Export limit exceeded: 366715 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366715 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-57118 | 1 Phpgurukul | 1 Online Library Management System | 2025-09-18 | 9.8 Critical |
| An issue in PHPGurukul Online-Library-Management-System v3.0 allows an attacker to escalate privileges via the index.php | ||||
| CVE-2025-57117 | 1 Remyandrade | 1 Employee Management System | 2025-09-18 | 5.4 Medium |
| A Clickjacking vulnerability exists in Rems' Employee Management System 1.0. This flaw allows remote attackers to execute arbitrary JavaScript on the department.php page by injecting a malicious payload into the Department Name field under Add Department. | ||||
| CVE-2024-28423 | 2 Airflow-diagrams Project, Feluelle | 2 Airflow-diagrams, Airflow-diagrams | 2025-09-18 | 9.8 Critical |
| Airflow-Diagrams v2.1.0 was discovered to contain an arbitrary file upload vulnerability in the unsafe_load function at cli.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted YML file. | ||||
| CVE-2024-28425 | 1 Linkedin | 1 Greykite | 2025-09-18 | 7.5 High |
| greykite v1.0.0 was discovered to contain an arbitrary file upload vulnerability in the load_obj function at /templates/pickle_utils.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted file. | ||||
| CVE-2024-29154 | 1 Danielmiessler | 1 Fabric | 2025-09-18 | 7.4 High |
| danielmiessler fabric through 1.3.0 allows installer/client/gui/static/js/index.js XSS because of innerHTML mishandling, such as in htmlToPlainText. | ||||
| CVE-2024-28392 | 1 Prestashop | 1 Abandoned Cart Reminder Pro | 2025-09-18 | 9.8 Critical |
| SQL injection vulnerability in pscartabandonmentpro v.2.0.11 and before allows a remote attacker to escalate privileges via the pscartabandonmentproFrontCAPUnsubscribeJobModuleFrontController::setEmailVisualized() method. | ||||
| CVE-2024-28395 | 2 Best-kit, Prestashopmodules | 2 Bestkit Popup, Bestkit Popup | 2025-09-18 | 9.8 Critical |
| SQL injection vulnerability in Best-Kit bestkit_popup v.1.7.2 and before allows a remote attacker to escalate privileges via the bestkit_popup.php component. | ||||
| CVE-2024-23755 | 3 Apple, Clickup, Microsoft | 3 Macos, Clickup, Windows | 2025-09-18 | 8.8 High |
| ClickUp Desktop before 3.3.77 on macOS and Windows allows code injection because of specific Electron Fuses. There is inadequate protection against code injection through settings such as RunAsNode. | ||||
| CVE-2024-28386 | 2 Home-made, Home-made Io | 2 Fastmag Sync, Fastmagsync | 2025-09-18 | 9.8 Critical |
| An issue in Home-Made.io fastmagsync v.1.7.51 and before allows a remote attacker to execute arbitrary code via the getPhpBin() component. | ||||
| CVE-2024-28387 | 1 Axonaut | 1 Axonaut | 2025-09-18 | 7.5 High |
| An issue in axonaut v.3.1.23 and before allows a remote attacker to obtain sensitive information via the log.txt component. | ||||
| CVE-2024-28393 | 1 Scalapay | 1 Scalapay | 2025-09-18 | 9.8 Critical |
| SQL injection vulnerability in scalapay v.1.2.41 and before allows a remote attacker to escalate privileges via the ScalapayReturnModuleFrontController::postProcess() method. | ||||
| CVE-2024-28434 | 1 Twenty | 1 Twenty | 2025-09-18 | 7.6 High |
| The CRM platform Twenty is vulnerable to stored cross site scripting via file upload in version 0.3.0. A crafted svg file can trigger the execution of the javascript code. | ||||
| CVE-2024-28435 | 1 Twenty | 1 Twenty | 2025-09-18 | 5.4 Medium |
| The CRM platform Twenty version 0.3.0 is vulnerable to SSRF via file upload. | ||||
| CVE-2024-25139 | 2 Tp-link, Tp Link | 3 Omada Er605, Omada Er605 Firmware, Omada Er605 | 2025-09-18 | 10.0 Critical |
| In TP-Link Omada er605 1.0.1 through (v2.6) 2.2.3, a cloud-brd binary is susceptible to an integer overflow that leads to a heap-based buffer overflow. After heap shaping, an attacker can achieve code execution in the context of the cloud-brd binary that runs at the root level. This is fixed in ER605(UN)_v2_2.2.4 Build 020240119. | ||||
| CVE-2024-28388 | 2 Prestashop, Sunnytoo | 2 Prestashop, Product Comments | 2025-09-18 | 9.8 Critical |
| SQL injection vulnerability in SunnyToo stproductcomments module for PrestaShop v.1.0.5 and before, allows a remote attacker to escalate privileges and obtain sensitive information via the StProductCommentClass::getListcomments method. | ||||
| CVE-2022-46070 | 2 Geovision, Gv Asmanager | 2 Gv-asmanager, Gv Asmanager | 2025-09-18 | 7.5 High |
| GV-ASManager V6.0.1.0 contains a Local File Inclusion vulnerability in GeoWebServer via Path. | ||||
| CVE-2024-25501 | 2 Winmail, Winmail Project | 2 Winmail, Winmail | 2025-09-18 | 8.8 High |
| An issue WinMail v.7.1 and v.5.1 and before allows a remote attacker to execute arbitrary code via a crafted script to the email parameter. | ||||
| CVE-2024-2216 | 1 Jenkins | 1 Docker-build-step | 2025-09-18 | 8.8 High |
| A missing permission check in an HTTP endpoint in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting future build step executions. | ||||
| CVE-2024-2215 | 1 Jenkins | 1 Docker-build-step | 2025-09-18 | 6.1 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting future build step executions. | ||||
| CVE-2024-28152 | 1 Jenkins | 1 Bitbucket Branch Source | 2025-09-18 | 6.3 Medium |
| In Jenkins Bitbucket Branch Source Plugin 866.vdea_7dcd3008e and earlier, except 848.850.v6a_a_2a_234a_c81, when discovering pull requests from forks, the trust policy "Forks in the same account" allows changes to Jenkinsfiles from users without write access to the project when using Bitbucket Server. | ||||