Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (339475 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-14639 | 2 Angeljudesuarez, Itsourcecode | 2 Student Management System, Student Management System | 2025-12-16 | 7.3 High |
| A vulnerability was detected in itsourcecode Student Management System 1.0. Impacted is an unknown function of the file /uprec.php. Performing manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used. | ||||
| CVE-2025-14623 | 2 Code-projects, Fabian | 2 Student Management System, Student File Management System | 2025-12-16 | 7.3 High |
| A weakness has been identified in code-projects Student File Management System 1.0. This issue affects some unknown processing of the file /admin/update_student.php. This manipulation of the argument stud_id causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited. | ||||
| CVE-2025-14619 | 2 Code-projects, Fabian | 2 Student Management System, Student File Management System | 2025-12-16 | 7.3 High |
| A vulnerability was found in code-projects Student File Management System 1.0. Affected by this vulnerability is an unknown functionality of the file login_query.php. Performing manipulation of the argument stud_no results in sql injection. The attack may be initiated remotely. The exploit has been made public and could be used. | ||||
| CVE-2021-41659 | 1 Oretnom23 | 1 Banking System | 2025-12-16 | 9.8 Critical |
| SQL injection vulnerability in Sourcecodester Banking System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username or password field. | ||||
| CVE-2022-26644 | 1 Oretnom23 | 1 Banking System | 2025-12-16 | 6.1 Medium |
| Online Banking System Protect v1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via parameters on user profile, system_info and accounts management. | ||||
| CVE-2022-26645 | 1 Oretnom23 | 1 Banking System | 2025-12-16 | 9.8 Critical |
| A remote code execution (RCE) vulnerability in Online Banking System Protect v1.0 allows attackers to execute arbitrary code via a crafted PHP file uploaded through the Upload Image function. | ||||
| CVE-2022-26646 | 1 Oretnom23 | 1 Banking System | 2025-12-16 | 9.8 Critical |
| Online Banking System Protect v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the pages parameter. | ||||
| CVE-2025-40593 | 1 Siemens | 2 Simatic Cn 4100, Simatic Cn 4100 Firmware | 2025-12-16 | 6.5 Medium |
| A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0). The affected application allows to control the device by storing arbitrary files in the SFTP folder of the device. This could allow an attacker to cause a denial of service condition. | ||||
| CVE-2023-49251 | 1 Siemens | 2 Simatic Cn 4100, Simatic Cn 4100 Firmware | 2025-12-16 | 8.8 High |
| A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The "intermediate installation" system state of the affected application allows an attacker to add their own login credentials to the device. This allows an attacker to remotely login as root and take control of the device even after the affected device is fully set up. | ||||
| CVE-2023-49621 | 1 Siemens | 2 Simatic Cn 4100, Simatic Cn 4100 Firmware | 2025-12-16 | 9.8 Critical |
| A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The "intermediate installation" system state of the affected application uses default credential with admin privileges. An attacker could use the credentials to gain complete control of the affected device. | ||||
| CVE-2023-49252 | 1 Siemens | 2 Simatic Cn 4100, Simatic Cn 4100 Firmware | 2025-12-16 | 7.5 High |
| A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The affected application allows IP configuration change without authentication to the device. This could allow an attacker to cause denial of service condition. | ||||
| CVE-2022-36547 | 1 Hashenudara | 1 Edoc-doctor-appointment-system | 2025-12-16 | 6.1 Medium |
| Edoc-doctor-appointment-system v1.0.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability at /patient/index.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search field. | ||||
| CVE-2022-36546 | 1 Hashenudara | 1 Edoc-doctor-appointment-system | 2025-12-16 | 8.8 High |
| Edoc-doctor-appointment-system v1.0.1 was discovered to contain a Cross-Site Request Forgery (CSRF) via /patient/settings.php. | ||||
| CVE-2022-36545 | 1 Hashenudara | 1 Edoc-doctor-appointment-system | 2025-12-16 | 9.8 Critical |
| Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/settings.php. | ||||
| CVE-2022-36544 | 1 Hashenudara | 1 Edoc-doctor-appointment-system | 2025-12-16 | 9.8 Critical |
| Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/booking.php. | ||||
| CVE-2022-36543 | 1 Hashenudara | 1 Edoc-doctor-appointment-system | 2025-12-16 | 9.8 Critical |
| Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/doctors.php. | ||||
| CVE-2022-36542 | 1 Hashenudara | 1 Edoc-doctor-appointment-system | 2025-12-16 | 6.5 Medium |
| An access control issue in the component /ip/admin/ of Edoc-doctor-appointment-system v1.0.1 allows attackers to arbitrarily edit, read, and delete Administrator data. | ||||
| CVE-2024-22391 | 3 Fedoraproject, Grassroot, Malaterre | 3 Fedora, Grassroot Platform, Grassroots Dicom | 2025-12-16 | 7.7 High |
| A heap-based buffer overflow vulnerability exists in the LookupTable::SetLUT functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2024-22373 | 3 Fedoraproject, Grassroots Dicom Project, Malaterre | 3 Fedora, Grassroots Dicom, Grassroots Dicom | 2025-12-16 | 8.1 High |
| An out-of-bounds write vulnerability exists in the JPEG2000Codec::DecodeByStreamsCommon functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted DICOM file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2013-10031 | 2 Plack, Plack Project | 2 Plack-middleware-session, Plack | 2025-12-16 | 7.5 High |
| Plack-Middleware-Session versions before 0.17 may be vulnerable to HMAC comparison timing attacks | ||||