Search

Search Results (364527 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-70968 1 Freeimage Project 1 Freeimage 2026-01-23 9.8 Critical
FreeImage 3.18.0 contains a Use After Free in PluginTARGA.cpp;loadRLE().
CVE-2025-63644 2 Ph7builder, Ph7software 2 Ph7 Social Dating Builder, Ph7-social-dating-cms 2026-01-23 5.4 Medium
A stored cross-site scripting (XSS) vulnerability exists in pH7Software pH7-Social-Dating-CMS 17.9.1 in the user profile Description field.
CVE-2025-14556 2 Drupal, Flag Module Project 2 Flag, Flag 2026-01-23 5.4 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Flag allows Cross-Site Scripting (XSS).This issue affects Flag: from 7.X-3.0 through 7.X-3.9.
CVE-2025-14557 2 Drupal, Facebook Pixel Project 2 Facebook Pixel, Facebook Pixel 2026-01-23 4.8 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Facebook Pixel facebook_pixel allows Stored XSS.This issue affects Facebook Pixel: from 7.X-1.0 through 7.X-1.1.
CVE-2021-24713 1 Cminds 2 Video Lessons Manager, Video Lessons Manager Pro 2026-01-23 4.8 Medium
The Video Lessons Manager WordPress plugin before 1.7.2 and Video Lessons Manager Pro WordPress plugin before 3.5.9 do not properly sanitize and escape values when updating their settings, which could allow high privilege users to perform Cross-Site Scripting attacks
CVE-2023-28749 1 Cminds 1 Cm Search And Replace 2026-01-23 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM On Demand Search And Replace plugin <= 1.3.0 versions.
CVE-2026-24342 2026-01-23 N/A
Not used
CVE-2026-24341 2026-01-23 N/A
Not used
CVE-2026-24340 2026-01-23 N/A
Not used
CVE-2026-24339 2026-01-23 N/A
Not used
CVE-2026-24338 2026-01-23 N/A
Not used
CVE-2026-24337 2026-01-23 N/A
Not used
CVE-2026-24336 2026-01-23 N/A
Not used
CVE-2026-24335 2026-01-23 N/A
Not used
CVE-2026-24334 2026-01-23 N/A
Not used
CVE-2022-41342 1 Intel 1 C\+\+ Compiler 2026-01-23 6 Medium
Improper buffer restrictions in the Intel(R) C++ Compiler Classic before version 2021.7.1 for some Intel(R) oneAPI Toolkits before version 2022.3.1 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2023-31228 1 Cminds 1 Cm Search And Replace 2026-01-23 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CreativeMindsSolutions CM On Demand Search And Replace plugin <= 1.3.0 versions.
CVE-2025-54834 1 Opexustech 1 Foiaxpress Public Access Link 2026-01-23 5.3 Medium
OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0 allows an unauthenticated, remote attacker to query the /App/CreateRequest.aspx endpoint to check for the existence of valid usernames. There are no rate-limiting mechanisms in place.
CVE-2025-54833 1 Opexustech 1 Foiaxpress Public Access Link 2026-01-23 5.3 Medium
OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0 allows attackers to bypass account-lockout and CAPTCHA protections. Unauthenticated remote attackers can more easily brute force passwords.
CVE-2025-54832 1 Opexustech 1 Foiaxpress Public Access Link 2026-01-23 4.3 Medium
OPEXUS FOIAXpress Public Access Link (PAL), version v11.1.0, allows an authenticated user to add entries to the list of states and territories.