Search

Search Results (364787 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-40686 1 Oretnom23 1 Human Resource Management System 2025-08-04 6.1 Medium
Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the 'employeeid' parameter in/detailview.php.
CVE-2025-40685 1 Oretnom23 1 Human Resource Management System 2025-08-04 6.1 Medium
Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the 'searcstate' parameter in/state.php.
CVE-2025-40684 1 Oretnom23 1 Human Resource Management System 2025-08-04 6.1 Medium
Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the 'searccountry' parameter in/country.php.
CVE-2025-40683 1 Oretnom23 1 Human Resource Management System 2025-08-04 6.1 Medium
Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the 'searccity' parameter in /city.php.
CVE-2025-40682 1 Oretnom23 1 Human Resource Management System 2025-08-04 9.8 Critical
SQL injection vulnerability in Human Resource Management System version 1.0, which allows an attacker to retrieve, create, update and delete databases via the “city” and “state” parameters in the /controller/ccity.php endpoint.
CVE-2018-18748 1 Sandboxie-plus 1 Sandboxie 2025-08-04 N/A
Sandboxie 5.26 allows a Sandbox Escape via an "import os" statement, followed by os.system("cmd") or os.system("powershell"), within a .py file. NOTE: the vendor disputes this issue because the observed behavior is consistent with the product's intended functionality
CVE-2024-52538 1 Dell 2 Avamar Data Store, Avamar Server 2025-08-04 7.6 High
Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.
CVE-2024-47977 1 Dell 2 Avamar Data Store, Avamar Server 2025-08-04 7.1 High
Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.
CVE-2024-47484 1 Dell 2 Avamar Data Store, Avamar Server 2025-08-04 8.2 High
Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Command execution.
CVE-2024-5463 1 Synology 4 Bc500, Bc500 Firmware, Tc500 and 1 more 2025-08-04 6.5 Medium
A vulnerability regarding buffer copy without checking the size of input ('Classic Buffer Overflow') has been found in the login component. This allows remote attackers to write specific files containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors. This attack only affects the login service which will automatically restart. The following models with Synology Camera Firmware versions before 1.1.1-0383 may be affected: BC500 and TC500.
CVE-2024-29227 1 Synology 2 Diskstation Manager, Surveillance Station 2025-08-04 5.4 Medium
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Layout.LayoutSave webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to read database containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.
CVE-2024-29230 1 Synology 2 Diskstation Manager, Surveillance Station 2025-08-04 5.4 Medium
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in SnapShot.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to read database containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.
CVE-2024-29232 1 Synology 2 Diskstation Manager, Surveillance Station 2025-08-04 5.4 Medium
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Alert.Enum webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.
CVE-2024-29233 1 Synology 2 Diskstation Manager, Surveillance Station 2025-08-04 5.4 Medium
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Emap.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to read database containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.
CVE-2024-29234 1 Synology 2 Diskstation Manager, Surveillance Station 2025-08-04 5.4 Medium
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Group.Save webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.
CVE-2024-29235 1 Synology 2 Diskstation Manager, Surveillance Station 2025-08-04 5.4 Medium
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in IOModule.EnumLog webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.
CVE-2024-29236 1 Synology 2 Diskstation Manager, Surveillance Station 2025-08-04 5.4 Medium
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in AudioPattern.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to read database containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.
CVE-2024-29237 1 Synology 2 Diskstation Manager, Surveillance Station 2025-08-04 5.4 Medium
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in ActionRule.Delete webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.
CVE-2024-29238 1 Synology 2 Diskstation Manager, Surveillance Station 2025-08-04 5.4 Medium
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to read database containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.
CVE-2024-29239 1 Synology 2 Diskstation Manager, Surveillance Station 2025-08-04 5.4 Medium
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Recording.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.