Search

Search Results (364862 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-50975 2 Td, Tdbank 2 Advanced Dashboard, Td-advanced-dashboard 2025-05-06 8.4 High
The TD Bank TD Advanced Dashboard client through 3.0.3 for macOS allows arbitrary code execution because of the lack of electron::fuses::IsRunAsNodeEnabled (i.e., ELECTRON_RUN_AS_NODE can be used in production). This makes it easier for a compromised process to access banking information.
CVE-2024-25381 2 Emlog, Emlog Pro Project 2 Emlog, Emlog Pro 2025-05-06 6.1 Medium
There is a Stored XSS Vulnerability in Emlog Pro 2.2.8 Article Publishing, due to non-filtering of quoted content.
CVE-2024-25461 1 Creatio 1 Crm Creatio 2025-05-06 7.5 High
Directory Traversal vulnerability in Terrasoft, Creatio Terrasoft CRM v.7.18.4.1532 allows a remote attacker to obtain sensitive information via a crafted request to the terrasoft.axd component.
CVE-2024-27283 1 Veritas 1 Ediscovery Platform 2025-05-06 7.2 High
A vulnerability was discovered in Veritas eDiscovery Platform before 10.2.5. The application administrator can upload potentially malicious files to arbitrary locations on the server on which the application is installed.
CVE-2025-2362 1 Phpgurukul 1 Pre-school Enrollment System 2025-05-06 7.3 High
A vulnerability was found in PHPGurukul Pre-School Enrollment System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/contact-us.php. The manipulation of the argument mobnum leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
CVE-2024-0220 1 Br-automation 2 Automation Studio, Technology Guarding 2025-05-06 8.3 High
B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code on the products or sniff sensitive data.
CVE-2025-2379 1 Phpgurukul 1 Apartment Visitors Management System 2025-05-06 7.3 High
A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /create-pass.php. The manipulation of the argument visname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-2380 1 Phpgurukul 1 Apartment Visitors Management System 2025-05-06 7.3 High
A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin-profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-1104 1 Areal-topkapi 1 Webserv2 2025-05-06 7.5 High
An unauthenticated remote attacker can bypass the brute force prevention mechanism and disturb the webservice for all users.
CVE-2025-2381 1 Phpgurukul 1 Curfew E-pass Management System 2025-05-06 7.3 High
A vulnerability classified as critical has been found in PHPGurukul Curfew e-Pass Management System 1.0. Affected is an unknown function of the file /admin/search-pass.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2022-40487 1 Processwire 1 Processwire 2025-05-06 6.1 Medium
ProcessWire v3.0.200 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the Search Users and Search Pages function. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via injection of a crafted payload.
CVE-2022-3308 1 Google 1 Chrome 2025-05-06 7.4 High
Insufficient policy enforcement in developer tools in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
CVE-2022-3307 1 Google 1 Chrome 2025-05-06 8.8 High
Use after free in media in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2022-3306 1 Google 2 Chrome, Chrome Os 2025-05-06 8.8 High
Use after free in survey in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2022-3305 1 Google 2 Chrome, Chrome Os 2025-05-06 8.8 High
Use after free in survey in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2018-6342 2 Facebook, Microsoft 2 React-dev-utils, Windows 2025-05-06 9.8 Critical
react-dev-utils on Windows allows developers to run a local webserver for accepting various commands, including a command to launch an editor. The input to that command was not properly sanitized, allowing an attacker who can make a network request to the server (either via CSRF or by direct request) to execute arbitrary commands on the targeted system. This issue affects multiple branches: 1.x.x prior to 1.0.4, 2.x.x prior to 2.0.2, 3.x.x prior to 3.1.2, 4.x.x prior to 4.2.2, and 5.x.x prior to 5.0.2.
CVE-2018-6341 1 Facebook 1 React 2025-05-06 6.1 Medium
React applications which rendered to HTML using the ReactDOMServer API were not escaping user-supplied attribute names at render-time. That lack of escaping could lead to a cross-site scripting vulnerability. This issue affected minor releases 16.0.x, 16.1.x, 16.2.x, 16.3.x, and 16.4.x. It was fixed in 16.0.1, 16.1.2, 16.2.1, 16.3.3, and 16.4.2.
CVE-2018-6337 1 Facebook 2 Folly, Hhvm 2025-05-06 7.5 High
folly::secureRandom will re-use a buffer between parent and child processes when fork() is called. That will result in multiple forked children producing repeat (or similar) results. This affects HHVM 3.26 prior to 3.26.3 and the folly library between v2017.12.11.00 and v2018.08.09.00.
CVE-2018-6334 1 Facebook 1 Hhvm 2025-05-06 9.8 Critical
Multipart-file uploads call variables to be improperly registered in the global scope. In cases where variables are not declared explicitly before being used this can lead to unexpected behavior. This affects all supported versions of HHVM prior to the patch (3.25.1, 3.24.5, and 3.21.9 and below).
CVE-2018-20622 2 Debian, Jasper Project 2 Debian Linux, Jasper 2025-05-06 6.5 Medium
JasPer 2.0.14 has a memory leak in base/jas_malloc.c in libjasper.a when "--output-format jp2" is used.