Export limit exceeded: 363341 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363341 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-13124 1 10web 1 Photo Gallery 2025-05-13 3.5 Low
The Photo Gallery by 10Web WordPress plugin before 1.8.33 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVE-2022-23770 2 Linux, Wisa 2 Linux Kernel, Smart Wing Cms 2025-05-13 8.8 High
This vulnerability could allow a remote attacker to execute remote commands with improper validation of parameters of certain API constructors. Remote attackers could use this vulnerability to execute malicious commands such as directory traversal.
CVE-2025-4298 1 Tenda 2 Ac1206, Ac1206 Firmware 2025-05-13 8.8 High
A vulnerability was found in Tenda AC1206 up to 15.03.06.23. It has been declared as critical. This vulnerability affects the function formSetCfm of the file /goform/setcfm. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-4299 1 Tenda 2 Ac1206, Ac1206 Firmware 2025-05-13 8.8 High
A vulnerability was found in Tenda AC1206 up to 15.03.06.23. It has been rated as critical. This issue affects the function setSchedWifi of the file /goform/openSchedWifi. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-44074 1 Seacms 1 Seacms 2025-05-13 9.8 Critical
SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_topic.php.
CVE-2025-44072 1 Seacms 1 Seacms 2025-05-13 9.8 Critical
SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_manager.php.
CVE-2025-44071 1 Seacms 1 Seacms 2025-05-13 9.8 Critical
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component phomebak.php. This vulnerability allows attackers to execute arbitrary code via a crafted request.
CVE-2025-2665 1 Phpgurukul 1 Online Security Guards Hiring System 2025-05-13 7.3 High
A vulnerability was found in PHPGurukul Online Security Guards Hiring System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-57099 1 Classcms 1 Classcms 2025-05-13 9.8 Critical
ClassCMS v4.8 has a code execution vulnerability. Attackers can exploit this vulnerability by constructing a payload in the classview parameter of the model management feature, allowing them to execute arbitrary code and potentially take control of the server.
CVE-2024-57450 1 1000mz 1 Chestnutcms 2025-05-13 9.8 Critical
ChestnutCMS <=1.5.0 is vulnerable to File Upload via the Create template function.
CVE-2024-57452 1 1000mz 1 Chestnutcms 2025-05-13 7.5 High
ChestnutCMS <=1.5.0 has an arbitrary file deletion vulnerability in contentcore.controller.FileController, which allows attackers to delete any file and folder.
CVE-2024-57451 1 1000mz 1 Chestnutcms 2025-05-13 7.5 High
ChestnutCMS <=1.5.0 has a directory traversal vulnerability in contentcore.controller.FileController#getFileList, which allows attackers to view any directory.
CVE-2024-21090 1 Oracle 2 Mysql Connector\/python, Mysql Connectors 2025-05-13 7.5 High
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python). Supported versions that are affected are 8.3.0 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
CVE-2025-24899 1 Yogeshojha 1 Rengine 2025-05-13 7.5 High
reNgine is an automated reconnaissance framework for web applications. A vulnerability was discovered in reNgine, where **an insider attacker with any role** (such as Auditor, Penetration Tester, or Sys Admin) **can extract sensitive information from other reNgine users.** After running a scan and obtaining vulnerabilities from a target, the attacker can retrieve details such as `username`, `password`, `email`, `role`, `first name`, `last name`, `status`, and `activity information` by making a GET request to `/api/listVulnerability/`. This issue has been addressed in version 2.2.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2025-24962 1 Yogeshojha 1 Rengine 2025-05-13 8.8 High
reNgine is an automated reconnaissance framework for web applications. In affected versions a user can inject commands via the nmap_cmd parameters. This issue has been addressed in commit `c28e5c8d` and is expected in the next versioned release. Users are advised to filter user input and monitor the project for a new release.
CVE-2025-4304 1 Phpgurukul 1 Cyber Cafe Management System 2025-05-13 7.3 High
A vulnerability, which was classified as critical, was found in PHPGurukul Cyber Cafe Management System 1.0. This affects an unknown part of the file /adminprofile.php. The manipulation of the argument mobilenumber leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
CVE-2025-4306 1 Phpgurukul 1 Nipah Virus Testing Management System 2025-05-13 7.3 High
A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /edit-phlebotomist.php. The manipulation of the argument mobilenumber leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
CVE-2025-4307 1 Phpgurukul 1 Art Gallery Management System 2025-05-13 7.3 High
A vulnerability was found in PHPGurukul Art Gallery Management System 1.1. It has been classified as critical. Affected is an unknown function of the file /admin/add-art-medium.php. The manipulation of the argument artmed leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-4308 1 Phpgurukul 1 Art Gallery Management System 2025-05-13 7.3 High
A vulnerability was found in PHPGurukul Art Gallery Management System 1.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/add-art-type.php. The manipulation of the argument arttype leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-40625 1 Tcman 1 Gim 2025-05-13 9.8 Critical
Unrestricted file upload in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to upload any file within the server, even a malicious file to obtain a Remote Code Execution (RCE).