Export limit exceeded: 366088 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366088 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-42121 1 Liferay 3 Digital Experience Platform, Dxp, Liferay Portal 2025-09-05 8.8 High
A SQL injection vulnerability in the Layout module in Liferay Portal 7.1.3 through 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, 7.3 before service pack 3, and 7.4 GA allows remote authenticated attackers to execute arbitrary SQL commands via a crafted payload injected into a page template's 'Name' field.
CVE-2022-42120 1 Liferay 2 Dxp, Liferay Portal 2025-09-05 9.8 Critical
A SQL injection vulnerability in the Fragment module in Liferay Portal 7.3.3 through 7.4.3.16, and Liferay DXP 7.3 before update 4, and 7.4 before update 17 allows attackers to execute arbitrary SQL commands via a PortletPreferences' `namespace` attribute.
CVE-2021-20039 1 Sonicwall 10 Sma 200, Sma 200 Firmware, Sma 210 and 7 more 2025-09-05 8.8 High
Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert' POST http method allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.
CVE-2025-55476 1 Shaneisrael 1 Fireshare 2025-09-05 6.5 Medium
FireShare FileShare 1.2.25 contains a time-based blind SQL injection vulnerability in the sort parameter of the endpoint: GET /api/videos/public?sort= This parameter is unsafely evaluated in a SQL ORDER BY clause without proper sanitization, allowing an attacker to inject arbitrary SQL subqueries.
CVE-2025-55824 1 Modstart 1 Mostartcms 2025-09-05 6.5 Medium
ModStartCMS v9.5.0 has an arbitrary file write vulnerability, which allows attackers to write malicious files and execute malicious commands to obtain sensitive data on the server.
CVE-2025-9829 1 Phpgurukul 1 Beauty Parlour Management System 2025-09-05 7.3 High
A vulnerability was identified in PHPGurukul Beauty Parlour Management System 1.1. The impacted element is an unknown function of the file /signup.php. The manipulation of the argument mobilenumber leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. Other parameters might be affected as well.
CVE-2025-9830 1 Phpgurukul 1 Beauty Parlour Management System 2025-09-05 7.3 High
A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1.1. This affects an unknown function of the file /admin/add-customer-services.php. The manipulation of the argument sids[] results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be exploited.
CVE-2025-55474 1 Brufdev 1 Many Notes 2025-09-05 6.1 Medium
Many Notes 0.10.1 is vulnerable to Cross Site Scripting (XSS), which allows malicious Markdown files to execute JavaScript when viewed.
CVE-2025-9767 2 Angeljudesuarez, Itsourcecode 2 Sports Management System, Sports Management System 2025-09-05 7.3 High
A vulnerability was determined in itsourcecode Sports Management System 1.0. This affects an unknown function of the file /Admin/sporttype.php. Executing manipulation of the argument code can lead to sql injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.
CVE-2025-55007 1 Eng 1 Knowage 2025-09-05 3.5 Low
Knowage is an open source analytics and business intelligence suite. Prior to version 8.1.37, Knowage is vulnerable to server-side request forgery. The vulnerability allows attackers to send requests to arbitrary hosts/paths. Since the attacker is not able to read the response, the impact of this vulnerability is limited. However, an attacker could be able to leverage this vulnerability to scan the internal network. This issue has been patched in version 8.1.37.
CVE-2025-9831 1 Phpgurukul 1 Beauty Parlour Management System 2025-09-05 7.3 High
A weakness has been identified in PHPGurukul Beauty Parlour Management System 1.1. This impacts an unknown function of the file /admin/edit-services.php. This manipulation of the argument sername causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited.
CVE-2025-9832 2 Oretnom23, Sourcecodester 2 Food Ordering Management System, Food Ordering Management System 2025-09-05 7.3 High
A security vulnerability has been detected in SourceCodester Food Ordering Management System 1.0. Affected is an unknown function of the file /routers/register-router.php. Such manipulation of the argument phone leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.
CVE-2025-9833 2 Donbermoy, Sourcecodester 2 Online Farm Management System, Online Farm Management System 2025-09-05 7.3 High
A vulnerability was detected in SourceCodester Online Farm Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /Login/login.php. Performing manipulation of the argument uname results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.
CVE-2025-9834 1 Phpgurukul 1 Small Crm 2025-09-05 3.5 Low
A flaw has been found in PHPGurukul Small CRM 4.0. Affected by this issue is some unknown functionality of the file /registration.php. Executing manipulation of the argument Username can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been published and may be used.
CVE-2024-43779 1 Clear 1 Clearml Enterprise Server 2025-09-05 7.7 High
An information disclosure vulnerability exists in the Vault API functionality of ClearML Enterprise Server 3.22.5-1533. A specially crafted HTTP request can lead to reading vaults that have been previously disabled, possibly leaking sensitive credentials. An attacker can send a series of HTTP requests to trigger this vulnerability.
CVE-2025-9835 1 Macrozheng 1 Mall 2025-09-05 4.3 Medium
A vulnerability has been found in macrozheng mall up to 1.0.3. This affects the function cancelOrder of the file /order/cancelUserOrder. The manipulation of the argument orderId leads to authorization bypass. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-9837 1 Itsourcecode 1 Student Information Management System 2025-09-05 7.3 High
A vulnerability was determined in itsourcecode Student Information Management System 1.0. This issue affects some unknown processing of the file /admin/modules/student/index.php. This manipulation of the argument studentId causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.
CVE-2025-9838 1 Itsourcecode 1 Student Information Management System 2025-09-05 7.3 High
A vulnerability was identified in itsourcecode Student Information Management System 1.0. Impacted is an unknown function of the file /admin/modules/subject/index.php. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used.
CVE-2025-9839 1 Itsourcecode 1 Student Information Management System 2025-09-05 7.3 High
A security flaw has been discovered in itsourcecode Student Information Management System 1.0. The affected element is an unknown function of the file /admin/modules/course/index.php. Performing manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited.
CVE-2025-9840 2 Angeljudesuarez, Itsourcecode 2 Sports Management System, Sports Management System 2025-09-05 6.3 Medium
A weakness has been identified in itsourcecode Sports Management System 1.0. The impacted element is an unknown function of the file /Admin/gametype.php. Executing manipulation of the argument code can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be exploited.