Export limit exceeded: 76311 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (76311 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-36905 | 1 Fibaro | 5 Home Center 2, Home Center 3, Home Center 5 and 2 more | 2026-03-05 | 7.5 High |
| FIBARO System Home Center 5.021 contains a remote file inclusion vulnerability in the undocumented proxy API that allows attackers to include arbitrary client-side scripts. Attackers can exploit the 'url' GET parameter to inject malicious JavaScript and potentially hijack user sessions or manipulate page content. | ||||
| CVE-2019-25497 | 1 Oscommerce | 1 Oscommerce | 2026-03-05 | 8.2 High |
| osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the currency parameter. Attackers can send GET requests to shopping_cart.php with malicious currency values using boolean-based SQL injection payloads to extract sensitive database information. | ||||
| CVE-2019-25496 | 1 Oscommerce | 1 Oscommerce | 2026-03-05 | 8.2 High |
| osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the products_id parameter. Attackers can modify the products_id value in product_info.php requests and append boolean-based SQL injection payloads to extract sensitive database information. | ||||
| CVE-2019-25495 | 1 Oscommerce | 1 Oscommerce | 2026-03-05 | 8.2 High |
| osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the reviews_id parameter. Attackers can send GET requests to product_reviews_write.php with malicious reviews_id values using boolean-based SQL injection payloads to extract sensitive database information. | ||||
| CVE-2019-25452 | 1 Dolibarr | 2 Dolibarr Erp/crm, Dolibarr Erp\/crm | 2026-03-05 | 7.5 High |
| Dolibarr ERP/CRM 10.0.1 contains an SQL injection vulnerability in the elemid POST parameter of the viewcat.php endpoint that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit crafted POST requests with malicious SQL payloads in the elemid parameter to extract sensitive database information using error-based or time-based blind SQL injection techniques. | ||||
| CVE-2019-25450 | 1 Dolibarr | 2 Dolibarr Erp/crm, Dolibarr Erp\/crm | 2026-03-05 | 7.5 High |
| Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through POST parameters. Attackers can inject malicious SQL through parameters like actioncode, demand_reason_id, and availability_id in card.php endpoints to extract sensitive database information using boolean-based blind, error-based, and time-based blind techniques. | ||||
| CVE-2019-25442 | 1 Webwiz | 1 Web Wiz Forums | 2026-03-05 | 7.5 High |
| Web Wiz Forums 12.01 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the PF parameter. Attackers can send GET requests to member_profile.asp with malicious PF values to extract sensitive database information. | ||||
| CVE-2019-25438 | 2 Agilebio, Labcollector | 2 Labcollector, Labcollector | 2026-03-05 | 7.5 High |
| LabCollector 5.423 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through POST parameters. Attackers can submit crafted SQL payloads in the login parameter of login.php or the user_name parameter of retrieve_password.php to extract sensitive database information without authentication. | ||||
| CVE-2019-25435 | 1 Sricam | 1 Deviceviewer | 2026-03-05 | 7.8 High |
| Sricam DeviceViewer 3.12.0.1 contains a local buffer overflow vulnerability in the user management add user function that allows authenticated attackers to execute arbitrary code by bypassing data execution prevention. Attackers can inject a malicious payload through the Username field in User Management to trigger a stack-based buffer overflow and execute commands via ROP chain gadgets. | ||||
| CVE-2019-25433 | 1 Xoops | 1 Xoops | 2026-03-05 | 8.2 High |
| XOOPS CMS 2.5.9 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send GET requests to the gerar_pdf.php endpoint with malicious cid values to extract sensitive database information. | ||||
| CVE-2019-25432 | 2 Part-db, Part-db Project | 2 Part-db, Part-db | 2026-03-05 | 7.5 High |
| Part-DB 0.4 contains an authentication bypass vulnerability that allows unauthenticated attackers to login by injecting SQL syntax into authentication parameters. Attackers can submit a single quote followed by 'or' in the login form to bypass credential validation and gain unauthorized access to the application. | ||||
