Search

Search Results (363262 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-23799 1 Joomla 1 Joomla\! 2026-02-25 9.8 Critical
An issue was discovered in Joomla! 4.0.0 through 4.1.0. Under specific circumstances, JInput pollutes method-specific input bags with $_REQUEST data.
CVE-2021-26033 1 Joomla 1 Joomla\! 2026-02-25 6.5 Medium
An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing token check causes a CSRF vulnerability in the AJAX reordering endpoint.
CVE-2021-23124 1 Joomla 1 Joomla\! 2026-02-25 6.1 Medium
An issue was discovered in Joomla! 3.9.0 through 3.9.23. The lack of escaping in mod_breadcrumbs aria-label attribute allows XSS attacks.
CVE-2022-27911 1 Joomla 1 Joomla\! 2026-02-25 5.3 Medium
An issue was discovered in Joomla! 4.2.0. Multiple Full Path Disclosures because of missing '_JEXEC or die check' caused by the PSR12 changes.
CVE-2022-23796 1 Joomla 1 Joomla\! 2026-02-25 6.1 Medium
An issue was discovered in Joomla! 3.7.0 through 3.10.6. Lack of input validation could allow an XSS attack using com_fields.
CVE-2021-26039 1 Joomla 1 Joomla\! 2026-02-25 6.1 Medium
An issue was discovered in Joomla! 3.0.0 through 3.9.27. Inadequate escaping in the imagelist view of com_media leads to a XSS vulnerability.
CVE-2022-23793 1 Joomla 1 Joomla\! 2026-02-25 7.5 High
An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Extracting an specifilcy crafted tar package could write files outside of the intended path.
CVE-2021-23126 1 Joomla 1 Joomla\! 2026-02-25 5.3 Medium
An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of the insecure rand() function within the process of generating the 2FA secret.
CVE-2021-23131 1 Joomla 1 Joomla\! 2026-02-25 7.5 High
An issue was discovered in Joomla! 3.2.0 through 3.9.24. Missing input validation within the template manager.
CVE-2021-26030 1 Joomla 1 Joomla\! 2026-02-25 6.1 Medium
An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate escaping allowed XSS attacks using the logo parameter of the default templates on error page
CVE-2025-13523 1 Mattermost 1 Confluence 2026-02-24 7.7 High
Mattermost Confluence plugin version <1.7.0 fails to properly escape user-controlled display names in HTML template rendering which allows authenticated Confluence users with malicious display names to execute arbitrary JavaScript in victim browsers via sending a specially crafted OAuth2 connection link that, when visited, renders the attacker's display name without proper sanitization. Mattermost Advisory ID: MMSA-2025-00557
CVE-2022-3194 1 Dokan 1 Dokan 2026-02-24 5.4 Medium
The Dokan WordPress plugin before 3.6.4 allows vendors to inject arbitrary javascript in product reviews, which may allow them to run stored XSS attacks against other users like site administrators.
CVE-2022-3915 1 Dokan 1 Dokan 2026-02-24 9.8 Critical
The Dokan WordPress plugin before 3.7.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users
CVE-2025-62326 1 Hcltech 1 Digital Experience 2026-02-24 6.1 Medium
HCL Digital Experience is susceptible to stored cross-site scripting (XSS) in the administrative user interface which would require elevated privileges to exploit.
CVE-2019-25364 2 Tabs Laboratories Corporation, Tabslab 2 Win10 Mailcarrier, Mailcarrier 2026-02-24 9.8 Critical
MailCarrier 2.51 contains a buffer overflow vulnerability in the POP3 USER command that allows remote attackers to execute arbitrary code. Attackers can send a crafted oversized buffer to the POP3 service, overwriting memory and potentially gaining remote system access.
CVE-2019-25326 2 Northwest Performance Software, Nwpsw 2 Ippulse, Ippulse 2026-02-24 6.2 Medium
ipPulse 1.92 contains a denial of service vulnerability that allows local attackers to crash the application by providing an oversized input in the Enter Key field. Attackers can generate a 256-byte buffer of repeated 'A' characters to trigger an application crash when pasting the malicious content.
CVE-2025-70329 1 Totolink 2 X5000r, X5000r Firmware 2026-02-24 8 High
TOTOLink X5000R v9.1.0cu_2415_B20250515 contains an OS command injection vulnerability in the setIptvCfg handler of the /usr/sbin/lighttpd executable. The vlanVidLan1 (and other vlanVidLanX) parameters are retrieved via Uci_Get_Str and passed to the CsteSystem function without adequate validation or filtering. This allows an authenticated attacker to execute arbitrary shell commands with root privileges by injecting shell metacharacters into the affected parameters.
CVE-2025-69700 1 Tenda 2 Fh1203, Fh1203 Firmware 2026-02-24 7.5 High
Tenda FH1203 V2.0.1.6 contains a stack-based buffer overflow vulnerability in the modify_add_client_prio function, which is reachable via the formSetClientPrio CGI handler.
CVE-2024-8342 2 Nelzkie15, Sourcecodester 2 Pet Shop Management System, Petshop Management System 2026-02-24 6.3 Medium
A vulnerability, which was classified as critical, has been found in SourceCodester Petshop Management System 1.0. This issue affects some unknown processing of the file /controllers/add_client.php. The manipulation of the argument image_profile leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2019-11253 2 Kubernetes, Redhat 5 Kubernetes, Openshift, Openshift Container Platform and 2 more 2026-02-24 7.5 High
Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming unavailable. Prior to v1.14.0, default RBAC policy authorized anonymous users to submit requests that could trigger this vulnerability. Clusters upgraded from a version prior to v1.14.0 keep the more permissive policy by default for backwards compatibility.