Export limit exceeded: 367033 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 367033 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (367033 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-59535 1 Dnnsoftware 2 Dnn Platform, Dotnetnuke 2025-09-29 6.5 Medium
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, arbitrary themes can be loaded through query parameters. If an installed theme had a vulnerability, even if it was not used on any page, this could be loaded on unsuspecting clients without knowledge of the site owner. This issue has been patched in version 10.1.0.
CVE-2024-40509 1 Openpetra 1 Openpetra 2025-09-29 7.3 High
Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMFinDev.asmx function.
CVE-2025-59539 1 Dnnsoftware 2 Dnn Platform, Dotnetnuke 2025-09-29 6.3 Medium
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, when embedding information in the Biography field, even if that field is not rich-text, users could inject javascript code that would run in the context of the website and to any other user that can view the profile including administrators and/or superusers. This issue has been patched in version 10.1.0.
CVE-2024-9133 1 Arista 1 Ng Firewall 2025-09-29 6.6 Medium
A user with administrator privileges is able to retrieve authentication tokens
CVE-2024-9132 1 Arista 1 Ng Firewall 2025-09-29 8.1 High
The administrator is able to configure an insecure captive portal script
CVE-2024-9131 1 Arista 1 Ng Firewall 2025-09-29 7.2 High
A user with administrator privileges can perform command injection
CVE-2024-47520 1 Arista 1 Ng Firewall 2025-09-29 7.6 High
A user with advanced report application access rights can perform actions for which they are not authorized
CVE-2024-47519 1 Arista 1 Ng Firewall 2025-09-29 8.3 High
Backup uploads to ETM subject to man-in-the-middle interception
CVE-2024-47518 1 Arista 1 Ng Firewall 2025-09-29 6.4 Medium
Specially constructed queries targeting ETM could discover active remote access sessions
CVE-2024-47517 1 Arista 1 Ng Firewall 2025-09-29 6.8 Medium
Expired and unusable administrator authentication tokens can be revealed by units that have timed out from ETM access
CVE-2024-9188 1 Arista 1 Ng Firewall 2025-09-29 8.8 High
Specially constructed queries cause cross platform scripting leaking administrator tokens
CVE-2025-55111 2 Bmc, Linux 3 Control-m/agent, Control-m\/agent, Linux Kernel 2025-09-29 5.5 Medium
Certain files with overly permissive permissions were identified in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions as well as in newer versions which were upgraded from an affected version. These files contain keys and passwords relating to SSL files, keystore and policies. An attacker with local access to the system running the Agent can access these files.
CVE-2025-39867 1 Linux 1 Linux Kernel 2025-09-29 5.5 Medium
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-39799 1 Linux 1 Linux Kernel 2025-09-29 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-3231 1 Phpgurukul 1 Zoo Management System 2025-09-27 7.3 High
A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been rated as critical. This issue affects some unknown processing of the file /aboutus.php. The manipulation of the argument pagetitle/pagedes leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-3767 1 Phpgurukul 2 News Portal, News Portal Project 2025-09-27 6.3 Medium
A vulnerability classified as critical was found in PHPGurukul News Portal 4.1. This vulnerability affects unknown code of the file /admin/edit-post.php. The manipulation of the argument posttitle/category leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-3173 1 Projectworlds 1 Online Lawyer Management System 2025-09-27 7.3 High
A vulnerability, which was classified as critical, was found in Project Worlds Online Lawyer Management System 1.0. Affected is an unknown function of the file /save_booking.php. The manipulation of the argument lawyer_id/description leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-4331 1 Senior-walter 1 Online Student Clearance System 2025-09-27 7.3 High
A vulnerability classified as critical was found in SourceCodester Online Student Clearance System 1.0. This vulnerability affects unknown code of the file /Admin/login.php. The manipulation of the argument id/username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2023-1061 1 Doctors Appointment System Project 1 Doctors Appointment System 2025-09-27 6.3 Medium
A vulnerability, which was classified as critical, has been found in SourceCodester Doctors Appointment System 1.0. This issue affects some unknown processing of the file /admin/edit-doc.php. The manipulation of the argument email/oldmail leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2023-1059 1 Doctors Appointment System Project 1 Doctors Appointment System 2025-09-27 6.3 Medium
A vulnerability classified as critical was found in SourceCodester Doctors Appointment System 1.0. This vulnerability affects unknown code of the file /admin/doctors.php of the component Parameter Handler. The manipulation of the argument search/id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.