Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (339475 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-3827 | 1 Phpgurukul | 1 Men Salon Management System | 2025-04-28 | 7.3 High |
| A vulnerability has been found in PHPGurukul Men Salon Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/forgot-password.php. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3828 | 1 Phpgurukul | 1 Men Salon Management System | 2025-04-28 | 7.3 High |
| A vulnerability was found in PHPGurukul Men Salon Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/view-appointment.php?viewid=11. The manipulation of the argument remark leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | ||||
| CVE-2025-3829 | 1 Phpgurukul | 1 Men Salon Management System | 2025-04-28 | 7.3 High |
| A vulnerability was found in PHPGurukul Men Salon Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/sales-reports-detail.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-28072 | 1 Phpgurukul | 1 Pre-school Enrollment System | 2025-04-28 | 7.5 High |
| PHPGurukul Pre-School Enrollment System is vulnerable to Directory Traversal in manage-teachers.php. | ||||
| CVE-2024-48357 | 1 Lylme | 1 Lylme Spage | 2025-04-28 | 9.8 Critical |
| LyLme Spage 1.2.0 through 1.6.0 is vulnerable to SQL Injection via /admin/apply.php. | ||||
| CVE-2024-33868 | 2 Linqi, Microsoft | 2 Linqi, Windows | 2025-04-28 | 9.8 Critical |
| An issue was discovered in linqi before 1.4.0.1 on Windows. There is LDAP injection. | ||||
| CVE-2024-33867 | 2 Linqi, Microsoft | 2 Linqi, Windows | 2025-04-28 | 4.8 Medium |
| An issue was discovered in linqi before 1.4.0.1 on Windows. There is a hardcoded password salt. | ||||
| CVE-2024-33866 | 2 Linqi, Microsoft | 2 Linqi, Windows | 2025-04-28 | 5.5 Medium |
| An issue was discovered in linqi before 1.4.0.1 on Windows. There is /api/DocumentTemplate/{GUID] XSS. | ||||
| CVE-2024-33864 | 2 Linqi, Microsoft | 2 Linqi, Windows | 2025-04-28 | 5.9 Medium |
| An issue was discovered in linqi before 1.4.0.1 on Windows. There is SSRF via Document template generation; i.e., via remote images in process creation, file inclusion, and PDF document generation via malicious JavaScript. | ||||
| CVE-2024-48180 | 1 Classcms | 1 Classcms | 2025-04-28 | 9.8 Critical |
| ClassCMS <=4.8 is vulnerable to file inclusion in the nowView method in/class/cms/cms.php, which can include a file uploaded to the/class/template directory to execute PHP code. | ||||
| CVE-2024-33865 | 2 Linqi, Microsoft | 2 Linqi, Windows | 2025-04-28 | 7.5 High |
| An issue was discovered in linqi before 1.4.0.1 on Windows. There is an NTLM hash leak via the /api/Cdn/GetFile and /api/DocumentTemplate/{GUID] endpoints. | ||||
| CVE-2024-33863 | 2 Linqi, Microsoft | 2 Linqi, Windows | 2025-04-28 | 9.8 Critical |
| An issue was discovered in linqi before 1.4.0.1 on Windows. There is /api/Cdn/GetFile local file inclusion. | ||||
| CVE-2022-30355 | 1 Ovaledge | 1 Ovaledge | 2025-04-28 | 9.8 Critical |
| OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /profile/updateProfile via the userId and email parameters. Authentication is required. | ||||
| CVE-2024-46101 | 1 Gdidees | 1 Gdidees Cms | 2025-04-28 | 9.8 Critical |
| GDidees CMS <= v3.9.1 has a file upload vulnerability. | ||||
| CVE-2024-47218 | 2 Versoft, Vesoft | 2 Nebulagraph Studio, Nebulagraph Database | 2025-04-28 | 9.8 Critical |
| An issue was discovered in vesoft NebulaGraph through 3.8.0. It allows bypassing authentication. | ||||
| CVE-2024-47219 | 1 Vesoft | 2 Nebulagraph Database, Nebulagraph Studio | 2025-04-28 | 9.8 Critical |
| An issue was discovered in vesoft NebulaGraph through 3.8.0. It allows shell command injection. | ||||
| CVE-2024-46084 | 1 Scriptcase | 1 Scriptcase | 2025-04-28 | 8 High |
| Scriptcase 9.10.023 and before is vulnerable to Remote Code Execution (RCE) via the nm_unzip function. | ||||
| CVE-2024-46082 | 1 Scriptcase | 1 Scriptcase | 2025-04-28 | 5.4 Medium |
| Scriptcase v.9.10.023 and before is vulnerable to Cross Site Scripting (XSS) in nm_cor.php via the form and field parameters. | ||||
| CVE-2024-46080 | 1 Scriptcase | 1 Scriptcase | 2025-04-28 | 8 High |
| Scriptcase v9.10.023 and before is vulnerable to Remote Code Execution (RCE) via the nm_zip function. | ||||
| CVE-2024-46083 | 1 Scriptcase | 1 Scriptcase | 2025-04-28 | 5.4 Medium |
| Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS). An authenticated user can craft malicious payloads using the messages feature, which allows the injection of malicious code into any user's account on the platform. It is important to note that regular users can trigger actions for administrator users. | ||||