Authorization vulnerability in Ays Pro Popup Like box ays-facebook-popup-likebox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup Like box: from n/a through <= 3.7.7.

« first previous Page 46 of 16919. next last »