Export limit exceeded: 334525 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 334525 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (334525 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-13289 | 1 1000projects | 2 Design & Development Of Student Database Management System, Design \& Development Of Student Database Management System | 2026-02-24 | 6.3 Medium |
| A vulnerability was detected in 1000projects Design & Development of Student Database Management System 1.0. Affected is an unknown function of the file /TeacherLogin/Academics/SubjectDetails.php. The manipulation of the argument SubCode results in sql injection. The attack may be performed from remote. The exploit is now public and may be used. | ||||
| CVE-2026-25412 | 2 Mdempfle, Wordpress | 2 Advanced Iframe, Wordpress | 2026-02-24 | N/A |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2026-1229 | 2026-02-24 | N/A | ||
| The CombinedMult function in the CIRCL ecc/p384 package (secp384r1 curve) produces an incorrect value for specific inputs. The issue is fixed by using complete addition formulas. ECDH and ECDSA signing relying on this curve are not affected. The bug was fixed in v1.6.3 https://github.com/cloudflare/circl/releases/tag/v1.6.3 . | ||||
| CVE-2025-40541 | 2026-02-24 | 9.1 Critical | ||
| An Insecure Direct Object Reference (IDOR) vulnerability exists in Serv-U, which when exploited, gives a malicious actor the ability to execute native code as a privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default. | ||||
| CVE-2025-40540 | 2026-02-24 | 9.1 Critical | ||
| A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default. | ||||
| CVE-2025-40539 | 2026-02-24 | 9.1 Critical | ||
| A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default. | ||||
| CVE-2025-40538 | 2026-02-24 | 9.1 Critical | ||
| A broken access control vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to create a system admin user and execute arbitrary code as a privileged account via domain admin or group admin privileges. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default. | ||||
| CVE-2025-12338 | 2 Campcodes, Retro Basketball Shoes Online Store Project | 2 Retro Basketball Shoes Online Store, Retro Basketball Shoes Online Store | 2026-02-24 | 7.3 High |
| A weakness has been identified in Campcodes Retro Basketball Shoes Online Store 1.0. This vulnerability affects unknown code of the file /admin/admin_product.ph. Executing a manipulation of the argument pid can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2025-12337 | 2 Campcodes, Retro Basketball Shoes Online Store Project | 2 Retro Basketball Shoes Online Store, Retro Basketball Shoes Online Store | 2026-02-24 | 7.3 High |
| A security flaw has been discovered in Campcodes Retro Basketball Shoes Online Store 1.0. This affects an unknown part of the file /admin/admin_feature.php. Performing a manipulation of the argument pid results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2025-12322 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2026-02-24 | 8.8 High |
| A flaw has been found in Tenda CH22 1.0.0.1. Affected by this issue is the function fromNatStaticSetting of the file /goform/NatStaticSetting. Executing a manipulation of the argument page can lead to buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used. | ||||
| CVE-2025-12315 | 1 Code-projects | 2 Food Ordering System, Simple Food Ordering System | 2026-02-24 | 4.7 Medium |
| A vulnerability was determined in code-projects Food Ordering System 1.0. This affects an unknown function of the file /admin/menu.php. Executing a manipulation of the argument itemPrice can lead to sql injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2025-12314 | 1 Code-projects | 2 Food Ordering System, Simple Food Ordering System | 2026-02-24 | 4.7 Medium |
| A vulnerability was found in code-projects Food Ordering System 1.0. The impacted element is an unknown function of the file /admin/deleteitem.php. Performing a manipulation of the argument itemID results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used. | ||||
| CVE-2025-12303 | 1 Phpgurukul | 1 Curfew E-pass Management System | 2026-02-24 | 2.4 Low |
| A flaw has been found in PHPGurukul Curfew e-Pass Management System 1.0. The impacted element is an unknown function of the file admin-profile.php. Executing a manipulation of the argument adminname/email can lead to cross site scripting. The attack may be launched remotely. The exploit has been published and may be used. | ||||
| CVE-2025-12286 | 1 Veepn | 1 Veepn | 2026-02-24 | 7 High |
| A weakness has been identified in VeePN up to 1.6.2. This affects an unknown function of the file C:\Program Files (x86)\VeePN\avservice\avservice.exe of the component AVService. This manipulation causes unquoted search path. The attack requires local access. A high degree of complexity is needed for the attack. The exploitability is reported as difficult. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-12273 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2026-02-24 | 8.8 High |
| A weakness has been identified in Tenda CH22 1.0.0.1. Affected is the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter. Executing a manipulation of the argument page can lead to buffer overflow. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2025-12272 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2026-02-24 | 8.8 High |
| A security flaw has been discovered in Tenda CH22 1.0.0.1. This impacts the function fromAddressNat of the file /goform/addressNat. Performing a manipulation of the argument page results in buffer overflow. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2025-12265 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2026-02-24 | 8.8 High |
| A weakness has been identified in Tenda CH22 1.0.0.1. Affected by this issue is the function fromVirtualSer of the file /goform/VirtualSer. This manipulation of the argument page causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2025-12261 | 1 Codeastro | 1 Gym Management System | 2026-02-24 | 6.3 Medium |
| A vulnerability was found in CodeAstro Gym Management System 1.0. This affects an unknown function of the file /admin/actions/remove-announcement.php. Performing a manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used. | ||||
| CVE-2025-12236 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2026-02-24 | 8.8 High |
| A vulnerability was determined in Tenda CH22 1.0.0.1. This issue affects the function fromDhcpListClient of the file /goform/DhcpListClient. This manipulation of the argument page causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2025-12233 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2026-02-24 | 8.8 High |
| A flaw has been found in Tenda CH22 1.0.0.1. Affected by this issue is the function fromSafeUrlFilter of the file /goform/SafeUrlFilter. Executing a manipulation of the argument page can lead to buffer overflow. The attack can be launched remotely. The exploit has been published and may be used. | ||||