Export limit exceeded: 14587 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363286 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363286 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-41659 1 Oretnom23 1 Banking System 2025-12-16 9.8 Critical
SQL injection vulnerability in Sourcecodester Banking System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username or password field.
CVE-2022-26644 1 Oretnom23 1 Banking System 2025-12-16 6.1 Medium
Online Banking System Protect v1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via parameters on user profile, system_info and accounts management.
CVE-2022-26645 1 Oretnom23 1 Banking System 2025-12-16 9.8 Critical
A remote code execution (RCE) vulnerability in Online Banking System Protect v1.0 allows attackers to execute arbitrary code via a crafted PHP file uploaded through the Upload Image function.
CVE-2022-26646 1 Oretnom23 1 Banking System 2025-12-16 9.8 Critical
Online Banking System Protect v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the pages parameter.
CVE-2025-40593 1 Siemens 2 Simatic Cn 4100, Simatic Cn 4100 Firmware 2025-12-16 6.5 Medium
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0). The affected application allows to control the device by storing arbitrary files in the SFTP folder of the device. This could allow an attacker to cause a denial of service condition.
CVE-2023-49251 1 Siemens 2 Simatic Cn 4100, Simatic Cn 4100 Firmware 2025-12-16 8.8 High
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The "intermediate installation" system state of the affected application allows an attacker to add their own login credentials to the device. This allows an attacker to remotely login as root and take control of the device even after the affected device is fully set up.
CVE-2023-49621 1 Siemens 2 Simatic Cn 4100, Simatic Cn 4100 Firmware 2025-12-16 9.8 Critical
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The "intermediate installation" system state of the affected application uses default credential with admin privileges. An attacker could use the credentials to gain complete control of the affected device.
CVE-2023-49252 1 Siemens 2 Simatic Cn 4100, Simatic Cn 4100 Firmware 2025-12-16 7.5 High
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The affected application allows IP configuration change without authentication to the device. This could allow an attacker to cause denial of service condition.
CVE-2022-36547 1 Hashenudara 1 Edoc-doctor-appointment-system 2025-12-16 6.1 Medium
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability at /patient/index.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search field.
CVE-2022-36546 1 Hashenudara 1 Edoc-doctor-appointment-system 2025-12-16 8.8 High
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a Cross-Site Request Forgery (CSRF) via /patient/settings.php.
CVE-2022-36545 1 Hashenudara 1 Edoc-doctor-appointment-system 2025-12-16 9.8 Critical
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/settings.php.
CVE-2022-36544 1 Hashenudara 1 Edoc-doctor-appointment-system 2025-12-16 9.8 Critical
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/booking.php.
CVE-2022-36543 1 Hashenudara 1 Edoc-doctor-appointment-system 2025-12-16 9.8 Critical
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/doctors.php.
CVE-2022-36542 1 Hashenudara 1 Edoc-doctor-appointment-system 2025-12-16 6.5 Medium
An access control issue in the component /ip/admin/ of Edoc-doctor-appointment-system v1.0.1 allows attackers to arbitrarily edit, read, and delete Administrator data.
CVE-2024-22391 3 Fedoraproject, Grassroot, Malaterre 3 Fedora, Grassroot Platform, Grassroots Dicom 2025-12-16 7.7 High
A heap-based buffer overflow vulnerability exists in the LookupTable::SetLUT functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2024-22373 3 Fedoraproject, Grassroots Dicom Project, Malaterre 3 Fedora, Grassroots Dicom, Grassroots Dicom 2025-12-16 8.1 High
An out-of-bounds write vulnerability exists in the JPEG2000Codec::DecodeByStreamsCommon functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted DICOM file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2013-10031 2 Plack, Plack Project 2 Plack-middleware-session, Plack 2025-12-16 7.5 High
Plack-Middleware-Session versions before 0.17 may be vulnerable to HMAC comparison timing attacks
CVE-2025-65345 1 Alexusmai 2 Laravel-file-manager, Laravel File Manager 2025-12-16 6.5 Medium
alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Directory Traversal. The zip/archiving functionality allows an attacker to create archives containing files and directories outside the intended scope due to improper path validation.
CVE-2025-65868 1 Eyoucms 1 Eyoucms 2025-12-16 9.1 Critical
XML external entity (XXE) injection in eyoucms v1.7.1 allows remote attackers to cause a denial of service via crafted body of a POST request.
CVE-2025-66293 1 Libpng 1 Libpng 2025-12-16 7.1 High
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management. Upgrade to libpng 1.6.52 or later.