Search

Search Results (365319 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-39243 1 Skycaiji 1 Skycaiji 2025-06-13 9.8 Critical
An issue discovered in skycaiji 2.8 allows attackers to run arbitrary code via crafted POST request to /index.php?s=/admin/develop/editor_save.
CVE-2024-57498 1 Forestblog Project 1 Forestblog 2025-06-13 4.8 Medium
Cross Site Scripting vulnerability in sayski ForestBlog 20241223 allows a remote attacker to escalate privileges via the article editing function.
CVE-2025-46982 1 Adobe 1 Experience Manager 2025-06-13 5.4 Medium
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2025-23105 1 Samsung 6 Exynos 1480, Exynos 1480 Firmware, Exynos 2200 and 3 more 2025-06-13 7.8 High
An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. A Use-After-Free in the mobile processor leads to privilege escalation.
CVE-2025-23099 1 Samsung 4 Exynos 1480, Exynos 1480 Firmware, Exynos 2400 and 1 more 2025-06-13 9.1 Critical
An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The lack of a length check leads to out-of-bounds writes.
CVE-2025-27955 1 Philips 1 Clinical Collaboration Platform 2025-06-13 6.5 Medium
Clinical Collaboration Platform 12.2.1.5 has a weak logout system where the session token remains valid after logout and allows a remote attacker to obtain sensitive information and execute arbitrary code.
CVE-2018-16210 1 Wago 28 750-352, 750-352 Firmware, 750-362 and 25 more 2025-06-13 6.1 Medium
WAGO 750-88X and WAGO 750-89X Ethernet Controller devices, versions 01.09.18(13) and before, have XSS in the SNMP configuration via the webserv/cplcfg/snmp.ssi SNMP_DESC or SNMP_LOC_SNMP_CONT field.
CVE-2022-45064 1 Apache 2 Apache Sling Engine, Sling 2025-06-13 8 High
The SlingRequestDispatcher doesn't correctly implement the RequestDispatcher API resulting in a generic type of include-based cross-site scripting issues on the Apache Sling level. The vulnerability is exploitable by an attacker that is able to include a resource with specific content-type and control the include path (i.e. writing content). The impact of a successful attack is privilege escalation to administrative power. Please update to Apache Sling Engine >= 2.14.0 and enable the "Check Content-Type overrides" configuration option.
CVE-2025-27954 1 Philips 1 Clinical Collaboration Platform 2025-06-13 6.5 Medium
An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the usertoken function of default.aspx.
CVE-2025-27953 1 Philips 1 Clinical Collaboration Platform 2025-06-13 6.5 Medium
An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the session management component.
CVE-2025-23104 1 Samsung 2 Exynos 2200, Exynos 2200 Firmware 2025-06-13 6.5 Medium
An issue was discovered in Samsung Mobile Processor Exynos 2200. A Use-After-Free in the mobile processor leads to privilege escalation.
CVE-2025-45542 1 Vishalmathur 1 Cloudclassroom-php Project 2025-06-13 7.3 High
SQL injection vulnerability in the registrationform endpoint of CloudClassroom-PHP-Project v1.0. The pass parameter is vulnerable due to improper input validation, allowing attackers to inject SQL queries.
CVE-2025-46981 1 Adobe 1 Experience Manager 2025-06-13 5.4 Medium
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2025-46979 1 Adobe 1 Experience Manager 2025-06-13 5.4 Medium
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2025-46978 1 Adobe 1 Experience Manager 2025-06-13 5.4 Medium
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2025-46977 1 Adobe 1 Experience Manager 2025-06-13 5.4 Medium
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2025-46976 1 Adobe 1 Experience Manager 2025-06-13 5.4 Medium
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2025-44115 1 Cotonti 1 Cotonti Siena 2025-06-13 5.4 Medium
A vulnerability has been found in Cotonti Siena v0.9.25. Affected by this vulnerability is the file /admin.php?m=config&n=edit&o=core&p=title. The manipulation of the value of title leads to cross-site scripting.
CVE-2024-57459 1 Vishalmathur 1 Cloudclassroom-php Project 2025-06-13 7.3 High
A time-based SQL injection vulnerability exists in mydetailsstudent.php in the CloudClassroom PHP Project 1.0. The myds parameter does not properly validate user input, allowing an attacker to inject arbitrary SQL commands.
CVE-2024-31503 1 Dolibarr 1 Dolibarr Erp\/crm 2025-06-13 7.5 High
Incorrect access control in Dolibarr ERP CRM versions 19.0.0 and before, allows authenticated attackers to steal victim users' session cookies and CSRF protection tokens via user interaction with a crafted web page, leading to account takeover.