Export limit exceeded: 363638 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363638 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-1176 1 Gnu 1 Binutils 2025-04-11 5 Medium
A vulnerability was found in GNU Binutils 2.43 and classified as critical. This issue affects the function _bfd_elf_gc_mark_rsec of the file elflink.c of the component ld. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The patch is named f9978defb6fab0bd8583942d97c112b0932ac814. It is recommended to apply a patch to fix this issue.
CVE-2023-36237 2 Bagisto, Webkul 2 Bagisto, Bagisto 2025-04-11 8.8 High
Cross Site Request Forgery vulnerability in Bagisto before v.1.5.1 allows an attacker to execute arbitrary code via a crafted HTML script.
CVE-2014-3211 1 Publify 1 Publify 2025-04-11 7.5 High
Publify before 8.0.1 is vulnerable to a Denial of Service attack
CVE-2025-25877 1 Angeljudesuarez 1 Simple Chatbox 2025-04-11 3.8 Low
A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. This vulnerability affects unknown code of the file /admin.php. The attack can use SQL injection to obtain sensitive data.
CVE-2022-45963 1 H3c 22 Secpath F100-c-g3, Secpath F100-c-g3 Firmware, Secpath F500-6gw and 19 more 2025-04-11 9.8 Critical
h3c firewall <= 3.10 ESS6703 has a privilege bypass vulnerability.
CVE-2025-27417 1 Wegia 1 Wegia 2025-04-11 6.1 Medium
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the adicionar_status_atendido.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the status parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. This vulnerability is fixed in 3.2.16.
CVE-2024-57547 1 Cmsimple 1 Cmsimple 2025-04-11 7.5 High
Insecure Permissions vulnerability in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the Functionality of downloading php backup files.
CVE-2024-57548 1 Cmsimple 1 Cmsimple 2025-04-11 9.1 Critical
CMSimple 5.16 allows the user to edit log.php file via print page.
CVE-2024-57549 1 Cmsimple 1 Cmsimple 2025-04-11 7.5 High
CMSimple 5.16 allows the user to read cms source code through manipulation of the file name in the file parameter of a GET request.
CVE-2025-25187 1 Joplin Project 1 Joplin 2025-04-11 7.8 High
Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. This vulnerability is caused by adding note titles to the document using React's `dangerouslySetInnerHTML`, without first escaping HTML entities. Joplin lacks a Content-Security-Policy with a restrictive `script-src`. This allows arbitrary JavaScript execution via inline `onclick`/`onload` event handlers in unsanitized HTML. Additionally, Joplin's main window is created with `nodeIntegration` set to `true`, allowing arbitrary JavaScript execution to result in arbitrary code execution. Anyone who 1) receives notes from unknown sources and 2) uses <kbd>ctrl</kbd>-<kbd>p</kbd> to search is impacted. This issue has been addressed in version 3.1.24 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2025-1381 1 Code-projects 1 Real Estate Property Management System 2025-04-11 6.3 Medium
A vulnerability was found in code-projects Real Estate Property Management System 1.0. It has been classified as critical. This affects an unknown part of the file /ajax_city.php. The manipulation of the argument CityName leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-1164 1 Code-projects 1 Police Fir Record Management System 2025-04-11 5.3 Medium
A vulnerability, which was classified as problematic, has been found in code-projects Police FIR Record Management System 1.0. This issue affects some unknown processing of the component Add Record Handler. The manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
CVE-2024-23560 1 Hcltechsw 2 Hcl Devops Deploy, Hcl Launch 2025-04-11 4.4 Medium
HCL DevOps Deploy / HCL Launch could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type.
CVE-2024-23561 1 Hcltechsw 2 Hcl Devops Deploy, Hcl Launch 2025-04-11 4.3 Medium
HCL DevOps Deploy / HCL Launch is vulnerable to sensitive information disclosure vulnerability due to insufficient obfuscation of sensitive values.
CVE-2024-23558 1 Hcltechsw 2 Hcl Devops Deploy, Hcl Launch 2025-04-11 6.3 Medium
HCL DevOps Deploy / HCL Launch does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
CVE-2024-13939 1 Fractal 1 String\ 2025-04-11 7.5 High
String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow an attacker to guess the length of a secret string. As stated in the documentation: "If the lengths of the strings are different, because equals returns false right away the size of the secret string may be leaked (but not its contents)." This is similar to CVE-2020-36829
CVE-2025-30067 1 Apache 1 Kylin 2025-04-11 7.2 High
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Kylin. If an attacker gets access to Kylin's system or project admin permission, the JDBC connection configuration maybe altered to execute arbitrary code from the remote. You are fine as long as the Kylin's system and project admin access is well protected. This issue affects Apache Kylin: from 4.0.0 through 5.0.1. Users are recommended to upgrade to version 5.0.2 or above, which fixes the issue.
CVE-2024-55073 1 Mealie 1 Mealie 2025-04-11 7.6 High
A Broken Object Level Authorization vulnerability in the component /api/users/{user-id} of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household.
CVE-2025-0255 1 Hcltechsw 2 Hcl Devops Deploy, Hcl Launch 2025-04-11 7.2 High
HCL DevOps Deploy / HCL Launch could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements.
CVE-2025-0256 1 Hcltechsw 2 Hcl Devops Deploy, Hcl Launch 2025-04-11 4.3 Medium
HCL DevOps Deploy / HCL Launch could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function.