| CVE-2019-25395 | 1 Smoothwall | 2 Smoothwall, Smoothwall Express | 2026-03-05 | 7.2 High |
| Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple stored cross-site scripting vulnerabilities in the preferences.cgi script that allow attackers to inject malicious scripts through the HOSTNAME, KEYMAP, and OPENNESS parameters. Attackers can submit POST requests with script payloads to preferences.cgi to store malicious code that executes in the browsers of users accessing the preferences page. | ||||
| CVE-2019-25394 | 1 Smoothwall | 2 Smoothwall, Smoothwall Express | 2026-03-05 | 7.2 High |
| Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple stored cross-site scripting vulnerabilities in the modem.cgi script that allow attackers to inject malicious scripts through POST parameters. Attackers can submit crafted payloads in parameters like INIT, HANGUP, SPEAKER_ON, SPEAKER_OFF, TONE_DIAL, and PULSE_DIAL to execute arbitrary JavaScript in users' browsers when the stored data is retrieved. | ||||
| CVE-2019-25379 | 1 Smoothwall | 2 Smoothwall, Smoothwall Express | 2026-03-05 | 7.2 High |
| Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains stored and reflected cross-site scripting vulnerabilities in the urlfilter.cgi endpoint that allow attackers to inject malicious scripts. Attackers can submit POST requests with script payloads in the REDIRECT_PAGE or CHILDREN parameters to execute arbitrary JavaScript in user browsers. | ||||
| CVE-2019-25357 | 1 Webgate | 2 Control Center, Control Center Pro | 2026-03-05 | 8.4 High |
| Control Center PRO 6.2.9 contains a stack-based buffer overflow vulnerability in the user creation module's username field that allows attackers to overwrite Structured Exception Handler (SEH). Attackers can craft a malicious payload exceeding 664 bytes to inject shellcode and potentially execute arbitrary code on vulnerable Windows systems. | ||||
| CVE-2019-25355 | 1 Genivia | 1 Gsoap | 2026-03-05 | 7.5 High |
| gSOAP 2.8 contains a directory traversal vulnerability that allows unauthenticated attackers to access system files by manipulating HTTP path traversal techniques. Attackers can retrieve sensitive files like /etc/passwd by sending crafted GET requests with multiple '../' directory traversal sequences. | ||||
| CVE-2019-25344 | 1 Wondershare | 2 Mobilego, Mobiletrans | 2026-03-05 | 7.8 High |
| Wondershare MobileGo 8.5.0 contains an insecure file permissions vulnerability that allows local users to modify executable files in the application directory. Attackers can replace the original MobileGo.exe with a malicious executable to create a new user account and add it to the Administrators group with full system access. | ||||
| CVE-2019-25340 | 1 Nsasoft | 2 Nsauditor Spotauditor, Spotauditor | 2026-03-05 | 7.5 High |
| SpotAuditor 5.3.2 contains a denial of service vulnerability in its Base64 decryption feature that allows attackers to crash the application by supplying an oversized buffer. Attackers can generate a malformed input file with 2000 repeated characters to trigger an application crash when pasted into the Base64 Encrypted Password field. | ||||
| CVE-2019-25336 | 1 Nsasoft | 2 Nsauditor Spotauditor, Spotauditor | 2026-03-05 | 8.4 High |
| SpotAuditor 5.3.2 contains a local buffer overflow vulnerability in the Base64 Encrypted Password tool that allows attackers to execute arbitrary code by crafting a malicious payload. Attackers can generate a specially crafted Base64 encoded payload to trigger a Structured Exception Handler (SEH) overwrite and execute shellcode on the vulnerable system. | ||||
| CVE-2019-25331 | 1 Avs4you | 1 Avs Audio Converter | 2026-03-05 | 8.4 High |
| AVS Audio Converter 9.1 contains a local buffer overflow vulnerability that allows local attackers to overwrite CPU registers by manipulating the 'Exit folder' input field. Attackers can craft a specially designed text file with 264 bytes of padding followed by register overwrite values to compromise the application and potentially execute arbitrary code. | ||||