Export limit exceeded: 336204 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (336204 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-23693 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-05-28 | 8.8 High |
| Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities. | ||||
| CVE-2022-23692 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-05-28 | 8.8 High |
| Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities. | ||||
| CVE-2021-46835 | 1 Huawei | 2 Ws7200-10, Ws7200-10 Firmware | 2025-05-28 | 4.3 Medium |
| There is a traffic hijacking vulnerability in WS7200-10 11.0.2.13. Successful exploitation of this vulnerability can cause packets to be hijacked by attackers. | ||||
| CVE-2021-46834 | 1 Huawei | 2 Jad-al50, Jad-al50 Firmware | 2025-05-28 | 5.5 Medium |
| A permission bypass vulnerability in Huawei cross device task management could allow an attacker to access certain resource in the attacked devices. Affected product versions include:JAD-AL50 versions 102.0.0.225(C00E220R3P4). | ||||
| CVE-2020-36602 | 1 Huawei | 16 576up005 Hota-cm-h-shark-bd, 576up005 Hota-cm-h-shark-bd Firmware, 577hota-cm-h-shark-bd and 13 more | 2025-05-28 | 6.1 Medium |
| There is an out-of-bounds read and write vulnerability in some headset products. An unauthenticated attacker gets the device physically and crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause out-of-bounds read and write. | ||||
| CVE-2025-3209 | 1 Fabianros | 1 Patient Record Management System | 2025-05-28 | 6.3 Medium |
| A vulnerability was found in code-projects Patient Record Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /add_patient.php. The manipulation of the argument itr_no leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-44835 | 1 Dlink | 2 Dir-816 A2, Dir-816 A2 Firmware | 2025-05-28 | 6.3 Medium |
| D-Link DIR-816 A2V1.1.0B05 was found to contain a command injection in iptablesWebsFilterRun, which allows remote attackers to execute arbitrary commands via shell. | ||||
| CVE-2025-46566 | 1 Dataease | 1 Dataease | 2025-05-28 | 9.8 Critical |
| DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.9, authenticated users can complete RCE through the backend JDBC link. This issue has been patched in version 2.10.9. | ||||
| CVE-2025-4197 | 1 Code-projects | 1 Patient Record Management System | 2025-05-28 | 6.3 Medium |
| A vulnerability classified as critical has been found in code-projects Patient Record Management System 1.0. Affected is an unknown function of the file /edit_xpatient.php. The manipulation of the argument lastname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | ||||
| CVE-2025-3513 | 1 Brainstormforce | 1 Sureforms | 2025-05-28 | 3.5 Low |
| The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2025-3514 | 1 Brainstormforce | 1 Sureforms | 2025-05-28 | 3.5 Low |
| The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2025-3136 | 1 Linuxfoundation | 1 Pytorch | 2025-05-28 | 3.3 Low |
| A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0. This issue affects the function torch.cuda.memory.caching_allocator_delete of the file c10/cuda/CUDACachingAllocator.cpp. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-39248 | 1 Dell | 1 Networking Os10 | 2025-05-28 | 7.5 High |
| Dell OS10 Networking Switches running 10.5.2.x and above contain an Uncontrolled Resource Consumption (Denial of Service) vulnerability, when switches are configured with VLT and VRRP. A remote unauthenticated user can cause the network to be flooded leading to Denial of Service for actual network users. This is a high severity vulnerability as it allows an attacker to cause an outage of network. Dell recommends customers to upgrade at the earliest opportunity. | ||||
| CVE-2025-3123 | 1 Wondercms | 1 Wondercms | 2025-05-28 | 4.7 Medium |
| A vulnerability, which was classified as critical, has been found in WonderCMS 3.5.0. Affected by this issue is the function installUpdateModuleAction of the component Theme Installation/Plugin Installation. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor explains, that "[t]he philosophy has always been, admin [...] bear responsibility to not install themes/plugins from untrusted sources." | ||||
| CVE-2025-1986 | 1 Gutentor | 1 Gutentor | 2025-05-28 | 4.1 Medium |
| The Gutentor WordPress plugin before 3.4.7 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks | ||||
| CVE-2025-4250 | 1 Fabian | 1 Nero Social Networking Site | 2025-05-28 | 7.3 High |
| A vulnerability was found in code-projects Nero Social Networking Site 1.0. It has been classified as critical. This affects an unknown part of the file /index.php. The manipulation of the argument fname/lname/login/password2/cpassword/address/cnumber/email/gender/propic/month leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-24547 | 1 Arista | 5 7130, 7130-16g3s, 7130-48g3s and 2 more | 2025-05-28 | 5.9 Medium |
| On affected platforms running Arista MOS, the configuration of a BGP password will cause the password to be logged in clear text that can be revealed in local logs or remote logging servers by authenticated users, as well as appear in clear text in the device’s running config. | ||||
| CVE-2024-29643 | 1 Croogo | 1 Croogo | 2025-05-28 | 9.1 Critical |
| An issue in croogo v.3.0.2 allows an attacker to perform Host header injection via the feed.rss component. | ||||
| CVE-2025-3796 | 1 Phpgurukul | 1 Men Salon Management System | 2025-05-28 | 6.3 Medium |
| A vulnerability classified as critical has been found in PHPGurukul Men Salon Management System 1.0. This affects an unknown part of the file /admin/contact-us.php. The manipulation of the argument pagetitle/pagedes/email/mobnumber/timing leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-25228 | 1 Virtuemart | 1 Virtuemart | 2025-05-28 | 3.8 Low |
| A SQL injection in VirtueMart component 1.0.0 - 4.4.7 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the product management area in backend. | ||||