Export limit exceeded: 364935 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 364935 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364935 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-57429 1 Phpjabbers 1 Cinema Booking System 2025-06-24 5.4 Medium
A cross-site request forgery (CSRF) vulnerability in the pjActionUpdate function of PHPJabbers Cinema Booking System v2.0 allows remote attackers to escalate privileges by tricking an authenticated admin into submitting an unauthorized request.
CVE-2024-57430 1 Phpjabbers 1 Cinema Booking System 2025-06-24 9.8 Critical
An SQL injection vulnerability in the pjActionGetUser function of PHPJabbers Cinema Booking System v2.0 allows attackers to manipulate database queries via the column parameter. Exploiting this flaw can lead to unauthorized information disclosure, privilege escalation, or database manipulation.
CVE-2020-3432 1 Cisco 1 Anyconnect Secure Mobility Client 2025-06-24 5.6 Medium
A vulnerability in the uninstaller component of Cisco AnyConnect Secure Mobility Client for Mac OS could allow an authenticated, local attacker to corrupt the content of any file in the filesystem. The vulnerability is due to the incorrect handling of directory paths. An attacker could exploit this vulnerability by creating a symbolic link (symlink) to a target file on a specific path. A successful exploit could allow the attacker to corrupt the contents of the file. If the file is a critical systems file, the exploit could lead to a denial of service condition. To exploit this vulnerability, the attacker would need to have valid credentials on the system.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
CVE-2024-4023 1 Flatpress 1 Flatpress 2025-06-23 N/A
A stored cross-site scripting (XSS) vulnerability exists in flatpressblog/flatpress version 1.3. When a user uploads a file with a `.xsig` extension and directly accesses this file, the server responds with a Content-type of application/octet-stream, leading to the file being processed as an HTML file. This allows an attacker to execute arbitrary JavaScript code, which can be used to steal user cookies, perform HTTP requests, and access content of the same origin.
CVE-2021-47296 1 Linux 1 Linux Kernel 2025-06-23 5.5 Medium
In the Linux kernel, the following vulnerability has been resolved: KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak vcpu_put is not called if the user copy fails. This can result in preempt notifier corruption and crashes, among other issues.
CVE-2021-47294 1 Linux 1 Linux Kernel 2025-06-23 5.5 Medium
In the Linux kernel, the following vulnerability has been resolved: netrom: Decrease sock refcount when sock timers expire Commit 63346650c1a9 ("netrom: switch to sock timer API") switched to use sock timer API. It replaces mod_timer() by sk_reset_timer(), and del_timer() by sk_stop_timer(). Function sk_reset_timer() will increase the refcount of sock if it is called on an inactive timer, hence, in case the timer expires, we need to decrease the refcount ourselves in the handler, otherwise, the sock refcount will be unbalanced and the sock will never be freed.
CVE-2025-25908 1 Tianti Project 1 Tianti 2025-06-23 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in tianti v2.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the coverImageURL parameter at /article/ajax/save.
CVE-2024-55199 1 Celk 1 Celk Saude 2025-06-23 5.4 Medium
A Stored Cross Site Scripting (XSS) vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to store JavaScript code inside a PDF file through the file upload feature. When the file is rendered, the injected code is executed on the user's browser.
CVE-2024-53307 1 Evisions 1 Maps 2025-06-23 5.4 Medium
A reflected cross-site scripting (XSS) vulnerability in the /mw/ endpoint of Evisions MAPS v6.10.2.267 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.
CVE-2025-25940 1 Visicut 1 Visicut 2025-06-23 9.8 Critical
VisiCut 2.1 allows code execution via Insecure XML Deserialization in the loadPlfFile method of VisicutModel.java.
CVE-2025-28197 1 Kidocode 1 Crawl4ai 2025-06-23 9.1 Critical
Crawl4AI <=0.4.247 is vulnerable to SSRF in /crawl4ai/async_dispatcher.py.
CVE-2025-3795 1 Daicuo 1 Daicuo 2025-06-23 2.4 Low
A vulnerability was found in DaiCuo 1.3.13. It has been rated as problematic. Affected by this issue is some unknown functionality of the component SEO Optimization Settings Section. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-25382 1 Ikm 1 Sanchaya 2025-06-23 7.5 High
An issue in the Property Tax Payment Portal in Information Kerala Mission SANCHAYA v3.0.4 allows attackers to arbitrarily modify payment amounts via a crafted request.
CVE-2025-25620 1 Changeweb 1 Unifiedtransform 2025-06-23 5.4 Medium
Unifiedtransform 2.0 is vulnerable to Cross Site Scripting (XSS) in the Create assignment function.
CVE-2024-53591 1 Seclore 1 Seclore 2025-06-23 9.8 Critical
An issue in the login page of Seclore v3.27.5.0 allows attackers to bypass authentication via a brute force attack.
CVE-2024-42733 1 Docmosis 1 Tornado 2025-06-23 9.8 Critical
An issue in Docmosis Tornado v.2.9.7 and before allows a remote attacker to execute arbitrary code via a crafted script to the UNC path input
CVE-2025-46646 1 Artifex 1 Ghostscript 2025-06-23 4.5 Medium
In Artifex Ghostscript before 10.05.0, decode_utf8 in base/gp_utf8.c mishandles overlong UTF-8 encoding. NOTE: this issue exists because of an incomplete fix for CVE-2024-46954.
CVE-2025-27190 1 Adobe 3 Commerce, Commerce B2b, Magento 2025-06-23 5.3 Medium
Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction.
CVE-2025-3577 1 Zyxel 2 Amg1302-t10b, Amg1302-t10b Firmware 2025-06-23 4.9 Medium
**UNSUPPORTED WHEN ASSIGNED** A path traversal vulnerability in the web management interface of the Zyxel AMG1302-T10B firmware version 2.00(AAJC.16)C0 could allow an authenticated attacker with administrator privileges to access restricted directories by sending a crafted HTTP request to an affected device.
CVE-2025-6143 1 Totolink 2 Ex1200t, Ex1200t Firmware 2025-06-23 8.8 High
A vulnerability, which was classified as critical, was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. Affected is an unknown function of the file /boafrm/formNtp of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.