Search

Search Results (363449 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-31346 1 Oretnom23 1 Online Car Wash Booking System 2026-02-18 9.8 Critical
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_service.
CVE-2022-31347 1 Oretnom23 1 Online Car Wash Booking System 2026-02-18 9.8 Critical
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_vehicle.
CVE-2022-31348 1 Oretnom23 1 Online Car Wash Booking System 2026-02-18 9.8 Critical
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/bookings/update_status.php?id=.
CVE-2022-31350 1 Oretnom23 1 Online Car Wash Booking System 2026-02-18 9.8 Critical
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/vehicles/manage_vehicle.php?id=.
CVE-2022-31351 1 Oretnom23 1 Online Car Wash Booking System 2026-02-18 9.8 Critical
Online Car Wash Booking System v1.0 by oretnom23 has SQL injection via /ocwbs/admin/services/manage_price.php?id=.
CVE-2022-31352 1 Oretnom23 1 Online Car Wash Booking System 2026-02-18 9.8 Critical
Online Car Wash Booking System v1.0 by oretnom23 has SQL injection in /ocwbs/admin/services/manage_service.php?id=.
CVE-2022-31353 1 Oretnom23 1 Online Car Wash Booking System 2026-02-18 9.8 Critical
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/services/view_service.php?id=.
CVE-2022-31354 1 Oretnom23 1 Online Car Wash Booking System 2026-02-18 9.8 Critical
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=get_vehicle_service.
CVE-2023-1041 1 Oretnom23 1 Simple Responsive Tourism Website 2026-02-18 3.5 Low
A vulnerability, which was classified as problematic, was found in SourceCodester Simple Responsive Tourism Website 1.0. This affects an unknown part of the file /tourism/rate_review.php. The manipulation of the argument id with the input 1"><script>alert(1111)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221799.
CVE-2023-6546 3 Fedoraproject, Linux, Redhat 9 Fedora, Linux Kernel, Enterprise Linux and 6 more 2026-02-18 7 High
A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system.
CVE-2023-29130 1 Siemens 1 Simatic Cn 4100 Firmware 2026-02-18 9.9 Critical
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.5). Affected device consists of improper access controls in the configuration files that leads to privilege escalation. An attacker could gain admin access with this vulnerability leading to complete device control.
CVE-2023-29131 1 Siemens 1 Simatic Cn 4100 Firmware 2026-02-18 7.4 High
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.5). Affected device consists of an incorrect default value in the SSH configuration. This could allow an attacker to bypass network isolation.
CVE-2025-66624 1 Bacnetstack 1 Bacnet Stack 2026-02-18 7.5 High
BACnet Protocol Stack library provides a BACnet application layer, network layer and media access (MAC) layer communications services. Prior to 1.5.0.rc2, The npdu_is_expected_reply function in src/bacnet/npdu.c indexes request_pdu[offset+2/3/5] and reply_pdu[offset+1/2/4] without verifying that those APDU bytes exist. bacnet_npdu_decode() can return offset == 2 for a 2-byte NPDU, so tiny PDUs pass the version check and then get read out of bounds. On ASan/MPU/strict builds this is an immediate crash (DoS). On unprotected builds it is undefined behavior and can mis-route replies; RCE is unlikely because only reads occur, but DoS is reliable.
CVE-2023-39675 1 Myprestamodules 1 Product Catalog \(csv\, Excel\) Import 2026-02-18 9.8 Critical
SimpleImportProduct Prestashop Module v6.2.9 was discovered to contain a SQL injection vulnerability via the key parameter at send.php.
CVE-2023-39677 2 Myprestamodules, Updateproducts Project 2 Product Catalog \(csv\, Excel\) Import, Updateproducts 2026-02-18 7.5 High
MyPrestaModules Prestashop Module v6.2.9 and UpdateProducts Prestashop Module v3.6.9 were discovered to contain a PHPInfo information disclosure vulnerability via send.php.
CVE-2024-25846 1 Myprestamodules 2 Product Catalog \(csv\, Excel\) Import, Simpleimportproduct 2026-02-18 9.1 Critical
In the module "Product Catalog (CSV, Excel) Import" (simpleimportproduct) <= 6.7.0 from MyPrestaModules for PrestaShop, a guest can upload files with extensions .php.
CVE-2025-47911 2 Go, Golang 2 Html, Net 2026-02-18 5.3 Medium
The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.
CVE-2025-61917 1 N8n 1 N8n 2026-02-18 7.7 High
n8n is an open source workflow automation platform. From version 1.65.0 to before 1.114.3, the use of Buffer.allocUnsafe() and Buffer.allocUnsafeSlow() in the task runner allowed untrusted code to allocate uninitialized memory. Such uninitialized buffers could contain residual data from within the same Node.js process (for example, data from prior requests, tasks, secrets, or tokens), resulting in potential information disclosure. This issue has been patched in version 1.114.3.
CVE-2025-58190 2 Go, Golang 2 Html, Net 2026-02-18 5.3 Medium
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.
CVE-2025-13965 2026-02-18 N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-12500. Reason: This candidate is a reservation duplicate of CVE-2025-12500. Notes: All CVE users should reference CVE-2025-12500 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.