Export limit exceeded: 16563 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 335229 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (335229 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-43119 | 1 Csphere | 1 Clansphere | 2025-04-30 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Clansphere CMS v2011.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username parameter. | ||||
| CVE-2022-43071 | 1 Xpdfreader | 1 Xpdf | 2025-04-30 | 5.5 Medium |
| A stack overflow in the Catalog::readPageLabelTree2(Object*) function of XPDF v4.04 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. | ||||
| CVE-2022-42978 | 1 Atlassian | 1 Confluence Data Center | 2025-04-30 | 7.5 High |
| In the Netic User Export add-on before 1.3.5 for Atlassian Confluence, authorization is mishandled. An unauthenticated attacker could access files on the remote system. | ||||
| CVE-2021-25926 | 1 Sickrage | 1 Sickrage | 2025-04-30 | 6.1 Medium |
| In SiCKRAGE, versions 9.3.54.dev1 to 10.0.11.dev1 are vulnerable to Reflected Cross-Site-Scripting (XSS) due to user input not being validated properly in the `quicksearch` feature. Therefore, an attacker can steal a user's sessionID to masquerade as a victim user, to carry out any actions in the context of the user. | ||||
| CVE-2021-25925 | 1 Sickrage | 1 Sickrage | 2025-04-30 | 5.4 Medium |
| in SiCKRAGE, versions 4.2.0 to 10.0.11.dev1 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly when processed by the server. Therefore, an attacker can inject arbitrary JavaScript code inside the application, and possibly steal a user’s sensitive information. | ||||
| CVE-2021-25921 | 1 Open-emr | 1 Openemr | 2025-04-30 | 5.4 Medium |
| In OpenEMR, versions 2.7.3-rc1 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly in the `Allergies` section. An attacker could lure an admin to enter a malicious payload and by that initiate the exploit. | ||||
| CVE-2021-25920 | 1 Open-emr | 1 Openemr | 2025-04-30 | 6.5 Medium |
| In OpenEMR, versions v2.7.2-rc1 to 6.0.0 are vulnerable to Improper Access Control when creating a new user, which leads to a malicious user able to read and send sensitive messages on behalf of the victim user. | ||||
| CVE-2021-25919 | 1 Open-emr | 1 Openemr | 2025-04-30 | 4.8 Medium |
| In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly. A highly privileged attacker could inject arbitrary code into input fields when creating a new user. | ||||
| CVE-2021-25918 | 1 Open-emr | 1 Openemr | 2025-04-30 | 4.8 Medium |
| In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly and rendered in the TOTP Authentication method page. A highly privileged attacker could inject arbitrary code into input fields when creating a new user. | ||||
| CVE-2021-25917 | 1 Open-emr | 1 Openemr | 2025-04-30 | 4.8 Medium |
| In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly and rendered in the U2F USB Device authentication method page. A highly privileged attacker could inject arbitrary code into input fields when creating a new user. | ||||
| CVE-2021-25916 | 1 Patchmerge Project | 1 Patchmerge | 2025-04-30 | 9.8 Critical |
| Prototype pollution vulnerability in 'patchmerge' versions 1.0.0 through 1.0.1 allows an attacker to cause a denial of service and may lead to remote code execution. | ||||
| CVE-2021-25915 | 1 Changeset Project | 1 Changeset | 2025-04-30 | 9.8 Critical |
| Prototype pollution vulnerability in 'changeset' versions 0.0.1 through 0.2.5 allows an attacker to cause a denial of service and may lead to remote code execution. | ||||
| CVE-2021-25914 | 1 Fireblink | 1 Object-collider | 2025-04-30 | 9.8 Critical |
| Prototype pollution vulnerability in 'object-collider' versions 1.0.0 through 1.0.3 allows attacker to cause a denial of service and may lead to remote code execution. | ||||
| CVE-2025-4027 | 1 Phpgurukul | 1 Old Age Home Management System | 2025-04-30 | 7.3 High |
| A vulnerability, which was classified as critical, was found in PHPGurukul Old Age Home Management System 1.0. Affected is an unknown function of the file /admin/rules.php. The manipulation of the argument pagetitle leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-45949 | 1 Phpgurukul | 1 User Registration \& Login And User Management System | 2025-04-30 | 9.8 Critical |
| A critical vulnerability was found in PHPGurukul User Registration & Login and User Management System V3.3 in the /loginsystem/change-password.php file of the user panel - Change Password component. Improper handling of session data allows a Session Hijacking attack, exploitable remotely and leading to account takeover. | ||||
| CVE-2025-45953 | 1 Phpgurukul | 1 Hostel Management System | 2025-04-30 | 9.1 Critical |
| A vulnerability was found in PHPGurukul Hostel Management System 2.1 in the /hostel/change-password.php file of the user panel - Change Password component. Improper handling of session data allows a Session Hijacking attack, exploitable remotely | ||||
| CVE-2022-41260 | 1 Sap | 1 Financial Consolidation | 2025-04-30 | 6.1 Medium |
| SAP Financial Consolidation - version 1010, does not sufficiently encode user-controlled input which may allow an unauthenticated attacker to inject a web script via a GET request. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. | ||||
| CVE-2022-3362 | 1 Ikus-soft | 1 Rdiffweb | 2025-04-30 | 9.8 Critical |
| Insufficient Session Expiration in GitHub repository ikus060/rdiffweb prior to 2.5.0. | ||||
| CVE-2025-3823 | 1 Senior-walter | 1 Web-based Pharmacy Product Management System | 2025-04-30 | 2.4 Low |
| A vulnerability classified as problematic has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected is an unknown function of the file add-stock.php. The manipulation of the argument txttotalcost/txtproductID/txtprice/txtexpirydate leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-13146 | 1 Fs-code | 1 Booknetic | 2025-04-30 | 8.8 High |
| The Booknetic WordPress plugin before 4.1.5 does not have CSRF check when creating Staff accounts, which could allow attackers to make logged in admin add arbitrary Staff members via a CSRF attack | ||||