Export limit exceeded: 364918 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364918 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-37173 | 2 Avideo, Wwbn | 2 Avideo Platform, Avideo | 2026-02-18 | 7.5 High |
| AVideo Platform 8.1 contains an information disclosure vulnerability that allows attackers to enumerate user details through the playlistsFromUser.json.php endpoint. Attackers can retrieve sensitive user information including email, password hash, and administrative status by manipulating the users_id parameter. | ||||
| CVE-2025-13867 | 1 Ibm | 1 Db2 | 2026-02-18 | 6.5 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic | ||||
| CVE-2025-14689 | 1 Ibm | 1 Db2 | 2026-02-18 | 6.5 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 12.1.0 through 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic with federated objects. | ||||
| CVE-2025-36247 | 1 Ibm | 1 Db2 | 2026-02-18 | 7.1 High |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. | ||||
| CVE-2025-36425 | 1 Ibm | 1 Db2 | 2026-02-18 | 5.3 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 could allow an authenticated user to obtain sensitive information under specific HADR configuration. | ||||
| CVE-2025-53000 | 2 Jupyter, Microsoft | 2 Nbconvert, Windows | 2026-02-18 | 7.8 High |
| The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions of nbconvert up to and including 7.16.6 on Windows have a vulnerability in which converting a notebook containing SVG output to a PDF results in unauthorized code execution. Specifically, a third party can create a `inkscape.bat` file that defines a Windows batch script, capable of arbitrary code execution. When a user runs `jupyter nbconvert --to pdf` on a notebook containing SVG output to a PDF on a Windows platform from this directory, the `inkscape.bat` file is run unexpectedly. This issue has been patched in version 7.17.0. | ||||
| CVE-2023-33951 | 2 Linux, Redhat | 5 Linux Kernel, Enterprise Linux, Enterprise Linux For Real Time and 2 more | 2026-02-18 | 6.7 Medium |
| A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of GEM objects. The issue results from improper locking when performing operations on an object. This flaw allows a local privileged user to disclose information in the context of the kernel. | ||||
| CVE-2022-31342 | 1 Oretnom23 | 1 Online Car Wash Booking System | 2026-02-18 | 6.5 Medium |
| Online Car Wash Booking System v1.0 is vulnerable to Delete any file via /ocwbs/classes/Master.php?f=delete_img. | ||||
| CVE-2022-31343 | 1 Oretnom23 | 1 Online Car Wash Booking System | 2026-02-18 | 9.8 Critical |
| Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/?page=bookings/view_details&id=. | ||||
| CVE-2022-31344 | 1 Oretnom23 | 1 Online Car Wash Booking System | 2026-02-18 | 9.8 Critical |
| Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_booking. | ||||
| CVE-2022-31345 | 1 Oretnom23 | 1 Online Car Wash Booking System | 2026-02-18 | 9.8 Critical |
| Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/?page=user/manage_user&id=. | ||||
| CVE-2022-31346 | 1 Oretnom23 | 1 Online Car Wash Booking System | 2026-02-18 | 9.8 Critical |
| Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_service. | ||||
| CVE-2022-31347 | 1 Oretnom23 | 1 Online Car Wash Booking System | 2026-02-18 | 9.8 Critical |
| Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_vehicle. | ||||
| CVE-2022-31348 | 1 Oretnom23 | 1 Online Car Wash Booking System | 2026-02-18 | 9.8 Critical |
| Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/bookings/update_status.php?id=. | ||||
| CVE-2022-31350 | 1 Oretnom23 | 1 Online Car Wash Booking System | 2026-02-18 | 9.8 Critical |
| Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/vehicles/manage_vehicle.php?id=. | ||||
| CVE-2022-31351 | 1 Oretnom23 | 1 Online Car Wash Booking System | 2026-02-18 | 9.8 Critical |
| Online Car Wash Booking System v1.0 by oretnom23 has SQL injection via /ocwbs/admin/services/manage_price.php?id=. | ||||
| CVE-2022-31352 | 1 Oretnom23 | 1 Online Car Wash Booking System | 2026-02-18 | 9.8 Critical |
| Online Car Wash Booking System v1.0 by oretnom23 has SQL injection in /ocwbs/admin/services/manage_service.php?id=. | ||||
| CVE-2022-31353 | 1 Oretnom23 | 1 Online Car Wash Booking System | 2026-02-18 | 9.8 Critical |
| Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/services/view_service.php?id=. | ||||
| CVE-2022-31354 | 1 Oretnom23 | 1 Online Car Wash Booking System | 2026-02-18 | 9.8 Critical |
| Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=get_vehicle_service. | ||||
| CVE-2023-1041 | 1 Oretnom23 | 1 Simple Responsive Tourism Website | 2026-02-18 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in SourceCodester Simple Responsive Tourism Website 1.0. This affects an unknown part of the file /tourism/rate_review.php. The manipulation of the argument id with the input 1"><script>alert(1111)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221799. | ||||