Search

Search Results (364917 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-42563 1 Jerryhanjj 1 Erp 2025-06-05 9.8 Critical
An arbitrary file upload vulnerability in ERP commit 44bd04 allows attackers to execute arbitrary code via uploading a crafted HTML file.
CVE-2024-42569 1 Arajajyothibabu 1 School Management System 2025-06-05 9.8 Critical
School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at paidclass.php.
CVE-2024-42571 2 Arajajyothibabu, School Management System Project 2 School Management System, School Management System 2025-06-05 9.8 Critical
School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at insertattendance.php.
CVE-2024-20697 1 Microsoft 3 Windows 11 22h2, Windows 11 23h2, Windows Server 2022 23h2 2025-06-05 7.3 High
Windows libarchive Remote Code Execution Vulnerability
CVE-2024-22705 1 Linux 1 Linux Kernel 2025-06-05 7.8 High
An issue was discovered in ksmbd in the Linux kernel before 6.6.10. smb2_get_data_area_len in fs/smb/server/smb2misc.c can cause an smb_strndup_from_utf16 out-of-bounds access because the relationship between Name data and CreateContexts data is mishandled.
CVE-2025-5074 1 Freefloat 1 Ftp Server 2025-06-05 7.3 High
A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. Affected is an unknown function of the component PROMPT Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-5073 1 Freefloat 1 Ftp Server 2025-06-05 7.3 High
A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. This issue affects some unknown processing of the component MKDIR Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-21727 1 Digital-peak 2 Dp Calendar For Joomla, Dpcalendar 2025-06-05 6.1 Medium
XSS vulnerability in DP Calendar component for Joomla.
CVE-2024-9277 1 Langflow 1 Langflow 2025-06-05 3.5 Low
A vulnerability classified as problematic was found in Langflow up to 1.0.18. Affected by this vulnerability is an unknown functionality of the file \src\backend\base\langflow\interface\utils.py of the component HTTP POST Request Handler. The manipulation of the argument remaining_text leads to inefficient regular expression complexity. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-8706 2 Heyewei, Jfinalcms Project 2 Jfinalcms, Jfinalcms 2025-06-05 4.3 Medium
A vulnerability was found in JFinalCMS up to 20240903. It has been classified as problematic. This affects the function update of the file /admin/template/update of the component com.cms.util.TemplateUtils. The manipulation of the argument fileName leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-8694 2 Heyewei, Jfinalcms Project 2 Jfinalcms, Jfinalcms 2025-06-05 3.8 Low
A vulnerability, which was classified as problematic, was found in JFinalCMS up to 20240903. This affects the function update of the file /admin/template/update of the component com.cms.controller.admin.TemplateController. The manipulation of the argument fileName leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-5379 1 Heyewei 1 Jfinalcms 2025-06-05 3.5 Low
A vulnerability was found in JFinalCMS up to 20240111. It has been rated as problematic. This issue affects some unknown processing of the file /admin/template. The manipulation of the argument directory leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-266291.
CVE-2024-5310 1 Heyewei 1 Jfinalcms 2025-06-05 2.4 Low
A vulnerability classified as problematic has been found in JFinalCMS up to 20221020. This affects an unknown part of the file /admin/content. The manipulation of the argument Title leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-266121 was assigned to this vulnerability.
CVE-2024-3431 1 Eyoucms 1 Eyoucms 2025-06-05 4.7 Medium
A vulnerability was found in EyouCMS 1.6.5. It has been declared as critical. This vulnerability affects unknown code of the file /login.php?m=admin&c=Field&a=channel_edit of the component Backend. The manipulation of the argument channel_id leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259612. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-2014 1 Panabit 1 Panalog 2025-06-05 7.3 High
A vulnerability classified as critical was found in Panabit Panalog 202103080942. This vulnerability affects unknown code of the file /Maintain/sprog_upstatus.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255268. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-1840 1 Esafenet 1 Cdg 2025-06-05 7.3 High
A vulnerability was found in ESAFENET CDG 5.6.3.154.205. It has been rated as critical. Affected by this issue is some unknown functionality of the file /CDGServer3/workflowE/useractivate/updateorg.jsp. The manipulation of the argument flowId leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-1812 1 Zframeworks 1 Zz 2025-06-05 6.3 Medium
A vulnerability classified as critical has been found in zj1983 zz up to 2024-08. Affected is the function GetUserOrg of the file com/futvan/z/framework/core/SuperZ.java. The manipulation of the argument userId leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-6200 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-06-05 7.5 High
A race condition was found in the Linux Kernel. Under certain conditions, an unauthenticated attacker from an adjacent network could send an ICMPv6 router advertisement packet, causing arbitrary code execution.
CVE-2024-13194 1 Sucms Project 1 Sucms 2025-06-05 6.3 Medium
A vulnerability was found in Sucms 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/admin_members.php?ac=search. The manipulation of the argument uid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-13192 1 Zerowdd 1 Myblog 2025-06-05 3.5 Low
A vulnerability, which was classified as problematic, was found in ZeroWdd myblog 1.0. Affected is the function update of the file src/main/java/com/wdd/myblog/controller/admin/BlogController.java. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.