Export limit exceeded: 16563 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 335240 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (335240 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-3830 | 1 Kuangstudy | 1 Kuangsimplebbs | 2025-04-30 | 6.3 Medium |
| A vulnerability was found in kuangstudy KuangSimpleBBS 1.0. It has been declared as critical. Affected by this vulnerability is the function fileUpload of the file src/main/java/com/kuang/controller/QuestionController.java. The manipulation of the argument editormd-image-file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-26566 | 1 Iscute | 1 Cute Http File Server | 2025-04-30 | 8.2 High |
| An issue in Cute Http File Server v.3.1 allows a remote attacker to escalate privileges via the password verification component. | ||||
| CVE-2024-24375 | 1 Jfinalcms Project | 1 Jfinalcms | 2025-04-30 | 7.5 High |
| SQL injection vulnerability in Jfinalcms v.5.0.0 allows a remote attacker to obtain sensitive information via /admin/admin name parameter. | ||||
| CVE-2024-25164 | 1 Idurarapp | 1 Idurar | 2025-04-30 | 7.5 High |
| iA Path Traversal vulnerability exists in iDURAR v2.0.0, that allows unauthenticated attackers to expose sensitive files via the download functionality. | ||||
| CVE-2024-27516 | 1 Livehelperchat | 2 Live Helper Chat, Livehelperchat | 2025-04-30 | 9.8 Critical |
| Server-Side Template Injection (SSTI) vulnerability in livehelperchat before 4.34v, allows remote attackers to execute arbitrary code and obtain sensitive information via the search parameter in lhc_web/modules/lhfaq/faqweight.php. | ||||
| CVE-2024-26473 | 1 Msaad1999 | 1 Klik Socialmediawebsite | 2025-04-30 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in SocialMediaWebsite v1.0.1 allows attackers to inject malicious JavaScript into the web browser of a victim via the poll parameter in poll.php. | ||||
| CVE-2024-26472 | 1 Msaad1999 | 1 Klik Socialmediawebsite | 2025-04-30 | 6.1 Medium |
| KLiK SocialMediaWebsite version 1.0.1 from msaad1999 has a reflected cross-site scripting (XSS) vulnerability which may allow remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'selector' or 'validator' parameters of 'create-new-pwd.php'. | ||||
| CVE-2024-26471 | 1 Msaad1999 | 1 Klik Socialmediawebsite | 2025-04-30 | 5.4 Medium |
| A reflected cross-site scripting (XSS) vulnerability in zhimengzhe iBarn v1.5 allows attackers to inject malicious JavaScript into the web browser of a victim via the search parameter in offer.php. | ||||
| CVE-2024-26470 | 1 Fullstackhero | 1 .net 9 Starter Kit | 2025-04-30 | 8.1 High |
| A host header injection vulnerability in the forgot password function of FullStackHero's WebAPI Boilerplate v1.0.0 and v1.0.1 allows attackers to leak the password reset token via a crafted request. | ||||
| CVE-2024-42768 | 2 Jayesh, Kashipara | 2 Hotel Management System, Hotel Management | 2025-04-30 | 6.8 Medium |
| A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Hotel Management System v1.0 via /admin/delete_room.php. | ||||
| CVE-2024-42769 | 2 Jayesh, Kashipara | 2 Hotel Management System, Hotel Management System | 2025-04-30 | 6.1 Medium |
| A Reflected Cross Site Scripting (XSS) vulnerability was found in "/core/signup_user.php " of Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via "user_fname" and "user_lname" parameters. | ||||
| CVE-2024-42770 | 2 Jayesh, Kashipara | 2 Hotel Management System, Hotel Management | 2025-04-30 | 4.7 Medium |
| A Stored Cross Site Scripting (XSS) vulnerability was found in "/core/signup_user.php" of Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via the "user_email" parameter. | ||||
| CVE-2024-42771 | 2 Jayesh, Kashipara | 2 Hotel Management System, Hotel Management System | 2025-04-30 | 4.8 Medium |
| A Stored Cross Site Scripting (XSS) vulnerability was found in " /admin/edit_room_controller.php" of the Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via "room_name" parameter. | ||||
| CVE-2024-42772 | 2 Jayesh, Kashipara | 2 Hotel Management System, Hotel Management System | 2025-04-30 | 7.5 High |
| An Incorrect Access Control vulnerability was found in /admin/rooms.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to view valid hotel room entries in administrator section. | ||||
| CVE-2024-42773 | 2 Jayesh, Kashipara | 2 Hotel Management System, Hotel Management System | 2025-04-30 | 9.1 Critical |
| An Incorrect Access Control vulnerability was found in /admin/edit_room_controller.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to edit the valid hotel room entries in the administrator section. | ||||
| CVE-2024-42774 | 2 Jayesh, Kashipara | 2 Hotel Management System, Hotel Management System | 2025-04-30 | 7.5 High |
| An Incorrect Access Control vulnerability was found in /admin/delete_room.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to delete valid hotel room entries in the administrator section. | ||||
| CVE-2024-42775 | 2 Jayesh, Kashipara | 2 Hotel Management System, Hotel Management System | 2025-04-30 | 9.1 Critical |
| An Incorrect Access Control vulnerability was found in /admin/add_room_controller.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to add the valid hotel room entries in the administrator section via the direct URL access. | ||||
| CVE-2024-42776 | 2 Jayesh, Kashipara | 2 Hotel Management System, Hotel Management System | 2025-04-30 | 7.2 High |
| Kashipara Hotel Management System v1.0 is vulnerable to Incorrect Access Control via /admin/users.php. | ||||
| CVE-2024-42767 | 2 Jayesh, Kashipara | 2 Hotel Management System, Hotel Management System | 2025-04-30 | 7.2 High |
| Kashipara Hotel Management System v1.0 is vulnerable to Unrestricted File Upload RCE via /admin/add_room_controller.php. | ||||
| CVE-2025-43954 | 1 Quasar | 1 Qmarkdown | 2025-04-30 | 4.9 Medium |
| QMarkdown (aka quasar-ui-qmarkdown) before 2.0.5 allows XSS via headers even when when no-html is set. | ||||