Export limit exceeded: 335558 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (335558 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-10625 | 2 Support Ticket System Project, Vanquish | 2 Support Ticket System, Woocommerce Support Ticket System | 2025-05-28 | 9.8 Critical |
| The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_tmp_uploaded_file() function in all versions up to, and including, 17.7. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). | ||||
| CVE-2024-10626 | 2 Support Ticket System Project, Vanquish | 2 Support Ticket System, Woocommerce Support Ticket System | 2025-05-28 | 8.8 High |
| The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_uploaded_file() function in all versions up to, and including, 17.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). | ||||
| CVE-2025-5224 | 1 Campcodes | 1 Online Hospital Management System | 2025-05-28 | 7.3 High |
| A vulnerability classified as critical has been found in Campcodes Online Hospital Management System 1.0. Affected is an unknown function of the file /admin/add-doctor.php. The manipulation of the argument Doctorspecialization leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-56923 | 1 Silverpeas | 1 Silverpeas | 2025-05-28 | 5.4 Medium |
| Stored Cross-Site Scripting (XSS) Vulnerability in the Categorization Option of My Subscriptions Functionality in Silverpeas Core 6.3.1 <= 6.4.1 allows a remote attacker to execute arbitrary JavaScript code. This is achieved by injecting a malicious payload into the Name field of a subscription. The attack can lead to session hijacking, data theft, or unauthorized actions when an admin user views the affected subscription. | ||||
| CVE-2024-12113 | 1 Kainelabs | 1 Youzify | 2025-05-28 | 4.3 Medium |
| The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_user_review() and delete_review() functions in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete other user's reviews. | ||||
| CVE-2025-5225 | 1 Campcodes | 1 Advanced Online Voting System | 2025-05-28 | 7.3 High |
| A vulnerability, which was classified as critical, was found in Campcodes Advanced Online Voting System 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument voter leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-5229 | 1 Campcodes | 1 Online Hospital Management System | 2025-05-28 | 7.3 High |
| A vulnerability was found in Campcodes Online Hospital Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/view-patient.php. The manipulation of the argument viewid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-5246 | 1 Campcodes | 1 Online Hospital Management System | 2025-05-28 | 7.3 High |
| A vulnerability classified as critical was found in Campcodes Online Hospital Management System 1.0. This vulnerability affects unknown code of the file /hms/admin/query-details.php. The manipulation of the argument adminremark leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-5298 | 1 Campcodes | 1 Online Hospital Management System | 2025-05-28 | 7.3 High |
| A vulnerability, which was classified as critical, was found in Campcodes Online Hospital Management System 1.0. Affected is an unknown function of the file /admin/betweendates-detailsreports.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-10720 | 1 Phpipam | 1 Phpipam | 2025-05-28 | 6.1 Medium |
| A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2. The vulnerability occurs in the 'Device Management' section under 'Administration' where an attacker can inject malicious scripts into the 'Name' and 'Description' fields when adding a new device type. This can lead to data theft, account compromise, distribution of malware, website defacement, and phishing attacks. The issue is fixed in version 1.7.0. | ||||
| CVE-2024-10722 | 1 Phpipam | 1 Phpipam | 2025-05-28 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2. The vulnerability allows attackers to inject malicious scripts into the 'Description' field of custom fields in the 'IP RELATED MANAGEMENT' section. This can lead to data theft, account compromise, distribution of malware, website defacement, content manipulation, and phishing attacks. The issue is fixed in version 1.7.0. | ||||
| CVE-2024-10723 | 1 Phpipam | 1 Phpipam | 2025-05-28 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability was discovered in phpipam/phpipam version 1.5.2. This vulnerability allows an attacker to inject malicious scripts into the destination address field of the NAT tool, which can be executed when a user interacts with the field. The impact of this vulnerability includes the potential theft of user cookies, unauthorized access to user accounts, and redirection to malicious websites. The issue has been fixed in version 1.7.0. | ||||
| CVE-2024-10724 | 1 Phpipam | 1 Phpipam | 2025-05-28 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2, specifically in the Subnet NAT translations section when editing the Destination address. This vulnerability allows an attacker to execute malicious code. The issue is fixed in version 1.7.0. | ||||
| CVE-2024-10725 | 1 Phpipam | 1 Phpipam | 2025-05-28 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2. This vulnerability allows an attacker to inject malicious scripts into the application, which are then executed in the context of other users who view the affected pages. The issue occurs when editing the NAT destination address, where user input is not properly sanitized. This can lead to data theft, account compromise, and other malicious activities. The vulnerability is fixed in version 1.7.0. | ||||
| CVE-2024-10719 | 1 Phpipam | 1 Phpipam | 2025-05-28 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability exists in phpipam version 1.5.2, specifically in the circuits options functionality. This vulnerability allows an attacker to inject malicious scripts via the 'option' parameter in the POST request to /phpipam/app/admin/circuits/edit-options-submit.php. The injected script can be executed in the context of the user's browser, leading to potential cookie theft and end-user file disclosure. The issue is fixed in version 1.7.0. | ||||
| CVE-2025-1813 | 1 Zframeworks | 1 Zz | 2025-05-28 | 4.3 Medium |
| A vulnerability classified as problematic was found in zj1983 zz up to 2024-08. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-22212 | 1 Convert Forms Project | 1 Convert Forms | 2025-05-28 | 2.7 Low |
| A SQL injection vulnerability in the Convert Forms component versions 1.0.0-1.0.0 - 4.4.9 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the submission management area in backend. | ||||
| CVE-2024-12964 | 1 1000projects | 1 Daily College Class Work Report Book | 2025-05-28 | 7.3 High |
| A vulnerability was found in 1000 Projects Daily College Class Work Report Book 1.0. It has been classified as critical. This affects an unknown part of the file /login.php. The manipulation of the argument user leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-43158 | 1 Masteriyo | 1 Masteriyo | 2025-05-28 | 7.5 High |
| Missing Authorization vulnerability in Masteriyo Masteriyo - LMS allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Masteriyo - LMS: from n/a through 1.11.4. | ||||
| CVE-2024-43159 | 1 Masteriyo | 1 Masteriyo | 2025-05-28 | 5.3 Medium |
| Missing Authorization vulnerability in Masteriyo Masteriyo - LMS allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Masteriyo - LMS: from n/a through 1.11.6. | ||||