Export limit exceeded: 364862 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364862 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-5364 1 Campcodes 1 Online Hospital Management System 2025-06-03 7.3 High
A vulnerability was found in Campcodes Online Hospital Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /doctor/add-patient.php. The manipulation of the argument patname leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-5365 1 Campcodes 1 Online Hospital Management System 2025-06-03 7.3 High
A vulnerability was found in Campcodes Online Hospital Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/patient-search.php. The manipulation of the argument searchdata leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-5367 1 Phpgurukul 1 Online Shopping Portal 2025-06-03 7.3 High
A vulnerability was found in PHPGurukul Online Shopping Portal Project 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /category.php. The manipulation of the argument Product leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-32228 1 Ffmpeg 1 Ffmpeg 2025-06-03 6.6 Medium
FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a SEGV at libavcodec/hevcdec.c:2947:22 in hevc_frame_end.
CVE-2025-5368 1 Phpgurukul 1 Daily Expense Tracker System 2025-06-03 6.3 Medium
A vulnerability was found in PHPGurukul Daily Expense Tracker System 1.1. It has been rated as critical. This issue affects some unknown processing of the file /expense-yearwise-reports-detailed.php. The manipulation of the argument todate leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-5373 1 Phpgurukul 1 Online Birth Certificate System 2025-06-03 6.3 Medium
A vulnerability has been found in PHPGurukul Online Birth Certificate System 2.0 and classified as critical. This vulnerability affects unknown code of the file /admin/users-applications.php. The manipulation of the argument userid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-5374 1 Phpgurukul 1 Online Birth Certificate System 2025-06-03 6.3 Medium
A vulnerability was found in PHPGurukul Online Birth Certificate System 2.0 and classified as critical. This issue affects some unknown processing of the file /admin/all-applications.php. The manipulation of the argument del leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-32229 1 Ffmpeg 1 Ffmpeg 2025-06-03 8.4 High
FFmpeg 7.0 contains a heap-buffer-overflow at libavfilter/vf_tiltandshift.c:189:5 in copy_column.
CVE-2025-5375 1 Phpgurukul 1 Online Birth Certificate System 2025-06-03 6.3 Medium
A vulnerability was found in PHPGurukul HPGurukul Online Birth Certificate System 2.0. It has been classified as critical. Affected is an unknown function of the file /admin/registered-users.php. The manipulation of the argument del leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2023-20240 1 Cisco 2 Anyconnect Secure Mobility Client, Secure Client 2025-06-03 5.5 Medium
Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Client Software. An attacker could exploit these vulnerabilities by logging in to an affected device at the same time that another user is accessing Cisco Secure Client on the same system, and then sending crafted packets to a port on that local host. A successful exploit could allow the attacker to crash the VPN Agent service, causing it to be unavailable to all users of the system. To exploit these vulnerabilities, the attacker must have valid credentials on a multi-user system.
CVE-2023-43843 1 Aten 2 Pe6208, Pe6208 Firmware 2025-06-03 7.3 High
Incorrect access control in the account management function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to read user and administrator accounts passwords via HTTP GET request.
CVE-2023-43842 1 Aten 2 Pe6208, Pe6208 Firmware 2025-06-03 7.3 High
Incorrect access control in the account management function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to alter user and administrator accounts credentials via HTTP POST request.
CVE-2024-23059 1 Totolink 2 A3300r, A3300r Firmware 2025-06-03 9.8 Critical
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the username parameter in the setDdnsCfg function.
CVE-2024-22942 1 Totolink 2 A3300r, A3300r Firmware 2025-06-03 9.8 Critical
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the hostName parameter in the setWanCfg function.
CVE-2024-22164 1 Splunk 1 Enterprise Security 2025-06-03 4.3 Medium
In Splunk Enterprise Security (ES) versions below 7.1.2, an attacker can use investigation attachments to perform a denial of service (DoS) to the Investigation. The attachment endpoint does not properly limit the size of the request which lets an attacker cause the Investigation to become inaccessible.
CVE-2024-21773 1 Tp-link 8 Archer Ax3000, Archer Ax3000 Firmware, Archer Ax5400 and 5 more 2025-06-03 8.8 High
Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands on the product that has pre-specified target devices and blocked URLs in parental control settings.
CVE-2024-21732 1 Flycms Project 1 Flycms 2025-06-03 6.1 Medium
FlyCms through abbaa5a allows XSS via the permission management feature.
CVE-2024-20805 1 Samsung 2 Android, Myfiles 2025-06-03 3.3 Low
Path traversal vulnerability in ZipCompressor of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write arbitrary file.
CVE-2024-0333 2 Fedoraproject, Google 2 Fedora, Chrome 2025-06-03 5.3 Medium
Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216 allowed an attacker in a privileged network position to install a malicious extension via a crafted HTML page. (Chromium security severity: High)
CVE-2023-6551 1 Verot 1 Class.upload.php 2025-06-03 5.4 Medium
As a simple library, class.upload.php does not perform an in-depth check on uploaded files, allowing a stored XSS vulnerability when the default configuration is used. Developers must be aware of that fact and use extension whitelisting accompanied by forcing the server to always provide content-type based on the file extension. The README has been updated to include these guidelines.