Export limit exceeded: 17514 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 342191 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (342191 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-5139 | 1 Qualitor | 1 Qualitor | 2025-06-24 | 5.6 Medium |
| A vulnerability was found in Qualitor 8.20/8.24. It has been rated as critical. Affected by this issue is some unknown functionality of the file /html/ad/adconexaooffice365/request/testaConexaoOffice365.php of the component Office 365-type Connection Handler. The manipulation of the argument nmconexao leads to command injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 8.20.56 and 8.24.31 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2025-45880 | 1 Miliaris | 1 Amygdala | 2025-06-24 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the data resource management function of Miliaris Amigdala v2.2.6 allows attackers to execute arbitrary HTML in the context of a user's browser via a crafted payload. | ||||
| CVE-2025-45878 | 1 Miliaris | 1 Amygdala | 2025-06-24 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the report manager function of Miliaris Amigdala v2.2.6 allows attackers to execute arbitrary HTML in the context of a user's browser via a crafted payload. | ||||
| CVE-2025-6122 | 1 Fabian | 1 Restaurant Order System | 2025-06-24 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in code-projects Restaurant Order System 1.0. This affects an unknown part of the file /table.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-48766 | 1 Netalertx | 1 Netalertx | 2025-06-24 | 8.6 High |
| NetAlertX 24.7.18 before 24.10.12 allows unauthenticated file reading because an HTTP client can ignore a redirect, and because of factors related to strpos and directory traversal, as exploited in the wild in May 2025. This is related to components/logs.php. | ||||
| CVE-2025-6133 | 1 Projectworlds | 1 Life Insurance Management System | 2025-06-24 | 6.3 Medium |
| A vulnerability was found in Projectworlds Life Insurance Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /insertagent.php. The manipulation of the argument agent_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2021-40426 | 1 Sound Exchange Project | 1 Sound Exchange | 2025-06-24 | 8.8 High |
| A heap-based buffer overflow vulnerability exists in the sphere.c start_read() functionality of Sound Exchange libsox 14.4.2 and master commit 42b3557e. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2025-6404 | 1 Campcodes | 1 Online Teacher Record Management System | 2025-06-24 | 7.3 High |
| A vulnerability classified as critical has been found in Campcodes Online Teacher Record Management System 1.0. Affected is an unknown function of the file /admin/search.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6405 | 1 Campcodes | 1 Online Teacher Record Management System | 2025-06-24 | 7.3 High |
| A vulnerability classified as critical was found in Campcodes Online Teacher Record Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/edit-teacher-detail.php. The manipulation of the argument editid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-30197 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2025-06-24 | 5.5 Medium |
| Windows Kernel Information Disclosure Vulnerability | ||||
| CVE-2022-30194 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-06-24 | 7.5 High |
| Windows WebBrowser Control Remote Code Execution Vulnerability | ||||
| CVE-2022-30176 | 1 Microsoft | 1 Azure Real Time Operating System Guix Studio | 2025-06-24 | 7.8 High |
| Azure RTOS GUIX Studio Remote Code Execution Vulnerability | ||||
| CVE-2022-30175 | 1 Microsoft | 1 Azure Real Time Operating System Guix Studio | 2025-06-24 | 7.8 High |
| Azure RTOS GUIX Studio Remote Code Execution Vulnerability | ||||
| CVE-2025-6406 | 1 Campcodes | 1 Online Hospital Management System | 2025-06-24 | 7.3 High |
| A vulnerability, which was classified as critical, has been found in Campcodes Online Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /hms/forgot-password.php. The manipulation of the argument fullname leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6407 | 1 Campcodes | 1 Online Hospital Management System | 2025-06-24 | 7.3 High |
| A vulnerability, which was classified as critical, was found in Campcodes Online Hospital Management System 1.0. This affects an unknown part of the file /user-login.php. The manipulation of the argument Username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6408 | 1 Campcodes | 1 Online Hospital Management System | 2025-06-24 | 7.3 High |
| A vulnerability has been found in Campcodes Online Hospital Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /doctor/search.php. The manipulation of the argument searchdata leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6409 | 1 Phpgurukul | 1 Art Gallery Management System | 2025-06-24 | 7.3 High |
| A vulnerability was found in PHPGurukul Art Gallery Management System 1.1 and classified as critical. This issue affects some unknown processing of the file /admin/forgot-password.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-45475 | 1 Maccms | 1 Maccms | 2025-06-24 | 5.4 Medium |
| maccms10 v2025.1000.4047 is vulnerable to Server-Side request forgery (SSRF) in Friend Link Management. | ||||
| CVE-2025-48746 | 1 Netwrix | 1 Directory Manager | 2025-06-24 | 6.5 Medium |
| Netwrix Directory Manager (formerly Imanami GroupID) v.11.0.0.0 and before, as well as after v.11.1.25134.03 lacks Authentication for a Critical Function. | ||||
| CVE-2024-52588 | 1 Strapi | 1 Strapi | 2025-06-24 | 4.9 Medium |
| Strapi is an open-source content management system. Prior to version 4.25.2, inputting a local domain into the Webhooks URL field leads to the application fetching itself, resulting in a server side request forgery (SSRF). This issue has been patched in version 4.25.2. | ||||