Export limit exceeded: 367078 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (367078 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-41291 1 Qnap 1 Qufirewall 2025-09-24 5.5 Medium
A path traversal vulnerability has been reported to affect QuFirewall. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following version: QuFirewall 2.4.1 ( 2024/02/01 ) and later
CVE-2024-50390 1 Qnap 1 Qurouter 2025-09-24 9.8 Critical
A command injection vulnerability has been reported to affect QHora. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuRouter 2.4.5.032 and later
CVE-2024-53700 1 Qnap 1 Qurouter 2025-09-24 7.2 High
A command injection vulnerability has been reported to affect QHora. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuRouter 2.4.6.028 and later
CVE-2024-13087 1 Qnap 1 Qurouter 2025-09-24 6.7 Medium
A command injection vulnerability has been reported to affect QHora. If an attacker gains local network access who have also gained an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuRouter 2.4.6.028 and later
CVE-2024-13088 1 Qnap 1 Qurouter 2025-09-24 7.8 High
An improper authentication vulnerability has been reported to affect QHora. If an attacker gains local network access, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: QuRouter 2.5.0.140 and later
CVE-2025-10805 1 Campcodes 2 Complete Online Beauty Parlor Management System, Online Beauty Parlor Management System 2025-09-24 6.3 Medium
A vulnerability was determined in Campcodes Online Beauty Parlor Management System 1.0. This affects an unknown part of the file /admin/add-services.php. Executing manipulation of the argument sername can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.
CVE-2025-10804 1 Campcodes 2 Complete Online Beauty Parlor Management System, Online Beauty Parlor Management System 2025-09-24 6.3 Medium
A vulnerability was found in Campcodes Online Beauty Parlor Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/add-customer.php. Performing manipulation of the argument mobilenum results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used.
CVE-2025-10803 1 Tenda 2 Ac23, Ac23 Firmware 2025-09-24 8.8 High
A vulnerability has been found in Tenda AC23 up to 16.03.07.52. Affected by this vulnerability is the function sscanf of the file /goform/SetPptpServerCfg of the component HTTP POST Request Handler. Such manipulation of the argument startIp leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-10802 2 Code-projects, Fabian 2 Online Bidding System, Online Bidding System 2025-09-24 7.3 High
A flaw has been found in code-projects Online Bidding System 1.0. Affected is an unknown function of the file /administrator/remove.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.
CVE-2025-10835 2 Mayurik, Sourcecodester 2 Pet Grooming Management Software, Pet Grooming Management Software 2025-09-24 6.3 Medium
A security flaw has been discovered in SourceCodester Pet Grooming Management Software 1.0. This impacts an unknown function of the file /admin/view_payorder.php. Performing manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be exploited.
CVE-2025-10836 2 Mayurik, Sourcecodester 2 Pet Grooming Management Software, Pet Grooming Management Software 2025-09-24 7.3 High
A weakness has been identified in SourceCodester Pet Grooming Management Software 1.0. Affected is an unknown function of the file /admin/print1.php. Executing manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be exploited.
CVE-2025-10806 1 Campcodes 2 Complete Online Beauty Parlor Management System, Online Beauty Parlor Management System 2025-09-24 6.3 Medium
A vulnerability was identified in Campcodes Online Beauty Parlor Management System 1.0. This vulnerability affects unknown code of the file /admin/bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used.
CVE-2025-10807 1 Campcodes 2 Complete Online Beauty Parlor Management System, Online Beauty Parlor Management System 2025-09-24 6.3 Medium
A security flaw has been discovered in Campcodes Online Beauty Parlor Management System 1.0. This issue affects some unknown processing of the file /admin/edit-customer-detailed.php. The manipulation of the argument editid results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be exploited.
CVE-2025-10801 2 Mayurik, Sourcecodester 2 Pet Grooming Management Software, Pet Grooming Management Software 2025-09-24 7.3 High
A security vulnerability has been detected in SourceCodester Pet Grooming Management Software 1.0. This affects an unknown function of the file /admin/edit_tax.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.
CVE-2025-10800 2 Emiloi, Itsourcecode 2 Online Discussion Forum, Online Discussion Forum 2025-09-24 7.3 High
A weakness has been identified in itsourcecode Online Discussion Forum 1.0. The impacted element is an unknown function of the file /index.php. Executing manipulation of the argument email/password can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be exploited.
CVE-2025-8711 1 Ivanti 5 Connect Secure, Neurons For Secure Access, Policy Secure and 2 more 2025-09-24 5.4 Medium
CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to execute limited actions on behalf of the victim user. User interaction is required.
CVE-2025-55148 1 Ivanti 5 Connect Secure, Neurons For Secure Access, Policy Secure and 2 more 2025-09-24 7.6 High
Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with read-only admin privileges to configure restricted settings.
CVE-2025-55146 1 Ivanti 5 Connect Secure, Neurons For Secure Access, Policy Secure and 2 more 2025-09-24 4.9 Medium
An unchecked return value in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with admin privileges to trigger a denial of service.
CVE-2025-55144 1 Ivanti 5 Connect Secure, Neurons For Secure Access, Policy Secure and 2 more 2025-09-24 5.4 Medium
Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with read-only admin privileges to configure restricted settings.
CVE-2025-55143 1 Ivanti 5 Connect Secure, Neurons For Secure Access, Policy Secure and 2 more 2025-09-24 6.1 Medium
Reflected text injection in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to inject arbitrary text into a crafted HTTP response. User interaction is required.