Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (339475 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-46362 | 1 Frogcms Project | 1 Frogcms | 2025-04-28 | 8.8 High |
| FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/create_directory | ||||
| CVE-2024-46609 | 2 Icecms Project, Thecosy | 2 Icecms, Icecms | 2025-04-28 | 7.5 High |
| An access control issue in the CheckVip function in UserController.java of IceCMS v3.4.7 and before allows unauthenticated attackers to access and returns all user information, including passwords | ||||
| CVE-2024-25141 | 1 Apache | 2 Airflow Mongo Provider, Apache-airflow-providers-mongo | 2025-04-28 | 9.1 Critical |
| When ssl was enabled for Mongo Hook, default settings included "allow_insecure" which caused that certificates were not validated. This was unexpected and undocumented. Users are recommended to upgrade to version 4.0.0, which fixes this issue. | ||||
| CVE-2024-46612 | 2 Icecms Project, Thecosy | 2 Icecms, Icecms | 2025-04-28 | 9.8 Critical |
| IceCMS v3.4.7 and before was discovered to contain a hardcoded JWT key, allowing an attacker to forge JWT authentication information. | ||||
| CVE-2022-44653 | 1 Trendmicro | 1 Apex One | 2025-04-28 | 7.8 High |
| A security agent directory traversal vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2022-44652 | 1 Trendmicro | 1 Apex One | 2025-04-28 | 7.8 High |
| An improper handling of exceptional conditions vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2022-44118 | 1 Dedebiz | 1 Dedecmsv6 | 2025-04-28 | 9.8 Critical |
| dedecmdv6 v6.1.9 is vulnerable to Remote Code Execution (RCE) via file_manage_control.php. | ||||
| CVE-2022-43213 | 1 Billing System Project Project | 1 Billing System Project | 2025-04-28 | 9.8 Critical |
| Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editorder.php. | ||||
| CVE-2022-43196 | 1 Dedebiz | 1 Dedecmsv6 | 2025-04-28 | 9.1 Critical |
| dedecmdv6 v6.1.9 is vulnerable to Arbitrary file deletion via file_manage_control.php. | ||||
| CVE-2022-42095 | 1 Backdropcms | 1 Backdrop Cms | 2025-04-28 | 4.8 Medium |
| Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Page content. | ||||
| CVE-2022-3849 | 1 Wp User Merger Project | 1 Wp User Merger | 2025-04-28 | 8.8 High |
| The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin | ||||
| CVE-2024-46331 | 1 Modstart | 2 Modstartcms, Mostartcms | 2025-04-28 | 7.2 High |
| ModStartCMS v8.8.0 was discovered to contain an open redirect vulnerability in the redirect parameter at /admin/login. This vulnerability allows attackers to redirect users to an arbitrary website via a crafted URL. | ||||
| CVE-2022-3562 | 1 Librenms | 1 Librenms | 2025-04-28 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0. | ||||
| CVE-2024-46293 | 2 Online Medicine Ordering System Project, Oretnom23 | 2 Online Medicine Ordering System, Online Medicine Ordering System | 2025-04-28 | 9.8 Critical |
| Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Incorrect Access Control. There is a lack of authorization checks for admin operations. Specifically, an attacker can perform admin-level actions without possessing a valid session token. The application does not verify whether the user is logged in as an admin or even check for a session token at all. | ||||
| CVE-2024-45870 | 1 Bandisoft | 1 Bandiview | 2025-04-28 | 6.5 Medium |
| Bandisoft BandiView 7.05 is vulnerable to Incorrect Access Control in sub_0x3d80fc via a crafted POC file. | ||||
| CVE-2024-45871 | 1 Bandisoft | 1 Bandiview | 2025-04-28 | 6.3 Medium |
| Bandisoft BandiView 7.05 is Incorrect Access Control via sub_0x232bd8 resulting in denial of service (DOS). | ||||
| CVE-2024-45872 | 1 Bandisoft | 1 Bandiview | 2025-04-28 | 6.3 Medium |
| Bandisoft BandiView 7.05 is vulnerable to Buffer Overflow via sub_0x410d1d. The vulnerability occurs due to insufficient validation of PSD files. | ||||
| CVE-2024-46077 | 2 Mayurik, Online Tours And Travels Management System Project | 2 Online Tours And Travels Management System, Online Tours And Travels Management System | 2025-04-28 | 5.4 Medium |
| itsourcecode Online Tours and Travels Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via a crafted payload to the val-username, val-email, val-suggestions, val-digits and state_name parameters in travellers.php. | ||||
| CVE-2024-46654 | 1 Maccms | 1 Maccms | 2025-04-28 | 4.8 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Add Scheduled Task module of Maccms10 v2024.1000.4040 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2024-48579 | 2 Mayurik, Php | 2 Best House Rental Management System, Best House Rental Management System | 2025-04-28 | 9.8 Critical |
| SQL Injection vulnerability in Best House rental management system project in php v.1.0 allows a remote attacker to execute arbitrary code via the username parameter of the login request. | ||||