VIR Vulnerability Intelligence Relay

Search

Found 34,069 results in 1195ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2025-15078 critical 9.8 9.8 angeljudesuarez 6mo ago A vulnerability was detected in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /list_report.php. The manipulation of the argument sy results in sq…
CVE-2025-15077 critical 9.8 9.8 angeljudesuarez 6mo ago A security vulnerability has been detected in itsourcecode Student Management System 1.0. The affected element is an unknown function of the file /form137.php. The manipulation of the argument ID lea…
CVE-2025-15075 critical 9.8 9.8 angeljudesuarez 6mo ago A security flaw has been discovered in itsourcecode Student Management System 1.0. This issue affects some unknown processing of the file /student_p.php. Performing manipulation of the argument ID re…
CVE-2025-15074 critical 9.8 9.8 itsourcecode 6mo ago A vulnerability was identified in itsourcecode Online Frozen Foods Ordering System 1.0. This vulnerability affects unknown code of the file /customer_details.php. Such manipulation leads to sql injec…
CVE-2025-15073 critical 9.8 9.8 itsourcecode 6mo ago A vulnerability was determined in itsourcecode Online Frozen Foods Ordering System 1.0. This affects an unknown part of the file /contact_us.php. This manipulation of the argument Name causes sql inj…
CVE-2023-54130 unknown FIX slesdebian debian 6mo ago In the Linux kernel, the following vulnerability has been resolved: hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling Commit 55d1cbbbb29e ("hfs/hfsplus: use WARN_ON for sanit…
CVE-2025-68351 unknown FIX slesdebian debianubuntu ubuntu 6mo ago Linux kernel vulnerabilities
CVE-2025-15049 critical 9.8 9.8 anisha 6mo ago A vulnerability was identified in code-projects Online Farm System 1.0. Affected is an unknown function of the file /addProduct.php. The manipulation of the argument Username leads to sql injection. …
CVE-2025-15048 critical 9.8 9.8 6mo ago A vulnerability was determined in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/CheckTools of the component HTTP Request Handler. Executing a manipulation of the argument…
CVE-2025-14931 critical 9.5 6mo ago Hugging Face smolagents: Unsafe deserialization in Remote Python Executor leads to RCE
CVE-2025-15034 critical 9.8 9.8 angeljudesuarez 6mo ago A security flaw has been discovered in itsourcecode Student Management System 1.0. This affects an unknown part of the file /record.php. The manipulation of the argument ID results in sql injection. …
CVE-2025-68480 unknown slesdebian debianubuntu ubuntu 6mo ago Python marshmallow vulnerabilities
CVE-2025-68613 unknown 2.5 KEVEXP 6mo ago n8n contains an improper control of dynamically managed code resources vulnerability in its workflow expression evaluation system that allows for remote code execution.
CVE-2025-15012 critical 9.8 9.8 fabian 6mo ago A vulnerability was determined in code-projects Refugee Food Management System 1.0. The affected element is an unknown function of the file /home/home.php. This manipulation of the argument a causes …
CVE-2025-15011 critical 9.8 9.8 carmelo 6mo ago A vulnerability was found in code-projects Simple Stock System 1.0. Impacted is an unknown function of the file /logout.php. The manipulation of the argument uname results in sql injection. The attac…
CVE-2025-15008 critical 9.8 9.8 6mo ago A vulnerability was detected in Tenda WH450 1.0.0.18. This affects an unknown part of the file /goform/L7Port of the component HTTP Request Handler. Performing a manipulation of the argument page res…
CVE-2023-52163 unknown 1.5 KEV 6mo ago Digiever DS-2105 Pro contains a missing authorization vulnerability which could allow for command injection via time_tzsetup.cgi.
