Browse CVEs

Simple CMS 2.1 contains a remote SQL injection vulnerability in the users module that allows authenticated attackers to execute arbitrary SQL commands...

Simple CMS 2.1 contains a reflected cross-site scripting vulnerability in the preview.php file's id parameter. Attackers can craft malicious URLs cont...

WebMO Job Manager 20.0 contains a reflected cross-site scripting vulnerability in search parameters that allows attackers to inject malicious JavaScri...

Free Photo & Video Vault 0.0.2 contains a directory traversal vulnerability that allows remote attackers to manipulate web requests and access sensiti...

The Stripe Green Downloads WordPress plugin version 2.03 contains a persistent cross-site scripting (XSS) vulnerability in button label fields. Attack...

Affiliate Pro 1.7 contains reflected cross-site scripting vulnerabilities in index module input fields (fullname, username, email). Attackers can inje...

PHP Melody 3.0 contains multiple non-persistent cross-site scripting vulnerabilities in categories, import, and user import files. Attackers can injec...

PHP Melody 3.0 contains a persistent cross-site scripting vulnerability in the video editor's WYSIWYG component. Privileged users can inject malicious...

PHP Melody 3.0 contains a persistent cross-site scripting vulnerability in the edit-video.php submitted parameter that allows remote attackers to inje...

PHP Melody 3.0 contains a remote SQL injection vulnerability in the video edit module that allows authenticated attackers to execute arbitrary SQL com...

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority, meaning it does not represent a valid security vulnerability. No systems ar...

Easy Cart Shopping Cart 2021 contains a non-persistent cross-site scripting vulnerability in the search module's keyword parameter. Remote attackers c...

Multiple payment terminal versions contain non-persistent cross-site scripting (XSS) vulnerabilities in billing and payment information input fields. ...

Ultimate POS 4.4 contains a persistent cross-site scripting vulnerability in the product name parameter that allows attackers to inject malicious scri...

Mult-E-Cart Ultimate 2.4 contains SQL injection vulnerabilities in multiple modules (inventory, customer, vendor, order) where attackers with vendor o...

SunFounder Pironman Dashboard versions 1.3.13 and earlier contain an unauthenticated path traversal vulnerability in log file API endpoints. Attackers...

A stack overflow vulnerability in ESLint versions before 9.26.0 allows denial of service when processing test cases with circular references. This aff...

This vulnerability allows remote attackers to delete arbitrary files on the Soar Cloud HRD Human Resource Management System by manipulating file paths...

A missing authorization vulnerability in Soar Cloud HRD Human Resource Management System allows remote attackers to modify system settings without pro...

This vulnerability allows remote attackers to bypass authentication in Soar Cloud HRD Human Resource Management System client applications. Attackers ...

This vulnerability allows remote attackers to read arbitrary files from the Soar Cloud HRD Human Resource Management System by manipulating file paths...

This vulnerability allows attackers to perform reflected cross-site scripting (XSS) attacks against FortiDeceptor recovery endpoints. Attackers can in...

An authenticated attacker with no privileges can perform unauthorized operations on FortiDeceptor central management appliances by sending crafted req...