Total
295747 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-5709 | 2025-06-06 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability classified as critical was found in code-projects Real Estate Property Management System 1.0. This vulnerability affects unknown code of the file /Admin/InsertCategory.php. The manipulation of the argument txtCategoryName leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-48906 | 2025-06-06 | N/A | 8.8 HIGH | ||
| Authentication bypass vulnerability in the DSoftBus module Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-48783 | 2025-06-06 | N/A | N/A | ||
| An external control of file name or path vulnerability in the delete file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to delete partial files by specifying arbitrary file paths. | |||||
| CVE-2025-5704 | 2025-06-06 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability was found in code-projects Real Estate Property Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /Admin/User.php. The manipulation of the argument txtUserName leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-48784 | 2025-06-06 | N/A | N/A | ||
| A missing authorization vulnerability in Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to modify system settings without prior authorization. | |||||
| CVE-2025-5536 | 2025-06-06 | N/A | 6.4 MEDIUM | ||
| The Freemind Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'freemind' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-48782 | 2025-06-06 | N/A | N/A | ||
| An unrestricted upload of file with dangerous type vulnerability in the upload file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to execute arbitrary system commands via a malicious file. | |||||
| CVE-2025-5722 | 2025-06-06 | 3.3 LOW | 2.4 LOW | ||
| A vulnerability has been found in SourceCodester Student Result Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /script/academic/terms of the component Add Academic Term. The manipulation of the argument Academic Term leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5728 | 2025-06-06 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability classified as critical was found in SourceCodester Open Source Clinic Management System 1.0. This vulnerability affects unknown code of the file /manage_website.php. The manipulation of the argument website_image leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5696 | 2025-06-06 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability classified as critical was found in Brilliance Golden Link Secondary System up to 20250424. This vulnerability affects unknown code of the file /storagework/rentChangeCheckInfoPage.htm. The manipulation of the argument clientname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5719 | 2025-06-06 | N/A | N/A | ||
| The wallet has an authentication bypass vulnerability that allows access to specific pages. | |||||
| CVE-2025-5705 | 2025-06-06 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability was found in code-projects Real Estate Property Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /Admin/Property.php. The manipulation of the argument cmbCat leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-48133 | 2025-06-06 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Uncanny Owl Uncanny Automator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Automator: from n/a through 6.4.0.2. | |||||
| CVE-2025-5533 | 2025-06-06 | N/A | 6.4 MEDIUM | ||
| The Knowledge Base plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'kbalert' shortcode in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-56343 | 2025-06-06 | N/A | 4.3 MEDIUM | ||
| IBM Verify Identity Access Digital Credentials 24.06 could allow an authenticated user to crash the service with a specially crafted POST request. | |||||
| CVE-2025-5711 | 2025-06-06 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability, which was classified as critical, was found in code-projects Real Estate Property Management System 1.0. Affected is an unknown function of the file /Admin/InsertCity.php. The manipulation of the argument cmbState leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-22330 | 2025-06-06 | N/A | 5.9 MEDIUM | ||
| IBM Security Verify Governance 10.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | |||||
| CVE-2025-48910 | 2025-06-06 | N/A | 5.5 MEDIUM | ||
| Buffer overflow vulnerability in the DFile module Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-48905 | 2025-06-06 | N/A | 8.1 HIGH | ||
| Wasm exception capture vulnerability in the arkweb v8 module Impact: Successful exploitation of this vulnerability may cause the failure to capture specific Wasm exception types. | |||||
| CVE-2025-5732 | 2025-06-06 | 5.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability, which was classified as problematic, was found in code-projects Traffic Offense Reporting System 1.0. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||