Export limit exceeded: 364862 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364862 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-50975 | 2 Td, Tdbank | 2 Advanced Dashboard, Td-advanced-dashboard | 2025-05-06 | 8.4 High |
| The TD Bank TD Advanced Dashboard client through 3.0.3 for macOS allows arbitrary code execution because of the lack of electron::fuses::IsRunAsNodeEnabled (i.e., ELECTRON_RUN_AS_NODE can be used in production). This makes it easier for a compromised process to access banking information. | ||||
| CVE-2024-25381 | 2 Emlog, Emlog Pro Project | 2 Emlog, Emlog Pro | 2025-05-06 | 6.1 Medium |
| There is a Stored XSS Vulnerability in Emlog Pro 2.2.8 Article Publishing, due to non-filtering of quoted content. | ||||
| CVE-2024-25461 | 1 Creatio | 1 Crm Creatio | 2025-05-06 | 7.5 High |
| Directory Traversal vulnerability in Terrasoft, Creatio Terrasoft CRM v.7.18.4.1532 allows a remote attacker to obtain sensitive information via a crafted request to the terrasoft.axd component. | ||||
| CVE-2024-27283 | 1 Veritas | 1 Ediscovery Platform | 2025-05-06 | 7.2 High |
| A vulnerability was discovered in Veritas eDiscovery Platform before 10.2.5. The application administrator can upload potentially malicious files to arbitrary locations on the server on which the application is installed. | ||||
| CVE-2025-2362 | 1 Phpgurukul | 1 Pre-school Enrollment System | 2025-05-06 | 7.3 High |
| A vulnerability was found in PHPGurukul Pre-School Enrollment System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/contact-us.php. The manipulation of the argument mobnum leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | ||||
| CVE-2024-0220 | 1 Br-automation | 2 Automation Studio, Technology Guarding | 2025-05-06 | 8.3 High |
| B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code on the products or sniff sensitive data. | ||||
| CVE-2025-2379 | 1 Phpgurukul | 1 Apartment Visitors Management System | 2025-05-06 | 7.3 High |
| A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /create-pass.php. The manipulation of the argument visname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-2380 | 1 Phpgurukul | 1 Apartment Visitors Management System | 2025-05-06 | 7.3 High |
| A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin-profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-1104 | 1 Areal-topkapi | 1 Webserv2 | 2025-05-06 | 7.5 High |
| An unauthenticated remote attacker can bypass the brute force prevention mechanism and disturb the webservice for all users. | ||||
| CVE-2025-2381 | 1 Phpgurukul | 1 Curfew E-pass Management System | 2025-05-06 | 7.3 High |
| A vulnerability classified as critical has been found in PHPGurukul Curfew e-Pass Management System 1.0. Affected is an unknown function of the file /admin/search-pass.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-40487 | 1 Processwire | 1 Processwire | 2025-05-06 | 6.1 Medium |
| ProcessWire v3.0.200 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the Search Users and Search Pages function. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via injection of a crafted payload. | ||||
| CVE-2022-3308 | 1 Google | 1 Chrome | 2025-05-06 | 7.4 High |
| Insufficient policy enforcement in developer tools in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2022-3307 | 1 Google | 1 Chrome | 2025-05-06 | 8.8 High |
| Use after free in media in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2022-3306 | 1 Google | 2 Chrome, Chrome Os | 2025-05-06 | 8.8 High |
| Use after free in survey in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2022-3305 | 1 Google | 2 Chrome, Chrome Os | 2025-05-06 | 8.8 High |
| Use after free in survey in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2018-6342 | 2 Facebook, Microsoft | 2 React-dev-utils, Windows | 2025-05-06 | 9.8 Critical |
| react-dev-utils on Windows allows developers to run a local webserver for accepting various commands, including a command to launch an editor. The input to that command was not properly sanitized, allowing an attacker who can make a network request to the server (either via CSRF or by direct request) to execute arbitrary commands on the targeted system. This issue affects multiple branches: 1.x.x prior to 1.0.4, 2.x.x prior to 2.0.2, 3.x.x prior to 3.1.2, 4.x.x prior to 4.2.2, and 5.x.x prior to 5.0.2. | ||||
| CVE-2018-6341 | 1 Facebook | 1 React | 2025-05-06 | 6.1 Medium |
| React applications which rendered to HTML using the ReactDOMServer API were not escaping user-supplied attribute names at render-time. That lack of escaping could lead to a cross-site scripting vulnerability. This issue affected minor releases 16.0.x, 16.1.x, 16.2.x, 16.3.x, and 16.4.x. It was fixed in 16.0.1, 16.1.2, 16.2.1, 16.3.3, and 16.4.2. | ||||
| CVE-2018-6337 | 1 Facebook | 2 Folly, Hhvm | 2025-05-06 | 7.5 High |
| folly::secureRandom will re-use a buffer between parent and child processes when fork() is called. That will result in multiple forked children producing repeat (or similar) results. This affects HHVM 3.26 prior to 3.26.3 and the folly library between v2017.12.11.00 and v2018.08.09.00. | ||||
| CVE-2018-6334 | 1 Facebook | 1 Hhvm | 2025-05-06 | 9.8 Critical |
| Multipart-file uploads call variables to be improperly registered in the global scope. In cases where variables are not declared explicitly before being used this can lead to unexpected behavior. This affects all supported versions of HHVM prior to the patch (3.25.1, 3.24.5, and 3.21.9 and below). | ||||
| CVE-2018-20622 | 2 Debian, Jasper Project | 2 Debian Linux, Jasper | 2025-05-06 | 6.5 Medium |
| JasPer 2.0.14 has a memory leak in base/jas_malloc.c in libjasper.a when "--output-format jp2" is used. | ||||