Export limit exceeded: 341875 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (341875 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-5209 | 1 Ivorysearch | 1 Ivory Search | 2025-06-26 | 4.8 Medium |
| The Ivory Search WordPress plugin before 5.5.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | ||||
| CVE-2025-6173 | 1 Webkul | 1 Qloapps | 2025-06-26 | 4.7 Medium |
| A vulnerability classified as critical was found in Webkul QloApps 1.6.1. Affected by this vulnerability is an unknown functionality of the file /admin/ajax_products_list.php. The manipulation of the argument packItself leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor confirms the existence of this flaw but considers it a low-level issue due to admin privilege pre-requisites. Still, a fix is planned for a future release. | ||||
| CVE-2025-46157 | 1 Efrotech | 1 Timetrax | 2025-06-26 | 9.9 Critical |
| An issue in EfroTech Time Trax v.1.0 allows a remote attacker to execute arbitrary code via the file attachment function in the leave request form | ||||
| CVE-2025-46109 | 1 Pbootcms | 1 Pbootcms | 2025-06-26 | 8.8 High |
| SQL Injection vulnerability in pbootCMS v.3.2.5 and v.3.2.10 allows a remote attacker to obtain sensitive information via a crafted GET request | ||||
| CVE-2025-6342 | 1 Code-projects | 1 Online Shoe Store | 2025-06-26 | 7.3 High |
| A vulnerability, which was classified as critical, has been found in code-projects Online Shoe Store 1.0. This issue affects some unknown processing of the file /admin/admin_football.php. The manipulation of the argument pid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6343 | 1 Code-projects | 1 Online Shoe Store | 2025-06-26 | 7.3 High |
| A vulnerability, which was classified as critical, was found in code-projects Online Shoe Store 1.0. Affected is an unknown function of the file /admin/admin_product.php. The manipulation of the argument pid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6344 | 1 Code-projects | 1 Online Shoe Store | 2025-06-26 | 7.3 High |
| A vulnerability has been found in code-projects Online Shoe Store 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /contactus.php. The manipulation of the argument email leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6360 | 1 Carmelo | 1 Simple Pizza Ordering System | 2025-06-26 | 7.3 High |
| A vulnerability classified as critical has been found in code-projects Simple Pizza Ordering System 1.0. This affects an unknown part of the file /portal.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6361 | 1 Carmelo | 1 Simple Pizza Ordering System | 2025-06-26 | 7.3 High |
| A vulnerability classified as critical was found in code-projects Simple Pizza Ordering System 1.0. This vulnerability affects unknown code of the file /adds.php. The manipulation of the argument userid leads to sql injection. The attack can be initiated remotely. | ||||
| CVE-2025-6362 | 1 Carmelo | 1 Simple Pizza Ordering System | 2025-06-26 | 7.3 High |
| A vulnerability, which was classified as critical, has been found in code-projects Simple Pizza Ordering System 1.0. This issue affects some unknown processing of the file /editpro.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. | ||||
| CVE-2025-6364 | 1 Carmelo | 1 Simple Pizza Ordering System | 2025-06-26 | 7.3 High |
| A vulnerability has been found in code-projects Simple Pizza Ordering System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /adduser-exec.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. | ||||
| CVE-2025-4947 | 2 Curl, Haxx | 2 Curl, Curl | 2025-06-26 | 6.5 Medium |
| libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks. | ||||
| CVE-2025-46179 | 1 Vishalmathur | 1 Cloudclassroom-php Project | 2025-06-26 | 9.8 Critical |
| A SQL Injection vulnerability was discovered in the askquery.php file of CloudClassroom-PHP Project v1.0. The squeryx parameter accepts unsanitized input, which is passed directly into backend SQL queries. | ||||
| CVE-2025-6345 | 1 Rems | 1 My Food Recipe | 2025-06-26 | 3.5 Low |
| A vulnerability was found in SourceCodester My Food Recipe 1.0 and classified as problematic. Affected by this issue is the function addRecipeModal of the file /endpoint/add-recipe.php of the component Add Recipe Page. The manipulation of the argument Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6346 | 1 Aown-shah | 1 Advance Charity Management System | 2025-06-26 | 6.3 Medium |
| A vulnerability was found in SourceCodester Advance Charity Management System 1.0. It has been classified as critical. This affects an unknown part of the file /members/fundDetails.php. The manipulation of the argument m06 leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-44203 | 2 Digitaldruid, Hoteldruid | 2 Hoteldruid, Hoteldruid | 2025-06-26 | 7.5 High |
| In HotelDruid 3.0.7, an unauthenticated attacker can exploit verbose SQL error messages on creadb.php before the 'create database' button is pressed. By sending malformed POST requests to this endpoint, the attacker may obtain the administrator username, password hash, and salt. In some cases, the attack results in a Denial of Service (DoS), preventing the administrator from logging in even with the correct credentials. | ||||
| CVE-2025-45890 | 1 Xxyopen | 1 Novel-plus | 2025-06-26 | 9.8 Critical |
| Directory Traversal vulnerability in novel plus before v.5.1.0 allows a remote attacker to execute arbitrary code via the filePath parameter | ||||
| CVE-2023-4163 | 1 Broadcom | 1 Fabric Operating System | 2025-06-26 | 4.4 Medium |
| In Brocade Fabric OS before v9.2.0a, a local authenticated privileged user can trigger a buffer overflow condition, leading to a kernel panic with large input to buffers in the portcfgfportbuffers command. | ||||
| CVE-2023-36328 | 2 Fedoraproject, Libtom | 2 Fedora, Libtommath | 2025-06-26 | 9.8 Critical |
| Integer Overflow vulnerability in mp_grow in libtom libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9, allows attackers to execute arbitrary code and cause a denial of service (DoS). | ||||
| CVE-2023-28366 | 2 Eclipse, Redhat | 3 Mosquitto, Satellite, Satellite Capsule | 2025-06-26 | 7.5 High |
| The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function. | ||||