Export limit exceeded: 365319 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (365319 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-37821 1 Dolibarr 1 Dolibarr Erp\/crm 2025-06-13 8.8 High
An arbitrary file upload vulnerability in the Upload Template function of Dolibarr ERP CRM up to v19.0.1 allows attackers to execute arbitrary code via uploading a crafted .SQL file.
CVE-2024-33900 1 Keepassxc 1 Keepassxc 2025-06-13 6.5 Medium
KeePassXC 2.7.7 allows an attacker (who has the privileges of the victim) to recover cleartext credentials via a memory dump. NOTE: the vendor disputes this because memory-management constraints make this unavoidable in the current design and other realistic designs.
CVE-2023-52115 1 Huawei 1 Harmonyos 2025-06-13 7.5 High
The iaware module has a Use-After-Free (UAF) vulnerability. Successful exploitation of this vulnerability may affect the system functions.
CVE-2023-52074 1 Flycms Project 1 Flycms 2025-06-13 8.8 High
FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component system/site/webconfig_updagte.
CVE-2023-0224 1 Givewp 1 Givewp 2025-06-13 9.8 Critical
The GiveWP WordPress plugin before 2.24.1 does not properly escape user input before it reaches SQL queries, which could let unauthenticated attackers perform SQL Injection attacks
CVE-2024-33901 1 Keepassxc 1 Keepassxc 2025-06-13 6.5 Medium
Issue in KeePassXC 2.7.7 allows an attacker (who has the privileges of the victim) to recover some passwords stored in the .kdbx database via a memory dump. NOTE: the vendor disputes this because memory-management constraints make this unavoidable in the current design and other realistic designs.
CVE-2024-32407 2 Inducer, Inducer 2 Relate, Relate 2025-06-13 8.8 High
An issue in inducer relate before v.2024.1 allows a remote attacker to execute arbitrary code via a crafted payload to the Page Sandbox feature.
CVE-2024-32405 2 Inducer, Inducer 2 Relate, Relate 2025-06-13 2.6 Low
Cross Site Scripting vulnerability in inducer relate before v.2024.1 allows a remote attacker to escalate privileges via a crafted payload to the Answer field of InlineMultiQuestion parameter on Exam function.
CVE-2025-26013 1 Olajowon 1 Loggrove 2025-06-13 8.2 High
An issue in Loggrove v.1.0 allows a remote attacker to obtain sensitive information via the read.py component.
CVE-2025-26014 1 Olajowon 1 Loggrove 2025-06-13 9.8 Critical
A Remote Code Execution (RCE) vulnerability in Loggrove v.1.0 allows a remote attacker to execute arbitrary code via the path parameter.
CVE-2025-45752 1 Seeddms 1 Seeddms 2025-06-13 7.2 High
A vulnerability in SeedDMS 6.0.32 allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the zip import functionality in the Extension Manager.
CVE-2024-57529 1 Jeppesen 1 Jetplanner 2025-06-13 6.1 Medium
Cross Site Scripting vulnerability in Jeppesen JetPlanner Pro v.1.6.2.20 allows a remote attacker to execute arbitrary code.
CVE-2025-28099 1 Fumiao 1 Opencms 2025-06-13 4.3 Medium
opencms V2.3 is vulnerable to Arbitrary file read in src/main/webapp/view/admin/document/dataPage.jsp,
CVE-2022-41572 1 Eyesofnetwork 1 Eyesofnetwork 2025-06-13 9.8 Critical
An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Privilege escalation can be accomplished on the server because nmap can be run as root. The attacker achieves total control over the server.
CVE-2023-50395 1 Solarwinds 1 Solarwinds Platform 2025-06-13 8 High
SQL Injection Remote Code Execution Vulnerability was found using an update statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited
CVE-2024-0985 2 Postgresql, Redhat 7 Postgresql, Enterprise Linux, Rhel Aus and 4 more 2025-06-13 8 High
Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The victim is a superuser or member of one of the attacker's roles. The attack requires luring the victim into running REFRESH MATERIALIZED VIEW CONCURRENTLY on the attacker's materialized view. Versions before PostgreSQL 16.2, 15.6, 14.11, 13.14, and 12.18 are affected.
CVE-2024-23806 1 Hidglobal 4 Iclass Se Reader Configuration Cards, Iclass Se Reader Configuration Cards Firmware, Omnikey Secure Elements Reader Configuration Cards and 1 more 2025-06-13 5.3 Medium
Sensitive data can be extracted from HID iCLASS SE reader configuration cards. This could include credential and device administrator keys.
CVE-2024-22893 1 Openslides 1 Openslides 2025-06-13 7.5 High
OpenSlides 4.0.15 verifies passwords by comparing password hashes using a function with content-dependent runtime. This can allow attackers to obtain information about the password hash using a timing attack.
CVE-2024-37759 1 Datagear 1 Datagear 2025-06-13 9.8 Critical
DataGear v5.0.0 and earlier was discovered to contain a SpEL (Spring Expression Language) expression injection vulnerability via the Data Viewing interface.
CVE-2024-37665 1 Wvp-pro 1 Gb28181 2025-06-13 8.8 High
An access control issue in Wvp GB28181 Pro 2.0 allows authenticated attackers to escalate privileges to Administrator via a crafted POST request.