CVE-2025-15002 critical 9.8 9.8 seacms 6mo ago A vulnerability has been found in SeaCMS up to 13.3. The affected element is an unknown function of the file js/player/dmplayer/dmku/class/mysqli.class.php. Such manipulation of the argument page/lim…
CVE-2025-14990 critical 9.8 9.8 campcodes 6mo ago A security flaw has been discovered in Campcodes Complete Online Beauty Parlor Management System 1.0. Impacted is an unknown function of the file /admin/view-appointment.php. Performing a manipulatio…
CVE-2025-14989 critical 9.8 9.8 campcodes 6mo ago A vulnerability was identified in Campcodes Complete Online Beauty Parlor Management System 1.0. This issue affects some unknown processing of the file /admin/search-invoices.php. Such manipulation l…
CVE-2025-68478 unknown 6mo ago External Control of File Name or Path in Langflow
CVE-2025-13467 unknown 6mo ago Keycloak LDAP User Federation provider enables admin-triggered untrusted Java deserialization
CVE-2025-14968 critical 9.8 9.8 carmelo 6mo ago A security flaw has been discovered in code-projects Simple Stock System 1.0. Affected by this issue is some unknown functionality of the file /market/update.php. The manipulation of the argument ema…
CVE-2025-14967 critical 9.8 9.8 angeljudesuarez 6mo ago A vulnerability was identified in itsourcecode Student Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /candidates_report.php. The manipulation of the ar…
CVE-2025-14961 critical 9.8 9.8 fabian 6mo ago A vulnerability was detected in code-projects Simple Blood Donor Management System 1.0. The affected element is an unknown function of the file /editedcampaign.php. The manipulation of the argument c…
CVE-2025-14960 critical 9.8 9.8 fabian 6mo ago A security vulnerability has been detected in code-projects Simple Blood Donor Management System 1.0. Impacted is an unknown function of the file /editeddonor.php. The manipulation of the argument Na…
CVE-2025-14959 critical 9.8 9.8 carmelo 6mo ago A weakness has been identified in code-projects Simple Stock System 1.0. This issue affects some unknown processing of the file /market/signup.php. Executing a manipulation of the argument Username c…
CVE-2025-14952 critical 9.8 9.8 campcodes 6mo ago A vulnerability was detected in Campcodes Supplier Management System 1.0. This affects an unknown function of the file /admin/add_category.php. Performing a manipulation of the argument txtCategoryNa…
CVE-2025-14951 critical 9.8 9.8 fabian 6mo ago A security vulnerability has been detected in code-projects Scholars Tracking System 1.0. The impacted element is an unknown function of the file /home.php. Such manipulation of the argument post_con…
CVE-2025-14950 critical 9.8 9.8 fabian 6mo ago A weakness has been identified in code-projects Scholars Tracking System 1.0. The affected element is an unknown function of the file /delete_post.php. This manipulation of the argument ID causes sql…
CVE-2025-1928 critical 9.1 9.1 restajet 6mo ago Improper Restriction of Excessive Authentication Attempts vulnerability in Restajet Information Technologies Inc. Online Food Delivery System allows Password Recovery Exploitation. This issue affect…
CVE-2025-66524 unknown 6mo ago Apache NiFi GetAsanaObject Processor has Remote Code Execution via Unsafe Deserialization
CVE-2025-14940 critical 9.8 9.8 fabian 6mo ago A vulnerability was determined in code-projects Scholars Tracking System 1.0. The affected element is an unknown function of the file /admin/delete_user.php. This manipulation of the argument ID caus…
CVE-2025-68390 unknown 6mo ago Elasticsearch privileged authenticated users can cause DoS through Excessive Resource Allocation
CVE-2025-68384 unknown 6mo ago Elasticsearch has Excessive Allocation of Resources via Submission of Oversized User Settings Data
CVE-2025-14733 unknown 1.5 KEV 6mo ago WatchGuard Fireware OS iked process contains an out of bounds write vulnerability in the OS iked process. This vulnerability may allow a remote unauthenticated attacker to execute arbitrary code and …
CVE-2025-68161 unknown FIX debian debian sles 6mo ago Apache Log4j does not verify the TLS hostname in its Socket Appender
CVE-2025-64236 critical 9.8 9.8 6mo ago Authentication Bypass Using an Alternate Path or Channel vulnerability in AmentoTech Tuturn allows Authentication Abuse.This issue affects Tuturn: from n/a before 3.6.
