Export limit exceeded: 364308 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364308 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-34833 1 Oretnom23 1 Payroll Management System 2025-04-30 9.8 Critical
Sourcecodester Payroll Management System v1.0 is vulnerable to File Upload. Users can upload images via the "save_settings" page. An unauthenticated attacker can leverage this functionality to upload a malicious PHP file instead. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as the user running the web server.
CVE-2024-25239 2 Sourcecodester, Walterjnr1 2 Employee Management System, Employee Management System 2025-04-30 9.8 Critical
SQL Injection vulnerability in Sourcecodester Employee Management System v1.0 allows attackers to run arbitrary SQL commands via crafted POST request to /emloyee_akpoly/Account/login.php.
CVE-2024-52945 1 Veritas 1 Netbackup 2025-04-30 7.8 High
An issue was discovered in Veritas NetBackup before 10.5. This only applies to NetBackup components running on a Windows Operating System. If a user executes specific NetBackup commands or an attacker uses social engineering techniques to impel the user to execute the commands, a malicious DLL could be loaded, resulting in execution of the attacker's code in the user's security context.
CVE-2024-52944 1 Veritas 1 Enterprise Vault 2025-04-30 5.4 Medium
An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24698. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting while viewing archived content. This could reflect back to an authenticated user without sanitization if executed by that user.
CVE-2024-52943 1 Veritas 1 Enterprise Vault 2025-04-30 5.4 Medium
An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24697. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting (XSS) while viewing archived content. This could reflect back to an authenticated user without sanitization if executed by that user.
CVE-2024-52942 1 Veritas 1 Enterprise Vault 2025-04-30 5.4 Medium
An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24696. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting (XSS) while viewing archived content. This could reflect back to an authenticated user without sanitization if executed by that user.
CVE-2024-52922 1 Bitcoin 1 Bitcoin Core 2025-04-30 6.5 Medium
In Bitcoin Core before 25.1, an attacker can cause a node to not download the latest block, because there can be minutes of delay when an announcing peer stalls instead of complying with the peer-to-peer protocol specification.
CVE-2024-52920 1 Bitcoin 1 Bitcoin Core 2025-04-30 7.5 High
Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (infinite loop) via a malformed GETDATA message.
CVE-2024-52921 1 Bitcoin 1 Bitcoin Core 2025-04-30 5.3 Medium
In Bitcoin Core before 25.0, a peer can affect the download state of other peers by sending a mutated block.
CVE-2024-52919 1 Bitcoin 1 Bitcoin Core 2025-04-30 6.5 Medium
Bitcoin Core before 22.0 has a CAddrMan nIdCount integer overflow and resultant assertion failure (and daemon exit) via a flood of addr messages.
CVE-2024-52917 1 Bitcoin 1 Bitcoin Core 2025-04-30 6.5 Medium
Bitcoin Core before 22.0 has a miniupnp infinite loop in which it allocates memory on the basis of random data received over the network, e.g., large M-SEARCH replies from a fake UPnP device.
CVE-2024-52916 1 Bitcoin 1 Bitcoin Core 2025-04-30 7.5 High
Bitcoin Core before 0.15.0 allows a denial of service (OOM kill of a daemon process) via a flood of minimum difficulty headers.
CVE-2024-52915 1 Bitcoin 1 Bitcoin Core 2025-04-30 7.5 High
Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (memory consumption) via a crafted INV message.
CVE-2024-52914 1 Bitcoin 1 Bitcoin Core 2025-04-30 7.5 High
In Bitcoin Core before 0.18.0, a node could be stalled for hours when processing the orphans of a crafted unconfirmed transaction.
CVE-2024-52913 1 Bitcoin 1 Bitcoin Core 2025-04-30 5.3 Medium
In Bitcoin Core before 0.21.0, an attacker could prevent a node from seeing a specific unconfirmed transaction, because transaction re-requests are mishandled.
CVE-2022-45402 1 Apache 1 Airflow 2025-04-30 6.1 Medium
In Apache Airflow versions prior to 2.4.3, there was an open redirect in the webserver's `/login` endpoint.
CVE-2022-45401 1 Jenkins 1 Associated Files 2025-04-30 5.4 Medium
Jenkins Associated Files Plugin 0.2.1 and earlier does not escape names of associated files, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2022-45400 1 Jenkins 1 Japex 2025-04-30 9.8 Critical
Jenkins JAPEX Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVE-2022-45399 1 Jenkins 1 Cluster Statistics 2025-04-30 4.3 Medium
A missing permission check in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics.
CVE-2022-45398 1 Jenkins 1 Cluster Statistics 2025-04-30 4.3 Medium
A cross-site request forgery (CSRF) vulnerability in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics.