Search

Search Results (363690 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-30158 1 Namelessmc 1 Nameless 2025-05-13 7.1 High
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, the forum allows users to post iframe elements inside forum topics/comments/feed with no restriction on the iframe's width and height attributes. This allows an authenticated attacker to perform a UI-based denial of service (DoS) by injecting oversized iframes that block the forum UI and disrupt normal user interactions. This issue has been patched in version 2.2.0.
CVE-2025-30357 1 Namelessmc 1 Nameless 2025-05-13 7.3 High
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, if a malicious user is leaving spam comments on many topics then an administrator, unable to manually remove each spam comment, may delete the malicious account. Once an administrator deletes the malicious user's account, all their posts (comments) along with the associated topics (by unrelated users) will be marked as deleted. This issue has been patched in version 2.2.0.
CVE-2024-6938 1 B3log 1 Siyuan 2025-05-13 3.5 Low
A vulnerability has been found in SiYuan 3.1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file PDF.js of the component PDF Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271993 was assigned to this vulnerability.
CVE-2025-31118 1 Namelessmc 1 Nameless 2025-05-13 7.1 High
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, forum quick reply feature (view_topic.php) does not implement any spam prevention mechanism. This allows authenticated users to continuously post replies without any time restriction, resulting in an uncontrolled surge of posts that can disrupt normal operations. This issue has been patched in version 2.2.0.
CVE-2024-24245 2 Canimaan, Clamxav 2 Clamxav, Clamxav 2025-05-13 7.8 High
An issue in Canimaan Software LTD ClamXAV v3.1.2 through v3.6.1 and fixed in v.3.6.2 allows a local attacker to escalate privileges via the ClamXAV helper tool component.
CVE-2024-49041 1 Microsoft 1 Edge Chromium 2025-05-13 4.3 Medium
Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2024-49063 1 Microsoft 1 Muzic 2025-05-13 8.4 High
Microsoft/Muzic Remote Code Execution Vulnerability
CVE-2025-31120 1 Namelessmc 1 Nameless 2025-05-13 5.3 Medium
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, an insecure view count mechanism in the forum page allows an unauthenticated attacker to artificially increase the view count. The application relies on a client-side cookie (nl-topic-[tid]) (or session variable for guests) to determine if a view should be counted. When a client does not provide the cookie, every page request increments the counter, leading to incorrect view metrics. This issue has been patched in version 2.2.0.
CVE-2025-32389 1 Namelessmc 1 Nameless 2025-05-13 6.5 Medium
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Prior to version 2.1.4, NamelessMC is vulnerable to SQL injection by providing an unexpected square bracket GET parameter syntax. Square bracket GET parameter syntax refers to the structure `?param[0]=a&param[1]=b&param[2]=c` utilized by PHP, which is parsed by PHP as `$_GET['param']` being of type array. This issue has been patched in version 2.1.4.
CVE-2025-22142 1 Namelessmc 1 Nameless 2025-05-13 5.4 Medium
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In affected versions an admin can add the ability to have users fill out an additional field and users can inject javascript code into it that would be activated once a staffer visits the user's profile on staff panel. As a result an attacker can execute javascript code on the staffer's computer. This issue has been addressed in version 2.1.3 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2022-42218 1 Open Source Sacco Management System Project 1 Open Source Sacco Management System 2025-05-13 7.2 High
Open Source SACCO Management System v1.0 vulnerable to SQL Injection via /sacco_shield/manage_loan.php.
CVE-2022-42202 1 Tp-link 2 Tl-wr841n, Tl-wr841n Firmware 2025-05-13 6.1 Medium
TP-Link TL-WR841N 8.0 4.17.16 Build 120201 Rel.54750n is vulnerable to Cross Site Scripting (XSS).
CVE-2022-42188 1 Lavalite 1 Lavalite 2025-05-13 7.5 High
In Lavalite 9.0.0, the XSRF-TOKEN cookie is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server.
CVE-2022-42165 1 Tenda 2 Ac10, Ac10 Firmware 2025-05-13 9.8 Critical
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetDeviceName.
CVE-2022-42116 1 Liferay 2 Dxp, Liferay Portal 2025-05-13 6.1 Medium
A Cross-site scripting (XSS) vulnerability in the Frontend Editor module's integration with CKEditor in Liferay Portal 7.3.2 through 7.4.3.14, and Liferay DXP 7.3 before update 6, and 7.4 before update 15 allows remote attackers to inject arbitrary web script or HTML via the (1) name, or (2) namespace parameter.
CVE-2022-42115 1 Liferay 1 Liferay Portal 2025-05-13 5.4 Medium
Cross-site scripting (XSS) vulnerability in the Object module's edit object details page in Liferay Portal 7.4.3.4 through 7.4.3.36 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into the object field's `Label` text field.
CVE-2022-40889 1 Phpok 1 Phpok 2025-05-13 9.8 Critical
Phpok 6.1 has a deserialization vulnerability via framework/phpok_call.php.
CVE-2022-3569 1 Synacor 1 Zimbra Collaboration Suite 2025-05-13 7.8 High
Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the 'zimbra' user can effectively coerce postfix into running arbitrary commands as 'root'.
CVE-2022-39198 1 Apache 1 Dubbo 2025-05-13 9.8 Critical
A deserialization vulnerability existed in dubbo hessian-lite 3.2.12 and its earlier versions, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.17 and prior versions; Apache Dubbo 3.0.x version 3.0.11 and prior versions; Apache Dubbo 3.1.x version 3.1.0 and prior versions.
CVE-2022-38743 1 Rockwellautomation 1 Factorytalk Vantagepoint 2025-05-13 8.8 High
Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an improper access control vulnerability. The FactoryTalk VantagePoint SQL Server account could allow a malicious user with read-only privileges to execute SQL statements in the back-end database. If successfully exploited, this could allow the attacker to execute arbitrary code and gain access to restricted data.