Export limit exceeded: 338422 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (338422 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-67164 | 1 Pagekit | 1 Pagekit | 2026-01-02 | 9.9 Critical |
| An authenticated arbitrary file upload vulnerability in the /storage/poc.php component of Pagekit CMS v1.0.18 allows attackers to execute arbitrary code via uploading a crafted PHP file. | ||||
| CVE-2025-67165 | 1 Pagekit | 1 Pagekit | 2026-01-02 | 9.8 Critical |
| An Insecure Direct Object Reference (IDOR) in Pagekit CMS v1.0.18 allows attackers to escalate privileges. | ||||
| CVE-2025-67285 | 2 Angeljudesuarez, Itsourcecode | 2 Covid Tracking System Using Qr-code, Covid Tracking System | 2026-01-02 | 7.3 High |
| A SQL injection vulnerability was found in the '/cts/admin/?page=zone' file of ITSourcecode COVID Tracking System Using QR-Code v1.0. The reason for this issue is that attackers inject malicious code from the parameter 'id' and use it directly in SQL queries without the need for appropriate cleaning or validation. | ||||
| CVE-2025-67289 | 1 Frappe | 2 Erpnext, Frappe | 2026-01-02 | 9.6 Critical |
| An arbitrary file upload vulnerability in the Attachments module of Frappe Framework v15.89.0 allows attackers to execute arbitrary code via uploading a crafted XML file. | ||||
| CVE-2025-67290 | 1 Dotnetfoundation | 1 Piranha Cms | 2026-01-02 | 6.1 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Page Settings module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Excerpt field. | ||||
| CVE-2025-67291 | 1 Dotnetfoundation | 1 Piranha Cms | 2026-01-02 | 6.1 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Media module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name field. | ||||
| CVE-2025-67418 | 2 Clipbucket, Oxygenz | 2 Clipbucket, Clipbucket | 2026-01-02 | 9.8 Critical |
| ClipBucket 5.5.2 is affected by an improper access control issue where the product is shipped or deployed with hardcoded default administrative credentials. An unauthenticated remote attacker can log in to the administrative panel using these default credentials, resulting in full administrative control of the application. | ||||
| CVE-2025-35002 | 2026-01-02 | N/A | ||
| This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. | ||||
| CVE-2025-35001 | 2026-01-02 | N/A | ||
| This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. | ||||
| CVE-2025-35000 | 2026-01-02 | N/A | ||
| This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. | ||||
| CVE-2025-34999 | 2026-01-02 | N/A | ||
| This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. | ||||
| CVE-2025-34998 | 2026-01-02 | N/A | ||
| This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. | ||||
| CVE-2025-34997 | 2026-01-02 | N/A | ||
| This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. | ||||
| CVE-2025-34996 | 2026-01-02 | N/A | ||
| This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. | ||||
| CVE-2025-34995 | 2026-01-02 | N/A | ||
| This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. | ||||
| CVE-2025-34994 | 2026-01-02 | N/A | ||
| This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. | ||||
| CVE-2025-34993 | 2026-01-02 | N/A | ||
| This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. | ||||
| CVE-2025-34992 | 2026-01-02 | N/A | ||
| This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. | ||||
| CVE-2025-34991 | 2026-01-02 | N/A | ||
| This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. | ||||
| CVE-2025-34990 | 2026-01-02 | N/A | ||
| This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. | ||||