Search Results (120815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-23277 1 Snippet Box Project 1 Snippet Box 2025-02-11 6.1 Medium
Snippet-box 1.0.0 is vulnerable to Cross Site Scripting (XSS). Remote attackers can render arbitrary web script or HTML from the "Snippet code" form field.
CVE-2024-43383 1 Apache 2 Lucene, Lucene.net 2025-02-11 8 High
Deserialization of Untrusted Data vulnerability in Apache Lucene.Net.Replicator. This issue affects Apache Lucene.NET's Replicator library: from 4.8.0-beta00005 through 4.8.0-beta00016. An attacker that can intercept traffic between a replication client and server, or control the target replication node URL, can provide a specially-crafted JSON response that is deserialized as an attacker-provided exception type. This can result in remote code execution or other potential unauthorized access. Users are recommended to upgrade to version 4.8.0-beta00017, which fixes the issue.
CVE-2023-1799 1 Eyoucms 1 Eyoucms 2025-02-11 3.5 Low
A vulnerability, which was classified as problematic, was found in EyouCMS up to 1.5.4. This affects an unknown part of the file login.php. The manipulation of the argument tag_tag leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224751.
CVE-2024-4093 1 Oretnom23 1 Simple Subscription Website 2025-02-11 6.3 Medium
A vulnerability, which was classified as critical, was found in SourceCodester Simple Subscription Website 1.0. Affected is an unknown function of the file view_application.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-261822 is the identifier assigned to this vulnerability.
CVE-2024-4798 1 Oretnom23 1 Online Computer And Laptop Store 2025-02-11 6.3 Medium
A vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this issue is some unknown functionality of the file /admin/maintenance/manage_brand.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-263918 is the identifier assigned to this vulnerability.
CVE-2024-4809 1 Nikhil-bhalerao 1 Open Source Clinic Management System 2025-02-11 6.3 Medium
A vulnerability has been found in SourceCodester Open Source Clinic Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file setting.php. The manipulation of the argument logo leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263929 was assigned to this vulnerability.
CVE-2024-4820 1 Oretnom23 1 Online Computer And Laptop Store 2025-02-11 6.3 Medium
A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /classes/SystemSettings.php?f=update_settings. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263941 was assigned to this vulnerability.
CVE-2024-5069 1 Oretnom23 1 Simple Online Men\'s Salon Management System 2025-02-11 6.3 Medium
A vulnerability, which was classified as critical, has been found in SourceCodester Simple Online Mens Salon Management System 1.0. Affected by this issue is some unknown functionality of the file view_service.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-264926 is the identifier assigned to this vulnerability.
CVE-2024-5134 1 Remyandrade 1 Electricity Consumption Monitoring Tool 2025-02-11 6.3 Medium
A vulnerability was found in SourceCodester Electricity Consumption Monitoring Tool 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /endpoint/delete-bill.php. The manipulation of the argument bill leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-265210 is the identifier assigned to this vulnerability.
CVE-2025-0291 1 Google 1 Chrome 2025-02-11 8.3 High
Type Confusion in V8 in Google Chrome prior to 131.0.6778.264 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVE-2024-5381 1 Itsourcecode 1 Student Information Management System 2025-02-11 6.3 Medium
A vulnerability classified as critical was found in itsourcecode Student Information Management System 1.0. Affected by this vulnerability is an unknown functionality of the file view.php. The manipulation of the argument studentId leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-266293 was assigned to this vulnerability.
CVE-2024-12695 1 Google 1 Chrome 2025-02-11 8.8 High
Out of bounds write in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVE-2024-12694 1 Google 1 Chrome 2025-02-11 8.8 High
Use after free in Compositing in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-12692 1 Google 1 Chrome 2025-02-11 8.8 High
Type Confusion in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-5384 1 Oretnom23 1 Facebook News Feed Like 2025-02-11 7.3 High
A vulnerability classified as critical was found in SourceCodester Facebook News Feed Like 1.0. This vulnerability affects unknown code of the file index.php. The manipulation of the argument page leads to sql injection. The attack can be initiated remotely. VDB-266302 is the identifier assigned to this vulnerability.
CVE-2024-5516 1 Adonesevangelista 1 Online Blood Bank Management System 2025-02-11 6.3 Medium
A vulnerability was found in itsourcecode Online Blood Bank Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file massage.php. The manipulation of the argument bid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-266587.
CVE-2024-5517 1 Adonesevangelista 1 Online Blood Bank Management System 2025-02-11 7.3 High
A vulnerability was found in itsourcecode Online Blood Bank Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file changepwd.php. The manipulation of the argument useremail leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-266588.
CVE-2024-5518 1 Emiloimagtolis 1 Online Discussion Forum 2025-02-11 6.3 Medium
A vulnerability classified as critical has been found in itsourcecode Online Discussion Forum 1.0. This affects an unknown part of the file change_profile_picture.php. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-266589 was assigned to this vulnerability.
CVE-2024-5519 1 Itsourcecode 1 Learning Management System 2025-02-11 7.3 High
A vulnerability classified as critical was found in ItsourceCode Learning Management System Project In PHP 1.0. This vulnerability affects unknown code of the file login.php. The manipulation of the argument user_email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-266590 is the identifier assigned to this vulnerability.
CVE-2024-5588 1 Itsourcecode 1 Learning Management System 2025-02-11 6.3 Medium
A vulnerability was found in itsourcecode Learning Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file processscore.php. The manipulation of the argument LessonID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-266839.