Search

Search Results (363638 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-21801 1 Microsoft 13 Windows 10, Windows 10 1607, Windows 10 1809 and 10 more 2025-04-12 7.8 High
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
CVE-2023-21717 1 Microsoft 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server 2025-04-12 8.8 High
Microsoft SharePoint Server Elevation of Privilege Vulnerability
CVE-2023-21754 1 Microsoft 15 Windows 10 1607, Windows 10 1809, Windows 10 20h2 and 12 more 2025-04-12 7.8 High
Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-21771 1 Microsoft 3 Windows 10, Windows 11, Windows Server 2022 2025-04-12 7 High
Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability
CVE-2023-21524 1 Microsoft 12 Windows 10 1607, Windows 10 1809, Windows 10 20h2 and 9 more 2025-04-12 7.8 High
Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability
CVE-2023-21676 1 Microsoft 8 Windows 10 1809, Windows 10 20h2, Windows 10 21h2 and 5 more 2025-04-12 8.8 High
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
CVE-2023-21748 1 Microsoft 15 Windows 10 1607, Windows 10 1809, Windows 10 20h2 and 12 more 2025-04-12 7.8 High
Windows Kernel Elevation of Privilege Vulnerability
CVE-2022-24116 1 Ge 16 Inet 900, Inet 900 Firmware, Inet Ii 900 and 13 more 2025-04-12 9.8 Critical
Certain General Electric Renewable Energy products have inadequate encryption strength. This affects iNET and iNET II before 8.3.0.
CVE-2021-45467 1 Control-webpanel 1 Webpanel 2025-04-12 9.8 Critical
In CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1107, an unauthenticated attacker can use %00 bytes to cause /user/loader.php to register an arbitrary API key, as demonstrated by a /user/loader.php?api=1&scripts= .%00./.%00./api/account_new_create&acc=guadaapi URI. Any number of %00 instances can be used, e.g., .%00%00%00./.%00%00%00./api/account_new_create could also be used for the scripts parameter.
CVE-2022-4243 1 Wpscoop 1 Imageinject 2025-04-12 4.8 Medium
The ImageInject WordPress plugin through 1.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVE-2022-4197 1 10web 1 Slider 2025-04-12 4.8 Medium
The Sliderby10Web WordPress plugin before 1.2.53 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVE-2022-4166 1 Contest-gallery 1 Contest Gallery 2025-04-12 6.5 Medium
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the addCountS POST parameter before concatenating it to an SQL query in 4_activate.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database.
CVE-2022-4165 1 Contest-gallery 1 Contest Gallery 2025-04-12 6.5 Medium
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_order POST parameter before concatenating it to an SQL query in order-custom-fields-with-and-without-search.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database.
CVE-2022-4158 1 Contest-gallery 1 Contest Gallery 2025-04-12 7.5 High
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_Fields POST parameter before concatenating it to an SQL query in users-registry-check-registering-and-login.php. This may allow malicious visitors to leak sensitive information from the site's database.
CVE-2022-4157 1 Contest-gallery 1 Contest Gallery 2025-04-12 4.9 Medium
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_option_id POST parameter before concatenating it to an SQL query in export-votes-all.php. This may allow malicious users with administrator privileges (i.e. on multisite WordPress configurations) to leak sensitive information from the site's database.
CVE-2022-4155 1 Contest-gallery 1 Contest Gallery 2025-04-12 4.9 Medium
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the wp_user_id GET parameter before concatenating it to an SQL query in management-show-user.php. This may allow malicious users with administrator privileges (i.e. on multisite WordPress configurations) to leak sensitive information from the site's database.
CVE-2022-4153 1 Contest-gallery 1 Contest Gallery 2025-04-12 6.5 Medium
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the upload[] POST parameter before concatenating it to an SQL query in get-data-create-upload-v10.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database.
CVE-2022-4150 1 Contest-gallery 1 Contest Gallery 2025-04-12 6.5 Medium
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the option_id POST parameter before concatenating it to an SQL query in order-custom-fields-with-and-without-search.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database.
CVE-2022-4042 1 Paytium 1 Paytium 2025-04-12 4.8 Medium
The Paytium: Mollie payment forms & donations WordPress plugin before 4.3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVE-2022-45429 1 Dahuasecurity 8 Dhi-dss4004-s2, Dhi-dss4004-s2 Firmware, Dhi-dss7016d-s2 and 5 more 2025-04-12 7.5 High
Some Dahua software products have a vulnerability of server-side request forgery (SSRF). An Attacker can access internal resources by concatenating links (URL) that conform to specific rules.