Search

Search Results (363290 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-36350 1 Pukiwiki 1 Pukiwiki 2025-06-30 6.1 Medium
Stored cross-site scripting vulnerability in PukiWiki versions 1.3.1 to 1.5.3 allows a remote attacker to inject an arbitrary script via unspecified vectors.
CVE-2020-35509 1 Redhat 2 Keycloak, Red Hat Single Sign On 2025-06-30 5.4 Medium
A flaw was found in keycloak affecting versions 11.0.3 and 12.0.0. An expired certificate would be accepted by the direct-grant authenticator because of missing time stamp validations. The highest threat from this vulnerability is to data confidentiality and integrity.
CVE-2024-4399 1 Apereo 1 Central Authentication Service 2025-06-30 9.1 Critical
The does not validate a parameter before making a request to it, which could allow unauthenticated users to perform SSRF attack
CVE-2024-22059 1 Ivanti 1 Neurons For Itsm 2025-06-30 N/A
A SQL injection vulnerability in web component of Ivanti Neurons for ITSM allows a remote authenticated user to read/modify/delete information in the underlying database. This may also lead to DoS.
CVE-2024-22060 1 Ivanti 1 Neurons For Itsm 2025-06-30 4.9 Medium
An unrestricted file upload vulnerability in web component of Ivanti Neurons for ITSM allows a remote, authenticated, high privileged user to write arbitrary files into sensitive directories of ITSM server.
CVE-2024-4750 1 Buddyboss 1 Buddyboss 2025-06-30 5.3 Medium
The buddyboss-platform WordPress plugin before 2.6.0 contains an IDOR vulnerability that allows a user to like a private post by manipulating the ID included in the request
CVE-2023-34001 1 Wpplugins 1 Hide My Wp Ghost 2025-06-30 5.3 Medium
Improper Restriction of Excessive Authentication Attempts vulnerability in WPPlugins – WordPress Security Plugins Hide My WP Ghost allows Functionality Bypass.This issue affects Hide My WP Ghost: from n/a through 5.0.25.
CVE-2024-27264 1 Ibm 1 I 2025-06-30 7.4 High
IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 284563.
CVE-2024-31634 1 Xunruicms 1 Xunruicms 2025-06-30 6.1 Medium
Cross Site Scripting (XSS) vulnerability in Xunruicms versions 4.6.3 and before, allows remote attacker to execute arbitrary code via the Security.php file in the catalog \XunRuiCMS\dayrui\Fcms\Library.
CVE-2024-4456 3 Linux, Microsoft, Octopus 3 Linux Kernel, Windows, Octopus Server 2025-06-30 4.1 Medium
In affected versions of Octopus Server with certain access levels it was possible to embed a Cross-Site Scripting payload on the audit page.
CVE-2024-2697 1 Swiftideas 1 Swift Framework 2025-06-30 6.5 Medium
The socialdriver-framework WordPress plugin before 2024.0.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
CVE-2024-29212 1 Veeam 1 Veeam Service Provider Console 2025-06-30 N/A
Due to an unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server in communication between the management agent and its components, under certain conditions, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine.
CVE-2024-34338 1 Tenda 3 O3, O3 Firmware, O3v2 2025-06-30 7.2 High
Tenda O3V2 with firmware versions V1.0.0.10 and V1.0.0.12 was discovered to contain a Blind Command Injection via dest parameter in /goform/getTraceroute. This vulnerability allows attackers to execute arbitrary commands with root privileges. Authentication is required to exploit this vulnerability.
CVE-2024-3634 2 Benaceur-php, Month Name Translation Benaceur Wordpress Plugin 2 Month Name Translation Benaceur, Month Name Translation Benaceur Wordpress Plugin 2025-06-30 4.8 Medium
The month name translation benaceur WordPress plugin before 2.3.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVE-2023-46012 1 Linksys 2 Ea7500, Ea7500 Firmware 2025-06-30 9.8 Critical
Buffer Overflow vulnerability LINKSYS EA7500 3.0.1.207964 allows a remote attacker to execute arbitrary code via an HTTP request to the IGD UPnP.
CVE-2023-32154 1 Mikrotik 1 Routeros 2025-06-30 N/A
Mikrotik RouterOS RADVD Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Mikrotik RouterOS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Router Advertisement Daemon. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-19797.
CVE-2019-3578 1 Mybb 1 Mybb 2025-06-30 6.1 Medium
MyBB 1.8.19 has XSS in the resetpassword function.
CVE-2019-3579 1 Mybb 1 Mybb 2025-06-30 5.3 Medium
MyBB 1.8.19 allows remote attackers to obtain sensitive information because it discloses the username upon receiving a password-reset request that lacks the code parameter.
CVE-2025-53017 2025-06-30 N/A
Reason: This candidate was issued in error.
CVE-2025-53001 2025-06-30 N/A
Reason: This candidate was issued in error.