CVE-2025-14877 critical 9.8 9.8 campcodes 6mo ago A vulnerability was identified in Campcodes Supplier Management System 1.0. This affects an unknown function of the file /admin/add_retailer.php. The manipulation of the argument cmbAreaCode leads to…
CVE-2025-14763 unknown aws 6mo ago Amazon S3 Encryption Client for Java has a Key Commitment Issue
CVE-2025-58951 critical 9.3 9.3 6mo ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in smartcms Advance Seat Reservation Management for WooCommerce scw-seat-reservation allows SQL Inje…
CVE-2025-58935 critical 9.8 9.8 axiomthemes 6mo ago Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Lunna lunna allows PHP Local File Inclusion.This issue affects Lun…
CVE-2025-14833 critical 9.8 9.8 anisha 6mo ago A security flaw has been discovered in code-projects Online Appointment Booking System 1.0. The impacted element is an unknown function of the file /admin/deletemanagerclinic.php. Performing manipula…
CVE-2025-14832 critical 9.8 9.8 admerc 6mo ago A vulnerability was identified in itsourcecode Online Cake Ordering System 1.0. The affected element is an unknown function of the file /updateproduct.php?action=edit. Such manipulation of the argume…
CVE-2024-29371 unknown FIX slesdebian debian 6mo ago jose4j is vulnerable to DoS via compressed JWE content
CVE-2025-67895 unknown 6mo ago Apache Airflow Providers Edge3 exposes internal API allowing RCE in web server context
CVE-2025-59374 unknown 1.5 KEV 6mo ago ASUS Live Update contains an embedded malicious code vulnerability client were distributed with unauthorized modifications introduced through a supply chain compromise. The modified builds could caus…
CVE-2025-40602 unknown 1.5 KEV 6mo ago SonicWall SMA1000 contains a missing authorization vulnerability that could allow for privilege escalation appliance management console (AMC) of affected devices.
CVE-2025-20393 unknown 1.5 KEV 6mo ago Cisco Secure Email Gateway, Secure Email, AsyncOS Software, and Web Manager appliances contains an improper input validation vulnerability that allows threat actors to execute arbitrary commands with…
CVE-2025-68154 unknown FIX debian debian 6mo ago systeminformation is a System and OS information library for node.js. In versions prior to 5.27.14, the `fsSize()` function in systeminformation is vulnerable to OS command injection on Windows syste…
CVE-2025-68146 unknown FIX slesdebian debian 6mo ago filelock is a platform-independent file lock for Python. In versions prior to 3.20.1, a Time-of-Check-Time-of-Use (TOCTOU) race condition allows local attackers to corrupt or truncate arbitrary user …
CVE-2025-68142 unknown FIX debian debian 6mo ago PyMdown Extensions is a set of extensions for the `Python-Markdown` markdown project. Versions prior to 10.16.1 have a ReDOS bug found within the figure caption extension (`pymdownx.blocks.caption`).…
CVE-2023-53899 critical 9.8 9.8 podcastgenerator 6mo ago PodcastGenerator 3.2.9 contains a blind server-side request forgery vulnerability that allows attackers to inject XML in the episode upload form. Attackers can manipulate the 'shortdesc' parameter to…
CVE-2025-68315 unknown FIX slesdebian debianubuntu ubuntu 6mo ago Linux kernel (Xilinx) vulnerabilities
CVE-2025-68307 unknown FIX slesdebian debianubuntu ubuntu 6mo ago Linux kernel (Xilinx) vulnerabilities
CVE-2025-68251 unknown FIX slesdebian debian 6mo ago In the Linux kernel, the following vulnerability has been resolved: erofs: avoid infinite loops due to corrupted subpage compact indexes Robert reported an infinite loop observed by two crafted ima…
CVE-2025-68239 unknown FIX slesdebian debian google 6mo ago In the Linux kernel, the following vulnerability has been resolved: binfmt_misc: restore write access before closing files opened by open_exec() bm_register_write() opens an executable file using o…
CVE-2025-68201 unknown FIX slesdebian debianubuntu ubuntu 6mo ago Linux kernel (Xilinx) vulnerabilities
CVE-2025-40347 unknown FIX slesdebian debianubuntu ubuntu 6mo ago Linux kernel (Xilinx) vulnerabilities
CVE-2025-68113 unknown 6mo ago ALTCHA Proof-of-Work Vulnerable to Challenge Splicing and Replay
CVE-2025-59718 unknown 1.5 KEV 6mo ago Fortinet FortiOS, FortiSwitchMaster, FortiProxy, and FortiWeb contain an improper verification of cryptographic signature vulnerability that may allow an unauthenticated attacker to bypass the FortiC…
CVE-2025-67748 unknown 6mo ago Fickling has Code Injection vulnerability via pty.spawn()
CVE-2025-67735 unknown FIX slesdebian debian 6mo ago Netty has a CRLF Injection vulnerability in io.netty.handler.codec.http.HttpRequestEncoder
CVE-2025-65431 unknown FIX debian debian 6mo ago django-allauth's Okta and NetIQ implementations used a mutable identifier for authorization decisions
CVE-2025-65430 unknown FIX debian debian 6mo ago django-allauth does not reject access tokens for inactive users
CVE-2025-66388 unknown 6mo ago Apache Airflow exposes secret values to authenticated UI users via rendered templates
CVE-2025-37731 unknown 6mo ago Elasticsearch PKI Realm Authentication Bypass Vulnerability Allows User Impersonation Through Crafted Client Certificates
CVE-2025-14711 critical 9.8 9.8 fantasticlbp 6mo ago A flaw has been found in FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. This vulnerability affects unknown code of the file /controller/api/hotelList.php. This manipulatio…
CVE-2025-14710 critical 9.8 9.8 fantasticlbp 6mo ago A vulnerability was detected in FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. This affects an unknown part of the file /controller/api/OrderList.php. The manipulation of …
CVE-2025-14704 critical 9.8 9.8 6mo ago A vulnerability was found in Shiguangwu sgwbox N3 2.0.25. The impacted element is an unknown function of the file /eshell of the component API. The manipulation results in path traversal. It is possi…
CVE-2025-14611 unknown 2.5 KEVEXP 6mo ago Gladinet CentreStack and TrioFox contain a hardcoded cryptographic keys vulnerability for their implementation of the AES cryptoscheme. This vulnerability degrades security for public exposed endpoin…
CVE-2025-14674 unknown 6mo ago snail-job is vulnerable to Code Injection through QLExpressEngine.doEval function
CVE-2025-14673 critical 9.8 9.8 gmg137 6mo ago A vulnerability has been found in gmg137 snap7-rs up to 1.142.1. Affected is the function snap7_rs::client::S7Client::as_ct_write of the file /tests/snap7-rs/src/client.rs. The manipulation leads to …
CVE-2025-14672 critical 9.8 9.8 gmg137 6mo ago A flaw has been found in gmg137 snap7-rs up to 1.142.1. This impacts the function TSnap7MicroClient::opWriteArea of the file s7_micro_client.cpp. Executing a manipulation can lead to heap-based buffe…
CVE-2025-14668 critical 9.8 9.8 campcodes 6mo ago A vulnerability was detected in campcodes Advanced Online Examination System 1.0. This affects an unknown function of the file /query/loginExe.php. Performing a manipulation of the argument Username …
CVE-2025-14667 critical 9.8 9.8 angeljudesuarez 6mo ago A security vulnerability has been detected in itsourcecode COVID Tracking System 1.0. The impacted element is an unknown function of the file /admin/?page=system_info. Such manipulation of the argume…
CVE-2025-14666 critical 9.8 9.8 angeljudesuarez 6mo ago A weakness has been identified in itsourcecode COVID Tracking System 1.0. The affected element is an unknown function of the file /admin/?page=user. This manipulation of the argument Username causes …
CVE-2025-14664 critical 9.8 9.8 campcodes 6mo ago A vulnerability was identified in Campcodes Supplier Management System 1.0. This issue affects some unknown processing of the file /admin/view_unit.php. The manipulation of the argument chkId[] leads…
CVE-2025-14661 critical 9.8 9.8 angeljudesuarez 6mo ago A vulnerability has been found in itsourcecode Student Managemen System 1.0. Affected by this issue is some unknown functionality of the file /advisers.php. Such manipulation of the argument sy leads…
CVE-2025-14653 critical 9.8 9.8 angeljudesuarez 6mo ago A vulnerability was determined in itsourcecode Student Management System 1.0. Impacted is an unknown function of the file /addrecord.php. This manipulation of the argument ID causes sql injection. Re…
CVE-2025-14652 critical 9.8 9.8 admerc 6mo ago A vulnerability was found in itsourcecode Online Cake Ordering System 1.0. This issue affects some unknown processing of the file /admindetail.php?action=edit. The manipulation of the argument ID res…
CVE-2025-14650 critical 9.8 9.8 admerc 6mo ago A flaw has been found in itsourcecode Online Cake Ordering System 1.0. This affects an unknown part of the file /cakeshop/product.php. Executing manipulation of the argument Product can lead to sql i…
