Export limit exceeded: 333727 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (333727 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-2985 | 1 Fabian | 1 Payroll Management System | 2025-05-14 | 6.3 Medium |
| A vulnerability was found in code-projects Payroll Management System 1.0. It has been classified as critical. This affects an unknown part of the file update_account.php. The manipulation of the argument deduction leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | ||||
| CVE-2025-3038 | 1 Fabian | 1 Payroll Management System | 2025-05-14 | 6.3 Medium |
| A vulnerability was found in code-projects Payroll Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /view_account.php. The manipulation of the argument salary_rate leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3039 | 1 Fabian | 1 Payroll Management System | 2025-05-14 | 6.3 Medium |
| A vulnerability was found in code-projects Payroll Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /add_employee.php. The manipulation of the argument lname/fname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | ||||
| CVE-2025-3134 | 1 Fabian | 1 Payroll Management System | 2025-05-14 | 6.3 Medium |
| A vulnerability classified as critical has been found in code-projects Payroll Management System 1.0. This affects an unknown part of the file /add_overtime.php. The manipulation of the argument rate leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-2854 | 1 Fabian | 1 Payroll Management System | 2025-05-14 | 6.3 Medium |
| A vulnerability classified as critical was found in code-projects Payroll Management System 1.0. Affected by this vulnerability is an unknown functionality of the file update_employee.php. The manipulation of the argument emp_type leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | ||||
| CVE-2024-8968 | 1 Maxfoundry | 1 Maxbuttons | 2025-05-14 | 4.7 Medium |
| The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-11607 | 1 Harryhe | 1 Gtpayment Donations | 2025-05-14 | 6.1 Medium |
| The GTPayment Donations WordPress plugin through 1.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | ||||
| CVE-2022-42070 | 1 Oretnom23 | 1 Online Birth Certificate Management System | 2025-05-14 | 8.8 High |
| Online Birth Certificate Management System version 1.0 is vulnerable to Cross Site Request Forgery (CSRF). | ||||
| CVE-2022-42069 | 1 Oretnom23 | 1 Online Birth Certificate Management System | 2025-05-14 | 5.4 Medium |
| Online Birth Certificate Management System version 1.0 suffers from a persistent Cross Site Scripting (XSS) vulnerability. | ||||
| CVE-2022-42067 | 1 Oretnom23 | 1 Online Birth Certificate Management System | 2025-05-14 | 4.3 Medium |
| Online Birth Certificate Management System version 1.0 suffers from an Insecure Direct Object Reference (IDOR) vulnerability | ||||
| CVE-2022-42066 | 1 Projectworlds | 1 Online Examination System | 2025-05-14 | 6.1 Medium |
| Online Examination System version 1.0 suffers from a cross site scripting vulnerability via index.php. | ||||
| CVE-2022-42064 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2025-05-14 | 9.8 Critical |
| Online Diagnostic Lab Management System version 1.0 remote exploit that bypasses login with SQL injection and then uploads a shell. | ||||
| CVE-2022-41598 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-14 | 3.4 Low |
| The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service. | ||||
| CVE-2022-41589 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-14 | 7.5 High |
| The DFX unwind stack module of the ArkCompiler has a vulnerability in interface calling.Successful exploitation of this vulnerability affects system services and device availability. | ||||
| CVE-2022-41538 | 1 Wedding Planner Project | 1 Wedding Planner | 2025-05-14 | 8.8 High |
| Wedding Planner v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /Wedding-Management-PHP/admin/photos_add.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2022-41536 | 1 Open Source Sacco Management System Project | 1 Open Source Sacco Management System | 2025-05-14 | 7.2 High |
| Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/manage_user.php. | ||||
| CVE-2022-41535 | 1 Open Source Sacco Management System Project | 1 Open Source Sacco Management System | 2025-05-14 | 7.2 High |
| Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/manage_borrower.php. | ||||
| CVE-2022-41477 | 1 Webidsupport | 1 Webid | 2025-05-14 | 9.1 Critical |
| A security issue was discovered in WeBid <=1.2.2. A Server-Side Request Forgery (SSRF) vulnerability in the admin/theme.php file allows remote attackers to inject payloads via theme parameters to read files across directories. | ||||
| CVE-2022-41436 | 1 Oxhoo | 2 Tp50, Tp50 Firmware | 2025-05-14 | 9.1 Critical |
| An issue in OXHOO TP50 OXH1.50 allows unauthenticated attackers to access the administrative panel via browsing to the URL http://device_ip/index1.html. | ||||
| CVE-2022-41416 | 1 Online Tours \& Travels Management System Project | 1 Online Tours \& Travels Management System | 2025-05-14 | 7.2 High |
| Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /user/update_booking.php. | ||||