Search Results (363618 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-3690 1 Phpgurukul 1 Men Salon Management System 2025-04-24 7.3 High
A vulnerability was found in PHPGurukul Men Salon Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/edit-services.php. The manipulation of the argument cost leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-3684 1 Xianqi 1 Kindergarten Management System 2025-04-24 6.3 Medium
A vulnerability was found in Xianqi Kindergarten Management System 2.0 Bulid 20190808. It has been rated as critical. This issue affects some unknown processing of the file stu_list.php of the component Child Management. The manipulation of the argument sex leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
CVE-2024-55238 1 Open-metadata 1 Openmetadata 2025-04-24 7.1 High
OpenMetadata <=1.4.1 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the WorkflowDAO interface. The workflowtype and status parameters can be used to build a SQL query.
CVE-2025-46381 2025-04-24 N/A
Not used
CVE-2025-46380 2025-04-24 N/A
Not used
CVE-2025-46379 2025-04-24 N/A
Not used
CVE-2025-46378 2025-04-24 N/A
Not used
CVE-2025-46377 2025-04-24 N/A
Not used
CVE-2025-46376 2025-04-24 N/A
Not used
CVE-2025-46375 2025-04-24 N/A
Not used
CVE-2025-46374 2025-04-24 N/A
Not used
CVE-2025-3378 1 Pcman 1 Ftp Server 2025-04-23 7.3 High
A vulnerability classified as critical has been found in PCMan FTP Server 2.0.7. Affected is an unknown function of the component EPRT Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-3374 1 Pcman 1 Ftp Server 2025-04-23 7.3 High
A vulnerability was found in PCMan FTP Server 2.0.7 and classified as critical. Affected by this issue is some unknown functionality of the component CCC Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-3162 1 Internlm 1 Lmdeploy 2025-04-23 5.3 Medium
A vulnerability was found in InternLM LMDeploy up to 0.7.1. It has been classified as critical. Affected is the function load_weight_ckpt of the file lmdeploy/lmdeploy/vl/model/utils.py of the component PT File Handler. The manipulation leads to deserialization. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
CVE-2025-2946 1 Pgadmin 1 Pgadmin 4 2025-04-23 9.1 Critical
pgAdmin <= 9.1 is affected by a security vulnerability with Cross-Site Scripting(XSS). If attackers execute any arbitrary HTML/JavaScript in a user's browser through query result rendering, then HTML/JavaScript runs on the browser.
CVE-2021-36471 1 Adminlte.io 1 Adminlte 2025-04-23 9.8 Critical
Directory Traversal vulnerability in AdminLTE 3.1.0 allows remote attackers to gain escalated privilege and view sensitive information via /admin/index2.html, /admin/index3.html URIs. Note: AdminLTE developers dispute that this a weakness with AdminLTE and is instead a misconfiguration error on various websites by the website developers.
CVE-2024-57672 1 Projectfloodlight 1 Floodlight 2025-04-23 5.5 Medium
An issue in floodlight v1.2 allows a local attacker to cause a denial of service via the Topology Manager module, Topologylnstance module, Routing module.
CVE-2024-57673 1 Projectfloodlight 1 Floodlight 2025-04-23 5.5 Medium
An issue in floodlight v1.2 allows a local attacker to cause a denial of service via the Topology Manager module and Linkdiscovery module
CVE-2025-0881 1 Codezips 1 Gym Management System 2025-04-23 6.3 Medium
A vulnerability was found in Codezips Gym Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /dashboard/admin/saveroutine.php. The manipulation of the argument rname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-57369 1 Typecho 1 Typecho 2025-04-23 6.4 Medium
Clickjacking vulnerability in typecho v1.2.1.