Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (339475 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-14715 | 2025-12-25 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2025-34412 | 1 Eqs | 1 Convercent Whistleblowing Platform | 2025-12-24 | N/A |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it identified a vulnerability in a SaaS product that does not require user action. | ||||
| CVE-2025-34411 | 1 Eqs | 1 Convercent Whistleblowing Platform | 2025-12-24 | N/A |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it identified a vulnerability in a SaaS product that does not require user action. | ||||
| CVE-2019-25229 | 1 Kentico | 1 Xperience | 2025-12-24 | 8.8 High |
| An unrestricted file upload vulnerability in Kentico Xperience allows authenticated users with 'Read data' permissions to upload arbitrary file types via MVC form file uploader components. Attackers can manipulate file names and upload potentially malicious files to the system, enabling unauthorized file uploads. | ||||
| CVE-2020-36890 | 1 Kentico | 1 Xperience | 2025-12-24 | 7.2 High |
| An access control bypass vulnerability in Kentico Xperience allows administrators to modify global administrator user privileges via unauthorized requests. Attackers could potentially compromise global administrator accounts and invalidate security-sensitive macros by manipulating user privilege levels. | ||||
| CVE-2021-47711 | 1 Kentico | 1 Xperience | 2025-12-24 | 8.8 High |
| A SQL injection vulnerability in Kentico Xperience allows authenticated editors to inject malicious SQL queries via online marketing macro method parameters. This enables unauthorized database access and potential data manipulation by exploiting macro method input validation weaknesses. | ||||
| CVE-2021-47712 | 1 Kentico | 1 Xperience | 2025-12-24 | 7.5 High |
| A cryptography vulnerability in Kentico Xperience allows attackers to potentially manipulate URL hash values through existing hashing mechanisms. The hotfix introduces an additional security layer to prevent hash value reuse and potential exploitation. | ||||
| CVE-2023-53887 | 2 Zomp, Zomplog | 2 Zomplog, Zomplog | 2025-12-24 | 5.4 Medium |
| Zomplog 3.9 contains a cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating new pages. Attackers can craft malicious image source and onerror attributes to execute arbitrary JavaScript code in victim's browser. | ||||
| CVE-2023-53888 | 2 Zomp, Zomplog | 2 Zomplog, Zomplog | 2025-12-24 | 8.8 High |
| Zomplog 3.9 contains a remote code execution vulnerability that allows authenticated attackers to inject and execute arbitrary PHP code through file manipulation endpoints. Attackers can upload malicious JavaScript files, rename them to PHP, and execute system commands by exploiting the saveE and rename actions in the application. | ||||
| CVE-2022-50682 | 1 Kentico | 1 Xperience | 2025-12-24 | 6.5 Medium |
| A CRLF injection vulnerability in Kentico Xperience allows attackers to manipulate URL query string redirects via improper encoding in the routing engine. This could enable header injection and potentially facilitate further web application attacks. | ||||
| CVE-2023-53934 | 1 Kentico | 1 Xperience | 2025-12-24 | 7.5 High |
| A denial of service vulnerability in Kentico Xperience allows attackers to launch DoS attacks via specially crafted requests to the GetResource handler. Improper input validation enables remote attackers to potentially disrupt service availability through maliciously constructed requests. | ||||
| CVE-2023-53922 | 1 Tinywebgallery | 1 Tinywebgallery | 2025-12-24 | 9.8 Critical |
| TinyWebGallery v2.5 contains a remote code execution vulnerability in the admin upload functionality that allows unauthenticated attackers to upload malicious PHP files. Attackers can upload .phar files with embedded system commands to execute arbitrary code on the server by accessing the uploaded file's URL. | ||||
| CVE-2023-53939 | 1 Tinywebgallery | 1 Tinywebgallery | 2025-12-24 | 5.4 Medium |
| TinyWebGallery v2.5 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the folder name parameter. Attackers can edit album folder names with script tags to execute arbitrary JavaScript when other users view the affected gallery pages. | ||||
| CVE-2024-58320 | 1 Kentico | 1 Xperience | 2025-12-24 | 5.3 Medium |
| An information disclosure vulnerability in Kentico Xperience allows public users to access sensitive administration interface hostname details during authentication. Attackers can retrieve confidential hostname configuration information through a public endpoint, potentially exposing internal network details. | ||||
| CVE-2024-58317 | 1 Kentico | 1 Xperience | 2025-12-24 | 5.3 Medium |
| A cookie security configuration vulnerability in Kentico Xperience allows attackers to bypass SSL requirements when setting administration cookies via web.config. The vulnerability affects .NET Framework projects by incorrectly handling the 'requireSSL' attribute, potentially compromising session security and authentication state. | ||||
| CVE-2025-14731 | 2 Ctcms, Ctcms Project | 2 Content Management System, Ctcms | 2025-12-24 | 6.3 Medium |
| A weakness has been identified in CTCMS Content Management System up to 2.1.2. This affects an unknown function in the library /ctcms/apps/libraries/CT_Parser.php of the component Frontend/Template Management Module. This manipulation causes improper neutralization of special elements used in a template engine. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited. | ||||
| CVE-2025-61258 | 1 Outsystems | 1 Platform Server | 2025-12-24 | 7.5 High |
| Outsystems Platform Server 11.18.1.37828 allows attackers to cause a denial of service via a crafted content-length value mismatching the body length. NOTE: the Supplier indicates that they are unable to reproduce this. | ||||
| CVE-2025-59933 | 1 Libvips | 1 Libvips | 2025-12-24 | 7.8 High |
| libvips is a demand-driven, horizontally threaded image processing library. For versions 8.17.1 and below, when libvips is compiled with support for PDF input via poppler, the pdfload operation is affected by a buffer read overflow when parsing the header of a crafted PDF with a page that defines a width but not a height. Those using libvips compiled without support for PDF input are unaffected as well as thosewith support for PDF input via PDFium. This issue is fixed in version 8.17.2. A workaround for those affected is to block the VipsForeignLoadPdf operation via vips_operation_block_set, which is available in most language bindings, or to set VIPS_BLOCK_UNTRUSTED environment variable at runtime, which will block all untrusted loaders including PDF input via poppler. | ||||
| CVE-2025-15034 | 2 Angeljudesuarez, Itsourcecode | 2 Student Management System, Student Management System | 2025-12-24 | 7.3 High |
| A security flaw has been discovered in itsourcecode Student Management System 1.0. This affects an unknown part of the file /record.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be exploited. | ||||
| CVE-2025-14967 | 2 Angeljudesuarez, Itsourcecode | 2 Student Management System, Student Management System | 2025-12-24 | 7.3 High |
| A vulnerability was identified in itsourcecode Student Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /candidates_report.php. The manipulation of the argument school_year leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be used. | ||||