Export limit exceeded: 75090 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (342998 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-25466 | 1 Sharing-file | 1 Easy File Sharing Web Server | 2026-04-07 | 8.4 High |
| Easy File Sharing Web Server 7.2 contains a local structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by creating a malicious username. Attackers can craft a username with a payload containing 4059 bytes of padding followed by a nseh value and seh pointer to trigger the overflow when adding a new user account. | ||||
| CVE-2019-25465 | 1 Hisilicon | 1 Hiipcam | 2026-04-07 | 7.5 High |
| Hisilicon HiIpcam V100R003 contains a directory traversal vulnerability that allows unauthenticated attackers to access sensitive configuration files by exploiting directory listing in the cgi-bin directory. Attackers can request the getadslattr.cgi endpoint to retrieve ADSL credentials and network configuration parameters including usernames, passwords, and DNS settings. | ||||
| CVE-2019-25464 | 1 Dsd Consulting Services | 1 Inputmapper | 2026-04-07 | 5.5 Medium |
| InputMapper 1.6.10 contains a buffer overflow vulnerability in the username field that allows local attackers to crash the application by entering an excessively long string. Attackers can trigger a denial of service by copying a large payload into the username field and double-clicking to process it, causing the application to crash. | ||||
| CVE-2019-25463 | 1 Nsauditor | 1 Spotie Internet Explorer Password Recovery | 2026-04-07 | 6.2 Medium |
| SpotIE Internet Explorer Password Recovery 2.9.5 contains a denial of service vulnerability in the registration key input field that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a 256-character payload into the Key field during registration to trigger a buffer overflow and crash the application. | ||||
| CVE-2019-25462 | 1 Web-ofisi | 1 Rent A Car | 2026-04-07 | 8.2 High |
| Web Ofisi Rent a Car v3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'klima' parameter. Attackers can send GET requests to with malicious 'klima' values to extract sensitive database information or cause denial of service. | ||||
| CVE-2019-25461 | 1 Web-ofisi | 2 Platinum E-ticaret, Ticaret | 2026-04-07 | 7.5 High |
| Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' parameter. Attackers can send POST requests to the ajax/productsFilterSearch endpoint with malicious 'q' values using time-based blind SQL injection techniques to extract sensitive database information. | ||||
| CVE-2019-25460 | 1 Web-ofisi | 2 Platinum E-ticaret, Ticaret | 2026-04-07 | 7.5 High |
| Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' GET parameter. Attackers can send requests to the arama endpoint with malicious 'q' values using time-based SQL injection techniques to extract sensitive database information. | ||||
| CVE-2019-25459 | 1 Web-ofisi | 1 Emlak | 2026-04-07 | 9.8 Critical |
| Web Ofisi Emlak V2 contains multiple SQL injection vulnerabilities in the endpoint that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into parameters like emlak_durumu, emlak_tipi, il, ilce, kelime, and semt to extract sensitive database information or perform time-based blind SQL injection attacks. | ||||
| CVE-2019-25458 | 1 Web-ofisi | 1 Firma Rehberi | 2026-04-07 | 9.8 Critical |
| Web Ofisi Firma Rehberi v1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can send requests to with malicious payloads in the 'il', 'kat', or 'kelime' parameters to extract sensitive database information or perform time-based blind SQL injection attacks. | ||||
| CVE-2019-25457 | 1 Web-ofisi | 1 Firma | 2026-04-07 | 7.5 High |
| Web Ofisi Firma v13 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'oz' array parameter. Attackers can send GET requests to category pages with malicious 'oz[]' values using time-based blind SQL injection payloads to extract sensitive database information. | ||||
| CVE-2019-25456 | 1 Web-ofisi | 1 Emlak | 2026-04-07 | 9.1 Critical |
| Web Ofisi Emlak v2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'ara' GET parameter. Attackers can send requests to with time-based SQL injection payloads to extract sensitive database information or cause denial of service. | ||||
| CVE-2019-25455 | 1 Web-ofisi | 2 E-ticaret, Ticaret | 2026-04-07 | 7.5 High |
| Web Ofisi E-Ticaret v3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'a' parameter. Attackers can send GET requests to with malicious 'a' parameter values to extract sensitive database information. | ||||
| CVE-2019-25454 | 1 Phpmoadmin | 1 Phpmoadmin | 2026-04-07 | 6.1 Medium |
| phpMoAdmin 1.1.5 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the collection parameter. Attackers can send GET requests to moadmin.php with script payloads in the collection parameter during collection creation to execute arbitrary JavaScript in users' browsers. | ||||
| CVE-2019-25453 | 1 Phpmoadmin | 1 Phpmoadmin | 2026-04-07 | 6.1 Medium |
| phpMoAdmin 1.1.5 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the newdb parameter. Attackers can craft URLs with JavaScript payloads in the newdb parameter of moadmin.php to execute arbitrary code in users' browsers when they visit the malicious link. | ||||
| CVE-2019-25452 | 1 Dolibarr | 2 Dolibarr Erp/crm, Dolibarr Erp\/crm | 2026-04-07 | 7.5 High |
| Dolibarr ERP/CRM 10.0.1 contains an SQL injection vulnerability in the elemid POST parameter of the viewcat.php endpoint that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit crafted POST requests with malicious SQL payloads in the elemid parameter to extract sensitive database information using error-based or time-based blind SQL injection techniques. | ||||
| CVE-2019-25451 | 1 Phpmoadmin | 1 Phpmoadmin | 2026-04-07 | 8.8 High |
| phpMoAdmin 1.1.5 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized database operations by crafting malicious requests. Attackers can trick authenticated users into submitting GET requests to moadmin.php with parameters like action, db, and collection to create, drop, or repair databases and collections without user consent. | ||||
| CVE-2019-25450 | 1 Dolibarr | 2 Dolibarr Erp/crm, Dolibarr Erp\/crm | 2026-04-07 | 7.5 High |
| Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through POST parameters. Attackers can inject malicious SQL through parameters like actioncode, demand_reason_id, and availability_id in card.php endpoints to extract sensitive database information using boolean-based blind, error-based, and time-based blind techniques. | ||||
| CVE-2019-25449 | 1 Orientdb | 1 Orientdb | 2026-04-07 | 6.1 Medium |
| OrientDB 3.0.17 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted JSON payloads to the document endpoint. Attackers can send POST requests to /document/demodb/-1:-1 with script tags in the name parameter to execute arbitrary JavaScript in users' browsers. | ||||
| CVE-2019-25448 | 1 Orientdb | 1 Orientdb | 2026-04-07 | 6.4 Medium |
| OrientDB 3.0.17 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by creating users with script payloads in the name parameter. Attackers can send POST requests to the document endpoint with JavaScript code in the name field to execute arbitrary scripts when users view the application. | ||||
| CVE-2019-25447 | 1 Orientdb | 1 Orientdb | 2026-04-07 | 4.3 Medium |
| OrientDB 3.0.17 GA Community Edition contains cross-site request forgery vulnerabilities that allow attackers to perform unauthorized actions by crafting malicious requests to endpoints like /database/, /command/, and /document/. Attackers can create or delete databases, modify schema classes, manage users, and create functions by sending authenticated requests without token validation, combined with reflected and stored cross-site scripting vulnerabilities in the web interface. | ||||