Export limit exceeded: 364861 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364861 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-41531 2 Hospital Management System, Kishan0725 2 Hospital Management System, Hospital Management System 2025-08-12 8.8 High
Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in func3.php via the username1 and password2 parameters.
CVE-2025-54393 1 Netwrix 1 Directory Manager 2025-08-12 5.4 Medium
Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows Static Code Injection. Authenticated users can obtain administrative access.
CVE-2023-41528 2 Hospital Management System, Kishan0725 2 Hospital Management System, Hospital Management System 2025-08-12 9.8 Critical
Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in contact.php via the txtname, txtphone, and txtmail parameters.
CVE-2025-54396 1 Netwrix 1 Directory Manager 2025-08-12 5.4 Medium
Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows SQL Injection. Authenticated users can exploit this.
CVE-2025-54392 1 Netwrix 1 Directory Manager 2025-08-12 6.1 Medium
Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows XSS for authentication error data, a different vulnerability than CVE-2025-47189.
CVE-2025-50468 1 Open-metadata 1 Openmetadata 2025-08-12 6.5 Medium
OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the DocStoreDAO interface. The entityType parameters can be used to build a SQL query.
CVE-2025-50465 1 Open-metadata 1 Openmetadata 2025-08-12 7.1 High
OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The testPlatform parameter can be used to build a SQL query.
CVE-2025-50467 1 Open-metadata 1 Openmetadata 2025-08-12 6.5 Medium
OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The supportedDataTypeParam parameter can be used to build a SQL query.
CVE-2025-50466 1 Open-metadata 1 Openmetadata 2025-08-12 7.1 High
OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The entityType parameter can be used to build a SQL query.
CVE-2025-3879 1 Hashicorp 2 Vault, Vault Enterprise 2025-08-12 6.6 Medium
Vault Community, Vault Enterprise (“Vault”) Azure Auth method did not correctly validate the claims in the Azure-issued token, resulting in the potential bypass of the bound_locations parameter on login. Fixed in Vault Community Edition 1.19.1 and Vault Enterprise 1.19.1, 1.18.7, 1.17.14, 1.16.18.
CVE-2025-52081 1 Netgear 2 Xr300, Xr300 Firmware 2025-08-12 6.5 Medium
In Netgear XR300 V1.0.3.38_10.3.30, a stack-based buffer overflow vulnerability exists in the HTTPD service through the usb_device.cgi endpoint. The vulnerability occurs when processing POST requests containing the usb_folder parameter.
CVE-2024-43223 1 Metagauss 1 Eventprime 2025-08-12 4.3 Medium
Missing Authorization vulnerability in EventPrime Events EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through 4.0.3.2.
CVE-2023-27365 2 Foxit, Microsoft 4 Pdf Editor, Pdf Reader, Phantompdf and 1 more 2025-08-11 N/A
Foxit PDF Editor DOC File Parsing Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DOC files. The issue results from the lack of proper restrictions on macro-enabled documents. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-19739.
CVE-2023-27364 2 Foxit, Microsoft 3 Pdf Editor, Pdf Reader, Windows 2025-08-11 N/A
Foxit PDF Editor XLS File Parsing Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XLS files. The issue results from the lack of proper restrictions on macro-enabled documents. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-19738.
CVE-2023-27363 2 Foxit, Microsoft 4 Pdf Editor, Pdf Reader, Phantompdf and 1 more 2025-08-11 N/A
Foxit PDF Reader exportXFAData Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the exportXFAData method. The application exposes a JavaScript interface that allows writing arbitrary files. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-19697.
CVE-2023-27331 2 Foxit, Microsoft 3 Pdf Editor, Pdf Reader, Windows 2025-08-11 N/A
Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-19475.
CVE-2023-27330 2 Foxit, Microsoft 3 Pdf Editor, Pdf Reader, Windows 2025-08-11 N/A
Foxit PDF Reader XFA Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-19476.
CVE-2023-27329 2 Foxit, Microsoft 3 Pdf Editor, Pdf Reader, Windows 2025-08-11 N/A
Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-19477.
CVE-2024-30334 2 Foxit, Microsoft 3 Pdf Editor, Pdf Reader, Windows 2025-08-11 N/A
Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22640.
CVE-2024-30366 3 Apple, Foxit, Microsoft 4 Macos, Pdf Editor, Pdf Reader and 1 more 2025-08-11 N/A
Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23002.