Export limit exceeded: 366567 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 366567 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 366567 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366567 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-4061 | 1 Fabian | 1 Clothing Store Management System | 2025-05-09 | 5.3 Medium |
| A vulnerability, which was classified as critical, was found in code-projects Clothing Store Management System up to 1.0. Affected is the function add_item. The manipulation of the argument st.productname leads to stack-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-4062 | 1 Fabian | 1 Theater Seat Booking System | 2025-05-09 | 5.3 Medium |
| A vulnerability has been found in code-projects Theater Seat Booking System 1.0 and classified as critical. Affected by this vulnerability is the function cancel. The manipulation of the argument cancelcustomername leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-4064 | 1 Scriptandtools | 1 Online Traveling System | 2025-05-09 | 5.3 Medium |
| A vulnerability was found in ScriptAndTools Online-Travling-System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/viewenquiry.php. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-46584 | 1 Huawei | 1 Harmonyos | 2025-05-09 | 7.8 High |
| Vulnerability of improper authentication logic implementation in the file system module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-46585 | 1 Huawei | 1 Harmonyos | 2025-05-09 | 7.5 High |
| Out-of-bounds array read/write vulnerability in the kernel module Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2024-58252 | 1 Huawei | 1 Harmonyos | 2025-05-09 | 6.2 Medium |
| Vulnerability of insufficient information protection in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-46587 | 1 Huawei | 1 Harmonyos | 2025-05-09 | 6.2 Medium |
| Permission control vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-46590 | 1 Huawei | 1 Harmonyos | 2025-05-09 | 6.3 Medium |
| Bypass vulnerability in the network search instruction authentication module Impact: Successful exploitation of this vulnerability can bypass authentication and enable access to some network search functions. | ||||
| CVE-2025-46592 | 1 Huawei | 1 Harmonyos | 2025-05-09 | 4.4 Medium |
| Null pointer dereference vulnerability in the USB HDI driver module Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2022-3741 | 1 Chatwoot | 1 Chatwoot | 2025-05-09 | 9.8 Critical |
| Impact varies for each individual vulnerability in the application. For generation of accounts, it may be possible, depending on the amount of system resources available, to create a DoS event in the server. These accounts still need to be activated; however, it is possible to identify the output Status Code to separate accounts that are generated and waiting for email verification. \n\nFor the sign in directories, it is possible to brute force login attempts to either login portal, which could lead to account compromise. | ||||
| CVE-2022-0074 | 1 Litespeedtech | 1 Openlitespeed | 2025-05-09 | 8.8 High |
| Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server Container allows Privilege Escalation. This affects versions from 1.6.15 before 1.7.16.1. | ||||
| CVE-2022-0072 | 1 Litespeedtech | 1 Openlitespeed | 2025-05-09 | 5.8 Medium |
| Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Path Traversal. This affects versions from 1.5.11 through 1.5.12, from 1.6.5 through 1.6.20.1, from 1.7.0 before 1.7.16.1 | ||||
| CVE-2024-45563 | 1 Qualcomm | 28 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 25 more | 2025-05-09 | 6.6 Medium |
| Memory corruption while handling schedule request in Camera Request Manager(CRM) due to invalid link count in the corresponding session. | ||||
| CVE-2022-24670 | 1 Forgerock | 1 Access Management | 2025-05-09 | 7.1 High |
| An attacker can use the unrestricted LDAP queries to determine configuration entries | ||||
| CVE-2024-45570 | 1 Qualcomm | 116 C-v2x 9150, C-v2x 9150 Firmware, Fastconnect 6800 and 113 more | 2025-05-09 | 6.6 Medium |
| Memory corruption may occur during IO configuration processing when the IO port count is invalid. | ||||
| CVE-2024-24142 | 1 Rems | 1 School Task Manager | 2025-05-09 | 9.8 Critical |
| Sourcecodester School Task Manager 1.0 allows SQL Injection via the 'subject' parameter. | ||||
| CVE-2024-21491 | 1 Svix | 1 Svix-webhooks | 2025-05-09 | 5.9 Medium |
| Versions of the package svix before 1.17.0 are vulnerable to Authentication Bypass due to an issue in the verify function where signatures of different lengths are incorrectly compared. An attacker can bypass signature verification by providing a shorter signature that matches the beginning of the actual signature. **Note:** The attacker would need to know a victim uses the Rust library for verification,no easy way to automatically check that; and uses webhooks by a service that uses Svix, and then figure out a way to craft a malicious payload that will actually include all of the correct identifiers needed to trick the receivers to cause actual issues. | ||||
| CVE-2023-52059 | 1 Gestsup | 1 Gestsup | 2025-05-09 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in Gestsup v3.2.46 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description text field. | ||||
| CVE-2022-3391 | 1 Retain | 1 Retain Live Chat | 2025-05-09 | 4.8 Medium |
| The Retain Live Chat WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2022-3350 | 1 Tech-banker | 1 Contact Bank | 2025-05-09 | 4.8 Medium |
| The Contact Bank WordPress plugin through 3.0.30 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||