Search
Search Results (322822 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-8855 | 1 Wpmarka | 1 Wordpress Auction | 2025-05-14 | 9.8 Critical |
| The WordPress Auction Plugin WordPress plugin through 3.7 does not sanitize and escape a parameter before using it in a SQL statement, allowing editors and above to perform SQL injection attacks | ||||
| CVE-2024-8857 | 1 Wpmarka | 1 Wordpress Auction | 2025-05-14 | 4.8 Medium |
| The WordPress Auction Plugin WordPress plugin through 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2025-3819 | 1 Phpgurukul | 1 Men Salon Management System | 2025-05-14 | 7.3 High |
| A vulnerability has been found in PHPGurukul Men Salon Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/search-appointment.php. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-43958 | 1 Kishan0725 | 1 Hospital Management System | 2025-05-14 | 9.8 Critical |
| An arbitrary file upload vulnerability in the component /jquery-file-upload/server/php/index.php of Hospital Management System v4.0 allows an unauthenticated attacker to upload any file to the server and execute arbitrary code. | ||||
| CVE-2025-29568 | 1 Code-projects | 1 Online Class And Exam Scheduling System | 2025-05-14 | 4.8 Medium |
| A vulnerability has been discovered in the code-projects Online Class and Exam Scheduling System 1.0. The issue affects some unknown features in the file /Scheduling/pages/class_sched.php. Manipulating the class parameter can lead to cross-site scripting (XSS). | ||||
| CVE-2025-44134 | 1 Code-projects | 1 Online Class And Exam Scheduling System | 2025-05-14 | 6.5 Medium |
| A vulnerability was found in Code-Projects Online Class and Exam Scheduling System 1.0 in the file /Scheduling/pages/class_save.php. Manipulation of parameter class will lead to SQL injection attacks. | ||||
| CVE-2025-44135 | 1 Code-projects | 1 Online Class And Exam Scheduling System | 2025-05-14 | 6.5 Medium |
| A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0 in /Scheduling/pages/profile_update.php. Manipulating the parameter username will cause SQL injection attacks. | ||||
| CVE-2025-47899 | 2025-05-14 | N/A | ||
| Not used | ||||
| CVE-2025-47898 | 2025-05-14 | N/A | ||
| Not used | ||||
| CVE-2025-47897 | 2025-05-14 | N/A | ||
| Not used | ||||
| CVE-2025-47896 | 2025-05-14 | N/A | ||
| Not used | ||||
| CVE-2025-47895 | 2025-05-14 | N/A | ||
| Not used | ||||
| CVE-2025-47894 | 2025-05-14 | N/A | ||
| Not used | ||||
| CVE-2025-47893 | 2025-05-14 | N/A | ||
| Not used | ||||
| CVE-2025-47892 | 2025-05-14 | N/A | ||
| Not used | ||||
| CVE-2025-47891 | 2025-05-14 | N/A | ||
| Not used | ||||
| CVE-2025-0793 | 1 Esafenet | 1 Cdg | 2025-05-13 | 6.3 Medium |
| A vulnerability has been found in ESAFENET CDG V5 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /todoDetail.jsp. The manipulation of the argument flowId leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-0794 | 1 Esafenet | 1 Cdg | 2025-05-13 | 3.5 Low |
| A vulnerability was found in ESAFENET CDG V5 and classified as problematic. Affected by this issue is some unknown functionality of the file /todoDetail.jsp. The manipulation of the argument curpage leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-0795 | 1 Esafenet | 1 Cdg | 2025-05-13 | 3.5 Low |
| A vulnerability was found in ESAFENET CDG V5. It has been classified as problematic. This affects an unknown part of the file /todolistjump.jsp. The manipulation of the argument flowId leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-45627 | 1 Apache | 1 Linkis | 2025-05-13 | 5.9 Medium |
| In Apache Linkis <1.7.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will allow the attacker to read arbitrary files from the Linkis server. Therefore, the parameters in the Mysql JDBC URL should be blacklisted. This attack requires the attacker to obtain an authorized account from Linkis before it can be carried out. Versions of Apache Linkis < 1.7.0 will be affected. We recommend users upgrade the version of Linkis to version 1.7.0. | ||||