Export limit exceeded: 15475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363167 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363167 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363167 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-52023 1 Aptsys 2 Gemscms, Gemscms Backend 2026-02-11 5.3 Medium
A vulnerability in the PHP backend of gemscms.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. This occurs when specially crafted HTTP GET/POST requests are sent to public API endpoints, exposing potentially sensitive information useful for further exploitation. This issue is classified under CWE-209: Information Exposure Through an Error Message.
CVE-2025-65875 2 Fpdf, Setasign 2 Fpdf, Fpdf 2026-02-11 8.8 High
An arbitrary file upload vulnerability in the AddFont() function of FPDF v1.86 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP file.
CVE-2025-52025 1 Aptsys 2 Gemscms, Gemscms Backend 2026-02-11 9.4 Critical
An SQL Injection vulnerability exists in the GetServiceByRestaurantID endpoint of the Aptsys gemscms POS Platform backend thru 2025-05-28. The vulnerability arises because user input is directly inserted into a dynamic SQL query syntax without proper sanitization or parameterization. This allows an attacker to inject and execute arbitrary SQL code by submitting crafted input in the id parameter, leading to unauthorized data access or modification.
CVE-2025-52024 1 Aptsys 2 Gemscms Backend, Pos Platform Web Services 2026-02-11 9.4 Critical
A vulnerability exists in the Aptsys POS Platform Web Services module thru 2025-05-28, which exposes internal API testing tools to unauthenticated users. By accessing specific URLs, an attacker is presented with a directory-style index listing all available backend services and POS web services, each with an HTML form for submitting test input. These panels are intended for developer use, but are accessible in production environments with no authentication or session validation. This grants any external actor the ability to discover, test, and execute API endpoints that perform critical functions including but not limited to user transaction retrieval, credit adjustments, POS actions, and internal data queries.
CVE-2025-69906 1 Monstra 1 Monstra Cms 2026-02-11 8.8 High
Monstra CMS v3.0.4 contains an arbitrary file upload vulnerability in the Files Manager plugin. The application relies on blacklist-based file extension validation and stores uploaded files directly in a web-accessible directory. Under typical server configurations, this can allow an attacker to upload files that are interpreted as executable code, resulting in remote code execution.
CVE-2025-69620 2 Moo Chan Song, Ntoolslab 2 Moo Chan Song, Office Reader 2026-02-11 5 Medium
A path traversal in Moo Chan Song v4.5.7 allows attackers to cause a Denial of Service (DoS) via writing files to the internal storage.
CVE-2025-67857 1 Moodle 1 Moodle 2026-02-11 4.3 Medium
A flaw was found in moodle. During anonymous assignment submissions, user identifiers were inadvertently exposed in URLs. This data exposure allows unauthorized viewers to see internal user IDs, compromising the intended anonymity and potentially leading to information disclosure.
CVE-2025-33081 2 Ibm, Linux 2 Concert, Linux Kernel 2026-02-11 3.3 Low
IBM Concert 1.0.0 through 2.1.0 stores potentially sensitive information in log files that could be read by a local user.
CVE-2023-23408 1 Microsoft 2 Azure Hdinsight, Azure Hdinsights 2026-02-11 4.5 Medium
Azure Apache Ambari Spoofing Vulnerability
CVE-2023-35393 1 Microsoft 2 Azure Hdinsight, Azure Hdinsights 2026-02-11 4.5 Medium
Azure Apache Hive Spoofing Vulnerability
CVE-2023-35394 1 Microsoft 2 Azure Hdinsight, Azure Hdinsights 2026-02-11 4.6 Medium
Azure HDInsight Jupyter Notebook Spoofing Vulnerability
CVE-2023-36419 1 Microsoft 1 Azure Hdinsight 2026-02-11 8.8 High
Azure HDInsight Apache Oozie Workflow Scheduler XXE Elevation of Privilege Vulnerability
CVE-2023-36877 1 Microsoft 2 Azure Hdinsight, Azure Hdinsights 2026-02-11 4.5 Medium
Azure Apache Oozie Spoofing Vulnerability
CVE-2023-36881 1 Microsoft 2 Azure Hdinsight, Azure Hdinsights 2026-02-11 4.5 Medium
Azure Apache Ambari Spoofing Vulnerability
CVE-2023-38156 1 Microsoft 1 Azure Hdinsight 2026-02-11 7.2 High
Azure HDInsight Apache Ambari JDBC Injection Elevation of Privilege Vulnerability
CVE-2023-38188 1 Microsoft 2 Azure Hdinsight, Azure Hdinsights 2026-02-11 4.5 Medium
Azure Apache Hadoop Spoofing Vulnerability
CVE-2025-67855 1 Moodle 1 Moodle 2026-02-11 5.4 Medium
A flaw was found in mooodle. A remote attacker could exploit a reflected Cross-Site Scripting (XSS) vulnerability in the policy tool return URL. This vulnerability arises from insufficient sanitization of URL parameters, allowing attackers to inject malicious scripts through specially crafted links. Successful exploitation could lead to information disclosure or arbitrary client-side script execution within the user's browser.
CVE-2025-67853 1 Moodle 1 Moodle 2026-02-11 7.5 High
A flaw was found in Moodle. A remote attacker could exploit a lack of proper rate limiting in the confirmation email service. This vulnerability allows attackers to more easily enumerate or guess user credentials, facilitating brute-force attacks against user accounts.
CVE-2025-67852 1 Moodle 1 Moodle 2026-02-11 3.5 Low
A flaw was found in Moodle. An open redirect vulnerability in the OAuth login flow allows a remote attacker to redirect users to attacker-controlled pages after they have successfully authenticated. This occurs due to insufficient validation of redirect parameters, which could lead to phishing attacks or information disclosure.
CVE-2025-67851 1 Moodle 1 Moodle 2026-02-11 6.1 Medium
A flaw was found in moodle. This formula injection vulnerability occurs when data fields are exported without proper escaping. A remote attacker could exploit this by providing malicious data that, when exported and opened in a spreadsheet, allows arbitrary formulas to execute. This can lead to compromised data integrity and unintended operations within the spreadsheet.