Export limit exceeded: 334518 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (334518 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-23044 | 1 Pwndoc Project | 1 Pwndoc | 2025-05-07 | 6.8 Medium |
| PwnDoc is a penetration test report generator. There is no CSRF protection in pwndoc, allowing attackers to send requests on a logged-in user's behalf. This includes GET and POST requests due to the missing SameSite= attribute on cookies and the ability to refresh cookies. Commit 14acb704891245bf1703ce6296d62112e85aa995 patches the issue. | ||||
| CVE-2022-27623 | 1 Synology | 1 Diskstation Manager | 2025-05-07 | 7.4 High |
| Missing authentication for critical function vulnerability in iSCSI management functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote attackers to read or write arbitrary files via unspecified vectors. | ||||
| CVE-2024-12773 | 1 Pulseextensions | 1 Altra Side Menu | 2025-05-07 | 7.2 High |
| The Altra Side Menu WordPress plugin through 2.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks | ||||
| CVE-2025-3971 | 1 Phpgurukul | 1 Covid19 Testing Management System | 2025-05-07 | 7.3 High |
| A vulnerability classified as critical was found in PHPGurukul COVID19 Testing Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /add-phlebotomist.php. The manipulation of the argument empid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-27622 | 1 Synology | 1 Diskstation Manager | 2025-05-07 | 4.1 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Package Center functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote authenticated users to access intranet resources via unspecified vectors. | ||||
| CVE-2025-3972 | 1 Phpgurukul | 1 Covid19 Testing Management System | 2025-05-07 | 7.3 High |
| A vulnerability, which was classified as critical, has been found in PHPGurukul COVID19 Testing Management System 1.0. Affected by this issue is some unknown functionality of the file /bwdates-report-result.php. The manipulation of the argument todate leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | ||||
| CVE-2025-3973 | 1 Phpgurukul | 1 Covid19 Testing Management System | 2025-05-07 | 7.3 High |
| A vulnerability, which was classified as critical, was found in PHPGurukul COVID19 Testing Management System 1.0. This affects an unknown part of the file /check_availability.php. The manipulation of the argument mobnumber leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | ||||
| CVE-2025-3974 | 1 Phpgurukul | 1 Covid19 Testing Management System | 2025-05-07 | 7.3 High |
| A vulnerability has been found in PHPGurukul COVID19 Testing Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /edit-phlebotomist.php?pid=11. The manipulation of the argument mobilenumber leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | ||||
| CVE-2024-13115 | 1 Phptechie | 1 Wp Projects Portfolio With Client Testimonials | 2025-05-07 | 6.1 Medium |
| The WP Projects Portfolio with Client Testimonials WordPress plugin through 3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | ||||
| CVE-2024-13114 | 1 Phptechie | 1 Wp Projects Portfolio With Client Testimonials | 2025-05-07 | 6.1 Medium |
| The WP Projects Portfolio with Client Testimonials WordPress plugin through 3.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2025-3976 | 1 Phpgurukul | 1 Covid19 Testing Management System | 2025-05-07 | 7.3 High |
| A vulnerability was found in PHPGurukul COVID19 Testing Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /new-user-testing.php. The manipulation of the argument mobilenumber leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | ||||
| CVE-2024-13099 | 1 Apidaze | 1 Widget4call | 2025-05-07 | 5.4 Medium |
| The Widget4Call WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2025-3987 | 1 Totolink | 2 N150rt, N150rt Firmware | 2025-05-07 | 6.3 Medium |
| A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been rated as critical. This issue affects some unknown processing of the file /boafrm/formWsc. The manipulation of the argument localPin leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3988 | 1 Totolink | 2 N150rt, N150rt Firmware | 2025-05-07 | 8.8 High |
| A vulnerability classified as critical has been found in TOTOLINK N150RT 3.4.0-B20190525. Affected is an unknown function of the file /boafrm/formPortFw. The manipulation of the argument service_type leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-0368 | 1 Karacsi Maci | 1 Banner Garden | 2025-05-07 | 6.1 Medium |
| The Banner Garden Plugin for WordPress plugin through 0.1.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or unauthenticated users. | ||||
| CVE-2022-36182 | 1 Hashicorp | 1 Boundary | 2025-05-07 | 6.1 Medium |
| Hashicorp Boundary v0.8.0 is vulnerable to Clickjacking which allow for the interception of login credentials, re-direction of users to malicious sites, or causing users to perform malicious actions on the site. | ||||
| CVE-2024-3059 | 1 Enl Newsletter Plugin Project | 1 Enl-newsletter | 2025-05-07 | 5.7 Medium |
| The ENL Newsletter WordPress plugin through 1.0.1 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete arbitrary Campaigns via a CSRF attack | ||||
| CVE-2024-3060 | 1 Enl Newsletter Plugin Project | 1 Enl-newsletter | 2025-05-07 | 4.5 Medium |
| The ENL Newsletter WordPress plugin through 1.0.1 does not sanitize and escape a parameter before using it in a SQL statement, allowing admin+ to perform SQL injection attacks | ||||
| CVE-2024-3058 | 1 Enl Newsletter Plugin Project | 1 Enl-newsletter | 2025-05-07 | 5.4 Medium |
| The ENL Newsletter WordPress plugin through 1.0.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | ||||
| CVE-2024-34433 | 1 Ocdi | 1 One Click Demo Import | 2025-05-07 | 4.4 Medium |
| Deserialization of Untrusted Data vulnerability in OCDI One Click Demo Import.This issue affects One Click Demo Import: from n/a through 3.2.0. | ||||