Export limit exceeded: 364424 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364424 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-29686 1 Wintercms 1 Winter 2025-05-28 7.2 High
Server-side Template Injection (SSTI) vulnerability in Winter CMS v.1.2.3 allows a remote attacker to execute arbitrary code via a crafted payload to the CMS Pages field and Plugin components. NOTE: the vendor disputes this because the payload could only be entered by a trusted user, such as the owner of the server that hosts Winter CMS, or a developer working for them.
CVE-2024-29272 2 Givanz, Vvveb 2 Vvvebjs, Vvvebjs 2025-05-28 6.5 Medium
Arbitrary File Upload vulnerability in VvvebJs before version 1.7.5, allows unauthenticated remote attackers to execute arbitrary code and obtain sensitive information via the sanitizeFileName parameter in save.php.
CVE-2024-25168 1 Dingflow 1 Snow 2025-05-28 6.3 Medium
SQL injection vulnerability in snow snow v.2.0.0 allows a remote attacker to execute arbitrary code via the dataScope parameter of the system/role/list interface.
CVE-2024-28559 1 Niushop 1 B2b2c Multi-business 2025-05-28 8.8 High
SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows an attacker to escalate privileges via the setPrice() function of the Goodsbatchset.php component.
CVE-2024-28560 1 Niushop 1 B2b2c Multi-business 2025-05-28 5.4 Medium
SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows an attacker to escalate privileges via the deleteArea() function of the Address.php component.
CVE-2024-30187 1 Anope 1 Anope 2025-05-28 5.3 Medium
Anope before 2.0.15 does not prevent resetting the password of a suspended account.
CVE-2024-25807 1 Lycheeorg 1 Lychee 2025-05-28 6.1 Medium
Cross Site Scripting (XSS) vulnerability in Lychee 3.1.6, allows remote attackers to execute arbitrary code and obtain sensitive information via the title parameter when creating an album.
CVE-2024-26557 1 Codiad 1 Codiad 2025-05-28 5.4 Medium
Codiad v2.8.4 allows reflected XSS via the components/market/dialog.php type parameter.
CVE-2024-25808 1 Lycheeorg 1 Lychee 2025-05-28 8.3 High
Cross-site Request Forgery (CSRF) vulnerability in Lychee version 3.1.6, allows remote attackers to execute arbitrary code via the create new album function.
CVE-2024-29271 2 Givanz, Vvveb 2 Vvvebjs, Vvvebjs 2025-05-28 6.1 Medium
Reflected Cross-Site Scripting (XSS) vulnerability in VvvebJs before version 1.7.7, allows remote attackers to execute arbitrary code and obtain sensitive information via the action parameter in save.php.
CVE-2023-41504 1 Code-projects 1 Student Enrollment 2025-05-28 8.8 High
SQL Injection vulnerability in Student Enrollment In PHP 1.0 allows attackers to run arbitrary code via the Student Search function.
CVE-2023-41505 1 Code-projects 2 Student Enrollment, Student Enrollment In Php 2025-05-28 9.8 Critical
An arbitrary file upload vulnerability in the Add Student's Profile Picture function of Student Enrollment In PHP v1.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.
CVE-2025-2847 1 Codezips 1 Gym Management System 2025-05-28 6.3 Medium
A vulnerability, which was classified as critical, has been found in Codezips Gym Management System 1.0. This issue affects some unknown processing of the file /dashboard/admin/over_month.php. The manipulation of the argument mm leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-2151 1 Assimp 1 Assimp 2025-05-28 6.3 Medium
A vulnerability classified as critical was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function Assimp::GetNextLine in the library ParsingUtils.h of the component File Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-3395 1 Abb 1 Automation Builder 2025-05-28 7.1 High
Incorrect Permission Assignment for Critical Resource, Cleartext Storage of Sensitive Information vulnerability in ABB Automation Builder.This issue affects Automation Builder: through 2.8.0.
CVE-2025-3394 1 Abb 1 Automation Builder 2025-05-28 7.8 High
Incorrect Permission Assignment for Critical Resource vulnerability in ABB Automation Builder.This issue affects Automation Builder: through 2.8.0.
CVE-2024-51319 1 Zucchetti 1 Ad Hoc Infinity 2025-05-28 7.3 High
A local file include vulnerability in the /servlet/Report of Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution by uploading a jsp web/reverse shell through /jsp/zimg_upload.jsp.
CVE-2025-5186 2025-05-28 6.3 Medium
A vulnerability was found in thinkgem JeeSite up to 5.11.1. It has been rated as critical. Affected by this issue is the function ResourceLoader.getResource of the file /cms/fileTemplate/form of the component URI Scheme Handler. The manipulation of the argument Name leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2022-43502 2025-05-28 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused
CVE-2022-43496 2025-05-28 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused