Total
3759 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-5630 | 1 Php | 1 Pear | 2025-04-20 | 7.5 High |
| PECL in the download utility class in the Installer in PEAR Base System v1.10.1 does not validate file types and filenames after a redirect, which allows remote HTTP servers to overwrite files via crafted responses, as demonstrated by a .htaccess overwrite. | ||||
| CVE-2017-5585 | 1 Opentext | 1 Documentum Content Server | 2025-04-20 | N/A |
| OpenText Documentum Content Server (formerly EMC Documentum Content Server) 7.3, when PostgreSQL Database is used and return_top_results_row_based config option is false, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and execute arbitrary DML or DDL commands via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2520. | ||||
| CVE-2016-10131 | 1 Codeigniter | 1 Codeigniter | 2025-04-20 | N/A |
| system/libraries/Email.php in CodeIgniter before 3.1.3 allows remote attackers to execute arbitrary code by leveraging control over the email->from field to insert sendmail command-line arguments. | ||||
| CVE-2015-8258 | 1 Axis | 1 Axis Communications Firmware | 2025-04-20 | N/A |
| AXIS Communications products with firmware through 5.80.x allow remote attackers to modify arbitrary files as root via vectors involving Open Script Editor, aka a "resource injection vulnerability." | ||||
| CVE-2016-4010 | 1 Magento | 1 Magento | 2025-04-20 | N/A |
| Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP objection injection attacks and execute arbitrary PHP code via crafted serialized shopping cart data. | ||||
| CVE-2024-34448 | 1 Ghost | 1 Ghost | 2025-04-18 | 8.8 High |
| Ghost before 5.82.0 allows CSV Injection during a member CSV export. | ||||
| CVE-2025-0950 | 1 Angeljudesuarez | 1 Tailoring Management System | 2025-04-18 | 6.3 Medium |
| A vulnerability was found in itsourcecode Tailoring Management System 1.0 and classified as critical. This issue affects some unknown processing of the file staffview.php. The manipulation of the argument staffid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-46986 | 1 Tuzitio | 1 Camaleon Cms | 2025-04-17 | 10 Critical |
| Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on (depending on the permissions of the underlying filesystem). E.g. This can lead to a delayed remote code execution in case an attacker is able to write a Ruby file into the config/initializers/ subfolder of the Ruby on Rails application. This issue has been addressed in release version 2.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2022-42544 | 1 Google | 1 Android | 2025-04-17 | 7.8 High |
| In getView of AddAppNetworksFragment.java, there is a possible way to mislead the user about network add requests due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224545390 | ||||
| CVE-2024-12936 | 1 Code-projects | 1 Simple Admin Panel | 2025-04-17 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in code-projects Simple Admin Panel 1.0. This issue affects some unknown processing of the file catDeleteController.php. The manipulation of the argument record leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-12946 | 1 1000projects | 1 Attendance Tracking Management System | 2025-04-17 | 7.3 High |
| A vulnerability, which was classified as critical, has been found in 1000 Projects Attendance Tracking Management System 1.0. This issue affects some unknown processing of the file /admin/admin_action.php. The manipulation of the argument admin_user_name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-12927 | 1 1000projects | 1 Attendance Tracking Management System | 2025-04-17 | 7.3 High |
| A vulnerability, which was classified as critical, has been found in 1000 Projects Attendance Tracking Management System 1.0. Affected by this issue is some unknown functionality of the file /faculty/check_faculty_login.php. The manipulation of the argument faculty_emailid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-12935 | 1 Code-projects | 1 Simple Admin Panel | 2025-04-17 | 6.3 Medium |
| A vulnerability classified as critical was found in code-projects Simple Admin Panel 1.0. This vulnerability affects unknown code of the file editItemForm.php. The manipulation of the argument record leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2021-38395 | 1 Honeywell | 8 Application Control Environment, Application Control Environment Firmware, C200 and 5 more | 2025-04-16 | 9.1 Critical |
| Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of special elements in output, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition. | ||||
| CVE-2025-0843 | 1 Needyamin | 1 Library Card System | 2025-04-16 | 7.3 High |
| A vulnerability was found in needyamin Library Card System 1.0. It has been classified as critical. Affected is an unknown function of the file admindashboard.php of the component Admin Panel. The manipulation of the argument email/password leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3186 | 1 Projectworlds | 1 Online Doctor Appointment Booking System Php And Mysql | 2025-04-15 | 7.3 High |
| A vulnerability was found in projectworlds Online Doctor Appointment Booking System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /patient/invoice.php. The manipulation of the argument appid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3195 | 1 Adonesevangelista | 1 Online Blood Bank Management System | 2025-04-15 | 7.3 High |
| A vulnerability, which was classified as critical, has been found in itsourcecode Online Blood Bank Management System 1.0. This issue affects some unknown processing of the file /bbms.php. The manipulation of the argument Search leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3204 | 1 Codeastro | 1 Car Rental System | 2025-04-15 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in CodeAstro Car Rental System 1.0. Affected by this issue is some unknown functionality of the file /returncar.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3534 | 2025-04-15 | 6.3 Medium | ||
| A vulnerability, which was classified as critical, was found in PowerCreator CMS 1.0. Affected is an unknown function of the file /OpenPublicCourse.aspx. The manipulation of the argument cid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-3540 | 2025-04-15 | 8 High | ||
| A vulnerability classified as critical was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400 and Magic R3010 up to V100R014. Affected by this vulnerability is the function FCGI_WizardProtoProcess of the file /api/wizard/getCapability of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. | ||||