Export limit exceeded: 363299 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363299 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-25213 | 1 Travel Management System Project | 1 Travel Management System | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in SourceCodester Travel Management System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the catid parameter to subcat.php. | ||||
| CVE-2021-25212 | 1 Alumni Management System Project | 1 Alumni Management System | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in SourceCodester Alumni Management System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to manage_event.php. | ||||
| CVE-2021-25211 | 1 Online Ordering System Project | 1 Online Ordering System | 2024-11-21 | 9.8 Critical |
| Arbitrary file upload vulnerability in SourceCodester Ordering System v 1.0 allows attackers to execute arbitrary code, via the file upload to ordering\admin\products\edit.php. | ||||
| CVE-2021-25210 | 1 Alumni Management System Project | 1 Alumni Management System | 2024-11-21 | 9.8 Critical |
| Arbitrary file upload vulnerability in SourceCodester Alumni Management System v 1.0 allows attackers to execute arbitrary code, via the file upload to manage_event.php. | ||||
| CVE-2021-25209 | 1 Theme Park Ticketing System Project | 1 Theme Park Ticketing System | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in SourceCodester Theme Park Ticketing System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to view_user.php . | ||||
| CVE-2021-25208 | 1 Travel Management System Project | 1 Travel Management System | 2024-11-21 | 9.8 Critical |
| Arbitrary file upload vulnerability in SourceCodester Travel Management System v 1.0 allows attackers to execute arbitrary code via the file upload to updatepackage.php. | ||||
| CVE-2021-25207 | 1 E-commerce Website Project | 1 E-commerce Website | 2024-11-21 | 9.8 Critical |
| Arbitrary file upload vulnerability in SourceCodester E-Commerce Website v 1.0 allows attackers to execute arbitrary code via the file upload to prodViewUpdate.php. | ||||
| CVE-2021-25206 | 1 Responsive Ordering System Project | 1 Responsive Ordering System | 2024-11-21 | 9.8 Critical |
| Arbitrary file upload vulnerability in SourceCodester Responsive Ordering System v 1.0 allows attackers to execute arbitrary code via the file upload to Product_model.php. | ||||
| CVE-2021-25205 | 1 E-commerce Website Project | 1 E-commerce Website | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in SourceCodester E-Commerce Website V 1.0 allows remote attackers to execute arbitrary SQL statements, via the update parameter to empViewUpdate.php . | ||||
| CVE-2021-25204 | 1 E-commerce Website Project | 1 E-commerce Website | 2024-11-21 | 5.4 Medium |
| Cross-site scripting (XSS) vulnerability in SourceCodester E-Commerce Website v 1.0 allows remote attackers to inject arbitrary web script or HTM via the subject field to feedback_process.php. | ||||
| CVE-2021-25203 | 1 Victor Cms Project | 1 Victor Cms | 2024-11-21 | 9.8 Critical |
| Arbitrary file upload vulnerability in Victor CMS v 1.0 allows attackers to execute arbitrary code via the file upload to \CMSsite-master\admin\includes\admin_add_post.php. | ||||
| CVE-2021-25202 | 1 Sales And Inventory System Project | 1 Sales And Inventory System | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in SourceCodester Sales and Inventory System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to \ahira\admin\inventory.php. | ||||
| CVE-2021-25201 | 1 Learning Management System Project | 1 Learning Management System | 2024-11-21 | 7.5 High |
| SQL injection vulnerability in Learning Management System v 1.0 allows remote attackers to execute arbitrary SQL statements through the id parameter to obtain sensitive database information. | ||||
| CVE-2021-25200 | 1 Learning Management System Project | 1 Learning Management System | 2024-11-21 | 9.8 Critical |
| Arbitrary file upload vulnerability in SourceCodester Learning Management System v 1.0 allows attackers to execute arbitrary code, via the file upload to \lms\student_avatar.php. | ||||
| CVE-2021-25197 | 1 Content Management System Project | 1 Content Management System | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in SourceCodester Content Management System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter to content_management_system\admin\new_content.php | ||||
| CVE-2021-25195 | 1 Microsoft | 19 Windows 10, Windows 10 1507, Windows 10 1607 and 16 more | 2024-11-21 | 7.8 High |
| Windows PKU2U Elevation of Privilege Vulnerability | ||||
| CVE-2021-25179 | 1 Solarwinds | 1 Serv-u File Server | 2024-11-21 | 6.1 Medium |
| SolarWinds Serv-U before 15.2 is affected by Cross Site Scripting (XSS) via the HTTP Host header. | ||||
| CVE-2021-25178 | 2 Opendesign, Siemens | 4 Drawings Software Development Kit, Comos, Jt2go and 1 more | 2024-11-21 | 7.8 High |
| An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A stack-based buffer overflow vulnerability exists when the recover operation is run with malformed .DXF and .DWG files. This can allow attackers to cause a crash potentially enabling a denial of service attack (Crash, Exit, or Restart) or possible code execution. | ||||
| CVE-2021-25177 | 2 Opendesign, Siemens | 4 Drawings Software Development Kit, Comos, Jt2go and 1 more | 2024-11-21 | 7.8 High |
| An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Confusion issue exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart). | ||||
| CVE-2021-25176 | 2 Opendesign, Siemens | 4 Drawings Software Development Kit, Comos, Jt2go and 1 more | 2024-11-21 | 7.8 High |
| An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A NULL pointer dereference exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart). | ||||