Export limit exceeded: 335872 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (335872 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-41476 | 1 Amttgroup | 2 Hibos, Hotel Broadband Operation System | 2025-10-17 | 9.8 Critical |
| AMTT Hotel Broadband Operation System (HiBOS) V3.0.3.151204 and before is vulnerable to SQL Injection via /manager/card/card_detail.php. | ||||
| CVE-2025-3983 | 1 Amttgroup | 1 Hibos | 2025-10-17 | 4.7 Medium |
| A vulnerability has been found in AMTT Hotel Broadband Operation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /manager/system/nlog_down.php. The manipulation of the argument ProtocolType leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-2701 | 1 Amttgroup | 1 Hibos | 2025-10-17 | 6.3 Medium |
| A vulnerability classified as critical was found in AMTT Hotel Broadband Operation System 1.0. This vulnerability affects the function popen of the file /manager/network/port_setup.php. The manipulation of the argument SwitchVersion/SwitchWrite/SwitchIP/SwitchIndex/SwitchState leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-11050 | 1 Amttgroup | 2 Hibos, Hotel Broadband Operation System | 2025-10-17 | 3.5 Low |
| A vulnerability was found in AMTT Hotel Broadband Operation System up to 3.0.3.151204 and classified as problematic. This issue affects some unknown processing of the file /language.php. The manipulation of the argument LangID/LangName/LangEName leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-11051 | 1 Amttgroup | 2 Hibos, Hotel Broadband Operation System | 2025-10-17 | 6.3 Medium |
| A vulnerability was found in AMTT Hotel Broadband Operation System up to 3.0.3.151204. It has been classified as critical. Affected is an unknown function of the file /manager/frontdesk/online_status.php. The manipulation of the argument AccountID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-39072 | 1 Amttgroup | 1 Hibos | 2025-10-17 | 5.5 Medium |
| AMTT Hotel Broadband Operation System (HiBOS) v3.0.3.151204 is vulnerable to SQL injection via manager/conference/calendar_remind.php. | ||||
| CVE-2025-54759 | 1 Santesoft | 1 Sante Pacs Server | 2025-10-17 | 6.1 Medium |
| Sante PACS Server is vulnerable to stored cross-site scripting. An attacker could inject malicious HTML codes redirecting a user to a malicious webpage and stealing the user's cookie. | ||||
| CVE-2025-54862 | 1 Santesoft | 1 Sante Pacs Server | 2025-10-17 | 5.4 Medium |
| Sante PACS Server web portal is vulnerable to stored cross-site scripting. An attacker could inject malicious HTML codes redirecting a user to a malicious webpage and stealing the user's cookie. | ||||
| CVE-2025-50897 | 1 Boom-core | 1 Boomv | 2025-10-17 | 4.3 Medium |
| A vulnerability exists in riscv-boom SonicBOOM 1.2 (BOOMv1.2) processor implementation, where valid virtual-to-physical address translations configured with write permissions (PTE_W) in SV39 mode may incorrectly trigger a Store/AMO access fault during store instructions (sd). This occurs despite the presence of proper page table entries and valid memory access modes. The fault is reproducible when transitioning into virtual memory and attempting store operations in mapped kernel memory, indicating a potential flaw in the MMU, PMP, or memory access enforcement logic. This may cause unexpected kernel panics or denial of service in systems using BOOMv1.2. | ||||
| CVE-2021-24755 | 1 Wpexperts | 1 Mycred | 2025-10-17 | 8.8 High |
| The myCred WordPress plugin before 2.3 does not validate or escape the fields parameter before using it in a SQL statement, leading to an SQL injection exploitable by any authenticated user | ||||
| CVE-2022-0287 | 1 Wpexperts | 1 Mycred | 2025-10-17 | 4.3 Medium |
| The myCred WordPress plugin before 2.4.4.1 does not have any authorisation in place in its mycred-tools-select-user AJAX action, allowing any authenticated user, such as subscriber to call and retrieve all email addresses from the blog | ||||
| CVE-2022-0363 | 1 Wpexperts | 1 Mycred | 2025-10-17 | 4.3 Medium |
| The myCred WordPress plugin before 2.4.3.1 does not have any authorisation and CSRF checks in the mycred-tools-import-export AJAX action, allowing any authenticated users, such as subscribers, to call it and import mycred setup, thus creating badges, managing points or creating arbitrary posts. | ||||
| CVE-2022-1092 | 1 Wpexperts | 1 Mycred | 2025-10-17 | 4.3 Medium |
| The myCred WordPress plugin before 2.4.3.1 does not have authorisation and CSRF checks in its mycred-tools-import-export AJAX action, allowing any authenticated user to call and and retrieve the list of email address present in the blog | ||||
| CVE-2023-35096 | 1 Wpexperts | 1 Mycred | 2025-10-17 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in myCred plugin <= 2.5 versions. | ||||
| CVE-2023-47853 | 1 Wpexperts | 1 Mycred | 2025-10-17 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in myCred myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin allows Stored XSS.This issue affects myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin: from n/a through 2.6.1. | ||||
| CVE-2024-43214 | 2 Mycred, Wpexperts | 2 Mycred, Mycred | 2025-10-17 | 5.3 Medium |
| Missing Authorization vulnerability in myCred.This issue affects myCred: from n/a through 2.7.2. | ||||
| CVE-2025-57389 | 1 Openwrt | 2 Luci, Openwrt | 2025-10-17 | 5.4 Medium |
| A reflected cross-site scripting (XSS) vulnerability in the /admin/system/packages endpoint of Luci OpenWRT v18.06.2 allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload. This vulnerability was fixed in OpenWRT v19.07.0. | ||||
| CVE-2024-56340 | 1 Ibm | 1 Cognos Analytics | 2025-10-17 | 6.5 Medium |
| IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 is vulnerable to local file inclusion vulnerability, allowing an attacker to access sensitive files by inserting path traversal payloads inside the deficon parameter. | ||||
| CVE-2024-54795 | 1 Eng | 1 Spagobi | 2025-10-17 | 5.4 Medium |
| SpagoBI v3.5.1 contains multiple Stored Cross-Site Scripting (XSS) vulnerabilities in the create/edit forms of the worksheet designer function. | ||||
| CVE-2024-54794 | 1 Eng | 1 Spagobi | 2025-10-17 | 9.1 Critical |
| The script input feature of SpagoBI 3.5.1 allows arbitrary code execution. | ||||