Export limit exceeded: 328698 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 15865 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 328698 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (328698 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-42605 | 2025-04-23 | N/A | ||
| This vulnerability exists in Meon Bidding Solutions due to improper authorization controls on certain API endpoints for the initiation, modification, or cancellation operations. An authenticated remote attacker could exploit this vulnerability by manipulating parameter in the API request body to gain unauthorized access to other user accounts. Successful exploitation of this vulnerability could allow remote attacker to perform authorized manipulation of data associated with other user accounts. | ||||
| CVE-2022-46824 | 2 Apple, Jetbrains | 2 Macos, Intellij Idea | 2025-04-23 | 5.6 Medium |
| In JetBrains IntelliJ IDEA before 2022.2.4 a buffer overflow in the fsnotifier daemon on macOS was possible. | ||||
| CVE-2022-46825 | 1 Jetbrains | 1 Intellij Idea | 2025-04-23 | 4 Medium |
| In JetBrains IntelliJ IDEA before 2022.3 the built-in web server leaked information about open projects. | ||||
| CVE-2022-46826 | 1 Jetbrains | 1 Intellij Idea | 2025-04-23 | 6.2 Medium |
| In JetBrains IntelliJ IDEA before 2022.3 the built-in web server allowed an arbitrary file to be read by exploiting a path traversal vulnerability. | ||||
| CVE-2022-46829 | 1 Jetbrains | 1 Jetbrains Gateway | 2025-04-23 | 7.1 High |
| In JetBrains JetBrains Gateway before 2022.3 a client could connect without a valid token if the host consented. | ||||
| CVE-2022-46830 | 1 Jetbrains | 1 Teamcity | 2025-04-23 | 4.1 Medium |
| In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpoint allowed internal port scanning. | ||||
| CVE-2023-51302 | 1 Phpjabbers | 1 Hotel Booking System | 2025-04-23 | 8.8 High |
| PHPJabbers Hotel Booking System v4.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used to construct CSV file. | ||||
| CVE-2024-40110 | 2 Nikhil-bhalerao, Poultry Farm Management System Project | 2 Poultry Farm Management System, Poultry Farm Management System | 2025-04-23 | 9.8 Critical |
| Sourcecodester Poultry Farm Management System v1.0 contains an Unauthenticated Remote Code Execution (RCE) vulnerability via the productimage parameter at /farm/product.php. | ||||
| CVE-2023-51303 | 1 Phpjabbers | 1 Event Ticketing System | 2025-04-23 | 6.1 Medium |
| PHPJabbers Event Ticketing System v1.0 is vulnerable to Multiple HTML Injection in the "lid, name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key, title" parameters. | ||||
| CVE-2024-40402 | 2 Nikhil-bhalerao, Sourcecodester | 2 Simple Library Management System, Simple Library Management System | 2025-04-23 | 6.3 Medium |
| A SQL injection vulnerability was found in 'ajax.php' of Sourcecodester Simple Library Management System 1.0. This vulnerability stems from insufficient user input validation of the 'username' parameter, allowing attackers to inject malicious SQL queries. | ||||
| CVE-2022-29838 | 1 Westerndigital | 11 My Cloud, My Cloud Dl2100, My Cloud Dl4100 and 8 more | 2025-04-23 | 4.3 Medium |
| Improper Authentication vulnerability in the encrypted volumes and auto mount features of Western Digital My Cloud devices allows insecure direct access to the drive information in the case of a device reset. This issue affects: Western Digital My Cloud My Cloud versions prior to 5.25.124 on Linux. | ||||
| CVE-2025-43950 | 2025-04-23 | 7.8 High | ||
| DPMAdirektPro 4.1.5 is vulnerable to DLL Hijacking. It happens by placing a malicious DLL in a directory (in the absence of a legitimate DLL), which is then loaded by the application instead of the legitimate DLL. This causes the malicious DLL to load with the same privileges as the application, thus causing a privilege escalation. | ||||
| CVE-2025-43949 | 2025-04-23 | 9.8 Critical | ||
| MuM (aka Mensch und Maschine) MapEdit (aka mapedit-web) 24.2.3 is vulnerable to SQL Injection that allows an attacker to execute malicious SQL statements that control a web application's database server. | ||||
| CVE-2025-27087 | 2025-04-23 | 5.5 Medium | ||
| A vulnerability in the kernel of the Cray Operating System (COS) could allow an attacker to perform a local Denial of Service (DoS) attack. | ||||
| CVE-2024-53568 | 2025-04-23 | 5.4 Medium | ||
| A stored cross-site scripting (XSS) vulnerability in the Image Upload section of Volmarg Personal Management System v1.4.65 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the tag parameter. | ||||
| CVE-2022-45758 | 1 Sens Project | 1 Sens | 2025-04-23 | 5.4 Medium |
| SENS v1.0 is vulnerable to Cross Site Scripting (XSS) via com.liuyanzhao.sens.web.controller.admin, getRegister. | ||||
| CVE-2022-45479 | 1 Beappsmobile | 1 Pc Keyboard Wifi\&bluetooth | 2025-04-23 | 9.8 Critical |
| PC Keyboard allows remote unauthenticated users to send instructions to the server to execute arbitrary code without any previous authorization or authentication. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | ||||
| CVE-2022-45292 | 1 Funkwhale | 1 Funkwhale | 2025-04-23 | 5.3 Medium |
| User invites for Funkwhale v1.2.8 do not permanently expire after being used for signup and can be used again after an account has been deleted. | ||||
| CVE-2022-45290 | 1 Kbase Doc Project | 1 Kbase Doc | 2025-04-23 | 9.1 Critical |
| Kbase Doc v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component /web/IndexController.java. | ||||
| CVE-2022-45275 | 1 Dynamic Transaction Queuing System Project | 1 Dynamic Transaction Queuing System | 2025-04-23 | 7.2 High |
| An arbitrary file upload vulnerability in /queuing/admin/ajax.php?action=save_settings of Dynamic Transaction Queuing System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | ||||