Export limit exceeded: 10646 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10646 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-13198 | 1 Douphp | 1 Douphp | 2026-02-24 | 4.7 Medium |
| A vulnerability has been found in DouPHP up to 1.8 Release 20251022. This impacts an unknown function of the file upload/include/file.class.php. The manipulation of the argument File leads to unrestricted upload. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-12593 | 2 Code-projects, Fabian | 2 Simple Online Hotel Reservation System, Simple Online Hotel Reservation System | 2026-02-24 | 4.7 Medium |
| A vulnerability was identified in code-projects Simple Online Hotel Reservation System 2.0. The impacted element is an unknown function of the file /admin/edit_room.php of the component Photo Handler. The manipulation leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. | ||||
| CVE-2025-14889 | 1 Campcodes | 2 Advanced Online Voting System, Advanced Voting Management System | 2026-02-24 | 5.4 Medium |
| A security flaw has been discovered in Campcodes Advanced Voting Management System 1.0. The impacted element is an unknown function of the file /admin/voters_edit.php of the component Password Handler. Performing a manipulation of the argument ID results in improper authorization. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2025-14583 | 1 Campcodes | 1 Online Student Enrollment System | 2026-02-24 | 7.3 High |
| A flaw has been found in campcodes Online Student Enrollment System 1.0. This impacts an unknown function of the file /admin/register.php. Executing a manipulation of the argument photo can lead to unrestricted upload. The attack can be launched remotely. The exploit has been published and may be used. | ||||
| CVE-2025-14582 | 1 Campcodes | 1 Online Student Enrollment System | 2026-02-24 | 4.7 Medium |
| A vulnerability was detected in campcodes Online Student Enrollment System 1.0. This affects an unknown function of the file /admin/index.php?page=user-profile. Performing a manipulation of the argument userphoto results in unrestricted upload. The attack can be initiated remotely. The exploit is now public and may be used. | ||||
| CVE-2025-14219 | 1 Campcodes | 1 Retro Basketball Shoes Online Store | 2026-02-24 | 4.7 Medium |
| A weakness has been identified in Campcodes Retro Basketball Shoes Online Store 1.0. The impacted element is an unknown function of the file /admin/admin_running.php. Executing a manipulation of the argument product_image can lead to unrestricted upload. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2025-14195 | 2 Carmelogarcia, Code-projects | 2 Employee Profile Management System, Employee Profile Management System | 2026-02-24 | 6.3 Medium |
| A security flaw has been discovered in code-projects Employee Profile Management System 1.0. Impacted is an unknown function of the file /profiling/add_file_query.php. The manipulation of the argument per_file results in unrestricted upload. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2025-15199 | 1 Code-projects | 1 College Notes Uploading System | 2026-02-24 | 6.3 Medium |
| A security vulnerability has been detected in code-projects College Notes Uploading System 1.0. Impacted is an unknown function of the file /dashboard/userprofile.php. The manipulation of the argument image leads to unrestricted upload. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2025-14286 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2026-02-24 | 5.3 Medium |
| A vulnerability was determined in Tenda AC9 15.03.05.14_multi. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/DownloadCfg.jpg of the component Configuration File Handler. This manipulation causes information disclosure. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2025-14088 | 1 Ketr | 1 Jepaas | 2026-02-24 | 6.3 Medium |
| A vulnerability was determined in ketr JEPaaS up to 7.2.8. Affected by this vulnerability is an unknown functionality of the file /je/load. This manipulation of the argument Authorization causes improper authorization. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-2693 | 1 Cocoteanet | 1 Cyreneadmin | 2026-02-24 | 4.3 Medium |
| A vulnerability was determined in CoCoTeaNet CyreneAdmin up to 1.3.0. This vulnerability affects unknown code of the file /api/system/dashboard/getCount of the component System Info Endpoint. Executing a manipulation can lead to improper authorization. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2025-15586 | 1 Opengamepanel | 1 Ogp-website | 2026-02-24 | N/A |
