Export limit exceeded: 364918 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364918 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-37173 2 Avideo, Wwbn 2 Avideo Platform, Avideo 2026-02-18 7.5 High
AVideo Platform 8.1 contains an information disclosure vulnerability that allows attackers to enumerate user details through the playlistsFromUser.json.php endpoint. Attackers can retrieve sensitive user information including email, password hash, and administrative status by manipulating the users_id parameter.
CVE-2025-13867 1 Ibm 1 Db2 2026-02-18 6.5 Medium
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic
CVE-2025-14689 1 Ibm 1 Db2 2026-02-18 6.5 Medium
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 12.1.0 through 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic with federated objects.
CVE-2025-36247 1 Ibm 1 Db2 2026-02-18 7.1 High
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
CVE-2025-36425 1 Ibm 1 Db2 2026-02-18 5.3 Medium
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 could allow an authenticated user to obtain sensitive information under specific HADR configuration.
CVE-2025-53000 2 Jupyter, Microsoft 2 Nbconvert, Windows 2026-02-18 7.8 High
The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions of nbconvert up to and including 7.16.6 on Windows have a vulnerability in which converting a notebook containing SVG output to a PDF results in unauthorized code execution. Specifically, a third party can create a `inkscape.bat` file that defines a Windows batch script, capable of arbitrary code execution. When a user runs `jupyter nbconvert --to pdf` on a notebook containing SVG output to a PDF on a Windows platform from this directory, the `inkscape.bat` file is run unexpectedly. This issue has been patched in version 7.17.0.
CVE-2023-33951 2 Linux, Redhat 5 Linux Kernel, Enterprise Linux, Enterprise Linux For Real Time and 2 more 2026-02-18 6.7 Medium
A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of GEM objects. The issue results from improper locking when performing operations on an object. This flaw allows a local privileged user to disclose information in the context of the kernel.
CVE-2022-31342 1 Oretnom23 1 Online Car Wash Booking System 2026-02-18 6.5 Medium
Online Car Wash Booking System v1.0 is vulnerable to Delete any file via /ocwbs/classes/Master.php?f=delete_img.
CVE-2022-31343 1 Oretnom23 1 Online Car Wash Booking System 2026-02-18 9.8 Critical
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/?page=bookings/view_details&id=.
CVE-2022-31344 1 Oretnom23 1 Online Car Wash Booking System 2026-02-18 9.8 Critical
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_booking.
CVE-2022-31345 1 Oretnom23 1 Online Car Wash Booking System 2026-02-18 9.8 Critical
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/?page=user/manage_user&id=.
CVE-2022-31346 1 Oretnom23 1 Online Car Wash Booking System 2026-02-18 9.8 Critical
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_service.
CVE-2022-31347 1 Oretnom23 1 Online Car Wash Booking System 2026-02-18 9.8 Critical
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_vehicle.
CVE-2022-31348 1 Oretnom23 1 Online Car Wash Booking System 2026-02-18 9.8 Critical
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/bookings/update_status.php?id=.
CVE-2022-31350 1 Oretnom23 1 Online Car Wash Booking System 2026-02-18 9.8 Critical
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/vehicles/manage_vehicle.php?id=.
CVE-2022-31351 1 Oretnom23 1 Online Car Wash Booking System 2026-02-18 9.8 Critical
Online Car Wash Booking System v1.0 by oretnom23 has SQL injection via /ocwbs/admin/services/manage_price.php?id=.
CVE-2022-31352 1 Oretnom23 1 Online Car Wash Booking System 2026-02-18 9.8 Critical
Online Car Wash Booking System v1.0 by oretnom23 has SQL injection in /ocwbs/admin/services/manage_service.php?id=.
CVE-2022-31353 1 Oretnom23 1 Online Car Wash Booking System 2026-02-18 9.8 Critical
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/services/view_service.php?id=.
CVE-2022-31354 1 Oretnom23 1 Online Car Wash Booking System 2026-02-18 9.8 Critical
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=get_vehicle_service.
CVE-2023-1041 1 Oretnom23 1 Simple Responsive Tourism Website 2026-02-18 3.5 Low
A vulnerability, which was classified as problematic, was found in SourceCodester Simple Responsive Tourism Website 1.0. This affects an unknown part of the file /tourism/rate_review.php. The manipulation of the argument id with the input 1"><script>alert(1111)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221799.