Export limit exceeded: 364424 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364424 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-29686 | 1 Wintercms | 1 Winter | 2025-05-28 | 7.2 High |
| Server-side Template Injection (SSTI) vulnerability in Winter CMS v.1.2.3 allows a remote attacker to execute arbitrary code via a crafted payload to the CMS Pages field and Plugin components. NOTE: the vendor disputes this because the payload could only be entered by a trusted user, such as the owner of the server that hosts Winter CMS, or a developer working for them. | ||||
| CVE-2024-29272 | 2 Givanz, Vvveb | 2 Vvvebjs, Vvvebjs | 2025-05-28 | 6.5 Medium |
| Arbitrary File Upload vulnerability in VvvebJs before version 1.7.5, allows unauthenticated remote attackers to execute arbitrary code and obtain sensitive information via the sanitizeFileName parameter in save.php. | ||||
| CVE-2024-25168 | 1 Dingflow | 1 Snow | 2025-05-28 | 6.3 Medium |
| SQL injection vulnerability in snow snow v.2.0.0 allows a remote attacker to execute arbitrary code via the dataScope parameter of the system/role/list interface. | ||||
| CVE-2024-28559 | 1 Niushop | 1 B2b2c Multi-business | 2025-05-28 | 8.8 High |
| SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows an attacker to escalate privileges via the setPrice() function of the Goodsbatchset.php component. | ||||
| CVE-2024-28560 | 1 Niushop | 1 B2b2c Multi-business | 2025-05-28 | 5.4 Medium |
| SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows an attacker to escalate privileges via the deleteArea() function of the Address.php component. | ||||
| CVE-2024-30187 | 1 Anope | 1 Anope | 2025-05-28 | 5.3 Medium |
| Anope before 2.0.15 does not prevent resetting the password of a suspended account. | ||||
| CVE-2024-25807 | 1 Lycheeorg | 1 Lychee | 2025-05-28 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in Lychee 3.1.6, allows remote attackers to execute arbitrary code and obtain sensitive information via the title parameter when creating an album. | ||||
| CVE-2024-26557 | 1 Codiad | 1 Codiad | 2025-05-28 | 5.4 Medium |
| Codiad v2.8.4 allows reflected XSS via the components/market/dialog.php type parameter. | ||||
| CVE-2024-25808 | 1 Lycheeorg | 1 Lychee | 2025-05-28 | 8.3 High |
| Cross-site Request Forgery (CSRF) vulnerability in Lychee version 3.1.6, allows remote attackers to execute arbitrary code via the create new album function. | ||||
| CVE-2024-29271 | 2 Givanz, Vvveb | 2 Vvvebjs, Vvvebjs | 2025-05-28 | 6.1 Medium |
| Reflected Cross-Site Scripting (XSS) vulnerability in VvvebJs before version 1.7.7, allows remote attackers to execute arbitrary code and obtain sensitive information via the action parameter in save.php. | ||||
| CVE-2023-41504 | 1 Code-projects | 1 Student Enrollment | 2025-05-28 | 8.8 High |
| SQL Injection vulnerability in Student Enrollment In PHP 1.0 allows attackers to run arbitrary code via the Student Search function. | ||||
| CVE-2023-41505 | 1 Code-projects | 2 Student Enrollment, Student Enrollment In Php | 2025-05-28 | 9.8 Critical |
| An arbitrary file upload vulnerability in the Add Student's Profile Picture function of Student Enrollment In PHP v1.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. | ||||
| CVE-2025-2847 | 1 Codezips | 1 Gym Management System | 2025-05-28 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in Codezips Gym Management System 1.0. This issue affects some unknown processing of the file /dashboard/admin/over_month.php. The manipulation of the argument mm leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-2151 | 1 Assimp | 1 Assimp | 2025-05-28 | 6.3 Medium |
| A vulnerability classified as critical was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function Assimp::GetNextLine in the library ParsingUtils.h of the component File Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3395 | 1 Abb | 1 Automation Builder | 2025-05-28 | 7.1 High |
| Incorrect Permission Assignment for Critical Resource, Cleartext Storage of Sensitive Information vulnerability in ABB Automation Builder.This issue affects Automation Builder: through 2.8.0. | ||||
| CVE-2025-3394 | 1 Abb | 1 Automation Builder | 2025-05-28 | 7.8 High |
| Incorrect Permission Assignment for Critical Resource vulnerability in ABB Automation Builder.This issue affects Automation Builder: through 2.8.0. | ||||
| CVE-2024-51319 | 1 Zucchetti | 1 Ad Hoc Infinity | 2025-05-28 | 7.3 High |
| A local file include vulnerability in the /servlet/Report of Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution by uploading a jsp web/reverse shell through /jsp/zimg_upload.jsp. | ||||
| CVE-2025-5186 | 2025-05-28 | 6.3 Medium | ||
| A vulnerability was found in thinkgem JeeSite up to 5.11.1. It has been rated as critical. Affected by this issue is the function ResourceLoader.getResource of the file /cms/fileTemplate/form of the component URI Scheme Handler. The manipulation of the argument Name leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-43502 | 2025-05-28 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | ||||
| CVE-2022-43496 | 2025-05-28 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | ||||