Search

Search Results (364917 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-45830 1 Analytify 1 Analytify - Google Analytics Dashboard 2025-06-05 6.5 Medium
Missing Authorization vulnerability in Analytify.This issue affects Analytify: from n/a through 4.2.3.
CVE-2024-11357 1 Goodlayers 1 Goodlayers Core 2025-06-05 5.9 Medium
The goodlayers-core WordPress plugin before 2.0.10 does not sanitise and escape some of its settings, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVE-2024-56175 1 Optimizely 1 Configured Commerce 2025-06-05 6.1 Medium
In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from client-side template injection in list item names.
CVE-2024-56174 1 Optimizely 1 Configured Commerce 2025-06-05 8.1 High
In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from client-side template injection in search history.
CVE-2024-56173 1 Optimizely 1 Configured Commerce 2025-06-05 4.7 Medium
In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from JavaScript in an SVG document.
CVE-2024-55660 1 B3log 1 Siyuan 2025-06-05 9.8 Critical
SiYuan is a personal knowledge management system. Prior to version 3.1.16, SiYuan's `/api/template/renderSprig` endpoint is vulnerable to Server-Side Template Injection (SSTI) through the Sprig template engine. Although the engine has limitations, it allows attackers to access environment variables. Version 3.1.16 contains a patch for the issue.
CVE-2024-55659 1 B3log 1 Siyuan 2025-06-05 5.4 Medium
SiYuan is a personal knowledge management system. Prior to version 3.1.16, the `/api/asset/upload` endpoint in Siyuan is vulnerable to both arbitrary file write to the host and stored cross-site scripting (via the file write). Version 3.1.16 contains a patch for the issue.
CVE-2024-55658 1 B3log 1 Siyuan 2025-06-05 7.5 High
SiYuan is a personal knowledge management system. Prior to version 3.1.16, SiYuan's /api/export/exportResources endpoint is vulnerable to arbitary file read via path traversal. It is possible to manipulate the paths parameter to access and download arbitrary files from the host system by traversing the workspace directory structure. Version 3.1.16 contains a patch for the issue.
CVE-2024-55657 1 B3log 1 Siyuan 2025-06-05 7.5 High
SiYuan is a personal knowledge management system. Prior to version 3.1.16, an arbitrary file read vulnerability exists in Siyuan's `/api/template/render` endpoint. The absence of proper validation on the path parameter allows attackers to access sensitive files on the host system. Version 3.1.16 contains a patch for the issue.
CVE-2024-1009 1 Employee Management System Project 1 Employee Management System 2025-06-05 7.3 High
A vulnerability was found in SourceCodester Employee Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Admin/login.php. The manipulation of the argument txtusername leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252278 is the identifier assigned to this vulnerability.
CVE-2024-42552 1 Vaibhavverma9999 1 Hotel Management System 2025-06-05 8.6 High
Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the book_id parameter at admin_room_history.php.
CVE-2024-42553 1 Vaibhavverma9999 1 Hotel Management System 2025-06-05 8.8 High
A Cross-Site Request Forgery (CSRF) in the component admin_room_added.php of Hotel Management System commit 91caab8 allows attackers to escalate privileges.
CVE-2024-42554 2 Hotel Management System Project, Vaibhavverma9999 2 Hotel Management System, Hotel Management System 2025-06-05 8.8 High
Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the room_type parameter at admin_room_added.php.
CVE-2024-42555 1 Vaibhavverma9999 1 Hotel Management System 2025-06-05 8.8 High
A Cross-Site Request Forgery (CSRF) in the component admin_room_removed.php of Hotel Management System commit 91caab8 allows attackers to escalate privileges.
CVE-2024-42556 1 Vaibhavverma9999 1 Hotel Management System 2025-06-05 9.8 Critical
Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the room_type parameter at admin_room_removed.php.
CVE-2024-42557 1 Vaibhavverma9999 1 Hotel Management System 2025-06-05 8.8 High
A Cross-Site Request Forgery (CSRF) in the component admin_modify_room.php of Hotel Management System commit 91caab8 allows attackers to escalate privileges.
CVE-2024-42558 1 Vaibhavverma9999 1 Hotel Management System 2025-06-05 9.8 Critical
Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the book_id parameter at admin_modify_room.php.
CVE-2024-42560 1 Varunsardana004 1 Blood Bank And Donation Management System 2025-06-05 6.1 Medium
A cross-site scripting (XSS) vulnerability in the component update_page_details.php of Blood Bank And Donation Management System commit dc9e039 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page Details parameter.
CVE-2024-42561 2 Krishna9772, Pharmacy Management System Project 2 Pharmacy Management System, Pharmacy Management System 2025-06-05 8.8 High
Pharmacy Management System commit a2efc8 was discovered to contain a SQL injection vulnerability via the invoice_number parameter at sales_report.php.
CVE-2024-42562 1 Krishna9772 1 Pharmacy Management System 2025-06-05 9.8 Critical
Pharmacy Management System commit a2efc8 was discovered to contain a SQL injection vulnerability via the invoice_number parameter at preview.php.