Search

Search Results (363866 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-28494 2 Codepeople, Wordpress 2 Contact Form Email, Wordpress 2025-07-12 4.3 Medium
Missing Authorization vulnerability in CodePeople Contact Form Email allows Functionality Misuse.This issue affects Contact Form Email: from n/a through 1.3.31.
CVE-2024-54094 1 Siemens 1 Solid Edge Se2024 2025-07-12 7.8 High
A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 5). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.
CVE-2025-0336 1 Codezips 1 Project Management System 2025-07-12 6.3 Medium
A vulnerability was found in Codezips Project Management System 1.0. It has been classified as critical. This affects an unknown part of the file /pages/forms/teacher.php. The manipulation of the argument name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-0340 1 Code-projects 1 Cinema Seat Reservation System 2025-07-12 7.3 High
A vulnerability classified as critical was found in code-projects Cinema Seat Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/deleteBooking.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-0346 1 Code-projects 1 Content Management System 2025-07-12 4.7 Medium
A vulnerability was found in code-projects Content Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/publishnews.php of the component Publish News Page. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-0484 1 Fanli2012 1 Native-php-cms 2025-07-12 7.3 High
A vulnerability was found in Fanli2012 native-php-cms 1.0 and classified as critical. This issue affects some unknown processing of the file /fladmin/sysconfig_doedit.php of the component Backend. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-0485 1 Fanli2012 1 Native-php-cms 2025-07-12 3.5 Low
A vulnerability was found in Fanli2012 native-php-cms 1.0. It has been classified as problematic. Affected is an unknown function of the file /fladmin/sysconfig_doedit.php. The manipulation of the argument info leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-0487 1 Fanli2012 1 Native-php-cms 2025-07-12 6.3 Medium
A vulnerability was found in Fanli2012 native-php-cms 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /fladmin/cat_edit.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-0581 1 Campcodes 1 School Management Software 2025-07-12 3.5 Low
A vulnerability classified as problematic has been found in CampCodes School Management Software 1.0. This affects an unknown part of the file /chat/group/send of the component Chat History. The manipulation of the argument message leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-0710 1 Campcodes 1 School Management Software 2025-07-12 3.5 Low
A vulnerability classified as problematic has been found in CampCodes School Management Software 1.0. Affected is an unknown function of the file /notice-list of the component Notice Board Page. The manipulation of the argument Notice leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-1149 1 Gnu 1 Binutils 2025-07-12 3.1 Low
A vulnerability was found in GNU Binutils 2.43. It has been classified as problematic. This affects the function xstrdup of the file libiberty/xmalloc.c of the component ld. The manipulation leads to memory leak. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master."
CVE-2025-1152 1 Gnu 1 Binutils 2025-07-12 3.1 Low
A vulnerability classified as problematic has been found in GNU Binutils 2.43. Affected is the function xstrdup of the file xstrdup.c of the component ld. The manipulation leads to memory leak. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master."
CVE-2025-1339 1 Totolink 1 X18 2025-07-12 6.3 Medium
A vulnerability was found in TOTOLINK X18 9.1.0cu.2024_B20220329. It has been rated as critical. This issue affects the function setL2tpdConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-1579 1 Code-projects 1 Blood Bank System 2025-07-12 2.4 Low
A vulnerability was found in code-projects Blood Bank System 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/user.php. The manipulation of the argument email leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
CVE-2025-1582 1 Phpgurukul 1 Online Nurse Hiring System 2025-07-12 6.3 Medium
A vulnerability was found in PHPGurukul Online Nurse Hiring System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/all-request.php. The manipulation of the argument viewid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-1675 1 Zephyrproject-rtos 1 Zephyr 2025-07-12 8.2 High
The function dns_copy_qname in dns_pack.c performs performs a memcpy operation with an untrusted field and does not check if the source buffer is large enough to contain the copied data.
CVE-2025-1814 1 Tenda 1 Ac6 2025-07-12 8.8 High
A vulnerability, which was classified as critical, has been found in Tenda AC6 15.03.05.16. Affected by this issue is some unknown functionality of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-1853 1 Tenda 1 Ac8 2025-07-12 8.8 High
A vulnerability was found in Tenda AC8 16.03.34.06 and classified as critical. This issue affects the function sub_49E098 of the file /goform/SetIpMacBind of the component Parameter Handler. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-1859 1 Phpgurukul 1 News Portal 2025-07-12 7.3 High
A vulnerability, which was classified as critical, has been found in PHPGurukul News Portal 4.1. This issue affects some unknown processing of the file /login.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-1880 1 I-drive 2 I11, I12 2025-07-12 2 Low
A vulnerability was found in i-Drive i11 and i12 up to 20250227. It has been classified as problematic. Affected is an unknown function of the component Device Pairing. The manipulation leads to authentication bypass by primary weakness. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitability is told to be difficult. It was not possible to identify the current maintainer of the product. It must be assumed that the product is end-of-life.