Export limit exceeded: 363296 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363296 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-25920 | 1 Open-emr | 1 Openemr | 2025-04-30 | 6.5 Medium |
| In OpenEMR, versions v2.7.2-rc1 to 6.0.0 are vulnerable to Improper Access Control when creating a new user, which leads to a malicious user able to read and send sensitive messages on behalf of the victim user. | ||||
| CVE-2021-25919 | 1 Open-emr | 1 Openemr | 2025-04-30 | 4.8 Medium |
| In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly. A highly privileged attacker could inject arbitrary code into input fields when creating a new user. | ||||
| CVE-2021-25918 | 1 Open-emr | 1 Openemr | 2025-04-30 | 4.8 Medium |
| In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly and rendered in the TOTP Authentication method page. A highly privileged attacker could inject arbitrary code into input fields when creating a new user. | ||||
| CVE-2021-25917 | 1 Open-emr | 1 Openemr | 2025-04-30 | 4.8 Medium |
| In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly and rendered in the U2F USB Device authentication method page. A highly privileged attacker could inject arbitrary code into input fields when creating a new user. | ||||
| CVE-2021-25916 | 1 Patchmerge Project | 1 Patchmerge | 2025-04-30 | 9.8 Critical |
| Prototype pollution vulnerability in 'patchmerge' versions 1.0.0 through 1.0.1 allows an attacker to cause a denial of service and may lead to remote code execution. | ||||
| CVE-2021-25915 | 1 Changeset Project | 1 Changeset | 2025-04-30 | 9.8 Critical |
| Prototype pollution vulnerability in 'changeset' versions 0.0.1 through 0.2.5 allows an attacker to cause a denial of service and may lead to remote code execution. | ||||
| CVE-2021-25914 | 1 Fireblink | 1 Object-collider | 2025-04-30 | 9.8 Critical |
| Prototype pollution vulnerability in 'object-collider' versions 1.0.0 through 1.0.3 allows attacker to cause a denial of service and may lead to remote code execution. | ||||
| CVE-2025-4027 | 1 Phpgurukul | 1 Old Age Home Management System | 2025-04-30 | 7.3 High |
| A vulnerability, which was classified as critical, was found in PHPGurukul Old Age Home Management System 1.0. Affected is an unknown function of the file /admin/rules.php. The manipulation of the argument pagetitle leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-45949 | 1 Phpgurukul | 1 User Registration \& Login And User Management System | 2025-04-30 | 9.8 Critical |
| A critical vulnerability was found in PHPGurukul User Registration & Login and User Management System V3.3 in the /loginsystem/change-password.php file of the user panel - Change Password component. Improper handling of session data allows a Session Hijacking attack, exploitable remotely and leading to account takeover. | ||||
| CVE-2025-45953 | 1 Phpgurukul | 1 Hostel Management System | 2025-04-30 | 9.1 Critical |
| A vulnerability was found in PHPGurukul Hostel Management System 2.1 in the /hostel/change-password.php file of the user panel - Change Password component. Improper handling of session data allows a Session Hijacking attack, exploitable remotely | ||||
| CVE-2022-41260 | 1 Sap | 1 Financial Consolidation | 2025-04-30 | 6.1 Medium |
| SAP Financial Consolidation - version 1010, does not sufficiently encode user-controlled input which may allow an unauthenticated attacker to inject a web script via a GET request. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. | ||||
| CVE-2022-3362 | 1 Ikus-soft | 1 Rdiffweb | 2025-04-30 | 9.8 Critical |
| Insufficient Session Expiration in GitHub repository ikus060/rdiffweb prior to 2.5.0. | ||||
| CVE-2025-3823 | 1 Senior-walter | 1 Web-based Pharmacy Product Management System | 2025-04-30 | 2.4 Low |
| A vulnerability classified as problematic has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected is an unknown function of the file add-stock.php. The manipulation of the argument txttotalcost/txtproductID/txtprice/txtexpirydate leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-13146 | 1 Fs-code | 1 Booknetic | 2025-04-30 | 8.8 High |
| The Booknetic WordPress plugin before 4.1.5 does not have CSRF check when creating Staff accounts, which could allow attackers to make logged in admin add arbitrary Staff members via a CSRF attack | ||||
| CVE-2025-3824 | 1 Senior-walter | 1 Web-based Pharmacy Product Management System | 2025-04-30 | 2.4 Low |
| A vulnerability classified as problematic was found in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected by this vulnerability is an unknown functionality of the file add-product.php. The manipulation of the argument txtprice/txtproduct_name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3825 | 1 Senior-walter | 1 Web-based Pharmacy Product Management System | 2025-04-30 | 2.4 Low |
| A vulnerability, which was classified as problematic, has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected by this issue is some unknown functionality of the file add-category.php. The manipulation of the argument txtcategory_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3826 | 1 Senior-walter | 1 Web-based Pharmacy Product Management System | 2025-04-30 | 2.4 Low |
| A vulnerability, which was classified as problematic, was found in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown part of the file add-supplier.php. The manipulation of the argument txtsupplier_name/txtaddress leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-45395 | 1 Jenkins | 1 Cccc | 2025-04-30 | 9.8 Critical |
| Jenkins CCCC Plugin 0.6 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2022-45394 | 1 Jenkins | 1 Delete Log | 2025-04-30 | 4.3 Medium |
| A missing permission check in Jenkins Delete log Plugin 1.0 and earlier allows attackers with Item/Read permission to delete build logs. | ||||
| CVE-2022-45393 | 1 Jenkins | 1 Delete Log | 2025-04-30 | 3.5 Low |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Delete log Plugin 1.0 and earlier allows attackers to delete build logs. | ||||