Export limit exceeded: 23169 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363250 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-1602 1 Lollms 1 Lollms Web Ui 2025-07-09 6.1 Medium
parisneo/lollms-webui is vulnerable to stored Cross-Site Scripting (XSS) that leads to Remote Code Execution (RCE). The vulnerability arises due to inadequate sanitization and validation of model output data, allowing an attacker to inject malicious JavaScript code. This code can be executed within the user's browser context, enabling the attacker to send a request to the `/execute_code` endpoint and establish a reverse shell to the attacker's host. The issue affects various components of the application, including the handling of user input and model output.
CVE-2024-1511 1 Lollms 1 Lollms Web Ui 2025-07-09 N/A
The parisneo/lollms-webui repository is susceptible to a path traversal vulnerability due to inadequate validation of user-supplied file paths. This flaw allows an unauthenticated attacker to read, write, and in certain configurations execute arbitrary files on the server by exploiting various endpoints. The vulnerability can be exploited even when the service is bound to localhost, through cross-site requests facilitated by malicious HTML/JS pages.
CVE-2025-7157 1 Anisha 1 Online Note Sharing 2025-07-09 7.3 High
A vulnerability was found in code-projects Online Note Sharing 1.0. It has been classified as critical. Affected is an unknown function of the file /login.php. The manipulation of the argument username/password leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-7166 1 Fabian 1 Responsive Blog Site 2025-07-09 6.3 Medium
A vulnerability was found in code-projects Responsive Blog Site 1.0. It has been classified as critical. This affects an unknown part of the file /single.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-7167 1 Fabian 1 Responsive Blog Site 2025-07-09 6.3 Medium
A vulnerability was found in code-projects Responsive Blog Site 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /category.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2023-33225 1 Solarwinds 1 Solarwinds Platform 2025-07-09 7.2 High
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges.
CVE-2023-3988 1 Cafe Billing System Project 1 Cafe Billing System 2025-07-09 6.3 Medium
A vulnerability was found in Cafe Billing System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file index.php of the component Order Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235609 was assigned to this vulnerability.
CVE-2025-7182 1 Itsourcecode 1 Student Transcript Processing System 2025-07-09 4.3 Medium
A vulnerability has been found in itsourcecode Student Transcript Processing System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/modules/subject/edit.php. The manipulation of the argument pre leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-30330 2 Foxit, Microsoft 3 Pdf Editor, Pdf Reader, Windows 2025-07-09 7.8 High
Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects in AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22636.
CVE-2023-4118 1 Iscute 1 Cute Http File Server 2025-07-09 3.5 Low
A vulnerability, which was classified as problematic, was found in Cute Http File Server 2.0. This affects an unknown part of the component Search. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235965 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-30347 2 Foxit, Microsoft 3 Pdf Editor, Pdf Reader, Windows 2025-07-09 3.3 Low
Foxit PDF Reader U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-22910.
CVE-2023-36908 1 Microsoft 12 Windows 10, Windows 10 1607, Windows 10 1809 and 9 more 2025-07-09 6.5 Medium
Windows Hyper-V Information Disclosure Vulnerability
CVE-2023-35380 1 Microsoft 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more 2025-07-09 7.8 High
Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-30341 2 Foxit, Microsoft 3 Pdf Editor, Pdf Reader, Windows 2025-07-09 7.8 High
Foxit PDF Reader Doc Object Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22709.
CVE-2020-26082 1 Cisco 8 Asyncos, Email Security Appliance C170, Email Security Appliance C190 and 5 more 2025-07-09 5.8 Medium
A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass content filters that are configured on an affected device. The vulnerability is due to improper handling of password-protected zip files. An attacker could exploit this vulnerability by sending a malicious file inside a crafted zip-compressed file to an affected device. A successful exploit could allow the attacker to bypass configured content filters that would normally drop the email.
CVE-2025-53688 2025-07-09 N/A
Not used
CVE-2025-53687 2025-07-09 N/A
Not used
CVE-2025-53686 2025-07-09 N/A
Not used
CVE-2025-53685 2025-07-09 N/A
Not used
CVE-2025-53684 2025-07-09 N/A
Not used