Export limit exceeded: 363674 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363674 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-3008 1 Kabir-m-alhasan 1 Student Management System 2025-04-22 7.3 High
A vulnerability classified as critical has been found in ningzichun Student Management System 1.0. This affects an unknown part of the file login.php. The manipulation of the argument user/pass leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230355.
CVE-2023-3007 1 Kabir-m-alhasan 1 Student Management System 2025-04-22 6.5 Medium
A vulnerability was found in ningzichun Student Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file resetPassword.php of the component Password Reset Handler. The manipulation of the argument sid leads to weak password recovery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-230354 is the identifier assigned to this vulnerability.
CVE-2013-4809 1 Hp 2 Identity Driven Manager, Procurve Manager 2025-04-22 N/A
Multiple SQL injection vulnerabilities in GetEventsServlet in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter.
CVE-2013-4811 1 Hp 2 Identity Driven Manager, Procurve Manager 2025-04-22 N/A
UpdateDomainControllerServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the adCert argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743.
CVE-2013-4812 1 Hp 2 Identity Driven Manager, Procurve Manager 2025-04-22 N/A
UpdateCertificatesServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the fileName argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743.
CVE-2013-4813 1 Hp 2 Identity Driven Manager, Procurve Manager 2025-04-22 N/A
The Agent (aka AgentController) servlet in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 allows remote attackers to execute arbitrary commands via a HEAD request, aka ZDI-CAN-1745.
CVE-2020-23935 1 Kabir-m-alhasan 1 Student Management System 2025-04-22 9.8 Critical
Kabir Alhasan Student Management System 1.0 is vulnerable to Authentication Bypass via "Username: admin'# && Password: (Write Something)".
CVE-2021-45003 1 Nikhil-bhalerao 1 Laundry Booking Management System 2025-04-22 9.8 Critical
Laundry Booking Management System 1.0 (Latest) and previous versions are affected by a remote code execution (RCE) vulnerability in profile.php through the "image" parameter that can execute a webshell payload.
CVE-2021-46027 1 Wangl1989 1 Mysiteforme 2025-04-22 6.5 Medium
mysiteforme, as of 19-12-2022, has a CSRF vulnerability in the background blog management. The attacker constructs a CSRF load. Once the administrator clicks a malicious link, a blog tag will be added
CVE-2022-27333 1 Idccms 1 Idccms 2025-04-22 7.5 High
idcCMS v1.10 was discovered to contain an issue which allows attackers to arbitrarily delete the install.lock file, resulting in a reset of the CMS settings and data.
CVE-2022-29309 1 Wangl1989 1 Mysiteforme 2025-04-22 7.5 High
mysiteforme v2.2.1 was discovered to contain a Server-Side Request Forgery.
CVE-2022-31294 1 Razormist 1 Online Discussion Forum Site 2025-04-22 6.5 Medium
An issue in the save_users() function of Online Discussion Forum Site 1 allows unauthenticated attackers to arbitrarily create or update user accounts.
CVE-2022-31295 1 Razormist 1 Online Discussion Forum Site 2025-04-22 7.5 High
An issue in the delete_post() function of Online Discussion Forum Site 1 allows unauthenticated attackers to arbitrarily delete posts.
CVE-2022-31913 1 Razormist 1 Online Discussion Forum Site 2025-04-22 4.8 Medium
Online Discussion Forum Site v1.0 is vulnerable to Cross Site Scripting (XSS) via /odfs/classes/Master.php?f=save_category, name.
CVE-2024-25854 1 Munyweki 1 Insurance Management System 2025-04-22 6.1 Medium
Cross Site Scripting (XSS) vulnerability in Sourcecodester Insurance Management System 1.0 allows attackers to run arbitrary code via the Subject and Description fields when submitting a support ticket.
CVE-2024-50609 1 Treasuredata 1 Fluent Bit 2025-04-22 7.5 High
An issue was discovered in Fluent Bit 3.1.9. When the OpenTelemetry input plugin is running and listening on an IP address and port, one can send a packet with Content-Length: 0 and it crashes the server. Improper handling of the case when Content-Length is 0 allows a user (with access to the endpoint) to perform a remote Denial of service attack. The crash happens because of a NULL pointer dereference when 0 (from the Content-Length) is passed to the function cfl_sds_len, which in turn tries to cast a NULL pointer into struct cfl_sds. This is related to process_payload_traces_proto_ng() at opentelemetry_prot.c.
CVE-2024-2155 1 Mayurik 1 Best Pos Management System 2025-04-22 4.3 Medium
A vulnerability was found in SourceCodester Best POS Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file index.php. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255587.
CVE-2024-49744 1 Google 1 Android 2025-04-22 7.8 High
In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to bypass parcel mismatch mitigation due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
CVE-2024-49742 1 Google 1 Android 2025-04-22 7.8 High
In onCreate of NotificationAccessConfirmationActivity.java , there is a possible way to hide an app with notification access in Settings due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
CVE-2024-49738 1 Google 1 Android 2025-04-22 7.8 High
In writeInplace of Parcel.cpp, there is a possible out of bounds write. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.