Export limit exceeded: 363801 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363801 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363801 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-45673 2 Joplin Project, Laurent 22 2 Joplin, Joplin 2025-04-11 8.9 High
Joplin is a free, open source note taking and to-do application. A remote code execution (RCE) vulnerability in affected versions allows clicking on a link in a PDF in an untrusted note to execute arbitrary shell commands. Clicking links in PDFs allows for arbitrary code execution because Joplin desktop: 1. has not disabled top redirection for note viewer iframes, and 2. and has node integration enabled. This is a remote code execution vulnerability that impacts anyone who attaches untrusted PDFs to notes and has the icon enabled. This issue has been addressed in version 2.13.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2023-38506 1 Joplin Project 1 Joplin 2025-04-11 8.2 High
Joplin is a free, open source note taking and to-do application. A Cross-site Scripting (XSS) vulnerability allows pasting untrusted data into the rich text editor to execute arbitrary code. HTML pasted into the rich text editor is not sanitized (or not sanitized properly). As such, the `onload` attribute of pasted images can execute arbitrary code. Because the TinyMCE editor frame does not use the `sandbox` attribute, such scripts can access NodeJS's `require` through the `top` variable. From this, an attacker can run arbitrary commands. This issue has been addressed in version 2.12.10 and users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2024-35352 1 Dino Physics School Assistant Project 1 Dino Physics School Assistant 2025-04-11 6.1 Medium
A vulnerability has been discovered in Diño Physics School Assistant version 2.3. This vulnerability impacts unidentified code within the file /classes/Users.php?f=save. Manipulating the parameter middlename results in cross-site scripting.
CVE-2024-35353 1 Dino Physics School Assistant Project 1 Dino Physics School Assistant 2025-04-11 9.8 Critical
A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /classes/Users.php?f=save. Manipulating the argument id can result in improper authorization.
CVE-2024-35468 2 Oretnom23, Sourcecodester 2 Human Resource Management System, Human Resource Management System 2025-04-11 5.4 Medium
A SQL injection vulnerability in /hrm/index.php in SourceCodester Human Resource Management System 1.0 allows attackers to execute arbitrary SQL commands via the password parameter.
CVE-2024-35469 2 Oretnom23, Sourcecodester 2 Human Resource Management System, Human Resource Management System 2025-04-11 9.8 Critical
A SQL injection vulnerability in /hrm/user/ in SourceCodester Human Resource Management System 1.0 allows attackers to execute arbitrary SQL commands via the password parameter.
CVE-2024-36568 2 Mayurik, Sourcecodester 2 Gas Agency Management System, Gas Agency Management System 2025-04-11 9.8 Critical
Sourcecodester Gas Agency Management System v1.0 is vulnerable to SQL Injection via /gasmark/editbrand.php?id=.
CVE-2024-36569 2 Mayurik, Sourcecodester 2 Gas Agency Management System, Gas Agency Management System 2025-04-11 8.1 High
Sourcecodester Gas Agency Management System v1.0 is vulnerable to arbitrary code execution via editClientImage.php.
CVE-2024-31586 2 Oretnom23, Sourcecodester 2 Computer Laboratory Management System, Computer Laboratory Management System 2025-04-11 6.1 Medium
A Cross Site Scripting (XSS) vulnerability exists in Computer Laboratory Management System version 1.0. This vulnerability allows a remote attacker to execute arbitrary code via the Borrower Name, Department, and Remarks parameters.
CVE-2022-48195 1 Mellium 1 Sasl 2025-04-11 9.8 Critical
An issue was discovered in Mellium mellium.im/sasl before 0.3.1. When performing SCRAM-based SASL authentication, if the remote end advertises support for channel binding, no random nonce is generated (instead, the nonce is empty). This causes authentication to fail in the best case, but (if paired with a remote end that does not validate the length of the nonce) could lead to insufficient randomness being used during authentication.
CVE-2022-47128 1 Tenda 2 A15, A15 Firmware 2025-04-11 9.8 Critical
Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wepkey2 parameter at /goform/WifiBasicSet.
CVE-2022-47127 1 Tenda 2 A15, A15 Firmware 2025-04-11 9.8 Critical
Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wrlPwd parameter at /goform/WifiBasicSet.
CVE-2022-47126 1 Tenda 2 A15, A15 Firmware 2025-04-11 9.8 Critical
Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wrlEn parameter at /goform/WifiBasicSet.
CVE-2022-47125 1 Tenda 2 A15, A15 Firmware 2025-04-11 9.8 Critical
Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wrlEn_5g parameter at /goform/WifiBasicSet.
CVE-2022-47124 1 Tenda 2 A15, A15 Firmware 2025-04-11 9.8 Critical
Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wepkey4 parameter at /goform/WifiBasicSet.
CVE-2022-47123 1 Tenda 2 A15, A15 Firmware 2025-04-11 9.8 Critical
Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wepkey3 parameter at /goform/WifiBasicSet.
CVE-2022-47122 1 Tenda 2 A15, A15 Firmware 2025-04-11 9.8 Critical
Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wrlPwd_5g parameter at /goform/WifiBasicSet.
CVE-2022-47121 1 Tenda 2 A15, A15 Firmware 2025-04-11 9.8 Critical
Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wepkey parameter at /goform/WifiBasicSet.
CVE-2022-47120 1 Tenda 2 A15, A15 Firmware 2025-04-11 9.8 Critical
Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the security_5g parameter at /goform/WifiBasicSet.
CVE-2022-47119 1 Tenda 2 A15, A15 Firmware 2025-04-11 9.8 Critical
Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the ssid parameter at /goform/WifiBasicSet.