Total
291487 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-47215 | 1 Snowplow | 1 Snowbridge | 2025-04-23 | N/A | 7.5 HIGH |
| An issue was discovered in Snowbridge setups sending data to Google Tag Manager Server Side. It involves attaching an invalid GTM SS preview header to events, causing them to be retried indefinitely. As a result, the performance of forwarding events to GTM SS overall can be affected (latency, throughput). | |||||
| CVE-2025-3245 | 1 Angeljudesuarez | 1 Library Management System | 2025-04-23 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in itsourcecode Library Management System 1.0. It has been rated as critical. Affected by this issue is the function Search of the file library_management/src/Library_Management/Forgot.java. The manipulation of the argument txtuname leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-3252 | 1 Xujiangfei | 1 Admintwo | 2025-04-23 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability has been found in xujiangfei admintwo 1.0 and classified as problematic. This vulnerability affects unknown code of the file /resource/add. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-37858 | 1 Oretnom23 | 1 Lost And Found Information System | 2025-04-23 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the id parameter to php-lfis/admin/categories/manage_category.php. | |||||
| CVE-2024-37859 | 1 Oretnom23 | 1 Lost And Found Information System | 2025-04-23 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the page parameter to php-lfis/admin/index.php. | |||||
| CVE-2025-3253 | 1 Xujiangfei | 1 Admintwo | 2025-04-23 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in xujiangfei admintwo 1.0 and classified as problematic. This issue affects some unknown processing of the file /ztree/insertTree. The manipulation of the argument Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-37857 | 1 Oretnom23 | 1 Lost And Found Information System | 2025-04-23 | N/A | 8.8 HIGH |
| SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via id parameter to php-lfis/admin/categories/view_category.php. | |||||
| CVE-2024-24050 | 1 Remyandrade | 1 Workout Journal App | 2025-04-23 | N/A | 4.7 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Sourcecodester Workout Journal App 1.0 allows attackers to run arbitrary code via parameters firstname and lastname in /add-user.php. | |||||
| CVE-2023-51302 | 1 Phpjabbers | 1 Hotel Booking System | 2025-04-23 | N/A | 8.8 HIGH |
| PHPJabbers Hotel Booking System v4.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used to construct CSV file. | |||||
| CVE-2024-40110 | 1 Nikhil-bhalerao | 1 Poultry Farm Management System | 2025-04-23 | N/A | 9.8 CRITICAL |
| Sourcecodester Poultry Farm Management System v1.0 contains an Unauthenticated Remote Code Execution (RCE) vulnerability via the productimage parameter at /farm/product.php. | |||||
| CVE-2023-51303 | 1 Phpjabbers | 1 Event Ticketing System | 2025-04-23 | N/A | 6.1 MEDIUM |
| PHPJabbers Event Ticketing System v1.0 is vulnerable to Multiple HTML Injection in the "lid, name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key, title" parameters. | |||||
| CVE-2024-40402 | 1 Nikhil-bhalerao | 1 Simple Library Management System | 2025-04-23 | N/A | 6.3 MEDIUM |
| A SQL injection vulnerability was found in 'ajax.php' of Sourcecodester Simple Library Management System 1.0. This vulnerability stems from insufficient user input validation of the 'username' parameter, allowing attackers to inject malicious SQL queries. | |||||
| CVE-2025-43951 | 2025-04-23 | N/A | 9.8 CRITICAL | ||
| LabVantage before LV 8.8.0.13 HF6 allows local file inclusion. Authenticated users can retrieve arbitrary files from the environment via the objectname request parameter. | |||||
| CVE-2025-43950 | 2025-04-23 | N/A | 7.8 HIGH | ||
| DPMAdirektPro 4.1.5 is vulnerable to DLL Hijacking. It happens by placing a malicious DLL in a directory (in the absence of a legitimate DLL), which is then loaded by the application instead of the legitimate DLL. This causes the malicious DLL to load with the same privileges as the application, thus causing a privilege escalation. | |||||
| CVE-2025-43949 | 2025-04-23 | N/A | 9.8 CRITICAL | ||
| MuM (aka Mensch und Maschine) MapEdit (aka mapedit-web) 24.2.3 is vulnerable to SQL Injection that allows an attacker to execute malicious SQL statements that control a web application's database server. | |||||
| CVE-2025-37087 | 2025-04-23 | N/A | 9.8 CRITICAL | ||
| A vulnerability in the cmdb service of the HPE Performance Cluster Manager (HPCM) could allow an attacker to gain access to an arbitrary file on the server host. | |||||
| CVE-2025-29339 | 2025-04-23 | N/A | 7.5 HIGH | ||
| An issue in UPF in Open5GS UPF versions up to v2.7.2 results an assertion failure vulnerability in PFCP session parameter validation. When processing a PFCP Session Establishment Request with PDN Type=0, the UPF fails to handle the invalid value propagated from SMF (or via direct attack), triggering a fatal assertion check and causing a daemon crash. | |||||
| CVE-2025-28030 | 2025-04-23 | N/A | 8.8 HIGH | ||
| TOTOLINK A810R V4.1.2cu.5182_B20201026 was discovered to contain a stack overflow via the startTime and endTime parameters in setParentalRules function. | |||||
| CVE-2025-28026 | 2025-04-23 | N/A | 7.3 HIGH | ||
| TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a buffer overflow vulnerability in downloadFile.cgi. | |||||
| CVE-2025-28024 | 2025-04-23 | N/A | 9.8 CRITICAL | ||
| TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in the cstecgi.cgi | |||||