Search Results (363801 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-29458 1 Mybb 1 Mybb 2025-04-24 7.6 High
An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Change Avatar function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators and because of SSRF mitigation.
CVE-2025-29457 1 Mybb 1 Mybb 2025-04-24 7.6 High
An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Import a Theme function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators and because of SSRF mitigation.
CVE-2022-46089 2 Oretnom23, Sourcecodester 2 Online Flight Booking Management System, Online Flight Booking Management System 2025-04-24 6.1 Medium
Cross Site Scripting (XSS) vulnerability in the add-airline form of Online Flight Booking Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the airline parameter.
CVE-2022-43880 1 Ibm 1 Qradar Wincollect 2025-04-24 4.4 Medium
IBM QRadar WinCollect Agent 10.0 through 10.1.2 could allow a privileged user to cause a denial of service. IBM X-Force ID: 240151.
CVE-2022-36029 1 Bigbluebutton 1 Greenlight 2025-04-24 9.1 Critical
Greenlight is an end-user interface for BigBlueButton servers. Versions prior to 2.13.0 have an open redirect vulnerability in the Login page due to unchecked the value of the `return_to` cookie. Versions 2.13.0 contains a patch for the issue.
CVE-2022-36028 1 Bigbluebutton 1 Greenlight 2025-04-24 9.1 Critical
Greenlight is an end-user interface for BigBlueButton servers. Versions prior to 2.13.0 have an open redirect vulnerability in the Login page due to unchecked the value of the `return_to` cookie. Versions 2.13.0 contains a patch for the issue.
CVE-2025-3691 1 Mirweiye 1 Seven Bears Library Cms 2025-04-24 2.7 Low
A vulnerability was found in mirweiye Seven Bears Library CMS 2023. It has been classified as problematic. Affected is an unknown function of the component Add Link Handler. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-3690 1 Phpgurukul 1 Men Salon Management System 2025-04-24 7.3 High
A vulnerability was found in PHPGurukul Men Salon Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/edit-services.php. The manipulation of the argument cost leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-3684 1 Xianqi 1 Kindergarten Management System 2025-04-24 6.3 Medium
A vulnerability was found in Xianqi Kindergarten Management System 2.0 Bulid 20190808. It has been rated as critical. This issue affects some unknown processing of the file stu_list.php of the component Child Management. The manipulation of the argument sex leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
CVE-2024-55238 1 Open-metadata 1 Openmetadata 2025-04-24 7.1 High
OpenMetadata <=1.4.1 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the WorkflowDAO interface. The workflowtype and status parameters can be used to build a SQL query.
CVE-2025-46381 2025-04-24 N/A
Not used
CVE-2025-46380 2025-04-24 N/A
Not used
CVE-2025-46379 2025-04-24 N/A
Not used
CVE-2025-46378 2025-04-24 N/A
Not used
CVE-2025-46377 2025-04-24 N/A
Not used
CVE-2025-46376 2025-04-24 N/A
Not used
CVE-2025-46375 2025-04-24 N/A
Not used
CVE-2025-46374 2025-04-24 N/A
Not used
CVE-2025-3378 1 Pcman 1 Ftp Server 2025-04-23 7.3 High
A vulnerability classified as critical has been found in PCMan FTP Server 2.0.7. Affected is an unknown function of the component EPRT Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-3374 1 Pcman 1 Ftp Server 2025-04-23 7.3 High
A vulnerability was found in PCMan FTP Server 2.0.7 and classified as critical. Affected by this issue is some unknown functionality of the component CCC Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.