Search

Search Results (363701 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-5595 1 Wpdeveloper 1 Essential Blocks 2025-04-11 5.4 Medium
The Essential Blocks WordPress plugin before 4.7.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
CVE-2022-42263 5 Citrix, Linux, Nvidia and 2 more 12 Hypervisor, Linux Kernel, Cloud Gaming and 9 more 2025-04-11 7.1 High
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an Integer overflow may lead to denial of service or information disclosure.
CVE-2024-6651 2 Iptanus, Wordpress File Upload Project 2 Wordpress File Upload, Wordpress File Upload 2025-04-11 6.1 Medium
The WordPress File Upload WordPress plugin before 4.24.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVE-2024-6494 2 Iptanus, Wordpress File Upload Project 2 Wordpress File Upload, Wordpress File Upload 2025-04-11 6.1 Medium
The WordPress File Upload WordPress plugin before 4.24.8 does not properly sanitize and escape certain parameters, which could allow unauthenticated users to execute stored cross-site scripting (XSS) attacks.
CVE-2022-42264 5 Citrix, Linux, Nvidia and 2 more 12 Hypervisor, Linux Kernel, Cloud Gaming and 9 more 2025-04-11 7.1 High
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause the use of an out-of-range pointer offset, which may lead to data tampering, data loss, information disclosure, or denial of service.
CVE-2024-42634 1 Tenda 2 Ac9, Ac9 Firmware 2025-04-11 9.8 Critical
A Command Injection vulnerability exists in formWriteFacMac of the httpd binary in Tenda AC9 v15.03.06.42. As a result, attacker can execute OS commands with root privileges.
CVE-2024-43280 1 Salonbookingsystem 1 Salon Booking System 2025-04-11 4.7 Medium
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Salon Booking System Salon booking system.This issue affects Salon booking system: from n/a through 10.8.1.
CVE-2022-42265 1 Nvidia 6 Geforce, Gpu Display Driver, Nvs and 3 more 2025-04-11 5.3 Medium
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to information disclosure or data tampering.
CVE-2024-6792 2 Technowich, Wpulike 2 Wp Ulike, Wp Ulike 2025-04-11 3.5 Low
The WP ULike WordPress plugin before 4.7.2.1 does not properly sanitize user display names when rendering on a public page.
CVE-2022-42266 2 Microsoft, Nvidia 3 Windows, Cloud Gaming, Virtual Gpu 2025-04-11 5.5 Medium
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an unprivileged regular user can cause exposure of sensitive information to an actor that is not explicitly authorized to have access to that information, which may lead to limited information disclosure.
CVE-2015-10005 1 Markdown-it Project 1 Markdown-it 2025-04-11 3.5 Low
A vulnerability was found in markdown-it up to 2.x. It has been classified as problematic. Affected is an unknown function of the file lib/common/html_re.js. The manipulation leads to inefficient regular expression complexity. Upgrading to version 3.0.0 is able to address this issue. The name of the patch is 89c8620157d6e38f9872811620d25138fc9d1b0d. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216852.
CVE-2024-51246 1 Draytek 2 Vigor3900, Vigor3900 Firmware 2025-04-11 8 High
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doPPTP function.
CVE-2024-51249 1 Draytek 2 Vigor3900, Vigor3900 Firmware 2025-04-11 8 High
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the reboot function.
CVE-2024-7879 2 Technowich, Wpulike 2 Wp Ulike, Wp Ulike 2025-04-11 4.8 Medium
The WP ULike WordPress plugin before 4.7.5 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
CVE-2024-39639 1 Iptanus 1 Wordpress File Upload 2025-04-11 4.3 Medium
Broken Access Control vulnerability in Nickolas Bossinas WordPress File Upload allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress File Upload: from n/a through 4.24.7.
CVE-2024-51409 1 Tenda 2 O3, O3 Firmware 2025-04-11 6.5 Medium
Buffer Overflow vulnerability in Tenda O3 v.1.0.0.5 allows a remote attacker to cause a denial of service via a network packet in a fixed format to a router running the corresponding version of the firmware.
CVE-2024-10104 1 Blueglass 1 Jobs For Wordpress 2025-04-11 5.9 Medium
The Jobs for WordPress plugin before 2.7.8 does not sanitise and escape some of its Job settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks
CVE-2022-45826 1 Sunshinephotocart 1 Sunshine Photo Cart 2025-04-11 5.4 Medium
Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through 2.9.13.
CVE-2024-31544 1 Oretnom23 1 Computer Laboratory Management System 2025-04-11 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in Computer Laboratory Management System v1.0 allows attackers to execute arbitrary JavaScript code by including malicious payloads into “remarks”, “borrower_name”, “faculty_department” parameters in /classes/Master.php?f=save_record.
CVE-2019-6470 3 Isc, Opensuse, Redhat 19 Dhcpd, Leap, Enterprise Linux and 16 more 2025-04-11 6.5 Medium
There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function prevented this from causing any harm. All releases of dhcpd from ISC contain copies of this, and other, BIND libraries in combinations that have been tested prior to release and are known to not present issues like this. Some third-party packagers of ISC software have modified the dhcpd source, BIND source, or version matchup in ways that create the crash potential. Based on reports available to ISC, the crash probability is large and no analysis has been done on how, or even if, the probability can be manipulated by an attacker. Affects: Builds of dhcpd versions prior to version 4.4.1 when using BIND versions 9.11.2 or later, or BIND versions with specific bug fixes backported to them. ISC does not have access to comprehensive version lists for all repackagings of dhcpd that are vulnerable. In particular, builds from other vendors may also be affected. Operators are advised to consult their vendor documentation.