Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (339475 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-12998 | 1 Fabian | 1 Online Car Rental System | 2025-10-23 | 4.3 Medium |
| A vulnerability, which was classified as problematic, was found in code-projects Online Car Rental System 1.0. This affects an unknown part of the file /index.php of the component GET Parameter Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-7107 | 1 Fabian | 1 E-commerce Website | 2025-10-23 | 7.3 High |
| A vulnerability was found in code-projects E-Commerce Website 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file user_signup.php. The manipulation of the argument firstname/middlename/email/address/contact/username leads to sql injection. The attack may be launched remotely. VDB-249002 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-7108 | 1 Fabian | 1 E-commerce Website | 2025-10-23 | 4.3 Medium |
| A vulnerability classified as problematic has been found in code-projects E-Commerce Website 1.0. This affects an unknown part of the file user_signup.php. The manipulation of the argument firstname with the input <video/src=x onerror=alert(document.domain)> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249003. | ||||
| CVE-2025-0537 | 1 Fabian | 1 Online Car Rental System | 2025-10-23 | 2.4 Low |
| A vulnerability, which was classified as problematic, has been found in code-projects Car Rental Management System 1.0. This issue affects some unknown processing of the file /admin/manage-pages.php. The manipulation of the argument pgdetails leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9009 | 2 Code-projects, Fabian | 2 Online Quiz Site, Online Quiz Site | 2025-10-23 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in code-projects Online Quiz Site 1.0. This issue affects some unknown processing of the file showtest.php. The manipulation of the argument subid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-13012 | 1 Fabian | 1 Hostel Management System | 2025-10-23 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in code-projects Hostel Management System 1.0. This issue affects some unknown processing of the file /admin/registration.php. The manipulation of the argument fname/mname/lname leads to cross site scripting. The attack may be initiated remotely. | ||||
| CVE-2025-56746 | 1 Creativeitem | 1 Academy Lms | 2025-10-23 | 2.2 Low |
| Creativeitem Academy LMS up to and including 5.13 does not regenerate session IDs upon successful authentication, enabling session fixation attacks where attackers can hijack user sessions by predetermining session identifiers. | ||||
| CVE-2025-62506 | 1 Minio | 1 Minio | 2025-10-23 | 8.1 High |
| MinIO is a high-performance object storage system. In all versions prior to RELEASE.2025-10-15T17-29-55Z, a privilege escalation vulnerability allows service accounts and STS (Security Token Service) accounts with restricted session policies to bypass their inline policy restrictions when performing operations on their own account, specifically when creating new service accounts for the same user. The vulnerability exists in the IAM policy validation logic where the code incorrectly relied on the DenyOnly argument when validating session policies for restricted accounts. When a session policy is present, the system should validate that the action is allowed by the session policy, not just that it is not denied. An attacker with valid credentials for a restricted service or STS account can create a new service account for itself without policy restrictions, resulting in a new service account with full parent privileges instead of being restricted by the inline policy. This allows the attacker to access buckets and objects beyond their intended restrictions and modify, delete, or create objects outside their authorized scope. The vulnerability is fixed in version RELEASE.2025-10-15T17-29-55Z. | ||||
| CVE-2025-0066 | 1 Sap | 4 Abap Platform, Netweaver Abap, Netweaver As Abap and 1 more | 2025-10-23 | 9.9 Critical |
| Under certain conditions SAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework) allows an attacker to access restricted information due to weak access controls. This can have a significant impact on the confidentiality, integrity, and availability of an application | ||||
| CVE-2024-57409 | 1 Beian.miit | 1 Cool-admin-java | 2025-10-23 | 4.8 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Parameter List module of cool-admin-java v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the internet pictures field. | ||||
| CVE-2022-32894 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-10-23 | 7.8 High |
| An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. | ||||
| CVE-2022-32917 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-10-23 | 7.8 High |
| The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.. | ||||
| CVE-2019-8506 | 2 Apple, Redhat | 10 Icloud, Iphone Os, Itunes and 7 more | 2025-10-23 | 8.8 High |
| A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2019-8526 | 1 Apple | 1 Mac Os X | 2025-10-23 | 7.8 High |
| A use after free issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.4. An application may be able to gain elevated privileges. | ||||
| CVE-2019-8605 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2025-10-23 | 7.8 High |
| A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A malicious application may be able to execute arbitrary code with system privileges. | ||||
| CVE-2019-7286 | 1 Apple | 2 Iphone Os, Mac Os X | 2025-10-23 | 7.8 High |
| A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.4, macOS Mojave 10.14.3 Supplemental Update. An application may be able to gain elevated privileges. | ||||
| CVE-2019-7287 | 1 Apple | 1 Iphone Os | 2025-10-23 | 7.8 High |
| A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.4. An application may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2018-4344 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2025-10-23 | 7.8 High |
| A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5. | ||||
| CVE-2023-42916 | 5 Apple, Debian, Fedoraproject and 2 more | 9 Ipados, Iphone Os, Macos and 6 more | 2025-10-23 | 6.5 Medium |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1. | ||||
| CVE-2023-42917 | 5 Apple, Debian, Fedoraproject and 2 more | 13 Ipados, Iphone Os, Macos and 10 more | 2025-10-23 | 8.8 High |
| A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1. | ||||