Search

Search Results (364838 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-12749 1 Raiserweb 1 Competition Form 2025-05-11 7.1 High
The Competition Form WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
CVE-2024-12807 1 Artlosk 1 Social Share Buttons 2025-05-11 4.8 Medium
The Social Share Buttons for WordPress plugin through 2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVE-2024-39501 1 Redhat 1 Enterprise Linux 2025-05-10 4.7 Medium
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2023-53063 2025-05-10 5.5 Medium
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2022-48917 2025-05-10 5.0 Medium
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-37835 2025-05-10 5.5 Medium
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-37795 2025-05-10 7.1 High
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2024-50016 2025-05-10 5.5 Medium
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-47770 2025-05-10 N/A
Not used
CVE-2025-47769 2025-05-10 N/A
Not used
CVE-2025-47768 2025-05-10 N/A
Not used
CVE-2025-47767 2025-05-10 N/A
Not used
CVE-2025-47766 2025-05-10 N/A
Not used
CVE-2025-47765 2025-05-10 N/A
Not used
CVE-2025-47764 2025-05-10 N/A
Not used
CVE-2025-47763 2025-05-10 N/A
Not used
CVE-2025-47762 2025-05-10 N/A
Not used
CVE-2022-42983 1 Anji-plus 1 Aj-report 2025-05-10 8.8 High
anji-plus AJ-Report 0.9.8.6 allows remote attackers to bypass login authentication by spoofing JWT Tokens.
CVE-2022-42980 1 Go-admin 1 Go-admin 2025-05-10 9.8 Critical
go-admin (aka GO Admin) 2.0.12 uses the string go-admin as a production JWT key.
CVE-2022-42975 1 Phoenixframework 1 Phoenix 2025-05-10 7.5 High
socket/transport.ex in Phoenix before 1.6.14 mishandles check_origin wildcarding. NOTE: LiveView applications are unaffected by default because of the presence of a LiveView CSRF token.