Search
Search Results (364838 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-12749 | 1 Raiserweb | 1 Competition Form | 2025-05-11 | 7.1 High |
| The Competition Form WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2024-12807 | 1 Artlosk | 1 Social Share Buttons | 2025-05-11 | 4.8 Medium |
| The Social Share Buttons for WordPress plugin through 2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-39501 | 1 Redhat | 1 Enterprise Linux | 2025-05-10 | 4.7 Medium |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2023-53063 | 2025-05-10 | 5.5 Medium | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2022-48917 | 2025-05-10 | 5.0 Medium | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2025-37835 | 2025-05-10 | 5.5 Medium | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2025-37795 | 2025-05-10 | 7.1 High | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2024-50016 | 2025-05-10 | 5.5 Medium | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2025-47770 | 2025-05-10 | N/A | ||
| Not used | ||||
| CVE-2025-47769 | 2025-05-10 | N/A | ||
| Not used | ||||
| CVE-2025-47768 | 2025-05-10 | N/A | ||
| Not used | ||||
| CVE-2025-47767 | 2025-05-10 | N/A | ||
| Not used | ||||
| CVE-2025-47766 | 2025-05-10 | N/A | ||
| Not used | ||||
| CVE-2025-47765 | 2025-05-10 | N/A | ||
| Not used | ||||
| CVE-2025-47764 | 2025-05-10 | N/A | ||
| Not used | ||||
| CVE-2025-47763 | 2025-05-10 | N/A | ||
| Not used | ||||
| CVE-2025-47762 | 2025-05-10 | N/A | ||
| Not used | ||||
| CVE-2022-42983 | 1 Anji-plus | 1 Aj-report | 2025-05-10 | 8.8 High |
| anji-plus AJ-Report 0.9.8.6 allows remote attackers to bypass login authentication by spoofing JWT Tokens. | ||||
| CVE-2022-42980 | 1 Go-admin | 1 Go-admin | 2025-05-10 | 9.8 Critical |
| go-admin (aka GO Admin) 2.0.12 uses the string go-admin as a production JWT key. | ||||
| CVE-2022-42975 | 1 Phoenixframework | 1 Phoenix | 2025-05-10 | 7.5 High |
| socket/transport.ex in Phoenix before 1.6.14 mishandles check_origin wildcarding. NOTE: LiveView applications are unaffected by default because of the presence of a LiveView CSRF token. | ||||