Search Results (366276 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-37495 1 Hcltech 1 Domino 2025-05-08 5.9 Medium
Internet passwords stored in Person documents in the Domino® Directory created using the "Add Person" action on the People & Groups tab in the Domino® Administrator are secured using a cryptographically weak hash algorithm. This could enable attackers with access to the hashed value to determine a user's password, e.g. using a brute force attack. This issue does not impact Person documents created through user registration https://help.hcltechsw.com/domino/10.0.1/admin/conf_userregistration_c.html .
CVE-2023-7201 1 Everestthemes 1 Everest Backup 2025-05-08 6.5 Medium
The Everest Backup WordPress plugin before 2.2.5 does not properly validate backup files to be uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)
CVE-2024-1746 1 Radiustheme 1 Testimonial Slider And Showcase 2025-05-08 5.4 Medium
The Testimonial Slider WordPress plugin before 2.3.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVE-2024-1660 1 Wpdarko 1 Top Bar 2025-05-08 4.8 Medium
The Top Bar WordPress plugin before 3.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVE-2024-2444 1 Data443 1 Inline Related Posts 2025-05-08 4.8 Medium
The Inline Related Posts WordPress plugin before 3.5.0 does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
CVE-2024-3752 1 Crelly Slider Project 1 Crelly Slider 2025-05-08 5.4 Medium
The Crelly Slider WordPress plugin through 1.4.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVE-2024-0904 1 Radykal 1 Fancy Product Designer 2025-05-08 5.9 Medium
The Fancy Product Designer WordPress plugin before 6.1.81 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVE-2024-3692 1 Jegstudio 1 Gutenverse 2025-05-08 6.1 Medium
The Gutenverse WordPress plugin before 1.9.1 does not validate the htmlTag option in various of its block before outputting it back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
CVE-2024-3637 1 Themehunk 1 Contact Form \& Lead Form Elementor Builder 2025-05-08 6.1 Medium
The Responsive Contact Form Builder & Lead Generation Plugin WordPress plugin through 1.8.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVE-2024-25225 1 Code-projects 1 Simple Admin Panel 2025-05-08 6.1 Medium
A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter under the Add Category function.
CVE-2024-25215 1 Sherlock 1 Employee Management System 2025-05-08 9.8 Critical
Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the pwd parameter at /aprocess.php.
CVE-2023-32006 3 Fedoraproject, Nodejs, Redhat 4 Fedora, Node.js, Enterprise Linux and 1 more 2025-05-08 8.8 High
The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js.
CVE-2023-32004 2 Fedoraproject, Nodejs 2 Fedora, Node.js 2025-05-08 8.8 High
A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of Buffers in file system APIs causing a traversal path to bypass when verifying file permissions. This vulnerability affects all users using the experimental permission model in Node.js 20. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.
CVE-2022-42200 1 Simple Exam Reviewer Management System Project 1 Simple Exam Reviewer Management System 2025-05-08 5.4 Medium
Simple Exam Reviewer Management System v1.0 is vulnerable to Stored Cross Site Scripting (XSS) via the Exam List.
CVE-2022-42199 1 Simple Exam Reviewer Management System Project 1 Simple Exam Reviewer Management System 2025-05-08 8.8 High
Simple Exam Reviewer Management System v1.0 is vulnerable to Cross Site Request Forgery (CSRF) via the Exam List.
CVE-2022-42198 1 Simple Exam Reviewer Management System Project 1 Simple Exam Reviewer Management System 2025-05-08 8.8 High
In Simple Exam Reviewer Management System v1.0 the User List function suffers from insecure file upload.
CVE-2022-42197 1 Simple Exam Reviewer Management System Project 1 Simple Exam Reviewer Management System 2025-05-08 6.5 Medium
In Simple Exam Reviewer Management System v1.0 the User List function has improper access control that allows low privileged users to modify user permissions to higher privileges.
CVE-2022-42176 1 Pctechsoft 1 Pcsecure 2025-05-08 7.8 High
In PCTechSoft PCSecure V5.0.8.xw, use of Hard-coded Credentials in configuration files leads to admin panel access.
CVE-2022-42021 1 Best Student Result Management System Project 1 Best Student Result Management System 2025-05-08 9.8 Critical
Best Student Result Management System v1.0 is vulnerable to SQL Injection via /upresult/upresult/notice-details.php?nid=.
CVE-2022-41358 1 Garage Management System Project 1 Garage Management System 2025-05-08 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in Garage Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the categoriesName parameter in createCategories.php.