Search

Search Results (363785 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-34452 1 Cmsimple-xh 1 Cmsimple Xh 2025-04-11 6.1 Medium
CMSimple_XH 1.7.6 allows XSS by uploading a crafted SVG document.
CVE-2022-42261 5 Citrix, Linux, Nvidia and 2 more 12 Hypervisor, Linux Kernel, Cloud Gaming and 9 more 2025-04-11 7.8 High
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where an input index is not validated, which may lead to buffer overrun, which in turn may cause data tampering, information disclosure, or denial of service.
CVE-2024-37231 1 Salonbookingsystem 1 Salon Booking System 2025-04-11 8.6 High
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salon Booking System Salon booking system allows File Manipulation.This issue affects Salon booking system: from n/a through 9.9.
CVE-2024-39930 1 Gogs 1 Gogs 2025-04-11 9.9 Critical
The built-in SSH server of Gogs through 0.13.0 allows argument injection in internal/ssh/ssh.go, leading to remote code execution. Authenticated attackers can exploit this by opening an SSH connection and sending a malicious --split-string env request if the built-in SSH server is activated. Windows installations are unaffected.
CVE-2022-42262 5 Citrix, Linux, Nvidia and 2 more 12 Hypervisor, Linux Kernel, Cloud Gaming and 9 more 2025-04-11 7.1 High
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where an input index is not validated, which may lead to buffer overrun, which in turn may cause data tampering, information disclosure, or denial of service.
CVE-2024-41304 1 Wondercms 1 Wondercms 2025-04-11 5.4 Medium
An arbitrary file upload vulnerability in the uploadFileAction() function of WonderCMS v3.4.3 allows attackers to execute arbitrary code via a crafted SVG file.
CVE-2024-5595 1 Wpdeveloper 1 Essential Blocks 2025-04-11 5.4 Medium
The Essential Blocks WordPress plugin before 4.7.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
CVE-2022-42263 5 Citrix, Linux, Nvidia and 2 more 12 Hypervisor, Linux Kernel, Cloud Gaming and 9 more 2025-04-11 7.1 High
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an Integer overflow may lead to denial of service or information disclosure.
CVE-2024-6651 2 Iptanus, Wordpress File Upload Project 2 Wordpress File Upload, Wordpress File Upload 2025-04-11 6.1 Medium
The WordPress File Upload WordPress plugin before 4.24.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVE-2024-6494 2 Iptanus, Wordpress File Upload Project 2 Wordpress File Upload, Wordpress File Upload 2025-04-11 6.1 Medium
The WordPress File Upload WordPress plugin before 4.24.8 does not properly sanitize and escape certain parameters, which could allow unauthenticated users to execute stored cross-site scripting (XSS) attacks.
CVE-2022-42264 5 Citrix, Linux, Nvidia and 2 more 12 Hypervisor, Linux Kernel, Cloud Gaming and 9 more 2025-04-11 7.1 High
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause the use of an out-of-range pointer offset, which may lead to data tampering, data loss, information disclosure, or denial of service.
CVE-2024-42634 1 Tenda 2 Ac9, Ac9 Firmware 2025-04-11 9.8 Critical
A Command Injection vulnerability exists in formWriteFacMac of the httpd binary in Tenda AC9 v15.03.06.42. As a result, attacker can execute OS commands with root privileges.
CVE-2024-43280 1 Salonbookingsystem 1 Salon Booking System 2025-04-11 4.7 Medium
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Salon Booking System Salon booking system.This issue affects Salon booking system: from n/a through 10.8.1.
CVE-2022-42265 1 Nvidia 6 Geforce, Gpu Display Driver, Nvs and 3 more 2025-04-11 5.3 Medium
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to information disclosure or data tampering.
CVE-2024-6792 2 Technowich, Wpulike 2 Wp Ulike, Wp Ulike 2025-04-11 3.5 Low
The WP ULike WordPress plugin before 4.7.2.1 does not properly sanitize user display names when rendering on a public page.
CVE-2022-42266 2 Microsoft, Nvidia 3 Windows, Cloud Gaming, Virtual Gpu 2025-04-11 5.5 Medium
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an unprivileged regular user can cause exposure of sensitive information to an actor that is not explicitly authorized to have access to that information, which may lead to limited information disclosure.
CVE-2015-10005 1 Markdown-it Project 1 Markdown-it 2025-04-11 3.5 Low
A vulnerability was found in markdown-it up to 2.x. It has been classified as problematic. Affected is an unknown function of the file lib/common/html_re.js. The manipulation leads to inefficient regular expression complexity. Upgrading to version 3.0.0 is able to address this issue. The name of the patch is 89c8620157d6e38f9872811620d25138fc9d1b0d. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216852.
CVE-2024-51246 1 Draytek 2 Vigor3900, Vigor3900 Firmware 2025-04-11 8 High
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doPPTP function.
CVE-2024-51249 1 Draytek 2 Vigor3900, Vigor3900 Firmware 2025-04-11 8 High
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the reboot function.
CVE-2024-7879 2 Technowich, Wpulike 2 Wp Ulike, Wp Ulike 2025-04-11 4.8 Medium
The WP ULike WordPress plugin before 4.7.5 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed