Vulnerabilities (CVE)

Total 296466 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-3931 1 Totara 1 Totara 2025-06-10 4.0 MEDIUM 3.5 LOW
A vulnerability was found in Totara LMS up to 18.7. It has been rated as problematic. Affected by this issue is some unknown functionality of the file admin/roles/check.php of the component User Selector. The manipulation of the argument ID Number leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 13.46, 14.38, 15.33, 16.27, 17.21 and 18.8 is able to address this issue. It is recommended to upgrade the affected component.
CVE-2025-23102 1 Samsung 18 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 15 more 2025-06-10 N/A 8.8 HIGH
An issue was discovered in Samsung Mobile Processor Exynos 980, 990, 1080, 2100, 1280, 2200, 1380, 1480 and 2400. A Double Free in the mobile processor leads to privilege escalation.
CVE-2024-33118 1 Luckyframe 1 Luckyframeweb 2025-06-10 N/A 7.5 HIGH
LuckyFrameWeb v3.5.2 was discovered to contain an arbitrary read vulnerability via the fileDownload method in class com.luckyframe.project.common.CommonController.
CVE-2024-28725 1 Yzmcms 1 Yzmcms 2025-06-10 N/A 7.1 HIGH
Cross Site Scripting (XSS) vulnerability in YzmCMS 7.0 allows attackers to run arbitrary code via Ads Management, Carousel Management, and System Settings.
CVE-2025-45755 1 Vtiger 1 Vtiger Crm 2025-06-10 N/A 6.1 MEDIUM
A Stored Cross-Site Scripting (XSS) vulnerability exists in Vtiger CRM Open Source Edition v8.3.0, exploitable via the Services Import feature. An attacker can craft a malicious CSV file containing an XSS payload, mapped to the Service Name field. When the file is uploaded, the application improperly sanitizes user input, leading to persistent script execution.
CVE-2025-44040 1 Orangehrm 1 Orangehrm 2025-06-10 N/A 7.2 HIGH
An issue in OrangeHRM v.5.7 allows an attacker to escalate privileges via the UserService.php and the checkFOrOldHash function
CVE-2025-45753 1 Vtiger 1 Vtiger Crm 2025-06-10 N/A 7.2 HIGH
A vulnerability in Vtiger CRM Open Source Edition v8.3.0 allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the ZIP import functionality in the Module Import feature.
CVE-2025-5053 1 Freefloat 1 Ftp Server 2025-06-10 7.5 HIGH 7.3 HIGH
A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. Affected by this issue is some unknown functionality of the component MDIR Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-5119 1 Emlog 1 Emlog 2025-06-10 7.5 HIGH 7.3 HIGH
A vulnerability has been found in Emlog Pro 2.5.11 and classified as critical. This vulnerability affects unknown code of the file /include/controller/api_controller.php. The manipulation of the argument tag leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure and confirmed the existence of the vulnerability.
CVE-2025-5137 1 Dedecms 1 Dedecms 2025-06-10 5.8 MEDIUM 4.7 MEDIUM
A vulnerability was found in DedeCMS 5.7.117. It has been classified as critical. Affected is an unknown function of the file dede/sys_verifies.php?action=getfiles of the component Incomplete Fix CVE-2018-9175. The manipulation of the argument refiles leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-22251 2 Apple, Vmware 3 Macos, Fusion, Workstation 2025-06-10 N/A 5.9 MEDIUM
VMware Workstation and Fusion contain an out-of-bounds read vulnerability in the USB CCID (chip card interface device). A malicious actor with local administrative privileges on a virtual machine may trigger an out-of-bounds read leading to information disclosure.
CVE-2025-5297 1 Razormist 1 Simple Computer Store System 2025-06-10 4.3 MEDIUM 5.3 MEDIUM
A vulnerability, which was classified as critical, has been found in SourceCodester Computer Store System 1.0. This issue affects the function Add of the file main.c. The manipulation of the argument laptopcompany/RAM/Processor leads to stack-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
CVE-2025-5610 1 Codeastro 1 Real Estate Management System 2025-06-10 6.5 MEDIUM 6.3 MEDIUM
A vulnerability, which was classified as critical, has been found in CodeAstro Real Estate Management System 1.0. Affected by this issue is some unknown functionality of the file /submitpropertydelete.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-5611 1 Codeastro 1 Real Estate Management System 2025-06-10 6.5 MEDIUM 6.3 MEDIUM
A vulnerability, which was classified as critical, was found in CodeAstro Real Estate Management System 1.0. This affects an unknown part of the file /submitpropertyupdate.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-5674 1 Fabianros 1 Patient Record Management System 2025-06-10 6.5 MEDIUM 6.3 MEDIUM
A vulnerability was found in code-projects Patient Record Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file urinalysis_form.php. The manipulation of the argument urinalysis_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-5675 1 Campcodes 1 Online Teacher Record Management System 2025-06-10 7.5 HIGH 7.3 HIGH
A vulnerability was found in Campcodes Online Teacher Record Management System 1.0. It has been classified as critical. This affects an unknown part of the file /trms/admin/bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-5676 1 Campcodes 1 Online Recruitment Management System 2025-06-10 7.5 HIGH 7.3 HIGH
A vulnerability was found in Campcodes Online Recruitment Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/ajax.php?action=login. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-5677 1 Campcodes 1 Online Recruitment Management System 2025-06-10 7.5 HIGH 7.3 HIGH
A vulnerability was found in Campcodes Online Recruitment Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/ajax.php?action=save_application. The manipulation of the argument position_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2023-2921 1 Kaizencoders 1 Short Url 2025-06-10 N/A 8.8 HIGH
The Short URL WordPress plugin through 1.6.8 does not properly sanitise and escape a parameter before using it in SQL statement, leading to a SQL injection exploitable by users with relatively low privilege on the site, like subscribers.
CVE-2025-5726 1 Razormist 1 Student Result Management System 2025-06-10 3.3 LOW 2.4 LOW
A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /script/academic/division-system of the component Division System Page. The manipulation of the argument Division leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.