Export limit exceeded: 364437 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364437 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-30529 | 1 Isic.lk Project | 1 Isic.lk | 2025-04-28 | 7.2 High |
| File upload vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to upload arbitrary files via /system/application/libs/js/tinymce/plugins/filemanager/dialog.php and /system/application/libs/js/tinymce/plugins/filemanager/upload.php. | ||||
| CVE-2022-22488 | 1 Ibm | 6 Power System Ac922 \(8335-gtg\), Power System Ac922 \(8335-gtg\) Firmware, Power System Ac922 \(8335-gth\) and 3 more | 2025-04-28 | 4.9 Medium |
| IBM OpenBMC OP910 and OP940 could allow a privileged user to cause a denial of service by uploading or deleting too many CA certificates in a short period of time. IBM X-Force ID: 2226337. | ||||
| CVE-2022-45471 | 1 Jetbrains | 1 Hub | 2025-04-28 | 3.5 Low |
| In JetBrains Hub before 2022.3.15181 Throttling was missed when sending emails to a particular email address | ||||
| CVE-2025-29018 | 1 Codeastro | 1 Internet Banking System | 2025-04-28 | 4.8 Medium |
| A Stored Cross-Site Scripting (XSS) vulnerability exists in the name parameter of pages_add_acc_type.php in Code Astro Internet Banking System 2.0.0. | ||||
| CVE-2024-46085 | 1 Frogcms Project | 1 Frogcms | 2025-04-28 | 8.8 High |
| FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/rename | ||||
| CVE-2024-46362 | 1 Frogcms Project | 1 Frogcms | 2025-04-28 | 8.8 High |
| FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/create_directory | ||||
| CVE-2024-46609 | 2 Icecms Project, Thecosy | 2 Icecms, Icecms | 2025-04-28 | 7.5 High |
| An access control issue in the CheckVip function in UserController.java of IceCMS v3.4.7 and before allows unauthenticated attackers to access and returns all user information, including passwords | ||||
| CVE-2024-25141 | 1 Apache | 2 Airflow Mongo Provider, Apache-airflow-providers-mongo | 2025-04-28 | 9.1 Critical |
| When ssl was enabled for Mongo Hook, default settings included "allow_insecure" which caused that certificates were not validated. This was unexpected and undocumented. Users are recommended to upgrade to version 4.0.0, which fixes this issue. | ||||
| CVE-2024-46612 | 2 Icecms Project, Thecosy | 2 Icecms, Icecms | 2025-04-28 | 9.8 Critical |
| IceCMS v3.4.7 and before was discovered to contain a hardcoded JWT key, allowing an attacker to forge JWT authentication information. | ||||
| CVE-2022-44653 | 1 Trendmicro | 1 Apex One | 2025-04-28 | 7.8 High |
| A security agent directory traversal vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2022-44652 | 1 Trendmicro | 1 Apex One | 2025-04-28 | 7.8 High |
| An improper handling of exceptional conditions vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2022-44118 | 1 Dedebiz | 1 Dedecmsv6 | 2025-04-28 | 9.8 Critical |
| dedecmdv6 v6.1.9 is vulnerable to Remote Code Execution (RCE) via file_manage_control.php. | ||||
| CVE-2022-43213 | 1 Billing System Project Project | 1 Billing System Project | 2025-04-28 | 9.8 Critical |
| Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editorder.php. | ||||
| CVE-2022-43196 | 1 Dedebiz | 1 Dedecmsv6 | 2025-04-28 | 9.1 Critical |
| dedecmdv6 v6.1.9 is vulnerable to Arbitrary file deletion via file_manage_control.php. | ||||
| CVE-2022-42095 | 1 Backdropcms | 1 Backdrop Cms | 2025-04-28 | 4.8 Medium |
| Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Page content. | ||||
| CVE-2022-3849 | 1 Wp User Merger Project | 1 Wp User Merger | 2025-04-28 | 8.8 High |
| The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin | ||||
| CVE-2024-46331 | 1 Modstart | 2 Modstartcms, Mostartcms | 2025-04-28 | 7.2 High |
| ModStartCMS v8.8.0 was discovered to contain an open redirect vulnerability in the redirect parameter at /admin/login. This vulnerability allows attackers to redirect users to an arbitrary website via a crafted URL. | ||||
| CVE-2022-3562 | 1 Librenms | 1 Librenms | 2025-04-28 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0. | ||||
| CVE-2024-46293 | 2 Online Medicine Ordering System Project, Oretnom23 | 2 Online Medicine Ordering System, Online Medicine Ordering System | 2025-04-28 | 9.8 Critical |
| Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Incorrect Access Control. There is a lack of authorization checks for admin operations. Specifically, an attacker can perform admin-level actions without possessing a valid session token. The application does not verify whether the user is logged in as an admin or even check for a session token at all. | ||||
| CVE-2024-45870 | 1 Bandisoft | 1 Bandiview | 2025-04-28 | 6.5 Medium |
| Bandisoft BandiView 7.05 is vulnerable to Incorrect Access Control in sub_0x3d80fc via a crafted POC file. | ||||