Export limit exceeded: 365319 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (365319 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-21636 1 Viewcomponent 1 View Component 2025-06-17 6.1 Medium
view_component is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. Versions prior to 3.9.0 and 2.83.0 have a cross-site scripting vulnerability that has the potential to impact anyone rendering a component directly from a controller with the view_component gem. Note that only components that define a `#call` method (i.e. instead of using a sidecar template) are affected. The return value of the `#call` method is not sanitized and can include user-defined content. In addition, the return value of the `#output_postamble` methodis not sanitized, which can also lead to cross-site scripting issues. Versions 3.9.0 and 2.83.0 have been released and fully mitigate both the `#call` and the `#output_postamble` vulnerabilities. As a workaround, sanitize the return value of `#call`.
CVE-2024-20809 1 Samsung 1 Nearby Device Scanning 2025-06-17 4 Medium
Improper access control vulnerability in Nearby device scanning prior version 11.1.14.7 allows local attacker to access data.
CVE-2024-20808 1 Samsung 1 Nearby Device Scanning 2025-06-17 4 Medium
Improper access control vulnerability in Nearby device scanning prior version 11.1.14.7 allows local attacker to access data.
CVE-2024-20806 1 Samsung 1 Android 2025-06-17 6.2 Medium
Improper access control in Notification service prior to SMR Jan-2024 Release 1 allows local attacker to access notification data.
CVE-2023-50867 1 Kashipara 1 Travel Website 2025-06-17 9.8 Critical
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the signupAction.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-50865 1 Kashipara 1 Travel Website 2025-06-17 9.8 Critical
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'city' parameter of the hotelSearch.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-50864 1 Kashipara 1 Travel Website 2025-06-17 9.8 Critical
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelId' parameter of the hotelDetails.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-50863 1 Kashipara 1 Travel Website 2025-06-17 9.8 Critical
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the generateReceipt.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-50862 1 Kashipara 1 Travel Website 2025-06-17 9.8 Critical
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the booking.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-49665 1 Kashipara 1 Billing Software 2025-06-17 9.8 Critical
Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'quantity[]' parameter of the submit_delivery_list.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-49658 1 Kashipara 1 Billing Software 2025-06-17 9.8 Critical
Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'bank_details' parameter of the party_submit.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-49639 1 Kashipara 1 Billing Software 2025-06-17 9.8 Critical
Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'customer_details' parameter of the buyer_invoice_submit.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-49633 1 Kashipara 1 Billing Software 2025-06-17 9.8 Critical
Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'buyer_address' parameter of the buyer_detail_submit.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-49625 1 Kashipara 1 Billing Software 2025-06-17 9.8 Critical
Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the partylist_edit_submit.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-49624 1 Kashipara 1 Billing Software 2025-06-17 9.8 Critical
Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'cancelid' parameter of the material_bill.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-49622 1 Kashipara 1 Billing Software 2025-06-17 9.8 Critical
Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'itemnameid' parameter of the material_bill.php?action=itemRelation resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2021-42028 1 Siemens-healthineers 1 Syngo Fastview 2025-06-17 7.8 High
A vulnerability has been identified in syngo fastView (All versions). The affected application lacks proper validation of user-supplied data when parsing BMP files. This could result in an out-of-bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-14860)
CVE-2021-40367 1 Siemens-healthineers 1 Syngo Fastview 2025-06-17 7.8 High
A vulnerability has been identified in syngo fastView (All versions). The affected application lacks proper validation of user-supplied data when parsing DICOM files. This could result in an out-of-bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15097)
CVE-2023-52313 1 Paddlepaddle 1 Paddlepaddle 2025-06-17 4.7 Medium
FPE in paddle.argmin and paddle.argmax in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
CVE-2023-52311 1 Paddlepaddle 1 Paddlepaddle 2025-06-17 9.6 Critical
PaddlePaddle before 2.6.0 has a command injection in _wget_download. This resulted in the ability to execute arbitrary commands on the operating system.