Export limit exceeded: 336187 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (336187 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-4892 | 1 Fabian | 1 Police Station Management System | 2025-05-28 | 5.3 Medium |
| A vulnerability was found in code-projects Police Station Management System 1.0. It has been declared as critical. Affected by this vulnerability is the function criminal::remove of the file source.cpp of the component Delete Record. The manipulation of the argument No leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-0688 | 1 Mynamedia | 1 Spiritual Gifts Survey \(and Optional S.h.a.p.e Survey\) | 2025-05-28 | 6.1 Medium |
| The Spiritual Gifts Survey (and optional S.H.A.P.E survey) WordPress plugin through 0.9.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users. | ||||
| CVE-2025-4888 | 1 Code-projects | 1 Pharmacy Management System | 2025-05-28 | 5.3 Medium |
| A vulnerability, which was classified as critical, was found in code-projects Pharmacy Management System 1.0. This affects the function medicineType::take_order of the component Add Order Details. The manipulation leads to buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-2315 | 1 Databank | 1 Accreditation Tracking\/presentation Module | 2025-05-28 | 9.4 Critical |
| Database Software Accreditation Tracking/Presentation Module product before version 2 has an unauthenticated SQL Injection vulnerability. This is fixed in version 2. | ||||
| CVE-2022-2872 | 1 Octoprint | 1 Octoprint | 2025-05-28 | 5.4 Medium |
| Unrestricted Upload of File with Dangerous Type in GitHub repository octoprint/octoprint prior to 1.8.3. | ||||
| CVE-2022-2888 | 1 Octoprint | 1 Octoprint | 2025-05-28 | 4.4 Medium |
| If an attacker comes into the possession of a victim's OctoPrint session cookie through whatever means, the attacker can use this cookie to authenticate as long as the victim's account exists. | ||||
| CVE-2025-4745 | 1 Fabian | 1 Employee Record System | 2025-05-28 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in code-projects Employee Record System 1.0. This affects an unknown part of the file current_employees.php. The manipulation of the argument employeed_id/first_name/middle_name/last_name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-3068 | 1 Octoprint | 1 Octoprint | 2025-05-28 | 8.8 High |
| Improper Privilege Management in GitHub repository octoprint/octoprint prior to 1.8.3. | ||||
| CVE-2022-3255 | 1 Pimcore | 1 Pimcore | 2025-05-28 | 4.8 Medium |
| If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. Amongst other things, the attacker can: Perform any action within the application that the user can perform. View any information that the user is able to view. Modify any information that the user is able to modify. Initiate interactions with other application users, including malicious attacks, that will appear to originate from the initial victim user. | ||||
| CVE-2024-7774 | 2 Langchain, Langchain-ai | 2 Langchain.js, Langchain-ai\/langchainjs | 2025-05-28 | 9.1 Critical |
| A path traversal vulnerability exists in the `getFullPath` method of langchain-ai/langchainjs version 0.2.5. This vulnerability allows attackers to save files anywhere in the filesystem, overwrite existing text files, read `.txt` files, and delete files. The vulnerability is exploited through the `setFileContent`, `getParsedFile`, and `mdelete` methods, which do not properly sanitize user input. | ||||
| CVE-2025-3996 | 1 Totolink | 2 N150rt, N150rt Firmware | 2025-05-28 | 2.4 Low |
| A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /home.htm of the component MAC Filtering Page. The manipulation of the argument Comment leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-41254 | 1 Jenkins | 1 Cons3rt | 2025-05-28 | 6.5 Medium |
| Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2022-41253 | 1 Jenkins | 1 Cons3rt | 2025-05-28 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins CONS3RT Plugin 1.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2022-41252 | 1 Jenkins | 1 Cons3rt | 2025-05-28 | 4.3 Medium |
| Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allows users with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins. | ||||
| CVE-2022-41251 | 1 Jenkins | 1 Apprenda | 2025-05-28 | 4.3 Medium |
| A missing permission check in Jenkins Apprenda Plugin 2.2.0 and earlier allows users with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | ||||
| CVE-2022-41245 | 1 Jenkins | 1 Worksoft Execution Manager | 2025-05-28 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2022-41244 | 1 Jenkins | 1 View26 Test-reporting | 2025-05-28 | 8.1 High |
| Jenkins View26 Test-Reporting Plugin 1.0.7 and earlier does not perform hostname validation when connecting to the configured View26 server that could be abused using a man-in-the-middle attack to intercept these connections. | ||||
| CVE-2022-41243 | 1 Jenkins | 1 Smalltest | 2025-05-28 | 8.1 High |
| Jenkins SmallTest Plugin 1.0.4 and earlier does not perform hostname validation when connecting to the configured View26 server that could be abused using a man-in-the-middle attack to intercept these connections. | ||||
| CVE-2022-41242 | 1 Jenkins | 1 Extreme-feedback | 2025-05-28 | 5.4 Medium |
| A missing permission check in Jenkins extreme-feedback Plugin 1.7 and earlier allows attackers with Overall/Read permission to discover information about job names attached to lamps, discover MAC and IP addresses of existing lamps, and rename lamps. | ||||
| CVE-2022-41241 | 1 Jenkins | 1 Rqm | 2025-05-28 | 9.8 Critical |
| Jenkins RQM Plugin 2.8 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||