Search

Search Results (366900 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-10811 2 Angeljudesuarez, Code-projects 2 Hostel Management System, Hotel Management System 2025-09-25 7.3 High
A flaw has been found in code-projects Hostel Management System 1.0. This affects an unknown function of the file /justines/admin/mod_comments/index.php?view=view. Executing manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used.
CVE-2025-53910 1 Mattermost 2 Confluence, Mattermost 2025-09-25 4 Medium
Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to create a channel subscription without proper access to the channel via API call to the edit channel subscription endpoint.
CVE-2025-53857 1 Mattermost 2 Confluence, Mattermost 2025-09-25 3.7 Low
Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to get channel subscription details without proper access to the channel via API call to the GET autocomplete/GetChannelSubscriptions endpoint.
CVE-2025-53514 1 Mattermost 2 Confluence, Mattermost 2025-09-25 5.9 Medium
Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to server webhook endpoint with an invalid request body.
CVE-2025-48731 1 Mattermost 2 Confluence, Mattermost 2025-09-25 6.4 Medium
Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the Confluence space which allows attackers to edit a subscription for a Confluence space the user does not have access for via edit subscription endpoint.
CVE-2025-44004 1 Mattermost 2 Confluence, Mattermost 2025-09-25 7.2 High
Mattermost Confluence Plugin version <1.5.0 fails to check the authorization of the user to the Mattermost instance which allows attackers to create a channel subscription without proper authorization via API call to the create channel subscription endpoint.
CVE-2025-47328 1 Qualcomm 135 Fastconnect 7800, Fastconnect 7800 Firmware, Immersive Home 3210 Platform and 132 more 2025-09-25 7.5 High
Transient DOS while processing power control requests with invalid antenna or stream values.
CVE-2025-47326 1 Qualcomm 241 Ar8035, Ar8035 Firmware, Csr8811 and 238 more 2025-09-25 7.5 High
Transient DOS while handling command data during power control processing.
CVE-2024-23198 1 Intel 14 Killer, Killer Wi-fi 6 Ax1650, Killer Wi-fi 6e Ax1675 and 11 more 2025-09-25 6.6 Medium
Improper input validation in firmware for some Intel(R) PROSet/Wireless Software and Intel(R) Killer(TM) Wi-Fi products before version 23.40 may allow an unauthenticated user to enable denial of service via adjacent access.
CVE-2025-58319 2 Delta Electronics, Deltaww 2 Cncsoft-g2, Cncsoft-g2 2025-09-25 7.8 High
Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.
CVE-2023-3891 1 Lapce 1 Lapce 2025-09-25 7.3 High
Race condition in Lapce v0.2.8 allows an attacker to elevate privileges on the system
CVE-2014-0789 1 Schneider-electric 5 Opc Factory Server Tlxcdlfofs, Opc Factory Server Tlxcdltofs, Opc Factory Server Tlxcdluofs and 2 more 2025-09-25 N/A
Multiple buffer overflows in the OPC Automation 2.0 Server Object ActiveX control in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 3.5 and earlier, TLXCDSTOFS33 3.5 and earlier, TLXCDLUOFS33 3.5 and earlier, TLXCDLTOFS33 3.5 and earlier, and TLXCDLFOFS33 3.5 and earlier allow remote attackers to cause a denial of service via long arguments to unspecified functions.
CVE-2014-0787 1 Wellintech 1 Kingscada 2025-09-25 N/A
Stack-based buffer overflow in WellinTech KingSCADA before 3.1.2.13 allows remote attackers to execute arbitrary code via a crafted packet.
CVE-2014-0784 1 Yokogawa 1 Centum Cs 3000 2025-09-25 N/A
Stack-based buffer overflow in BKBCopyD.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via a crafted TCP packet.
CVE-2014-0783 1 Yokogawa 1 Centum Cs 3000 2025-09-25 N/A
Stack-based buffer overflow in BKHOdeq.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via a crafted TCP packet.
CVE-2014-0782 1 Yokogawa 15 B\/m9000 Vp, B\/m9000 Vp Software, B\/m9000cs and 12 more 2025-09-25 N/A
Stack-based buffer overflow in BKESimmgr.exe in the Expanded Test Functions package in Yokogawa CENTUM CS 1000, CENTUM CS 3000 Entry Class R3.09.50 and earlier, CENTUM VP R5.03.00 and earlier, CENTUM VP Entry Class R5.03.00 and earlier, Exaopc R3.71.02 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier allows remote attackers to execute arbitrary code via a crafted packet.
CVE-2014-0781 1 Yokogawa 1 Centum Cs 3000 2025-09-25 N/A
Heap-based buffer overflow in BKCLogSvr.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via crafted UDP packets.
CVE-2025-10817 1 Campcodes 1 Online Learning Management System 2025-09-25 7.3 High
A weakness has been identified in Campcodes Online Learning Management System 1.0. This vulnerability affects unknown code of the file /admin/admin_user.php. Executing manipulation of the argument firstname can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be exploited.
CVE-2025-10825 1 Campcodes 2 Complete Online Beauty Parlor Management System, Online Beauty Parlor Management System 2025-09-25 6.3 Medium
A vulnerability was identified in Campcodes Online Beauty Parlor Management System 1.0. Affected is an unknown function of the file /admin/view-appointment.php. The manipulation of the argument viewid leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be used.
CVE-2025-10826 1 Campcodes 2 Complete Online Beauty Parlor Management System, Online Beauty Parlor Management System 2025-09-25 6.3 Medium
A security flaw has been discovered in Campcodes Online Beauty Parlor Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/sales-reports-detail.php. The manipulation of the argument fromdate/todate results in sql injection. The attack can be launched remotely. The exploit has been released to the public and may be exploited.