CVE-2025-14649 critical 9.8 9.8 admerc 6mo ago A vulnerability was detected in itsourcecode Online Cake Ordering System 1.0. Affected by this issue is some unknown functionality of the file /cakeshop/supplier.php. Performing manipulation of the a…
CVE-2025-14647 critical 9.8 9.8 carmelo 6mo ago A weakness has been identified in code-projects Computer Book Store 1.0. Affected is an unknown function of the file /admin_delete.php. This manipulation of the argument bookisbn causes sql injection…
CVE-2025-14646 critical 9.8 9.8 fabian 6mo ago A security flaw has been discovered in code-projects Student File Management System 1.0. This impacts an unknown function of the file /admin/delete_student.php. The manipulation of the argument stud_…
CVE-2025-14645 critical 9.8 9.8 fabian 6mo ago A vulnerability was identified in code-projects Student File Management System 1.0. This affects an unknown function of the file /admin/delete_user.php. The manipulation of the argument user_id leads…
CVE-2025-14644 critical 9.8 9.8 angeljudesuarez 6mo ago A vulnerability was determined in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /update_subject.php. Executing manipulation of the argument ID ca…
CVE-2025-14643 critical 9.8 9.8 fabian 6mo ago A vulnerability was found in code-projects Simple Attendance Record System 2.0. The affected element is an unknown function of the file /check.php. Performing manipulation of the argument student res…
CVE-2025-14640 critical 9.8 9.8 fabian 6mo ago A flaw has been found in code-projects Student File Management System 1.0. The affected element is an unknown function of the file /admin/save_student.php. Executing manipulation of the argument stud…
CVE-2025-14639 critical 9.8 9.8 angeljudesuarez 6mo ago A vulnerability was detected in itsourcecode Student Management System 1.0. Impacted is an unknown function of the file /uprec.php. Performing manipulation of the argument ID results in sql injection…
CVE-2025-14638 critical 9.8 9.8 facebook-riares 6mo ago A security vulnerability has been detected in itsourcecode Online Pet Shop Management System 1.0. This issue affects some unknown processing of the file /pet1/update_cnp.php. Such manipulation of the…
CVE-2025-14637 critical 9.8 9.8 facebook-riares 6mo ago A weakness has been identified in itsourcecode Online Pet Shop Management System 1.0. This vulnerability affects unknown code of the file /pet1/addcnp.php. This manipulation of the argument cnpname c…
CVE-2025-14623 critical 9.8 9.8 fabian 6mo ago A weakness has been identified in code-projects Student File Management System 1.0. This issue affects some unknown processing of the file /admin/update_student.php. This manipulation of the argument…
CVE-2025-14622 critical 9.8 9.8 fabian 6mo ago A security flaw has been discovered in code-projects Student File Management System 1.0. This vulnerability affects unknown code of the file /admin/save_user.php. The manipulation of the argument fir…
CVE-2025-14621 critical 9.8 9.8 fabian 6mo ago A vulnerability was identified in code-projects Student File Management System 1.0. This affects an unknown part of the file /admin/update_user.php. The manipulation of the argument user_id leads to …
CVE-2025-14620 critical 9.8 9.8 fabian 6mo ago A vulnerability was determined in code-projects Student File Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/login_query.php. Executing manipulation of …
CVE-2025-14619 critical 9.8 9.8 fabian 6mo ago A vulnerability was found in code-projects Student File Management System 1.0. Affected by this vulnerability is an unknown functionality of the file login_query.php. Performing manipulation of the a…
CVE-2025-14590 critical 9.8 9.8 carmelo 6mo ago A security vulnerability has been detected in code-projects Prison Management System 2.0. Impacted is an unknown function of the file /admin/search1.php. The manipulation of the argument keyname lead…
CVE-2025-14588 critical 9.8 9.8 angeljudesuarez 6mo ago A security flaw has been discovered in itsourcecode Student Management System 1.0. This vulnerability affects unknown code of the file /update_program.php. Performing manipulation of the argument ID …
CVE-2025-14587 critical 9.8 9.8 facebook-riares 6mo ago A vulnerability was identified in itsourcecode Online Pet Shop Management System 1.0. This affects an unknown part of the file /pet1/available.php. Such manipulation of the argument Name leads to sql…