Export limit exceeded: 364918 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364918 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-11356 | 1 Goodlayers | 1 Tour Master | 2025-06-05 | 6.1 Medium |
| The tourmaster WordPress plugin before 5.3.4 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site Scripting attacks. | ||||
| CVE-2022-45830 | 1 Analytify | 1 Analytify - Google Analytics Dashboard | 2025-06-05 | 6.5 Medium |
| Missing Authorization vulnerability in Analytify.This issue affects Analytify: from n/a through 4.2.3. | ||||
| CVE-2024-11357 | 1 Goodlayers | 1 Goodlayers Core | 2025-06-05 | 5.9 Medium |
| The goodlayers-core WordPress plugin before 2.0.10 does not sanitise and escape some of its settings, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2024-56175 | 1 Optimizely | 1 Configured Commerce | 2025-06-05 | 6.1 Medium |
| In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from client-side template injection in list item names. | ||||
| CVE-2024-56174 | 1 Optimizely | 1 Configured Commerce | 2025-06-05 | 8.1 High |
| In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from client-side template injection in search history. | ||||
| CVE-2024-56173 | 1 Optimizely | 1 Configured Commerce | 2025-06-05 | 4.7 Medium |
| In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from JavaScript in an SVG document. | ||||
| CVE-2024-55660 | 1 B3log | 1 Siyuan | 2025-06-05 | 9.8 Critical |
| SiYuan is a personal knowledge management system. Prior to version 3.1.16, SiYuan's `/api/template/renderSprig` endpoint is vulnerable to Server-Side Template Injection (SSTI) through the Sprig template engine. Although the engine has limitations, it allows attackers to access environment variables. Version 3.1.16 contains a patch for the issue. | ||||
| CVE-2024-55659 | 1 B3log | 1 Siyuan | 2025-06-05 | 5.4 Medium |
| SiYuan is a personal knowledge management system. Prior to version 3.1.16, the `/api/asset/upload` endpoint in Siyuan is vulnerable to both arbitrary file write to the host and stored cross-site scripting (via the file write). Version 3.1.16 contains a patch for the issue. | ||||
| CVE-2024-55658 | 1 B3log | 1 Siyuan | 2025-06-05 | 7.5 High |
| SiYuan is a personal knowledge management system. Prior to version 3.1.16, SiYuan's /api/export/exportResources endpoint is vulnerable to arbitary file read via path traversal. It is possible to manipulate the paths parameter to access and download arbitrary files from the host system by traversing the workspace directory structure. Version 3.1.16 contains a patch for the issue. | ||||
| CVE-2024-55657 | 1 B3log | 1 Siyuan | 2025-06-05 | 7.5 High |
| SiYuan is a personal knowledge management system. Prior to version 3.1.16, an arbitrary file read vulnerability exists in Siyuan's `/api/template/render` endpoint. The absence of proper validation on the path parameter allows attackers to access sensitive files on the host system. Version 3.1.16 contains a patch for the issue. | ||||
| CVE-2024-1009 | 1 Employee Management System Project | 1 Employee Management System | 2025-06-05 | 7.3 High |
| A vulnerability was found in SourceCodester Employee Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Admin/login.php. The manipulation of the argument txtusername leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252278 is the identifier assigned to this vulnerability. | ||||
| CVE-2024-42552 | 1 Vaibhavverma9999 | 1 Hotel Management System | 2025-06-05 | 8.6 High |
| Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the book_id parameter at admin_room_history.php. | ||||
| CVE-2024-42553 | 1 Vaibhavverma9999 | 1 Hotel Management System | 2025-06-05 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) in the component admin_room_added.php of Hotel Management System commit 91caab8 allows attackers to escalate privileges. | ||||
| CVE-2024-42554 | 2 Hotel Management System Project, Vaibhavverma9999 | 2 Hotel Management System, Hotel Management System | 2025-06-05 | 8.8 High |
| Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the room_type parameter at admin_room_added.php. | ||||
| CVE-2024-42555 | 1 Vaibhavverma9999 | 1 Hotel Management System | 2025-06-05 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) in the component admin_room_removed.php of Hotel Management System commit 91caab8 allows attackers to escalate privileges. | ||||
| CVE-2024-42556 | 1 Vaibhavverma9999 | 1 Hotel Management System | 2025-06-05 | 9.8 Critical |
| Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the room_type parameter at admin_room_removed.php. | ||||
| CVE-2024-42557 | 1 Vaibhavverma9999 | 1 Hotel Management System | 2025-06-05 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) in the component admin_modify_room.php of Hotel Management System commit 91caab8 allows attackers to escalate privileges. | ||||
| CVE-2024-42558 | 1 Vaibhavverma9999 | 1 Hotel Management System | 2025-06-05 | 9.8 Critical |
| Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the book_id parameter at admin_modify_room.php. | ||||
| CVE-2024-42560 | 1 Varunsardana004 | 1 Blood Bank And Donation Management System | 2025-06-05 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the component update_page_details.php of Blood Bank And Donation Management System commit dc9e039 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page Details parameter. | ||||
| CVE-2024-42561 | 2 Krishna9772, Pharmacy Management System Project | 2 Pharmacy Management System, Pharmacy Management System | 2025-06-05 | 8.8 High |
| Pharmacy Management System commit a2efc8 was discovered to contain a SQL injection vulnerability via the invoice_number parameter at sales_report.php. | ||||