Export limit exceeded: 363643 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363643 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-6861 1 Mayurik 1 Best Salon Management System 2025-07-01 6.3 Medium
A vulnerability was found in SourceCodester Best Salon Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /panel/add_plan.php. The manipulation of the argument plan_name/description/duration_days/price leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-6862 1 Mayurik 1 Best Salon Management System 2025-07-01 6.3 Medium
A vulnerability classified as critical has been found in SourceCodester Best Salon Management System 1.0. Affected is an unknown function of the file /panel/edit_plan.php. The manipulation of the argument editid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2012-6441 1 Rockwellautomation 17 1756-enbt, 1756-eweb, 1768-enbt and 14 more 2025-06-30 N/A
An information exposure of confidential information results when the device receives a specially crafted CIP packet to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP. Successful exploitation of this vulnerability could cause loss of confidentiality. Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400
CVE-2012-6439 1 Rockwellautomation 17 1756-enbt, 1756-eweb, 1768-enbt and 14 more 2025-06-30 N/A
When an affected product receives a valid CIP message from an unauthorized or unintended source to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP that changes the product’s configuration and network parameters, a DoS condition can occur. This situation could cause loss of availability and a disruption of communication with other connected devices.  Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400
CVE-2022-36350 1 Pukiwiki 1 Pukiwiki 2025-06-30 6.1 Medium
Stored cross-site scripting vulnerability in PukiWiki versions 1.3.1 to 1.5.3 allows a remote attacker to inject an arbitrary script via unspecified vectors.
CVE-2020-35509 1 Redhat 2 Keycloak, Red Hat Single Sign On 2025-06-30 5.4 Medium
A flaw was found in keycloak affecting versions 11.0.3 and 12.0.0. An expired certificate would be accepted by the direct-grant authenticator because of missing time stamp validations. The highest threat from this vulnerability is to data confidentiality and integrity.
CVE-2024-4399 1 Apereo 1 Central Authentication Service 2025-06-30 9.1 Critical
The does not validate a parameter before making a request to it, which could allow unauthenticated users to perform SSRF attack
CVE-2024-22059 1 Ivanti 1 Neurons For Itsm 2025-06-30 N/A
A SQL injection vulnerability in web component of Ivanti Neurons for ITSM allows a remote authenticated user to read/modify/delete information in the underlying database. This may also lead to DoS.
CVE-2024-22060 1 Ivanti 1 Neurons For Itsm 2025-06-30 4.9 Medium
An unrestricted file upload vulnerability in web component of Ivanti Neurons for ITSM allows a remote, authenticated, high privileged user to write arbitrary files into sensitive directories of ITSM server.
CVE-2024-4750 1 Buddyboss 1 Buddyboss 2025-06-30 5.3 Medium
The buddyboss-platform WordPress plugin before 2.6.0 contains an IDOR vulnerability that allows a user to like a private post by manipulating the ID included in the request
CVE-2023-34001 1 Wpplugins 1 Hide My Wp Ghost 2025-06-30 5.3 Medium
Improper Restriction of Excessive Authentication Attempts vulnerability in WPPlugins – WordPress Security Plugins Hide My WP Ghost allows Functionality Bypass.This issue affects Hide My WP Ghost: from n/a through 5.0.25.
CVE-2024-27264 1 Ibm 1 I 2025-06-30 7.4 High
IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 284563.
CVE-2024-31634 1 Xunruicms 1 Xunruicms 2025-06-30 6.1 Medium
Cross Site Scripting (XSS) vulnerability in Xunruicms versions 4.6.3 and before, allows remote attacker to execute arbitrary code via the Security.php file in the catalog \XunRuiCMS\dayrui\Fcms\Library.
CVE-2024-4456 3 Linux, Microsoft, Octopus 3 Linux Kernel, Windows, Octopus Server 2025-06-30 4.1 Medium
In affected versions of Octopus Server with certain access levels it was possible to embed a Cross-Site Scripting payload on the audit page.
CVE-2024-2697 1 Swiftideas 1 Swift Framework 2025-06-30 6.5 Medium
The socialdriver-framework WordPress plugin before 2024.0.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
CVE-2024-29212 1 Veeam 1 Veeam Service Provider Console 2025-06-30 N/A
Due to an unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server in communication between the management agent and its components, under certain conditions, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine.
CVE-2024-34338 1 Tenda 3 O3, O3 Firmware, O3v2 2025-06-30 7.2 High
Tenda O3V2 with firmware versions V1.0.0.10 and V1.0.0.12 was discovered to contain a Blind Command Injection via dest parameter in /goform/getTraceroute. This vulnerability allows attackers to execute arbitrary commands with root privileges. Authentication is required to exploit this vulnerability.
CVE-2024-3634 2 Benaceur-php, Month Name Translation Benaceur Wordpress Plugin 2 Month Name Translation Benaceur, Month Name Translation Benaceur Wordpress Plugin 2025-06-30 4.8 Medium
The month name translation benaceur WordPress plugin before 2.3.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVE-2023-46012 1 Linksys 2 Ea7500, Ea7500 Firmware 2025-06-30 9.8 Critical
Buffer Overflow vulnerability LINKSYS EA7500 3.0.1.207964 allows a remote attacker to execute arbitrary code via an HTTP request to the IGD UPnP.
CVE-2023-32154 1 Mikrotik 1 Routeros 2025-06-30 N/A
Mikrotik RouterOS RADVD Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Mikrotik RouterOS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Router Advertisement Daemon. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-19797.