Total
3945 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-1116 | 2025-02-08 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability, which was classified as critical, has been found in Dreamvention Live AJAX Search Free up to 1.0.6 on OpenCart. Affected by this issue is the function searchresults/search of the file /?route=extension/live_search/module/live_search.searchresults. The manipulation of the argument keyword leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-1773 | 1 Acowebs | 1 Pdf Invoices And Packing Slips For Woocommerce | 2025-02-07 | N/A | 8.8 HIGH |
| The PDF Invoices and Packing Slips For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.7 via deserialization of untrusted input via the order_id parameter. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | |||||
| CVE-2025-0561 | 1 Angeljudesuarez | 1 Farm Management System | 2025-02-07 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability has been found in itsourcecode Farm Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /add-pig.php. The manipulation of the argument pigno leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-0540 | 1 Angeljudesuarez | 1 Tailoring Management System | 2025-02-07 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability has been found in itsourcecode Tailoring Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /expadd.php. The manipulation of the argument expcat leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-12785 | 1 Angeljudesuarez | 1 Vehicle Management System | 2025-02-07 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in itsourcecode Vehicle Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file sendmail.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-0872 | 1 Angeljudesuarez | 1 Tailoring Management System | 2025-02-07 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical has been found in itsourcecode Tailoring Management System 1.0. Affected is an unknown function of the file /addpayment.php. The manipulation of the argument id/amount/desc/inccat leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-0873 | 1 Angeljudesuarez | 1 Tailoring Management System | 2025-02-07 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical was found in itsourcecode Tailoring Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /customeredit.php. The manipulation of the argument id/address/fullname/phonenumber/email/city/comment leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-0943 | 1 Angeljudesuarez | 1 Tailoring Management System | 2025-02-07 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file deldoc.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-0944 | 1 Angeljudesuarez | 1 Tailoring Management System | 2025-02-07 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file customerview.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-0945 | 1 Angeljudesuarez | 1 Tailoring Management System | 2025-02-07 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical has been found in itsourcecode Tailoring Management System 1.0. Affected is an unknown function of the file typedelete.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-0946 | 1 Angeljudesuarez | 1 Tailoring Management System | 2025-02-07 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical was found in itsourcecode Tailoring Management System 1.0. Affected by this vulnerability is an unknown functionality of the file templatedelete.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2023-48709 | 1 Combodo | 1 Itop | 2025-02-06 | N/A | 8.0 HIGH |
| iTop is an IT service management platform. When exporting data from backoffice or portal in CSV or Excel files, users' inputs may include malicious formulas that may be imported into Excel. As Excel 2016 does **not** prevent Remote Code Execution by default, uninformed users may become victims. This vulnerability is fixed in 2.7.9, 3.0.4, 3.1.1, and 3.2.0. | |||||
| CVE-2025-0843 | 1 Needyamin | 1 Library Card System | 2025-02-04 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in needyamin Library Card System 1.0. It has been classified as critical. Affected is an unknown function of the file admindashboard.php of the component Admin Panel. The manipulation of the argument email/password leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-0846 | 1 1000projects | 1 Employee Task Management System | 2025-02-04 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in 1000 Projects Employee Task Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/AdminLogin.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-0847 | 1 1000projects | 1 Employee Task Management System | 2025-02-04 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in 1000 Projects Employee Task Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /index.php of the component Login. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-24374 | 2025-01-29 | N/A | 4.3 MEDIUM | ||
| Twig is a template language for PHP. When using the ?? operator, output escaping was missing for the expression on the left side of the operator. This vulnerability is fixed in 3.19.0. | |||||
| CVE-2024-0044 | 1 Google | 1 Android | 2025-01-28 | N/A | 6.7 MEDIUM |
| In createSessionInternal of PackageInstallerService.java, there is a possible run-as any app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2017-20196 | 2025-01-28 | 6.0 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was found in Itechscripts School Management Software 2.75. It has been classified as critical. This affects an unknown part of the file /notice-edit.php. The manipulation of the argument aid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2023-29400 | 1 Golang | 1 Go | 2025-01-24 | N/A | 7.3 HIGH |
| Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags. | |||||
| CVE-2023-24539 | 1 Golang | 1 Go | 2025-01-24 | N/A | 7.3 HIGH |
| Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input. | |||||