Export limit exceeded: 336705 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (336705 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-3974 | 1 Buddypress | 1 Buddypress | 2025-06-05 | 6.4 Medium |
| The BuddyPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘user_name’ parameter in versions up to, and including, 12.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-3729 | 2 Dynamiapps, Wordpress | 2 Frontend Admin, Frontend Admin By Dynamiapps | 2025-06-05 | 9.8 Critical |
| The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'fea_encrypt' function in all versions up to, and including, 3.19.4. This makes it possible for unauthenticated attackers to manipulate the user processing forms, which can be used to add and edit administrator user for privilege escalation, or to automatically log in users for authentication bypass, or manipulate the post processing form that can be used to inject arbitrary web scripts. This can only be exploited if the 'openssl' php extension is not loaded on the server. | ||||
| CVE-2024-1009 | 1 Employee Management System Project | 1 Employee Management System | 2025-06-05 | 7.3 High |
| A vulnerability was found in SourceCodester Employee Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Admin/login.php. The manipulation of the argument txtusername leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252278 is the identifier assigned to this vulnerability. | ||||
| CVE-2024-3554 | 1 Aioseo | 1 All In One Seo | 2025-06-05 | 6.4 Medium |
| The All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-1809 | 1 Analytify | 1 Analytify - Google Analytics Dashboard | 2025-06-05 | 5.4 Medium |
| The Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on AJAX functions in combination with nonce leakage in all versions up to, and including, 5.2.3. This makes it possible for authenticated attackers, with subscriber access and higher, to obtain certain sensitive information related to plugin settings. | ||||
| CVE-2024-42552 | 1 Vaibhavverma9999 | 1 Hotel Management System | 2025-06-05 | 8.6 High |
| Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the book_id parameter at admin_room_history.php. | ||||
| CVE-2024-42553 | 1 Vaibhavverma9999 | 1 Hotel Management System | 2025-06-05 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) in the component admin_room_added.php of Hotel Management System commit 91caab8 allows attackers to escalate privileges. | ||||
| CVE-2024-42554 | 2 Hotel Management System Project, Vaibhavverma9999 | 2 Hotel Management System, Hotel Management System | 2025-06-05 | 8.8 High |
| Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the room_type parameter at admin_room_added.php. | ||||
| CVE-2024-42555 | 1 Vaibhavverma9999 | 1 Hotel Management System | 2025-06-05 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) in the component admin_room_removed.php of Hotel Management System commit 91caab8 allows attackers to escalate privileges. | ||||
| CVE-2024-42556 | 1 Vaibhavverma9999 | 1 Hotel Management System | 2025-06-05 | 9.8 Critical |
| Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the room_type parameter at admin_room_removed.php. | ||||
| CVE-2024-42557 | 1 Vaibhavverma9999 | 1 Hotel Management System | 2025-06-05 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) in the component admin_modify_room.php of Hotel Management System commit 91caab8 allows attackers to escalate privileges. | ||||
| CVE-2024-42558 | 1 Vaibhavverma9999 | 1 Hotel Management System | 2025-06-05 | 9.8 Critical |
| Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the book_id parameter at admin_modify_room.php. | ||||
| CVE-2024-42560 | 1 Varunsardana004 | 1 Blood Bank And Donation Management System | 2025-06-05 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the component update_page_details.php of Blood Bank And Donation Management System commit dc9e039 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page Details parameter. | ||||
| CVE-2024-42561 | 2 Krishna9772, Pharmacy Management System Project | 2 Pharmacy Management System, Pharmacy Management System | 2025-06-05 | 8.8 High |
| Pharmacy Management System commit a2efc8 was discovered to contain a SQL injection vulnerability via the invoice_number parameter at sales_report.php. | ||||
| CVE-2024-42562 | 1 Krishna9772 | 1 Pharmacy Management System | 2025-06-05 | 9.8 Critical |
| Pharmacy Management System commit a2efc8 was discovered to contain a SQL injection vulnerability via the invoice_number parameter at preview.php. | ||||
| CVE-2024-42563 | 1 Jerryhanjj | 1 Erp | 2025-06-05 | 9.8 Critical |
| An arbitrary file upload vulnerability in ERP commit 44bd04 allows attackers to execute arbitrary code via uploading a crafted HTML file. | ||||
| CVE-2024-42569 | 1 Arajajyothibabu | 1 School Management System | 2025-06-05 | 9.8 Critical |
| School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at paidclass.php. | ||||
| CVE-2024-42571 | 2 Arajajyothibabu, School Management System Project | 2 School Management System, School Management System | 2025-06-05 | 9.8 Critical |
| School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at insertattendance.php. | ||||
| CVE-2024-20697 | 1 Microsoft | 3 Windows 11 22h2, Windows 11 23h2, Windows Server 2022 23h2 | 2025-06-05 | 7.3 High |
| Windows libarchive Remote Code Execution Vulnerability | ||||
| CVE-2024-22705 | 1 Linux | 1 Linux Kernel | 2025-06-05 | 7.8 High |
| An issue was discovered in ksmbd in the Linux kernel before 6.6.10. smb2_get_data_area_len in fs/smb/server/smb2misc.c can cause an smb_strndup_from_utf16 out-of-bounds access because the relationship between Name data and CreateContexts data is mishandled. | ||||