| OGP-Website installs prior git commit 52f865a4fba763594453068acf8fa9e3fc38d663 are affected by a type juggling flaw which if exploited can result in authentication bypass without knowledge of the victim account's password. | ||||
| CVE-2025-2492 | 2026-02-24 | N/A | ||
| An improper authentication control vulnerability exists in AiCloud. This vulnerability can be triggered by a crafted request, potentially leading to unauthorized execution of functions. Refer to the 'ASUS Router AiCloud vulnerability' section on the ASUS Security Advisory for more information. | ||||
| CVE-2025-70064 | 1 Phpgurukul | 1 Hospital Management System | 2026-02-23 | 8.8 High |
| PHPGurukul Hospital Management System v4.0 contains a Privilege Escalation vulnerability. A low-privileged user (Patient) can directly access the Administrator Dashboard and all sub-modules (e.g., User Logs, Doctor Management) by manually browsing to the /admin/ directory after authentication. This allows any self-registered user to takeover the application, view confidential logs, and modify system data. | ||||
| CVE-2020-1472 | 9 Canonical, Debian, Fedoraproject and 6 more | 20 Ubuntu Linux, Debian Linux, Fedora and 17 more | 2026-02-23 | 5.5 Medium |
| An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network. To exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access. Microsoft is addressing the vulnerability in a phased two-part rollout. These updates address the vulnerability by modifying how Netlogon handles the usage of Netlogon secure channels. For guidelines on how to manage the changes required for this vulnerability and more information on the phased rollout, see How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 (updated September 28, 2020). When the second phase of Windows updates become available in Q1 2021, customers will be notified via a revision to this security vulnerability. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this advisory. See Microsoft Technical Security Notifications. | ||||
| CVE-2026-2938 | 2 Munyweki, Sourcecodester | 2 Student Result Management System, Student Result Management System | 2026-02-23 | 7.3 High |
| A vulnerability has been found in SourceCodester Student Result Management System 1.0. The affected element is an unknown function of the file /srms/script/admin/core/update_smtp.php. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-24834 | 1 Katacontainers | 2 Kata-containers, Kata Containers | 2026-02-23 | 9.4 Critical |
| Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. In versions prior to 3.27.0, an issue in Kata with Cloud Hypervisor allows a user of the container to modify the file system used by the Guest micro VM ultimately achieving arbitrary code execution as root in said VM. The current understanding is this doesn’t impact the security of the Host or of other containers / VMs running on that Host (note that arm64 QEMU lacks NVDIMM read-only support: It is believed that until the upstream QEMU gains this capability, a guest write could reach the image file). Version 3.27.0 patches the issue. | ||||
| CVE-2026-2861 | 1 Foswiki | 1 Foswiki | 2026-02-23 | 5.3 Medium |
| A vulnerability was detected in Foswiki up to 2.1.10. The affected element is an unknown function of the component Changes/Viewfile/Oops. The manipulation results in information disclosure. It is possible to launch the attack remotely. The exploit is now public and may be used. Upgrading to version 2.1.11 is sufficient to fix this issue. The patch is identified as 31aeecb58b64/d8ed86b10e46. Upgrading the affected component is recommended. | ||||
| CVE-2025-70833 | 1 Pocketmanga | 1 Smanga | 2026-02-23 | 9.4 Critical |
| An Authentication Bypass vulnerability in Smanga 3.2.7 allows an unauthenticated attacker to reset the password of any user (including the administrator) and fully takeover the account by manipulating POST parameters. The issue stems from insecure permission validation in check-power.php. | ||||
| CVE-2025-15582 | 1 Detronetdip | 1 E-commerce | 2026-02-23 | 5.4 Medium |
| A security flaw has been discovered in detronetdip E-commerce 1.0.0. The impacted element is the function Delete/Update of the component Product Management Module. Performing a manipulation of the argument ID results in authorization bypass. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet. | ||||