Search

Search Results (363250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-39496 1 Pdf-xchange 2 Pdf-tools, Pdf-xchange Editor 2025-05-19 7.8 High
PDF-XChange Editor TIF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF files. Crafted data in a TIF file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-19658.
CVE-2023-39497 1 Pdf-xchange 2 Pdf-tools, Pdf-xchange Editor 2025-05-19 7.8 High
PDF-XChange Editor JPG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPG files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-19947.
CVE-2023-39490 1 Pdf-xchange 2 Pdf-tools, Pdf-xchange Editor 2025-05-19 7.8 High
PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-19636.
CVE-2025-30733 1 Oracle 1 Rdbms Listener 2025-05-19 6.5 Medium
Vulnerability in the RDBMS Listener component of Oracle Database Server. Supported versions that are affected are 19.3-19.26, 21.3-21.17 and 23.4-23.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise RDBMS Listener. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all RDBMS Listener accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).
CVE-2024-4878 2025-05-19 N/A
Unused CVE record, incorrectly reserved
CVE-2023-6199 1 Bookstackapp 1 Bookstack 2025-05-19 6.5 Medium
Book Stack version 23.10.2 allows filtering local files on the server. This is possible because the application is vulnerable to SSRF.
CVE-2023-6142 1 Armanidrisi 1 Dev Blog 2025-05-19 5.4 Medium
Dev blog v1.0 allows to exploit an XSS through an unrestricted file upload, together with a bad entropy of filenames. With this an attacker can upload a malicious HTML file, then guess the filename of the uploaded file and send it to a potential victim.
CVE-2023-45121 1 Projectworlds 1 Online Examination System 2025-05-19 8.8 High
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'desc' parameter of the /update.php?q=addquiz resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-45120 1 Projectworlds 1 Online Examination System 2025-05-19 8.8 High
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'qid' parameter of the /update.php?q=quiz&step=2 resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-45119 1 Projectworlds 1 Online Examination System 2025-05-19 8.8 High
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'n' parameter of the /update.php?q=quiz resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-45118 1 Projectworlds 1 Online Examination System 2025-05-19 8.8 High
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'fdid' parameter of the /update.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-45117 1 Projectworlds 1 Online Examination System 2025-05-19 8.8 High
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'eid' parameter of the /update.php?q=rmquiz resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-45116 1 Projectworlds 1 Online Examination System 2025-05-19 8.8 High
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'demail' parameter of the /update.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-6385 1 Wordpress Ping Optimizer Project 1 Wordpress Ping Optimizer 2025-05-19 4.3 Medium
The WordPress Ping Optimizer WordPress plugin through 2.35.1.3.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as clearing logs.
CVE-2024-1958 1 Wpb Show Core Project 1 Wpb Show Core 2025-05-19 4.8 Medium
The WPB Show Core WordPress plugin before 2.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or unauthenticated users
CVE-2024-1956 1 Wpb Show Core Project 1 Wpb Show Core 2025-05-19 6.1 Medium
The wpb-show-core WordPress plugin before 2.7 does not sanitise and escape the parameters before outputting it back in the response of an unauthenticated request, leading to a Reflected Cross-Site Scripting
CVE-2024-1292 1 Wpb Show Core Project 1 Wpb Show Core 2025-05-19 4.7 Medium
The WPB Show Core WordPress plugin before 2.7 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVE-2024-2016 1 Zhicms 1 Zhicms 2025-05-19 6.3 Medium
A vulnerability, which was classified as critical, was found in ZhiCms 4.0. Affected is the function index of the file app/manage/controller/setcontroller.php. The manipulation of the argument sitename leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-255270 is the identifier assigned to this vulnerability.
CVE-2023-48902 1 Tramyardg 1 Autoexpress 2025-05-19 9.8 Critical
An issue was discovered in tramyardg autoexpress version 1.3.0, allows unauthenticated remote attackers to escalate privileges, update car data, delete vehicles, and upload car images via authentication bypass in uploadCarImages.php.
CVE-2023-48903 1 Tramyardg 1 Autoexpress 2025-05-19 6.1 Medium
Stored Cross-Site Scripting (XSS) vulnerability in tramyardg autoexpress 1.3.0, allows remote unauthenticated attackers to inject arbitrary web script or HTML within parameter "imgType" via in uploadCarImages.php.