Search

Search Results (363785 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-25180 1 Pdfmake Project 1 Pdfmake 2025-05-13 9.8 Critical
An issue discovered in pdfmake 0.2.9 allows remote attackers to run arbitrary code via crafted POST request to the /pdf endpoint. NOTE: this is disputed because the behavior of the /pdf endpoint is intentional. The /pdf endpoint is only available after installing a test framework (that lives outside of the pdfmake applicaton). Anyone installing this is responsible for ensuring that it is only available to authorized testers.
CVE-2024-22532 1 Xnview 1 Nconvert 2025-05-13 6.5 Medium
Buffer Overflow vulnerability in XNSoft NConvert 7.163 (for Windows x86) allows attackers to cause a denial of service via crafted xwd file.
CVE-2024-26476 2 Mpdf Project, Open-emr 2 Mpdf, Openemr 2025-05-13 3.5 Low
An issue in open-emr before v.7.0.2 allows a remote attacker to escalate privileges via a crafted script to the formid parameter in the ereq_form.php component.
CVE-2024-25293 1 Mjml 1 Mjml App 2025-05-13 9.3 Critical
mjml-app versions 3.0.4 and 3.1.0-beta were discovered to contain a remote code execution (RCE) via the href attribute.
CVE-2024-22891 1 Nteract 1 Nteract 2025-05-13 9.8 Critical
Nteract v.0.28.0 was discovered to contain a remote code execution (RCE) vulnerability via the Markdown link.
CVE-2024-26548 1 Vivotek 3 Camera, Camera Firmware, Network Camera 2025-05-13 9.8 Critical
An issue in vivotek Network Camera v.FD8166A-VVTK-0204j allows a remote attacker to execute arbitrary code via a crafted payload to the upload_file.cgi component.
CVE-2024-24035 1 Setorinformatica 1 S.i.l. 2025-05-13 6.1 Medium
Cross Site Scripting (XSS) vulnerability in Setor Informatica SIL 3.1 allows attackers to run arbitrary code via the hmessage parameter.
CVE-2020-36845 1 Knowbe4 1 Security Awareness Training 2025-05-13 5.3 Medium
The KnowBe4 Security Awareness Training application before 2020-01-10 contains a redirect function that does not validate the destination URL before redirecting. The response has a SCRIPT element that sets window.location.href to an arbitrary https URL.
CVE-2020-36844 1 Knowbe4 1 Security Awareness Training 2025-05-13 6.1 Medium
The KnowBe4 Security Awareness Training application before 2020-01-10 allows reflected XSS. The response has a SCRIPT element that sets window.location.href to a JavaScript URL.
CVE-2025-43955 1 Convertigo 1 Convertigo 2025-05-13 2.2 Low
TwsCachedXPathAPI in Convertigo through 8.3.4 does not restrict the use of commons-jxpath APIs.
CVE-2025-25997 1 Feminer Wms Project 1 Feminer Wms 2025-05-13 7.5 High
Directory Traversal vulnerability in FeMiner wms v.1.0 allows a remote attacker to obtain sensitive information via the databak.php component.
CVE-2024-39722 1 Ollama 1 Ollama 2025-05-13 7.5 High
An issue was discovered in Ollama before 0.1.46. It exposes which files exist on the server on which it is deployed via path traversal in the api/push route.
CVE-2024-26469 1 Prestalife 1 Product Designer 2025-05-13 8.1 High
Server-Side Request Forgery (SSRF) vulnerability in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows remote attackers to cause a denial of service (DoS) and escalate privileges via the url parameter in the postProcess() method.
CVE-2022-3540 1 Hunter2 Project 1 Hunter2 2025-05-13 6.5 Medium
An issue has been discovered in hunter2 affecting all versions before 2.1.0. Improper handling of auto-completion input allows an authenticated attacker to extract other users email addresses
CVE-2022-3517 4 Debian, Fedoraproject, Minimatch Project and 1 more 9 Debian Linux, Fedora, Minimatch and 6 more 2025-05-13 7.5 High
A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.
CVE-2023-52555 1 Mongo-express Project 1 Mongo-express 2025-05-13 6.1 Medium
In mongo-express 1.0.2, /admin allows CSRF, as demonstrated by deletion of a Collection.
CVE-2024-38888 1 Horizoncloud 1 Caterease 2025-05-13 6.8 Medium
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a local attacker to perform a Password Brute Forcing attack due to improper restriction of excessive authentication attempts.
CVE-2024-38885 1 Horizoncloud 1 Caterease 2025-05-13 7.5 High
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform unauthorized access using known operating system credentials due to hardcoded SQL user credentials in the client application.
CVE-2024-38884 1 Horizoncloud 1 Caterease 2025-05-13 7.8 High
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a local attacker to perform an Authentication Bypass attack due to improperly implemented security checks for standard authentication mechanisms
CVE-2024-38883 1 Horizoncloud 1 Caterease 2025-05-13 9.1 Critical
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Drop Encryption Level attack due to the selection of a less-secure algorithm during negotiation.