Export limit exceeded: 12175 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (12175 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-10615 | 2 Angeljudesuarez, Itsourcecode | 2 E-commerce Website, E-commerce Website | 2025-09-20 | 6.3 Medium |
| A vulnerability was identified in itsourcecode E-Commerce Website 1.0. This impacts an unknown function of the file /admin/products.php. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit is publicly available and might be used. | ||||
| CVE-2025-10616 | 2 Angeljudesuarez, Itsourcecode | 2 E-commerce Website, E-commerce Website | 2025-09-20 | 6.3 Medium |
| A security flaw has been discovered in itsourcecode E-Commerce Website 1.0. Affected is an unknown function of the file /admin/users.php. The manipulation results in unrestricted upload. The attack can be launched remotely. The exploit has been released to the public and may be exploited. | ||||
| CVE-2023-48441 | 1 Adobe | 1 Experience Manager | 2025-09-19 | 5.3 Medium |
| Adobe Experience Manager versions 6.5.18 and earlier are affected by an Improper Access Control vulnerability. An attacker could leverage this vulnerability to achieve a low-confidentiality impact within the application. Exploitation of this issue does not require user interaction. | ||||
| CVE-2025-32964 | 1 Miraheze | 1 Managewiki | 2025-09-19 | 4.6 Medium |
| ManageWiki is a MediaWiki extension allowing users to manage wikis. Prior to commit 00bebea, when enabling a conflicting extension, a restricted extension would be automatically disabled even if the user did not hold the ManageWiki-restricted right. This issue has been patched in commit 00bebea. A workaround involves ensuring that any extensions requiring specific permissions in `$wgManageWikiExtensions` also require the same permissions for managing any conflicting extensions. | ||||
| CVE-2025-10607 | 1 Portabilis | 1 I-educar | 2025-09-18 | 4.3 Medium |
| A security vulnerability has been detected in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/Avaliacao/diarioApi. Such manipulation leads to information disclosure. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2025-10608 | 1 Portabilis | 1 I-educar | 2025-09-18 | 6.3 Medium |
| A vulnerability was detected in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /enrollment-history/. Performing manipulation results in improper access controls. The attack is possible to be carried out remotely. The exploit is now public and may be used. | ||||
| CVE-2025-10428 | 2 Mayurik, Sourcecodester | 2 Pet Grooming Management Software, Pet Grooming Management Software | 2025-09-18 | 6.3 Medium |
| A security vulnerability has been detected in SourceCodester Pet Grooming Management Software 1.0. Affected is an unknown function of the file /admin/seo_setting.php of the component Setting Handler. The manipulation of the argument website_image leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2025-10427 | 2 Mayurik, Sourcecodester | 2 Pet Grooming Management Software, Pet Grooming Management Software | 2025-09-18 | 6.3 Medium |
| A weakness has been identified in SourceCodester Pet Grooming Management Software 1.0. This impacts an unknown function of the file /admin/operation/user.php. Executing manipulation of the argument website_image can lead to unrestricted upload. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited. | ||||
| CVE-2025-10425 | 1 1000projects | 1 Online Student Project Report Submission And Evaluation System | 2025-09-18 | 7.3 High |
| A vulnerability was identified in 1000projects Online Student Project Report Submission and Evaluation System 1.0. The impacted element is an unknown function of the file /admin/controller/student_controller.php. Such manipulation of the argument new_image leads to unrestricted upload. The attack may be performed from remote. The exploit is publicly available and might be used. | ||||
| CVE-2025-10424 | 1 1000projects | 1 Online Student Project Report Submission And Evaluation System | 2025-09-18 | 7.3 High |
| A vulnerability was determined in 1000projects Online Student Project Report Submission and Evaluation System 1.0. The affected element is an unknown function of the file /admin/controller/faculty_controller.php. This manipulation of the argument new_image causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2024-25501 | 2 Winmail, Winmail Project | 2 Winmail, Winmail | 2025-09-18 | 8.8 High |
| An issue WinMail v.7.1 and v.5.1 and before allows a remote attacker to execute arbitrary code via a crafted script to the email parameter. | ||||
| CVE-2024-28152 | 1 Jenkins | 1 Bitbucket Branch Source | 2025-09-18 | 6.3 Medium |
| In Jenkins Bitbucket Branch Source Plugin 866.vdea_7dcd3008e and earlier, except 848.850.v6a_a_2a_234a_c81, when discovering pull requests from forks, the trust policy "Forks in the same account" allows changes to Jenkinsfiles from users without write access to the project when using Bitbucket Server. | ||||
| CVE-2024-24386 | 1 Vitalpbx | 1 Vitalpbx | 2025-09-18 | 7.2 High |
| An issue in VitalPBX v.3.2.4-5 allows an attacker to execute arbitrary code via a crafted payload to the /var/lib/vitalpbx/scripts folder. | ||||
| CVE-2024-51525 | 1 Huawei | 1 Harmonyos | 2025-09-18 | 6.2 Medium |
| Permission control vulnerability in the clipboard module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-42039 | 1 Huawei | 2 Emui, Harmonyos | 2025-09-18 | 4.3 Medium |
| Access control vulnerability in the SystemUI module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-42038 | 1 Huawei | 2 Emui, Harmonyos | 2025-09-18 | 8.8 High |
| Vulnerability of PIN enhancement failures in the screen lock module Impact: Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability. | ||||
| CVE-2024-42036 | 1 Huawei | 2 Emui, Harmonyos | 2025-09-18 | 2.5 Low |
| Access permission verification vulnerability in the Notepad module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-42033 | 1 Huawei | 2 Emui, Harmonyos | 2025-09-18 | 6.9 Medium |
| Access control vulnerability in the security verification module mpact: Successful exploitation of this vulnerability will affect integrity and confidentiality. | ||||
| CVE-2024-42032 | 1 Huawei | 2 Emui, Harmonyos | 2025-09-18 | 4.4 Medium |
| Access permission verification vulnerability in the Contacts module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-56405 | 1 Litmus | 1 Mcp Server | 2025-09-17 | 7.5 High |
| An issue was discovered in litmusautomation litmus-mcp-server thru 0.0.1 allowing unauthorized attackers to control the target's MCP service through the SSE protocol. | ||||