Export limit exceeded: 364834 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364834 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-8442 2 Anisha, Code-projects 2 Online Medicine Guide, Online Medicine Guide 2025-08-05 7.3 High
A vulnerability has been found in code-projects Online Medicine Guide 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /cussignup.php. The manipulation of the argument uname leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-8443 2 Anisha, Code-projects 2 Online Medicine Guide, Online Medicine Guide 2025-08-05 7.3 High
A vulnerability was found in code-projects Online Medicine Guide 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument uname leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-8494 2 Carmelo, Code-projects 2 Intern Membership Management System, Intern Membership Management System 2025-08-05 7.3 High
A vulnerability, which was classified as critical, has been found in code-projects Intern Membership Management System 1.0. This issue affects some unknown processing of the file /admin/delete_student.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-43438 1 Moodle 1 Moodle 2025-08-05 7.5 High
A flaw was found in Feedback. Bulk messaging in the activity's non-respondents report did not verify message recipients belonging to the set of users returned by the report.
CVE-2024-43436 1 Moodle 1 Moodle 2025-08-05 7.2 High
A SQL injection risk flaw was found in the XMLDB editor tool available to site administrators.
CVE-2024-43426 1 Moodle 1 Moodle 2025-08-05 7.5 High
A flaw was found in pdfTeX. Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available, such as those with TeX Live installed.
CVE-2025-8466 2 Anisha, Code-projects 2 Online Farm System, Online Farm System 2025-08-05 7.3 High
A vulnerability was found in code-projects Online Farm System 1.0. It has been classified as critical. Affected is an unknown function of the file /forgot_passfarmer.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-8467 2 Anisha, Code-projects 2 Wazifa System, Wazifa System 2025-08-05 7.3 High
A vulnerability was found in code-projects Wazifa System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /controllers/regcontrol.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-8468 2 Anisha, Code-projects 2 Wazifa System, Wazifa System 2025-08-05 7.3 High
A vulnerability was found in code-projects Wazifa System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /controllers/reset.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-53893 1 Filebrowser 1 Filebrowser 2025-08-05 6.5 Medium
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename, and edit files. In version 2.38.0, a Denial of Service (DoS) vulnerability exists in the file processing logic when reading a file on endpoint `Filebrowser-Server-IP:PORT/files/{file-name}` . While the server correctly handles and stores uploaded files, it attempts to load the entire content into memory during read operations without size checks or resource limits. This allows an authenticated user to upload a large file and trigger uncontrolled memory consumption on read, potentially crashing the server and making it unresponsive. As of time of publication, no known patches are available.
CVE-2024-7730 2 Qemu, Redhat 3 Qemu, Advanced Virtualization, Enterprise Linux 2025-08-05 7.4 High
A heap buffer overflow was found in the virtio-snd device in QEMU. When reading input audio in the virtio-snd input callback, virtio_snd_pcm_in_cb, the function did not check whether the iov can fit the data buffer. This issue can trigger an out-of-bounds write if the size of the virtio queue element is equal to virtio_snd_pcm_status, which makes the available space for audio data zero.
CVE-2025-53826 1 Filebrowser 1 Filebrowser 2025-08-05 9.8 Critical
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename, and edit files. In version 2.39.0, File Browser’s authentication system issues long-lived JWT tokens that remain valid even after the user logs out. As of time of publication, no known patches exist.
CVE-2025-8469 2 Fabian, Sourcecodester 2 Online Hotel Reservation System, Online Hotel Reservation System 2025-08-05 7.3 High
A vulnerability classified as critical has been found in SourceCodester Online Hotel Reservation System 1.0. This affects an unknown part of the file /admin/deletegallery.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-8470 2 Fabian, Sourcecodester 2 Online Hotel Reservation System, Online Hotel Reservation System 2025-08-05 7.3 High
A vulnerability classified as critical was found in SourceCodester Online Hotel Reservation System 1.0. This vulnerability affects unknown code of the file /admin/deleteroom.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-8471 1 Projectworlds 1 Online Admission System 2025-08-05 7.3 High
A vulnerability, which was classified as critical, has been found in projectworlds Online Admission System 1.0. This issue affects some unknown processing of the file /adminlogin.php. The manipulation of the argument a_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-8493 2 Carmelo, Code-projects 2 Intern Membership Management System, Intern Membership Management System 2025-08-05 7.3 High
A vulnerability classified as critical was found in code-projects Intern Membership Management System 1.0. This vulnerability affects unknown code of the file /admin/edit_student_query.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2023-20154 1 Cisco 1 Modeling Labs 2025-08-05 9.1 Critical
A vulnerability in the external authentication mechanism of Cisco Modeling Labs could allow an unauthenticated, remote attacker to access the web interface with administrative privileges. This vulnerability is due to the improper handling of certain messages that are returned by the associated external authentication server. An attacker could exploit this vulnerability by logging in to the web interface of an affected server. Under certain conditions, the authentication mechanism would be bypassed and the attacker would be logged in as an administrator. A successful exploit could allow the attacker to obtain administrative privileges on the web interface of an affected server, including the ability to access and modify every simulation and all user-created data. To exploit this vulnerability, the attacker would need valid user credentials that are stored on the associated external authentication server. Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.
CVE-2025-46732 1 Citeum 1 Opencti 2025-08-05 5.4 Medium
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.6.6, an IDOR vulnerability in the GrapQL `NotificationLineNotificationMarkReadMutation` and `NotificationLineNotificationDeleteMutation` mutations of OpenCTI allows an authenticated user to change the read status of a notification or delete a notification of another user in case he has knowledge of the UUID of the notification. When changing the read status of a notification, the user also receives the content of the notification they changed the read status of. Authenticated Users in OpenCTI can read, modify and delete notification of other users if they know the UUID of the notification. Version 6.6.6 fixes the issue.
CVE-2024-11858 1 Radare 1 Radare2 2025-08-05 8.6 High
A flaw was found in Radare2, which contains a command injection vulnerability caused by insufficient input validation when handling Pebble Application files. Maliciously crafted inputs can inject shell commands during command parsing, leading to unintended behavior during file processing​
CVE-2025-52575 1 Espocrm 1 Espocrm 2025-08-05 6.5 Medium
EspoCRM is an Open Source CRM (Customer Relationship Management) software. EspoCRM versions 9.1.6 and earlier are vulnerable to blind LDAP Injection when LDAP authentication is enabled. A remote, unauthenticated attacker can manipulate LDAP queries by injecting crafted input containing wildcard characters (e.g., *). This may allow the attacker to bypass authentication controls, enumerate valid usernames, or retrieve sensitive directory information depending on the LDAP server configuration. This was fixed in version 9.1.7.