Export limit exceeded: 335011 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (335011 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-2527 | 1 Gitlab | 1 Gitlab | 2025-05-13 | 7.3 High |
| An issue in Incident Timelines has been discovered in GitLab CE/EE affecting all versions starting from 14.9 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2.which allowed an authenticated attacker to inject arbitrary content. A victim interacting with this content could lead to arbitrary requests. | ||||
| CVE-2022-2455 | 1 Gitlab | 1 Gitlab | 2025-05-13 | 6.5 Medium |
| A business logic issue in the handling of large repositories in all versions of GitLab CE/EE from 10.0 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2 allowed an authenticated and authorized user to exhaust server resources by importing a malicious project. | ||||
| CVE-2022-2428 | 1 Gitlab | 1 Gitlab | 2025-05-13 | 6.4 Medium |
| A crafted tag in the Jupyter Notebook viewer in GitLab EE/CE affecting all versions before 15.1.6, 15.2 to 15.2.4, and 15.3 to 15.3.2 allows an attacker to issue arbitrary HTTP requests | ||||
| CVE-2022-28291 | 1 Tenable | 1 Nessus | 2025-05-13 | 6.5 Medium |
| Insufficiently Protected Credentials: An authenticated user with debug privileges can retrieve stored Nessus policy credentials from the “nessusd” process in cleartext via process dumping. The affected products are all versions of Nessus Essentials and Professional. The vulnerability allows an attacker to access credentials stored in Nessus scanners, potentially compromising its customers’ network of assets. | ||||
| CVE-2022-25750 | 1 Qualcomm | 30 Kailua, Kailua Firmware, Sg8275 and 27 more | 2025-05-13 | 8.4 High |
| Memory corruption in BTHOST due to double free while music playback and calls over bluetooth headset in Snapdragon Mobile | ||||
| CVE-2022-25723 | 1 Qualcomm | 16 Sd 8 Gen1 5g Firmware, Sm8475, Wcd9380 and 13 more | 2025-05-13 | 8.4 High |
| Memory corruption in multimedia due to use after free during callback registration failure in Snapdragon Mobile | ||||
| CVE-2025-2658 | 1 Phpgurukul | 1 Online Security Guards Hiring System | 2025-05-13 | 7.3 High |
| A vulnerability, which was classified as critical, has been found in PHPGurukul Online Security Guards Hiring System 1.0. Affected by this issue is some unknown functionality of the file /search-request.php. The manipulation of the argument searchdata leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-47278 | 2025-05-13 | 2.3 Low | ||
| Flask is a web server gateway interface (WSGI) web application framework. In Flask 3.1.0, the way fallback key configuration was handled resulted in the last fallback key being used for signing, rather than the current signing key. Signing is provided by the `itsdangerous` library. A list of keys can be passed, and it expects the last (top) key in the list to be the most recent key, and uses that for signing. Flask was incorrectly constructing that list in reverse, passing the signing key first. Sites that have opted-in to use key rotation by setting `SECRET_KEY_FALLBACKS` care likely to unexpectedly be signing their sessions with stale keys, and their transition to fresher keys will be impeded. Sessions are still signed, so this would not cause any sort of data integrity loss. Version 3.1.1 contains a patch for the issue. | ||||
| CVE-2025-2663 | 1 Phpgurukul | 1 Bank Locker Management System | 2025-05-13 | 7.3 High |
| A vulnerability has been found in PHPGurukul Bank Locker Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /search-locker-details.php. The manipulation of the argument searchinput leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-2664 | 1 Codezips | 1 Hospital Management System | 2025-05-13 | 4.7 Medium |
| A vulnerability was found in CodeZips Hospital Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /suadpeted.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-4311 | 1 Emiloi | 1 Content Management System | 2025-05-13 | 7.3 High |
| A vulnerability classified as critical was found in itsourcecode Content Management System 1.0. This vulnerability affects unknown code of the file /admin/update_main_topic_img.php?topic_id=529. The manipulation of the argument stopic_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-23769 | 2 Megazone, Microsoft | 2 Reversewall-mds, Windows | 2025-05-13 | 7.5 High |
| Remote code execution vulnerability due to insufficient user privilege verification in reverseWall-MDS. Remote attackers can exploit the vulnerability such as stealing account, through remote code execution. | ||||
| CVE-2024-13124 | 1 10web | 1 Photo Gallery | 2025-05-13 | 3.5 Low |
| The Photo Gallery by 10Web WordPress plugin before 1.8.33 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2022-23770 | 2 Linux, Wisa | 2 Linux Kernel, Smart Wing Cms | 2025-05-13 | 8.8 High |
| This vulnerability could allow a remote attacker to execute remote commands with improper validation of parameters of certain API constructors. Remote attackers could use this vulnerability to execute malicious commands such as directory traversal. | ||||
| CVE-2025-4298 | 1 Tenda | 2 Ac1206, Ac1206 Firmware | 2025-05-13 | 8.8 High |
| A vulnerability was found in Tenda AC1206 up to 15.03.06.23. It has been declared as critical. This vulnerability affects the function formSetCfm of the file /goform/setcfm. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-4299 | 1 Tenda | 2 Ac1206, Ac1206 Firmware | 2025-05-13 | 8.8 High |
| A vulnerability was found in Tenda AC1206 up to 15.03.06.23. It has been rated as critical. This issue affects the function setSchedWifi of the file /goform/openSchedWifi. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-44074 | 1 Seacms | 1 Seacms | 2025-05-13 | 9.8 Critical |
| SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_topic.php. | ||||
| CVE-2025-44072 | 1 Seacms | 1 Seacms | 2025-05-13 | 9.8 Critical |
| SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_manager.php. | ||||
| CVE-2025-44071 | 1 Seacms | 1 Seacms | 2025-05-13 | 9.8 Critical |
| SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component phomebak.php. This vulnerability allows attackers to execute arbitrary code via a crafted request. | ||||
| CVE-2025-2665 | 1 Phpgurukul | 1 Online Security Guards Hiring System | 2025-05-13 | 7.3 High |
| A vulnerability was found in PHPGurukul Online Security Guards Hiring System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||