Export limit exceeded: 334808 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (334808 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-68914 | 1 Riello-ups | 1 Netman 208 | 2026-01-02 | 6.5 Medium |
| Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/login.cgi username SQL Injection. For example, an attacker can delete the LOGINFAILEDTABLE table. | ||||
| CVE-2025-68915 | 1 Riello-ups | 1 Netman 208 | 2026-01-02 | 5.5 Medium |
| Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/loginbanner_w.cgi XSS via a crafted banner. | ||||
| CVE-2025-67108 | 1 Eprosima | 1 Fast Dds | 2026-01-02 | 10 Critical |
| eProsima Fast-DDS v3.3 was discovered to contain improper validation for ticket revocation, resulting in insecure communications and connections. | ||||
| CVE-2025-67164 | 1 Pagekit | 1 Pagekit | 2026-01-02 | 9.9 Critical |
| An authenticated arbitrary file upload vulnerability in the /storage/poc.php component of Pagekit CMS v1.0.18 allows attackers to execute arbitrary code via uploading a crafted PHP file. | ||||
| CVE-2025-67165 | 1 Pagekit | 1 Pagekit | 2026-01-02 | 9.8 Critical |
| An Insecure Direct Object Reference (IDOR) in Pagekit CMS v1.0.18 allows attackers to escalate privileges. | ||||
| CVE-2025-67285 | 2 Angeljudesuarez, Itsourcecode | 2 Covid Tracking System Using Qr-code, Covid Tracking System | 2026-01-02 | 7.3 High |
| A SQL injection vulnerability was found in the '/cts/admin/?page=zone' file of ITSourcecode COVID Tracking System Using QR-Code v1.0. The reason for this issue is that attackers inject malicious code from the parameter 'id' and use it directly in SQL queries without the need for appropriate cleaning or validation. | ||||
| CVE-2025-67289 | 1 Frappe | 2 Erpnext, Frappe | 2026-01-02 | 9.6 Critical |
| An arbitrary file upload vulnerability in the Attachments module of Frappe Framework v15.89.0 allows attackers to execute arbitrary code via uploading a crafted XML file. | ||||
| CVE-2025-67290 | 1 Dotnetfoundation | 1 Piranha Cms | 2026-01-02 | 6.1 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Page Settings module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Excerpt field. | ||||
| CVE-2025-67291 | 1 Dotnetfoundation | 1 Piranha Cms | 2026-01-02 | 6.1 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Media module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name field. | ||||
| CVE-2025-67418 | 2 Clipbucket, Oxygenz | 2 Clipbucket, Clipbucket | 2026-01-02 | 9.8 Critical |
| ClipBucket 5.5.2 is affected by an improper access control issue where the product is shipped or deployed with hardcoded default administrative credentials. An unauthenticated remote attacker can log in to the administrative panel using these default credentials, resulting in full administrative control of the application. | ||||
| CVE-2025-35002 | 2026-01-02 | N/A | ||
| This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. | ||||
| CVE-2025-35001 | 2026-01-02 | N/A | ||
| This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. | ||||
| CVE-2025-35000 | 2026-01-02 | N/A | ||
| This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. | ||||
| CVE-2025-34999 | 2026-01-02 | N/A | ||
| This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. | ||||
| CVE-2025-34998 | 2026-01-02 | N/A | ||
| This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. | ||||
| CVE-2025-34997 | 2026-01-02 | N/A | ||
| This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. | ||||
| CVE-2025-34996 | 2026-01-02 | N/A | ||
| This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. | ||||
| CVE-2025-34995 | 2026-01-02 | N/A | ||
| This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. | ||||
| CVE-2025-34994 | 2026-01-02 | N/A | ||
| This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. | ||||
| CVE-2025-34993 | 2026-01-02 | N/A | ||
| This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. | ||||