Search Results (121013 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-13019 1 Code-projects 1 Chat System 2025-04-03 3.5 Low
A vulnerability classified as problematic has been found in code-projects Chat System 1.0. Affected is an unknown function of the file /admin/update_room.php of the component Chat Room Page. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely.
CVE-2024-12955 1 Phpgurukul 1 Blood Bank \& Donor Management System 2025-04-03 4.3 Medium
A vulnerability has been found in PHPGurukul Blood Bank & Donor Management System 2.4 and classified as problematic. This vulnerability affects unknown code of the file /logout.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-12949 1 Code-projects 1 Travel Management System 2025-04-03 6.3 Medium
A vulnerability was found in code-projects Travel Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /package.php. The manipulation of the argument subcatid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-12948 1 Code-projects 1 Travel Management System 2025-04-03 6.3 Medium
A vulnerability was found in code-projects Travel Management System 1.0. It has been classified as critical. This affects an unknown part of the file /detail.php. The manipulation of the argument pid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-12945 1 Code-projects 1 Simple Car Rental System 2025-04-03 7.3 High
A vulnerability classified as critical was found in code-projects Simple Car Rental System 1.0. This vulnerability affects unknown code of the file /account.php. The manipulation of the argument email/pass leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-12944 1 Codeastro 1 House Rental Management System 2025-04-03 7.3 High
A vulnerability was found in CodeAstro House Rental Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /signin.php. The manipulation of the argument u/p leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-12943 1 Codeastro 1 House Rental Management System 2025-04-03 7.3 High
A vulnerability was found in CodeAstro House Rental Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /ownersignup.php. The manipulation of the argument f/e/p/m/o/n/c/s/ci/a leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter "m" to be affected. But it must be assumed that many other parameters are affected as well.
CVE-2024-12937 1 Code-projects 1 Simple Admin Panel 2025-04-03 6.3 Medium
A vulnerability, which was classified as critical, was found in code-projects Simple Admin Panel 1.0. Affected is an unknown function of the file addVariationController.php. The manipulation of the argument qty leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2023-22334 1 Contec 1 Conprosys Hmi System 2025-04-03 5.3 Medium
Use of password hash instead of password for authentication vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote authenticated attacker to obtain user credentials information via a man-in-the-middle attack.
CVE-2023-22298 2 Fedoraproject, Pgadmin 2 Fedora, Pgadmin 4 2025-04-03 6.1 Medium
Open redirect vulnerability in pgAdmin 4 versions prior to v6.14 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL.
CVE-2022-45875 1 Apache 1 Dolphinscheduler 2025-04-03 9.8 Critical
Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions. This attack can be performed only by authenticated users which can login to DS.
CVE-2024-27206 1 Google 1 Android 2025-04-03 7.5 High
there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-27213 1 Google 1 Android 2025-04-03 8.4 High
In BroadcastSystemMessage of servicemgr.cpp, there is a possible Remote Code Execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-27223 1 Google 1 Android 2025-04-03 5.1 Medium
In EUTRAN_LCS_DecodeFacilityInformationElement of LPP_LcsManagement.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure after authenticating the cell connection with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-27228 1 Google 1 Android 2025-04-03 9.8 Critical
there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-25988 1 Google 1 Android 2025-04-03 8.4 High
In SAEMM_DiscloseGuti of SAEMM_RadioMessageCodec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-37626 1 Totolink 2 A6000r, A6000r Firmware 2025-04-03 8.8 High
A command injection issue in TOTOLINK A6000R V1.0.1-B20201211.2000 firmware allows a remote attacker to execute arbitrary code via the iface parameter in the vif_enable function.
CVE-2025-25871 1 Openpanel 1 Openpanel 2025-04-03 8 High
An issue in Open Panel v.0.3.4 allows a remote attacker to escalate privileges via the Fix Permissions function
CVE-2025-1829 1 Totolink 2 X18, X18 Firmware 2025-04-03 6.3 Medium
A vulnerability was found in TOTOLINK X18 9.1.0cu.2024_B20220329. It has been declared as critical. This vulnerability affects the function setMtknatCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument mtkhnatEnable leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-25872 1 Openpanel 1 Openpanel 2025-04-03 5.5 Medium
An issue in Open Panel v.0.3.4 allows a remote attacker to escalate privileges via the Fix Permissions function