Search
Search Results (363618 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-3690 | 1 Phpgurukul | 1 Men Salon Management System | 2025-04-24 | 7.3 High |
| A vulnerability was found in PHPGurukul Men Salon Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/edit-services.php. The manipulation of the argument cost leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3684 | 1 Xianqi | 1 Kindergarten Management System | 2025-04-24 | 6.3 Medium |
| A vulnerability was found in Xianqi Kindergarten Management System 2.0 Bulid 20190808. It has been rated as critical. This issue affects some unknown processing of the file stu_list.php of the component Child Management. The manipulation of the argument sex leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | ||||
| CVE-2024-55238 | 1 Open-metadata | 1 Openmetadata | 2025-04-24 | 7.1 High |
| OpenMetadata <=1.4.1 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the WorkflowDAO interface. The workflowtype and status parameters can be used to build a SQL query. | ||||
| CVE-2025-46381 | 2025-04-24 | N/A | ||
| Not used | ||||
| CVE-2025-46380 | 2025-04-24 | N/A | ||
| Not used | ||||
| CVE-2025-46379 | 2025-04-24 | N/A | ||
| Not used | ||||
| CVE-2025-46378 | 2025-04-24 | N/A | ||
| Not used | ||||
| CVE-2025-46377 | 2025-04-24 | N/A | ||
| Not used | ||||
| CVE-2025-46376 | 2025-04-24 | N/A | ||
| Not used | ||||
| CVE-2025-46375 | 2025-04-24 | N/A | ||
| Not used | ||||
| CVE-2025-46374 | 2025-04-24 | N/A | ||
| Not used | ||||
| CVE-2025-3378 | 1 Pcman | 1 Ftp Server | 2025-04-23 | 7.3 High |
| A vulnerability classified as critical has been found in PCMan FTP Server 2.0.7. Affected is an unknown function of the component EPRT Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3374 | 1 Pcman | 1 Ftp Server | 2025-04-23 | 7.3 High |
| A vulnerability was found in PCMan FTP Server 2.0.7 and classified as critical. Affected by this issue is some unknown functionality of the component CCC Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3162 | 1 Internlm | 1 Lmdeploy | 2025-04-23 | 5.3 Medium |
| A vulnerability was found in InternLM LMDeploy up to 0.7.1. It has been classified as critical. Affected is the function load_weight_ckpt of the file lmdeploy/lmdeploy/vl/model/utils.py of the component PT File Handler. The manipulation leads to deserialization. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-2946 | 1 Pgadmin | 1 Pgadmin 4 | 2025-04-23 | 9.1 Critical |
| pgAdmin <= 9.1 is affected by a security vulnerability with Cross-Site Scripting(XSS). If attackers execute any arbitrary HTML/JavaScript in a user's browser through query result rendering, then HTML/JavaScript runs on the browser. | ||||
| CVE-2021-36471 | 1 Adminlte.io | 1 Adminlte | 2025-04-23 | 9.8 Critical |
| Directory Traversal vulnerability in AdminLTE 3.1.0 allows remote attackers to gain escalated privilege and view sensitive information via /admin/index2.html, /admin/index3.html URIs. Note: AdminLTE developers dispute that this a weakness with AdminLTE and is instead a misconfiguration error on various websites by the website developers. | ||||
| CVE-2024-57672 | 1 Projectfloodlight | 1 Floodlight | 2025-04-23 | 5.5 Medium |
| An issue in floodlight v1.2 allows a local attacker to cause a denial of service via the Topology Manager module, Topologylnstance module, Routing module. | ||||
| CVE-2024-57673 | 1 Projectfloodlight | 1 Floodlight | 2025-04-23 | 5.5 Medium |
| An issue in floodlight v1.2 allows a local attacker to cause a denial of service via the Topology Manager module and Linkdiscovery module | ||||
| CVE-2025-0881 | 1 Codezips | 1 Gym Management System | 2025-04-23 | 6.3 Medium |
| A vulnerability was found in Codezips Gym Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /dashboard/admin/saveroutine.php. The manipulation of the argument rname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-57369 | 1 Typecho | 1 Typecho | 2025-04-23 | 6.4 Medium |
| Clickjacking vulnerability in typecho v1.2.1. | ||||