Export limit exceeded: 336598 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (336598 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-41799 | 1 Weseek | 1 Growi | 2025-05-07 | 6.5 Medium |
| Improper access control vulnerability in GROWI prior to v5.1.4 (v5 series) and versions prior to v4.5.25 (v4 series) allows a remote authenticated attacker to bypass access restriction and download the markdown data from the pages set to private by the other users. | ||||
| CVE-2022-41797 | 1 Lemon8 Project | 1 Lemon8 | 2025-05-07 | 6.5 Medium |
| Improper authorization in handler for custom URL scheme vulnerability in Lemon8 App for Android versions prior to 3.3.5 and Lemon8 App for iOS versions prior to 3.3.5 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack. | ||||
| CVE-2022-40876 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2025-05-07 | 9.8 Critical |
| In Tenda ax1803 v1.0.0.1, the http requests handled by the fromAdvSetMacMtuWan functions, wanSpeed, cloneType, mac, can cause a stack overflow and enable remote code execution (RCE). | ||||
| CVE-2022-40875 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2025-05-07 | 7.5 High |
| Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow in the function GetParentControlInfo. | ||||
| CVE-2022-40874 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2025-05-07 | 7.5 High |
| Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow vulnerability in the GetParentControlInfo function, which can cause a denial of service attack through a carefully constructed http request. | ||||
| CVE-2022-39978 | 1 Online Pet Shop We App Project | 1 Online Pet Shop We App | 2025-05-07 | 7.2 High |
| Online Pet Shop We App v1.0 was discovered to contain an arbitrary file upload vulnerability via the Editing function in the Product List module. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file uploaded through the picture upload point. | ||||
| CVE-2022-39977 | 1 Online Pet Shop We App Project | 1 Online Pet Shop We App | 2025-05-07 | 7.2 High |
| Online Pet Shop We App v1.0 was discovered to contain an arbitrary file upload vulnerability via the Editing function in the User module. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file uploaded through the picture upload point. | ||||
| CVE-2022-39976 | 1 School Activity Updates With Sms Notification Project | 1 School Activity Updates With Sms Notification | 2025-05-07 | 9.8 Critical |
| School Activity Updates with SMS Notification v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /modules/announcement/index.php?view=edit&id=. | ||||
| CVE-2021-38734 | 1 Sem-cms | 1 Semcms | 2025-05-07 | 9.8 Critical |
| SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Menu.php. | ||||
| CVE-2021-38733 | 1 Sem-cms | 1 Semcms | 2025-05-07 | 9.8 Critical |
| SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_BlogCat.php. | ||||
| CVE-2021-38732 | 1 Sem-cms | 1 Semcms | 2025-05-07 | 9.8 Critical |
| SEMCMS SHOP v 1.1 is vulnerable to SQL via Ant_Message.php. | ||||
| CVE-2021-38731 | 1 Sem-cms | 1 Semcms | 2025-05-07 | 9.8 Critical |
| SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Zekou.php. | ||||
| CVE-2021-38730 | 1 Sem-cms | 1 Semcms | 2025-05-07 | 9.8 Critical |
| SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Info.php. | ||||
| CVE-2021-38729 | 1 Sem-cms | 1 Semcms | 2025-05-07 | 9.8 Critical |
| SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Plist.php. | ||||
| CVE-2021-37781 | 1 Phpgurukul | 1 Employee Record Management System | 2025-05-07 | 5.4 Medium |
| Employee Record Management System v 1.2 is vulnerable to Cross Site Scripting (XSS) via editempprofile.php. | ||||
| CVE-2021-35388 | 1 Phpgurukul | 1 Hospital Management System | 2025-05-07 | 5.4 Medium |
| Hospital Management System v 4.0 is vulnerable to Cross Site Scripting (XSS) via /hospital/hms/admin/patient-search.php. | ||||
| CVE-2021-35387 | 1 Phpgurukul | 1 Hospital Management System | 2025-05-07 | 8.8 High |
| Hospital Management System v 4.0 is vulnerable to SQL Injection via file:hospital/hms/admin/view-patient.php. | ||||
| CVE-2024-29900 | 1 Openjsf | 1 Packager | 2025-05-07 | 7.5 High |
| Electron Packager bundles Electron-based application source code with a renamed Electron executable and supporting files into folders ready for distribution. A random segment of ~1-10kb of Node.js heap memory allocated either side of a known buffer will be leaked into the final executable. This memory _could_ contain sensitive information such as environment variables, secrets files, etc. This issue is patched in 18.3.1. | ||||
| CVE-2025-3389 | 1 Hailey888 | 1 Oa System | 2025-05-07 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in hailey888 oa_system up to 2025.01.01. This issue affects the function testMess of the file cn/gson/oasys/controller/inform/InformManageController.java of the component Backend. The manipulation of the argument menu leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. | ||||
| CVE-2024-11595 | 1 Wireshark | 1 Wireshark | 2025-05-07 | 7.8 High |
| FiveCo RAP dissector infinite loop in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file | ||||