Export limit exceeded: 336386 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (336386 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-11611 | 3 Codeastro, Simple Inventory System Project, Sourcecodester | 3 Simple Inventory System, Simple Inventory System, Simple Inventory System | 2025-10-21 | 6.3 Medium |
| A weakness has been identified in SourceCodester Simple Inventory System 1.0. Impacted is an unknown function of the file /user.php. This manipulation of the argument uemail causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited. | ||||
| CVE-2025-31969 | 1 Hcltech | 1 Unica | 2025-10-21 | 4 Medium |
| HCL Unica Platform is impacted by misconfigured Content Security Policy (CSP). These can result in malicious resources getting loaded and browsers may come across certain types of attacks, such as cross-site scripting and clickjacking. | ||||
| CVE-2025-52614 | 1 Hcltech | 1 Unica | 2025-10-21 | 3.5 Low |
| HCL Unica Platform is affected by a Cookie without HTTPOnly Flag Set vulnerability. A malicious agent may be able to induce this event by feeding a user suitable links, either directly or via another web site. | ||||
| CVE-2025-31992 | 1 Hcltech | 1 Maxai Assistant | 2025-10-21 | 4.6 Medium |
| HCL Unica MaxAI Assistant is susceptible to a HTML injection vulnerability. An attacker could insert special characters that are processed client-side in the context of the user's session. | ||||
| CVE-2025-52615 | 1 Hcltech | 1 Unica | 2025-10-21 | 3.5 Low |
| HCL Unica Platform is impacted by misconfigured security related HTTP headers. This can lead to less secure browser default treatment for the policies controlled by these headers. | ||||
| CVE-2025-31994 | 1 Hcltech | 1 Unica | 2025-10-21 | 4.3 Medium |
| HCL Unica Campaign 12.1.10 is vulnerable to Reflected Cross-Site Scripting (XSS) where an attacker injects malicious script into an HTTP request, which is then reflected unsafely in the server's immediate response to the victim's browser, executing the script as if it originated from the trusted website. | ||||
| CVE-2025-11655 | 1 Totaljs | 1 Flow | 2025-10-21 | 4.7 Medium |
| A security flaw has been discovered in Total.js Flow up to 673ef9144dd25d4f4fd4fdfda5af27f230198924. The impacted element is an unknown function of the component SVG File Handler. Performing manipulation results in unrestricted upload. The attack can be initiated remotely. The exploit has been released to the public and may be exploited. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-9265 | 1 Kiloview | 1 Ndi N30 | 2025-10-21 | N/A |
| A broken authorization vulnerability in Kiloview NDI N30 allows a remote unauthenticated attacker to deactivate user verification, giving them access to state changing actions that should only be initiated by administratorsThis issue affects Kiloview NDI N30 and was fixed in Firmware version later than 2.02.0246 | ||||
| CVE-2025-8915 | 1 Kiloview | 1 N30 | 2025-10-21 | N/A |
| Hardcoded TLS private key and certificate in firmware in Kiloview N30 2.02.246 allows malicious adversary to do a Mann-in-the-middle attack via the network | ||||
| CVE-2025-31995 | 1 Hcltech | 1 Maxai Workbench | 2025-10-21 | 3.5 Low |
| HCL Unica MaxAI Workbench is vulnerable to improper input validation. This allows attackers to exploit vulnerabilities such as SQL Injection, XSS, or command injection, leading to unauthorized access or data breaches, etc. | ||||
| CVE-2025-0636 | 1 Ericsson | 2 Controller 6610, Ran Compute | 2025-10-21 | 8.4 High |
| EMCLI contains a high severity vulnerability where improper neutralization of special elements used in an OS command could be exploited leading to Arbitrary Code Execution. | ||||
| CVE-2025-11662 | 2 Mayurik, Sourcecodester | 2 Best Salon Management System, Best Salon Management System | 2025-10-21 | 7.3 High |
| A security flaw has been discovered in SourceCodester Best Salon Management System 1.0. Impacted is an unknown function of the file /booking.php. The manipulation of the argument serv_id results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited. | ||||
| CVE-2025-41020 | 1 Sergestec | 1 Exito | 2025-10-21 | 7.5 High |
| Insecure direct object reference (IDOR) vulnerability in Sergestec's Exito v8.0. This vulnerability allows an attacker to access data belonging to other customers through the 'id' parameter in '/admin/ticket_a4.php'. | ||||
| CVE-2025-41021 | 1 Sergestec | 1 Exito | 2025-10-21 | 5.4 Medium |
| Stored Cross-Site Scripting (XSS) in Sergestec's Exito v8.0, consisting of a stored XSS due to a lack of proper validation of user input by sending a POST request using the 'obs' parameter in '/admin/index.php?action=product_update'. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal their cookie session details. | ||||
| CVE-2025-9976 | 1 Dassault | 1 Station Launcher App | 2025-10-21 | 9 Critical |
| An OS Command Injection vulnerability affecting Station Launcher App in 3DEXPERIENCE platform from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x could allow an attacker to execute arbitrary code on the user's machine. | ||||
| CVE-2025-11666 | 1 Tenda | 1 Rp3 Pro | 2025-10-21 | 6.7 Medium |
| A flaw has been found in Tenda RP3 Pro up to 22.5.7.93. This impacts an unknown function of the file force_upgrade.sh of the component Firmware Update Handler. Executing manipulation of the argument current_force_upgrade_pwd can lead to use of hard-coded password. The attack can only be executed locally. The exploit has been published and may be used. | ||||
| CVE-2025-11671 | 1 Ebmtech | 1 Uniweb/solipacs Webserver | 2025-10-21 | 5.3 Medium |
| Uniweb/SoliPACS WebServer developed by EBM Technologies has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access a specific page to obtain information such as account names and IP addresses. | ||||
| CVE-2025-11672 | 1 Ebmtech | 1 Uniweb/solipacs Webserver | 2025-10-21 | 5.3 Medium |
| Uniweb/SoliPACS WebServer developed by EBM Technologies has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access a specific page to obtain user group names. | ||||
| CVE-2025-62177 | 1 Wegia | 1 Wegia | 2025-10-21 | 8.8 High |
| WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1, a SQL Injection vulnerability was identified in the /html/funcionario/dependente_listar.php endpoint, specifically in the id_funcionario parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. This vulnerability is fixed in 3.5.1. | ||||
| CVE-2025-62179 | 1 Wegia | 1 Wegia | 2025-10-21 | 8.8 High |
| WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1, a SQL Injection vulnerability was identified in the /html/funcionario/cadastro_funcionario_pessoa_existente.php endpoint, specifically in the cpf parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. This vulnerability is fixed in 3.5.1. | ||||