Export limit exceeded: 367102 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 367102 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (367102 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-7593 1 Anisha 1 Job Diary 2025-09-29 7.3 High
A vulnerability was found in code-projects Job Diary 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /view-all.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-2564 1 Mattermost 2 Mattermost, Mattermost Server 2025-09-29 4.3 Medium
Mattermost versions 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, 9.11.x <= 9.11.9 fail to properly enforce the 'Allow users to view/update archived channels' System Console setting, which allows authenticated users to view members and member information of archived channels even when this setting is disabled.
CVE-2025-35965 1 Mattermost 2 Mattermost, Mattermost Server 2025-09-29 6.5 Medium
Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11.10 fail to validate the uniqueness and quantity of task actions within the UpdateRunTaskActions GraphQL operation, which allows an attacker to create task items containing an excessive number of actions triggered by specific posts, overloading the server and leading to a denial-of-service (DoS) condition.
CVE-2025-7559 1 Phpgurukul 1 Online Fire Reporting System 2025-09-29 6.3 Medium
A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2. It has been classified as critical. This affects an unknown part of the file /admin/bwdates-report-result.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-7221 1 Oretnom23 1 School Log Management System 2025-09-29 6.3 Medium
A vulnerability was determined in SourceCodester/Campcodes School Log Management System 1.0. This affects an unknown part of the file /admin/manage_user.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.
CVE-2024-7220 2 Oretnom23, Sourcecodester 2 School Log Management System, School Log Management System 2025-09-29 6.3 Medium
A vulnerability was found in SourceCodester/Campcodes School Log Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/print_barcode.php. The manipulation of the argument tbl results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used.
CVE-2024-7219 2 Oretnom23, Sourcecodester 2 School Log Management System, School Log Management System 2025-09-29 7.3 High
A vulnerability has been found in SourceCodester/Campcodes School Log Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=login. The manipulation of the argument Username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-7218 2 Oretnom23, Sourcecodester 2 School Log Management System, School Log Management System 2025-09-29 3.5 Low
A flaw has been found in SourceCodester/Campcodes School Log Management System 1.0. Affected is an unknown function of the file /admin/ajax.php?action=save_student. Executing manipulation of the argument Name can lead to cross site scripting. The attack may be performed from remote. The exploit has been published and may be used.
CVE-2025-41423 1 Mattermost 2 Mattermost Server, Playbooks 2025-09-29 3.1 Low
Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11.10 fail to properly validate permissions for the API endpoint /plugins/playbooks/api/v0/signal/keywords/ignore-thread, allowing any user or attacker to delete posts containing actions created by the Playbooks bot, even without channel access or appropriate permissions.
CVE-2025-3446 1 Mattermost 2 Mattermost, Mattermost Server 2025-09-29 4.3 Medium
Mattermost versions 10.6.x <= 10.6.1, 10.5.x <= 10.5.2, 10.4.x <= 10.4.4, 9.11.x <= 9.11.11 fail to check the correct permissions which allows authenticated users who only have permission to invite non-guest users to a team to add guest users to that team via the API to add a single user to a team.
CVE-2025-11150 2025-09-29 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2024-4080 1 Ni 1 Labview 2025-09-29 7.8 High
A memory corruption issue due to an improper length check in LabVIEW tdcore.dll may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions.
CVE-2022-50345 1 Linux 1 Linux Kernel 2025-09-29 7.0 High
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-56752 1 Ruijie 41 Rg-es, Rg-es205gc, Rg-es205gc-p and 38 more 2025-09-29 9.4 Critical
A vulnerability in the Ruijie RG-ES series switch firmware ESW_1.0(1)B1P39 enables remote attackers to fully bypass authentication mechanisms, providing them with unrestricted access to alter administrative settings and potentially seize control of affected devices via crafted HTTP POST request to /user.cgi.
CVE-2025-36193 1 Ibm 1 Transformation Advisor 2025-09-29 8.4 High
IBM Transformation Advisor 2.0.1 through 4.3.1 incorrectly assigns privileges to security critical files which could allow a local root escalation inside a container running the IBM Transformation Advisor Operator Catalog image.
CVE-2022-48767 1 Linux 1 Linux Kernel 2025-09-29 5.3 Medium
In the Linux kernel, the following vulnerability has been resolved: ceph: properly put ceph_string reference after async create attempt The reference acquired by try_prep_async_create is currently leaked. Ensure we put it.
CVE-2025-9934 1 Totolink 2 X5000r, X5000r Firmware 2025-09-29 6.3 Medium
A vulnerability was found in TOTOLINK X5000R 9.1.0cu.2415_B20250515. This affects the function sub_410C34 of the file /cgi-bin/cstecgi.cgi. Performing manipulation of the argument pid results in command injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used.
CVE-2025-9935 1 Totolink 2 N600r, N600r Firmware 2025-09-29 7.3 High
A vulnerability was determined in TOTOLINK N600R 4.3.0cu.7866_B20220506. This vulnerability affects the function sub_4159F8 of the file /web_cste/cgi-bin/cstecgi.cgi. Executing manipulation can lead to command injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.
CVE-2025-9938 2 D-link, Dlink 3 Di-8400, Di-8400, Di-8400 Firmware 2025-09-29 8.8 High
A weakness has been identified in D-Link DI-8400 16.07.26A1. The affected element is the function yyxz_dlink_asp of the file /yyxz.asp. This manipulation of the argument ID causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited.
CVE-2025-10034 2 D-link, Dlink 3 Dir-825, Dir-825, Dir-825 Firmware 2025-09-29 8.8 High
A vulnerability was found in D-Link DIR-825 1.08.01. This impacts the function get_ping6_app_stat of the file ping6_response.cg of the component httpd. Performing manipulation of the argument ping6_ipaddr results in buffer overflow. It is possible to initiate the attack remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.