Total
291487 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-12951 | 1 1000projects | 1 Portfolio Management System Mca | 2025-04-22 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical has been found in 1000 Projects Portfolio Management System MCA 1.0. Affected is an unknown function of the file /add_personal_details.php. The manipulation of the argument profile leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-56921 | 1 Open5gs | 1 Open5gs | 2025-04-22 | N/A | 7.5 HIGH |
| An issue was discovered in Open5gs v2.7.2. InitialUEMessage, Registration request sent at a specific time can crash AMF due to incorrect error handling of gmm_state_exception() function upon receipt of the Nausf_UEAuthentication_Authenticate response. | |||||
| CVE-2024-2145 | 1 Oretnom23 | 1 Online Mobile Store Management System | 2025-04-22 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in SourceCodester Online Mobile Management Store 1.0. It has been classified as problematic. Affected is an unknown function of the file /endpoint/update-tracker.php. The manipulation of the argument firstname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-255498 is the identifier assigned to this vulnerability. | |||||
| CVE-2024-50608 | 1 Treasuredata | 1 Fluent Bit | 2025-04-22 | N/A | 7.5 HIGH |
| An issue was discovered in Fluent Bit 3.1.9. When the Prometheus Remote Write input plugin is running and listening on an IP address and port, one can send a packet with Content-Length: 0 and it crashes the server. Improper handling of the case when Content-Length is 0 allows a user (with access to the endpoint) to perform a remote Denial of service attack. The crash happens because of a NULL pointer dereference when 0 (from the Content-Length) is passed to the function cfl_sds_len, which in turn tries to cast a NULL pointer into struct cfl_sds. This is related to process_payload_metrics_ng() at prom_rw_prot.c. | |||||
| CVE-2021-45003 | 1 Nikhil-bhalerao | 1 Laundry Booking Management System | 2025-04-22 | 7.5 HIGH | 9.8 CRITICAL |
| Laundry Booking Management System 1.0 (Latest) and previous versions are affected by a remote code execution (RCE) vulnerability in profile.php through the "image" parameter that can execute a webshell payload. | |||||
| CVE-2023-3145 | 1 Razormist | 1 Online Discussion Forum Site | 2025-04-22 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, has been found in SourceCodester Online Discussion Forum Site 1.0. Affected by this issue is some unknown functionality of the file classes\Users.php?f=registration. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-231014 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-31295 | 1 Razormist | 1 Online Discussion Forum Site | 2025-04-22 | 5.0 MEDIUM | 7.5 HIGH |
| An issue in the delete_post() function of Online Discussion Forum Site 1 allows unauthenticated attackers to arbitrarily delete posts. | |||||
| CVE-2022-27333 | 1 Idccms | 1 Idccms | 2025-04-22 | 5.0 MEDIUM | 7.5 HIGH |
| idcCMS v1.10 was discovered to contain an issue which allows attackers to arbitrarily delete the install.lock file, resulting in a reset of the CMS settings and data. | |||||
| CVE-2022-31913 | 1 Razormist | 1 Online Discussion Forum Site | 2025-04-22 | 3.5 LOW | 4.8 MEDIUM |
| Online Discussion Forum Site v1.0 is vulnerable to Cross Site Scripting (XSS) via /odfs/classes/Master.php?f=save_category, name. | |||||
| CVE-2022-31911 | 1 Razormist | 1 Online Discussion Forum Site | 2025-04-22 | 6.5 MEDIUM | 7.2 HIGH |
| Online Discussion Forum Site v1.0 is vulnerable to SQL Injection via /odfs/classes/Master.php?f=delete_team. | |||||
| CVE-2023-3146 | 1 Razormist | 1 Online Discussion Forum Site | 2025-04-22 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, was found in SourceCodester Online Discussion Forum Site 1.0. This affects an unknown part of the file admin\categories\manage_category.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231015. | |||||
| CVE-2023-3147 | 1 Razormist | 1 Online Discussion Forum Site | 2025-04-22 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability has been found in SourceCodester Online Discussion Forum Site 1.0 and classified as critical. This vulnerability affects unknown code of the file admin\categories\view_category.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231016. | |||||
| CVE-2023-3143 | 1 Razormist | 1 Online Discussion Forum Site | 2025-04-22 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability classified as problematic has been found in SourceCodester Online Discussion Forum Site 1.0. Affected is an unknown function of the file admin\posts\manage_post.php. The manipulation of the argument content leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231012. | |||||
| CVE-2013-4809 | 1 Hp | 2 Identity Driven Manager, Procurve Manager | 2025-04-22 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in GetEventsServlet in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter. | |||||
| CVE-2023-3007 | 1 Kabir-m-alhasan | 1 Student Management System | 2025-04-22 | 6.4 MEDIUM | 6.5 MEDIUM |
| A vulnerability was found in ningzichun Student Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file resetPassword.php of the component Password Reset Handler. The manipulation of the argument sid leads to weak password recovery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-230354 is the identifier assigned to this vulnerability. | |||||
| CVE-2021-33371 | 1 Kabir-m-alhasan | 1 Student Management System | 2025-04-22 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in /nav_bar_action.php of Student Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Chat box. | |||||
| CVE-2013-4813 | 1 Hp | 2 Identity Driven Manager, Procurve Manager | 2025-04-22 | 10.0 HIGH | N/A |
| The Agent (aka AgentController) servlet in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 allows remote attackers to execute arbitrary commands via a HEAD request, aka ZDI-CAN-1745. | |||||
| CVE-2022-29309 | 1 Wangl1989 | 1 Mysiteforme | 2025-04-22 | 5.0 MEDIUM | 7.5 HIGH |
| mysiteforme v2.2.1 was discovered to contain a Server-Side Request Forgery. | |||||
| CVE-2022-31294 | 1 Razormist | 1 Online Discussion Forum Site | 2025-04-22 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue in the save_users() function of Online Discussion Forum Site 1 allows unauthenticated attackers to arbitrarily create or update user accounts. | |||||
| CVE-2023-3008 | 1 Kabir-m-alhasan | 1 Student Management System | 2025-04-22 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability classified as critical has been found in ningzichun Student Management System 1.0. This affects an unknown part of the file login.php. The manipulation of the argument user/pass leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230355. | |||||