Search

Search Results (367494 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-33860 1 Ibm 1 Security Qradar Edr 2025-05-19 5.3 Medium
IBM Security QRadar EDR 3.12 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic.
CVE-2024-3851 1 Pribai 1 Privategpt 2025-05-19 5.4 Medium
A stored Cross-Site Scripting (XSS) vulnerability exists in the 'imartinez/privategpt' repository due to improper validation of file uploads. Attackers can exploit this vulnerability by uploading malicious HTML files, such as those containing JavaScript payloads, which are then executed in the context of the victim's session when accessed. This could lead to the execution of arbitrary JavaScript code in the context of the user's browser session, potentially resulting in phishing attacks or other malicious actions. The vulnerability affects the latest version of the repository.
CVE-2024-0403 2 Tandoor, Tandoorrecipes 2 Recipes, Recipes 2025-05-19 6.5 Medium
Recipes version 1.5.10 allows arbitrary HTTP requests to be made through the server. This is possible because the application is vulnerable to SSRF.
CVE-2025-32820 1 Sonicwall 12 Sma 100, Sma 100 Firmware, Sma 200 and 9 more 2025-05-19 8.3 High
A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges can inject a path traversal sequence to make any directory on the SMA appliance writable.
CVE-2025-45798 1 Totolink 2 A950rg, A950rg Firmware 2025-05-19 6.5 Medium
A command execution vulnerability exists in the TOTOLINK A950RG V4.1.2cu.5204_B20210112. The vulnerability is located in the setNoticeCfg interface within the /lib/cste_modules/system.so library, specifically in the processing of the IpTo parameter.
CVE-2024-4758 1 Realwebcare 1 Muslim Prayer Time Bd 2025-05-19 7.6 High
The Muslim Prayer Time BD WordPress plugin through 2.4 does not have CSRF check in place when reseting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack
CVE-2024-5287 1 Tipsandtricks-hq 1 Wp Affiliate Platform 2025-05-19 7.1 High
The wp-affiliate-platform WordPress plugin before 6.5.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in user change them via a CSRF attack
CVE-2024-5286 1 Tipsandtricks-hq 1 Wp Affiliate Platform 2025-05-19 4.8 Medium
The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVE-2024-5284 1 Tipsandtricks-hq 1 Wp Affiliate Platform 2025-05-19 6.8 Medium
The wp-affiliate-platform WordPress plugin before 6.5.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
CVE-2024-5283 1 Tipsandtricks-hq 1 Wp Affiliate Platform 2025-05-19 6.1 Medium
The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVE-2024-5282 1 Tipsandtricks-hq 1 Wp Affiliate Platform 2025-05-19 6.1 Medium
The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVE-2024-5281 1 Tipsandtricks-hq 1 Wp Affiliate Platform 2025-05-19 6.1 Medium
The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVE-2024-5280 1 Tipsandtricks-hq 1 Wp Affiliate Platform 2025-05-19 4.7 Medium
The wp-affiliate-platform WordPress plugin before 6.5.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make non-logged in users execute an XSS payload via a CSRF attack
CVE-2023-28656 2 F5, Netapp 5 Nginx Api Connectivity Manager, Nginx Instance Manager, Nginx Security Monitoring and 2 more 2025-05-19 8.1 High
NGINX Management Suite may allow an authenticated attacker to gain access to configuration objects outside of their assigned environment.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2024-3641 1 Mndpsingh287 1 Newsletter Popup 2025-05-19 6.1 Medium
The Newsletter Popup WordPress plugin through 1.2 does not sanitise and escape some parameters, which could allow unauthenticated visitors to perform Cross-Site Scripting attacks against admins
CVE-2024-3642 1 Mndpsingh287 1 Newsletter Popup 2025-05-19 6.9 Medium
The Newsletter Popup WordPress plugin through 1.2 does not have CSRF check when deleting subscriber, which could allow attackers to make logged in admins perform such action via a CSRF attack
CVE-2024-3644 1 Mndpsingh287 1 Newsletter Popup 2025-05-19 4.8 Medium
The Newsletter Popup WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVE-2023-39498 1 Pdf-xchange 2 Pdf-tools, Pdf-xchange Editor 2025-05-19 7.8 High
PDF-XChange Editor JPG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPG files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-19948.
CVE-2023-39499 1 Pdf-xchange 2 Pdf-tools, Pdf-xchange Editor 2025-05-19 7.8 High
PDF-XChange Editor JPG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPG files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-19949.
CVE-2023-39500 1 Pdf-xchange 2 Pdf-tools, Pdf-xchange Editor 2025-05-19 7.8 High
PDF-XChange Editor JPG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPG files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-19950.