Export limit exceeded: 366361 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366361 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-9529 | 1 Campcodes | 1 Payroll Management System | 2025-09-03 | 7.3 High |
| A weakness has been identified in Campcodes Payroll Management System 1.0. The affected element is the function include of the file /index.php. This manipulation of the argument page causes file inclusion. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited. | ||||
| CVE-2025-55495 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-09-03 | 6.5 Medium |
| Tenda AC6 V15.03.06.23_multi was discovered to contain a buffer overflow via the list parameter in the fromSetIpMacBind function. | ||||
| CVE-2025-55288 | 1 Kreaweb | 1 Genealogy | 2025-09-03 | 5.5 Medium |
| Genealogy is a family tree PHP application. Prior to 4.4.0, Authenticated Reflected Cross-Site Scripting (XSS) vulnerability was identified in the Genealogy application. Authenticated attackers could run arbitrary JavaScript in another user’s session, leading to session hijacking, data theft, and UI manipulation. This vulnerability is fixed in 4.4.0. | ||||
| CVE-2025-57217 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-09-03 | 5.3 Medium |
| Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered to contain a stack overflow via the Password parameter in the function R7WebsSecurityHandler. | ||||
| CVE-2025-57218 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-09-03 | 5.3 Medium |
| Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered to contain a stack overflow via the security_5g parameter in the function sub_46284C. | ||||
| CVE-2025-57215 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-09-03 | 7.5 High |
| Tenda AC10 v4.0 firmware v16.03.10.20 was discovered to contain a stack overflow via the function get_parentControl_list_Info. | ||||
| CVE-2025-57219 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-09-03 | 5.3 Medium |
| Incorrect access control in the endpoint /goform/ate of Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 allows attackers to escalate privileges or access sensitive components via a crafted request. | ||||
| CVE-2025-57220 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-09-03 | 5.3 Medium |
| An input validation flaw in the 'ate' service of Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 to escalate privileges to root via a crafted UDP packet. | ||||
| CVE-2025-9592 | 1 Admerc | 1 Apartment Management System | 2025-09-03 | 7.3 High |
| A vulnerability was detected in itsourcecode Apartment Management System 1.0. This issue affects some unknown processing of the file /report/bill_info.php. Performing manipulation of the argument vid results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used. | ||||
| CVE-2025-9593 | 1 Admerc | 1 Apartment Management System | 2025-09-03 | 7.3 High |
| A flaw has been found in itsourcecode Apartment Management System 1.0. Impacted is an unknown function of the file /report/unit_status_info.php. Executing manipulation of the argument usid can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used. | ||||
| CVE-2025-9594 | 1 Admerc | 1 Apartment Management System | 2025-09-03 | 7.3 High |
| A vulnerability has been found in itsourcecode Apartment Management System 1.0. The affected element is an unknown function of the file /report/complain_info.php. The manipulation of the argument vid leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-9595 | 1 Itsourcecode | 1 Student Information Management System | 2025-09-03 | 4.3 Medium |
| A vulnerability was found in code-projects Student Information Management System 1.0. The impacted element is an unknown function of the file /login.php. The manipulation of the argument uname results in cross site scripting. The attack may be performed from a remote location. The exploit has been made public and could be used. | ||||
| CVE-2025-9596 | 1 Angeljudesuarez | 1 Sports Management System | 2025-09-03 | 7.3 High |
| A vulnerability was determined in itsourcecode Sports Management System 1.0. This affects an unknown function of the file /login.php. This manipulation of the argument User causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2025-9605 | 1 Tenda | 4 Ac21, Ac21 Firmware, Ac23 and 1 more | 2025-09-03 | 9.8 Critical |
| A security vulnerability has been detected in Tenda AC21 and AC23 16.03.08.16. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. Such manipulation of the argument mac leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2025-54877 | 1 Enalean | 1 Tuleap | 2025-09-03 | 5.3 Medium |
| Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition versions before 16.10.99.1754050155 and Tuleap Enterprise Edition versions before 16.9-8 and before 16.10-5, an attacker can access to the content of the special and always there fields of accessible artifacts even if the permissions associated with the underlying fields do not allow it. This issue has been fixed in Tuleap Community Edition version 16.10.99.1754050155 and Tuleap Enterprise Edition versions 16.9-8 and 16.10-5. | ||||
| CVE-2025-55202 | 2 Apereo, Opencast | 2 Opencast, Opencast | 2025-09-03 | 5.3 Medium |
| Opencast is a free, open-source platform to support the management of educational audio and video content. In version 18.0 and versions before 17.7, the protections against path traversal attacks in the UI config module are insufficient, still partially allowing for attacks in very specific cases. The path is checked without checking for the file separator. This could allow attackers access to files within another folder which starts with the same path. This issue has been fixed in versions 17.7 and 18.1. To mitigate this issue, check for folders that start with the same path as the ui-config folder. | ||||
| CVE-2025-9724 | 1 Portabilis | 1 I-educar | 2025-09-03 | 3.5 Low |
| A vulnerability was determined in Portabilis i-Educar up to 2.10. This impacts an unknown function of the file /intranet/educar_nivel_ensino_cad.php. Executing manipulation of the argument nm_nivel/descricao can lead to cross site scripting. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2025-9771 | 2 Neville, Sourcecodester | 2 Eye Clinic Management System, Eye Clinic Management System | 2025-09-03 | 7.3 High |
| A security vulnerability has been detected in SourceCodester Eye Clinic Management System 1.0. Affected by this issue is some unknown functionality of the file /main/search_index_Diagnosis.php. Such manipulation of the argument Search leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2025-0656 | 1 Ibm | 1 Concert | 2025-09-03 | 6.1 Medium |
| IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2025-33082 | 1 Ibm | 1 Concert | 2025-09-03 | 5.4 Medium |
| IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||