Total
295460 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-48702 | 2025-05-23 | N/A | N/A | ||
| PHPGurukul Old Age Home Management System v1.0 is vulnerable to HTML Injection via the searchdata parameter. | |||||
| CVE-2024-13954 | 2025-05-23 | N/A | 6.5 MEDIUM | ||
| Serialized configuration information may be disclosed during device commissioning while using ASPECT's configuration toolsetThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. | |||||
| CVE-2025-46486 | 2025-05-23 | N/A | 4.9 MEDIUM | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in totalprocessing Nomupay Payment Processing Gateway allows Path Traversal. This issue affects Nomupay Payment Processing Gateway: from n/a through 7.1.7. | |||||
| CVE-2024-13946 | 2025-05-23 | N/A | 6.8 MEDIUM | ||
| DLL's are not digitally signed when loaded in ASPECT's configuration toolset exposing the application to binary planting during device commissioning.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. | |||||
| CVE-2025-48286 | 2025-05-23 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in catkin ReDi Restaurant Reservation allows Reflected XSS. This issue affects ReDi Restaurant Reservation: from n/a through 24.1209. | |||||
| CVE-2025-41377 | 2025-05-23 | N/A | N/A | ||
| Cryptographic vulnerability in Iridium Certus 700. This vulnerability allows a user to retrieve the encryption key, resulting in the loading of malicious firmware. | |||||
| CVE-2025-47642 | 2025-05-23 | N/A | 10.0 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Ajar Productions Ajar in5 Embed allows Upload a Web Shell to a Web Server. This issue affects Ajar in5 Embed: from n/a through 3.1.5. | |||||
| CVE-2025-47529 | 2025-05-23 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in UX Design Experts Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin: from n/a through 1.1.1. | |||||
| CVE-2024-51101 | 2025-05-23 | N/A | N/A | ||
| PHPGURUKUL Restaurant Table Booking System using PHP and MySQL v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter at /rtbs/check-status.php. | |||||
| CVE-2022-31812 | 2025-05-23 | N/A | 7.5 HIGH | ||
| A vulnerability has been identified in SiPass integrated (All versions < V2.95.3.18). Affected server applications contain an out of bounds read past the end of an allocated buffer while checking the integrity of incoming packets. This could allow an unauthenticated remote attacker to create a denial of service condition. | |||||
| CVE-2025-47492 | 2025-05-23 | N/A | 8.6 HIGH | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in add-ons.org Drag and Drop File Upload for Elementor Forms allows Path Traversal. This issue affects Drag and Drop File Upload for Elementor Forms: from n/a through 1.4.3. | |||||
| CVE-2024-51107 | 2025-05-23 | N/A | N/A | ||
| Multiple stored cross-site scripting (XSS) vulnerabilities in the component /mcgs/admin/contactus.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the pagetitle, pagedes, and email parameters. | |||||
| CVE-2022-31807 | 2025-05-23 | N/A | 6.2 MEDIUM | ||
| A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions), SiPass integrated ACC-AP (All versions). Affected devices do not properly check the integrity of firmware updates. This could allow a local attacker to upload a maliciously modified firmware onto the device. In a second scenario, a remote attacker who is able to intercept the transfer of a valid firmware from the server to the device could modify the firmware "on the fly". | |||||
| CVE-2024-13956 | 2025-05-23 | N/A | 6.7 MEDIUM | ||
| SSL Verification Bypass vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. | |||||
| CVE-2025-47631 | 2025-05-23 | N/A | 8.8 HIGH | ||
| Incorrect Privilege Assignment vulnerability in mojoomla Hospital Management System allows Privilege Escalation. This issue affects Hospital Management System: from 47.0(20 through 11. | |||||
| CVE-2025-46539 | 2025-05-23 | N/A | 9.3 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFable Fable Extra allows Blind SQL Injection. This issue affects Fable Extra: from n/a through 1.0.6. | |||||
| CVE-2025-46526 | 2025-05-23 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in janekniefeldt My Custom Widgets allows Reflected XSS. This issue affects My Custom Widgets: from n/a through 2.0.5. | |||||
| CVE-2024-13953 | 2025-05-23 | N/A | 4.9 MEDIUM | ||
| Sensitive device logger information in ASPECT may be exposed if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. | |||||
| CVE-2025-48245 | 2025-05-23 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fullworks Quick Contact Form allows Reflected XSS. This issue affects Quick Contact Form : from n/a through 8.2.1. | |||||
| CVE-2025-31632 | 2025-05-23 | N/A | 8.1 HIGH | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SpyroPress La Boom allows PHP Local File Inclusion. This issue affects La Boom: from n/a through 2.7. | |||||