Export limit exceeded: 335157 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (335157 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-60114 | 1 Wordpress | 1 Wordpress | 2025-09-29 | 6.6 Medium |
| Improper Control of Generation of Code ('Code Injection') vulnerability in YayCommerce YayCurrency allows Code Injection. This issue affects YayCurrency: from n/a through 3.2. | ||||
| CVE-2025-60128 | 1 Wordpress | 1 Wordpress | 2025-09-29 | 4.3 Medium |
| Missing Authorization vulnerability in WP Delicious Delisho allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Delisho: from n/a through 1.1.3. | ||||
| CVE-2025-60142 | 1 Wordpress | 1 Wordpress | 2025-09-29 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DaganLev Simple Meta Tags allows DOM-Based XSS. This issue affects Simple Meta Tags: from n/a through 1.5. | ||||
| CVE-2025-60124 | 1 Wordpress | 1 Wordpress | 2025-09-29 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ryan Hellyer Simple Colorbox allows Stored XSS. This issue affects Simple Colorbox: from n/a through 1.6.1. | ||||
| CVE-2025-60136 | 1 Wordpress | 1 Wordpress | 2025-09-29 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cartpauj User Notes allows Stored XSS. This issue affects User Notes: from n/a through 1.0.2. | ||||
| CVE-2025-60143 | 2 Netgsm, Wordpress | 2 Netgsm, Wordpress | 2025-09-29 | 4.3 Medium |
| Missing Authorization vulnerability in netgsm Netgsm allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Netgsm: from n/a through 2.9.58. | ||||
| CVE-2025-60172 | 1 Wordpress | 1 Wordpress | 2025-09-29 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in flytedesk Flytedesk Digital allows Stored XSS. This issue affects Flytedesk Digital: from n/a through 20181101. | ||||
| CVE-2025-11016 | 1 Kalcaddle | 1 Kodbox | 2025-09-29 | 4.3 Medium |
| A security vulnerability has been detected in kalcaddle kodbox up to 1.61.09. The affected element is the function fileOut of the file app/controller/explorer/index.class.php. Such manipulation of the argument path leads to path traversal. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-11015 | 1 Ogrecave | 1 Ogre | 2025-09-29 | 5.3 Medium |
| A weakness has been identified in OGRECave Ogre up to 14.4.1. Impacted is the function STBIImageCodec::encode of the file /ogre/PlugIns/STBICodec/src/OgreSTBICodec.cpp. This manipulation causes mismatched memory management routines. The attack is restricted to local execution. The exploit has been made available to the public and could be exploited. | ||||
| CVE-2025-11025 | 1 Vimesoft | 1 Vimesoft | 2025-09-29 | 5.3 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in Vimesoft Information Technologies and Software Inc. Vimesoft Corporate Messaging Platform allows Retrieve Embedded Sensitive Data.This issue affects Vimesoft Corporate Messaging Platform: from V1.3.0 before V2.0.0. | ||||
| CVE-2025-11010 | 1 Vstakhov | 1 Libucl | 2025-09-29 | 5.3 Medium |
| A vulnerability has been found in vstakhov libucl up to 0.9.2. Affected by this vulnerability is the function ucl_include_common of the file /src/ucl_util.c. Such manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-39867 | 1 Linux | 1 Linux Kernel | 2025-09-29 | 5.5 Medium |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2025-39799 | 1 Linux | 1 Linux Kernel | 2025-09-29 | N/A |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2025-3231 | 1 Phpgurukul | 1 Zoo Management System | 2025-09-27 | 7.3 High |
| A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been rated as critical. This issue affects some unknown processing of the file /aboutus.php. The manipulation of the argument pagetitle/pagedes leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-3767 | 1 Phpgurukul | 2 News Portal, News Portal Project | 2025-09-27 | 6.3 Medium |
| A vulnerability classified as critical was found in PHPGurukul News Portal 4.1. This vulnerability affects unknown code of the file /admin/edit-post.php. The manipulation of the argument posttitle/category leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3173 | 1 Projectworlds | 1 Online Lawyer Management System | 2025-09-27 | 7.3 High |
| A vulnerability, which was classified as critical, was found in Project Worlds Online Lawyer Management System 1.0. Affected is an unknown function of the file /save_booking.php. The manipulation of the argument lawyer_id/description leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-4331 | 1 Senior-walter | 1 Online Student Clearance System | 2025-09-27 | 7.3 High |
| A vulnerability classified as critical was found in SourceCodester Online Student Clearance System 1.0. This vulnerability affects unknown code of the file /Admin/login.php. The manipulation of the argument id/username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-1061 | 1 Doctors Appointment System Project | 1 Doctors Appointment System | 2025-09-27 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in SourceCodester Doctors Appointment System 1.0. This issue affects some unknown processing of the file /admin/edit-doc.php. The manipulation of the argument email/oldmail leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-1059 | 1 Doctors Appointment System Project | 1 Doctors Appointment System | 2025-09-27 | 6.3 Medium |
| A vulnerability classified as critical was found in SourceCodester Doctors Appointment System 1.0. This vulnerability affects unknown code of the file /admin/doctors.php of the component Parameter Handler. The manipulation of the argument search/id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-4469 | 1 Senior-walter | 1 Online Student Clearance System | 2025-09-27 | 2.4 Low |
| A vulnerability classified as problematic has been found in SourceCodester Online Student Clearance System 1.0. Affected is an unknown function of the file /admin/add-admin.php. The manipulation of the argument txtusername/txtfullname/txtpassword/txtpassword2 leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||