Export limit exceeded: 345239 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345239 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-70936 | 1 Vtiger | 1 Crm | 2026-04-17 | 5.4 Medium |
| Vtiger CRM 8.4.0 contains a reflected cross-site scripting (XSS) vulnerability in the MailManager module. Improper handling of user-controlled input in the _folder parameter allows a specially crafted, double URL-encoded payload to be reflected and executed in the context of an authenticated user s session. | ||||
| CVE-2026-31280 | 1 Parani | 1 M10 Motorcycle Intercom | 2026-04-17 | N/A |
| An issue in the Bluetooth RFCOMM service of Parani M10 Motorcycle Intercom v2.1.3 allows unauthorized attackers to cause a Denial of Service (DoS) via supplying crafted RFCOMM frames. | ||||
| CVE-2026-38527 | 1 Krayin | 1 Laravel-crm | 2026-04-17 | 8.5 High |
| A Server-Side Request Forgery (SSRF) in the /settings/webhooks/create component of Webkul Krayin CRM v2.2.x allows attackers to scan internal resources via supplying a crafted POST request. | ||||
| CVE-2025-63939 | 1 Anirudhkannanvp | 1 Grocery Store Management System | 2026-04-17 | 9.8 Critical |
| Improper input handling in /Grocery/search_products_itname.php, in anirudhkannan Grocery Store Management System 1.0, allows SQL injection via the sitem_name POST parameter. | ||||
| CVE-2025-65133 | 1 Manikandan580 | 1 School Management System | 2026-04-17 | 9.8 Critical |
| A SQL injection vulnerability exists in the School Management System (version 1.0) by manikandan580. An unauthenticated or authenticated remote attacker can supply a crafted HTTP request to the affected endpoint to manipulate SQL query logic and extract sensitive database information. | ||||
| CVE-2026-26460 | 1 Vtiger | 1 Crm | 2026-04-17 | 6.1 Medium |
| A HTML Injection vulnerability exists in the Dashboard module of Vtiger CRM 8.4.0. The application fails to properly neutralize user-supplied input in the tabid parameter of the DashBoardTab view (getTabContents action), allowing an attacker to inject arbitrary HTML content into the dashboard interface. The injected content is rendered in the victim's browser | ||||
| CVE-2026-38528 | 1 Krayin | 1 Laravel-crm | 2026-04-17 | 7.1 High |
| Krayin CRM v2.2.x was discovered to contain a SQL injection vulnerability via the rotten_lead parameter at /Lead/LeadDataGrid.php. | ||||
| CVE-2026-37602 | 1 Sourcecodester | 1 Patient Appointment Scheduler System | 2026-04-17 | 2.7 Low |
| SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/user/manage_user.php. | ||||
| CVE-2026-37590 | 1 Sourcecodester | 1 Storage Unit Rental Management System | 2026-04-17 | 2.7 Low |
| SourceCodester Storage Unit Rental Management System v1.0 is vulnerable to SQL Injection in the file /storage/admin/rents/manage_rent.php. | ||||
| CVE-2026-37592 | 1 Sourcecodester | 1 Storage Unit Rental Management System | 2026-04-17 | 2.7 Low |
| Sourcecodester Storage Unit Rental Management System v1.0 is vulnerable to SQL in the file /storage/admin/maintenance/manage_pricing.php. | ||||
| CVE-2026-37594 | 1 Sourcecodester | 1 Online Employees Work From Home Attendance System | 2026-04-17 | 2.7 Low |
| SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/view_employee.php. | ||||
| CVE-2026-37595 | 1 Sourcecodester | 1 Online Employees Work From Home Attendance System | 2026-04-17 | 2.7 Low |
| SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/manage_employee.php. | ||||
| CVE-2026-37600 | 1 Sourcecodester | 1 Patient Appointment Scheduler System | 2026-04-17 | 2.7 Low |
| SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/appointments/view_details.php. | ||||
| CVE-2026-37601 | 1 Sourcecodester | 1 Patient Appointment Scheduler System | 2026-04-17 | 2.7 Low |
| SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/appointments/manage_appointment.php. | ||||
| CVE-2026-37591 | 1 Sourcecodester | 1 Storage Unit Rental Management System | 2026-04-17 | 2.7 Low |
| Sourcecodester Storage Unit Rental Management System v1.0 is vulnerable to SQL injection in the file /storage/admin/tenants/view_details.php. | ||||
| CVE-2026-37597 | 1 Sourcecodester | 1 Online Employees Work From Home Attendance System | 2026-04-17 | 2.7 Low |
| SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/attendance_list.php. | ||||
| CVE-2026-37593 | 1 Sourcecodester | 1 Online Employees Work From Home Attendance System | 2026-04-17 | 2.7 Low |
| SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/view_att.php. | ||||
| CVE-2026-37596 | 1 Sourcecodester | 1 Online Employees Work From Home Attendance System | 2026-04-17 | 2.7 Low |
| SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/manage_department.php. | ||||
| CVE-2026-37598 | 1 Sourcecodester | 1 Patient Appointment Scheduler System | 2026-04-17 | 2.7 Low |
| SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to arbitrary code execution (RCE) via /scheduler/classes/SystemSettings.php?f=update_settings. | ||||
| CVE-2026-3146 | 1 Libvips | 1 Libvips | 2026-04-17 | 3.3 Low |
| A vulnerability has been found in libvips up to 8.18.0. The impacted element is the function vips_foreign_load_matrix_header of the file libvips/foreign/matrixload.c. The manipulation leads to null pointer dereference. The attack needs to be performed locally. The identifier of the patch is d4ce337c76bff1b278d7085c3c4f4725e3aa6ece. To fix this issue, it is recommended to deploy a patch. | ||||