Export limit exceeded: 364909 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364909 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-17941 1 Single Theater Booking Script Project 1 Single Theater Booking Script 2025-04-20 N/A
PHP Scripts Mall Single Theater Booking has SQL Injection via the admin/movieview.php movieid parameter.
CVE-2017-17951 1 Php Multivendor Ecommerce Project 1 Php Multivendor Ecommerce 2025-04-20 N/A
PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the shopping-cart.php cusid parameter.
CVE-2014-9772 1 Nodejs 1 Node.js 2025-04-20 N/A
The validator package before 2.0.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via hex-encoded characters.
CVE-2017-17953 1 Php Multivendor Ecommerce Project 1 Php Multivendor Ecommerce 2025-04-20 N/A
PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the category.php chid1 parameter.
CVE-2017-5515 1 Metalgenix 1 Genixcms 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in the user prompt function in GeniXCMS through 0.0.8 allows remote authenticated users to inject arbitrary web script or HTML via tag names.
CVE-2017-17957 1 Php Multivendor Ecommerce Project 1 Php Multivendor Ecommerce 2025-04-20 N/A
PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the my_wishlist.php fid parameter.
CVE-2017-17971 1 Dolibarr 1 Dolibarr Erp\/crm 2025-04-20 N/A
The test_sql_and_script_inject function in htdocs/main.inc.php in Dolibarr ERP/CRM 6.0.4 blocks some event attributes but neither onclick nor onscroll, which allows XSS.
CVE-2017-5517 1 Metalgenix 1 Genixcms 2025-04-20 N/A
SQL injection vulnerability in author.control.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the type parameter.
CVE-2017-5518 1 Metalgenix 1 Genixcms 2025-04-20 N/A
The media-file upload feature in GeniXCMS through 0.0.8 allows remote attackers to conduct SSRF attacks via a URL, as demonstrated by a URL with an intranet IP address.
CVE-2017-5519 1 Metalgenix 1 Genixcms 2025-04-20 N/A
SQL injection vulnerability in Posts.class.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2013-7453 1 Nodejs 1 Node.js 2025-04-20 N/A
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via vectors related to UI redressing.
CVE-2016-7036 1 Python-jose Project 1 Python-jose 2025-04-20 N/A
python-jose before 1.3.2 allows attackers to have unspecified impact by leveraging failure to use a constant time comparison for HMAC keys.
CVE-2015-6237 1 Tripwire 1 Ip360 2025-04-20 N/A
The RPC service in Tripwire (formerly nCircle) IP360 VnE Manager 7.2.2 before 7.2.6 allows remote attackers to bypass authentication and (1) enumerate users, (2) reset passwords, or (3) manipulate IP filter restrictions via crafted "privileged commands."
CVE-2013-4578 2 Oracle, Redhat 5 Jdk, Jre, Enterprise Linux and 2 more 2025-04-20 N/A
jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation.
CVE-2013-7400 1 Dkd 1 Direct Mail 2025-04-20 N/A
The Direct Mail (direct_mail) extension before 3.1.2 for TYPO3 allows remote attackers to obtain sensitive information by leveraging improper checking of authentication codes.
CVE-2014-0120 2 Hawt, Redhat 2 Hawtio, Jboss Fuse 2025-04-20 N/A
Cross-site request forgery (CSRF) vulnerability in the admin terminal in Hawt.io allows remote attackers to hijack the authentication of arbitrary users for requests that run commands on the Karaf server, as demonstrated by running "shutdown -f."
CVE-2014-3630 2 Lightbend, Playframework 2 Play Framework, Play Framework 2025-04-20 N/A
XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of service, or have unspecified other impact via crafted XML data.
CVE-2014-3651 1 Keycloak 1 Keycloak 2025-04-20 N/A
JBoss KeyCloak before 1.0.3.Final allows remote attackers to cause a denial of service (resource consumption) via a large value in the size parameter to auth/qrcode, related to QR code generation.
CVE-2014-8389 1 Airlive 10 Bu-2015, Bu-2015 Firmware, Bu-3026 and 7 more 2025-04-20 N/A
cgi-bin/mft/wireless_mft.cgi in AirLive BU-2015 with firmware 1.03.18 16.06.2014, AirLive BU-3026 with firmware 1.43 21.08.2014, AirLive MD-3025 with firmware 1.81 21.08.2014, AirLive WL-2000CAM with firmware LM.1.6.18 14.10.2011, and AirLive POE-200CAM v2 with firmware LM.1.6.17.01 uses hard-coded credentials in the embedded Boa web server, which allows remote attackers to obtain user credentials via crafted HTTP requests.
CVE-2014-9515 1 Dozer Project 1 Dozer 2025-04-20 9.8 Critical
Dozer improperly uses a reflection-based approach to type conversion, which might allow remote attackers to execute arbitrary code via a crafted serialized object.