Export limit exceeded: 365359 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (365359 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-3469 1 Marcomilesi 1 Wp Attachments 2025-05-05 4.8 Medium
The WP Attachments WordPress plugin before 5.0.5 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup).
CVE-2022-3373 1 Google 1 Chrome 2025-05-05 8.8 High
Out of bounds write in V8 in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
CVE-2022-3204 3 Fedoraproject, Nlnetlabs, Redhat 4 Fedora, Unbound, Enterprise Linux and 1 more 2025-05-05 7.5 High
A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software. The NRDelegation Attack works by having a malicious delegation with a considerable number of non responsive nameservers. The attack starts by querying a resolver for a record that relies on those unresponsive nameservers. The attack can cause a resolver to spend a lot of time/resources resolving records under a malicious delegation point where a considerable number of unresponsive NS records reside. It can trigger high CPU usage in some resolver implementations that continually look in the cache for resolved NS records in that delegation. This can lead to degraded performance and eventually denial of service in orchestrated attacks. Unbound does not suffer from high CPU usage, but resources are still needed for resolving the malicious delegation. Unbound will keep trying to resolve the record until hard limits are reached. Based on the nature of the attack and the replies, different limits could be reached. From version 1.16.3 on, Unbound introduces fixes for better performance when under load, by cutting opportunistic queries for nameserver discovery and DNSKEY prefetching and limiting the number of times a delegation point can issue a cache lookup for missing records.
CVE-2022-39189 3 Linux, Netapp, Redhat 5 Linux Kernel, Hci Baseboard Management Controller, Enterprise Linux and 2 more 2025-05-05 7.8 High
An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations.
CVE-2022-36946 4 Debian, Linux, Netapp and 1 more 10 Debian Linux, Linux Kernel, Active Iq Unified Manager and 7 more 2025-05-05 7.5 High
nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len.
CVE-2022-36912 1 Jenkins 1 Openstack Heat 2025-05-05 4.3 Medium
A missing permission check in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.
CVE-2022-36879 4 Debian, Linux, Netapp and 1 more 46 Debian Linux, Linux Kernel, A700s and 43 more 2025-05-05 5.5 Medium
An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice.
CVE-2022-38744 1 Rockwellautomation 1 Factorytalk Alarms And Events 2025-05-05 7.5 High
An unauthenticated attacker with network access to a victim's Rockwell Automation FactoryTalk Alarm and Events service could open a connection, causing the service to fault and become unavailable. The affected port could be used as a server ping port and uses messages structured with XML.
CVE-2023-41503 2 Code-projects, Php 2 Student Enrollment, Student Enrollment 2025-05-05 9.8 Critical
Student Enrollment In PHP v1.0 was discovered to contain a SQL injection vulnerability via the Login function.
CVE-2025-0410 1 Liujianview 1 Gymxmjpa 2025-05-05 6.3 Medium
A vulnerability classified as critical was found in liujianview gymxmjpa 1.0. This vulnerability affects the function MenberDaoInpl of the file src/main/java/com/liujian/gymxmjpa/controller/MenberConntroller.java. The manipulation of the argument hyname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-0409 1 Liujianview 1 Gymxmjpa 2025-05-05 6.3 Medium
A vulnerability classified as critical has been found in liujianview gymxmjpa 1.0. This affects the function MembertypeDaoImpl of the file src/main/java/com/liujian/gymxmjpa/controller/MembertypeController.java. The manipulation of the argument typeName leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-0408 1 Liujianview 1 Gymxmjpa 2025-05-05 6.3 Medium
A vulnerability was found in liujianview gymxmjpa 1.0. It has been rated as critical. Affected by this issue is the function LoosDaoImpl of the file src/main/java/com/liujian/gymxmjpa/controller/LoosController.java. The manipulation of the argument loosName leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-0407 1 Liujianview 1 Gymxmjpa 2025-05-05 6.3 Medium
A vulnerability was found in liujianview gymxmjpa 1.0. It has been declared as critical. Affected by this vulnerability is the function EquipmentDaoImpl of the file src/main/java/com/liujian/gymxmjpa/controller/EquipmentController.java. The manipulation of the argument hyname leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-0406 1 Liujianview 1 Gymxmjpa 2025-05-05 6.3 Medium
A vulnerability was found in liujianview gymxmjpa 1.0. It has been classified as critical. Affected is the function SubjectDaoImpl of the file src/main/java/com/liujian/gymxmjpa/controller/SubjectController.java. The manipulation of the argument subname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-0405 1 Liujianview 1 Gymxmjpa 2025-05-05 6.3 Medium
A vulnerability was found in liujianview gymxmjpa 1.0 and classified as critical. This issue affects the function GoodsDaoImpl of the file src/main/java/com/liujian/gymxmjpa/controller/GoodsController.java. The manipulation of the argument goodsName leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-0490 1 Native-php-cms Project 1 Native-php-cms 2025-05-05 6.3 Medium
A vulnerability, which was classified as critical, has been found in Fanli2012 native-php-cms 1.0. This issue affects some unknown processing of the file /fladmin/article_dodel.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-0489 1 Native-php-cms Project 1 Native-php-cms 2025-05-05 6.3 Medium
A vulnerability classified as critical was found in Fanli2012 native-php-cms 1.0. This vulnerability affects unknown code of the file /fladmin/friendlink_dodel.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-0488 1 Native-php-cms Project 1 Native-php-cms 2025-05-05 6.3 Medium
A vulnerability classified as critical has been found in Fanli2012 native-php-cms 1.0. This affects an unknown part of the file product_list.php. The manipulation of the argument cat leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-10638 1 Acowebs 1 Product Labels For Woocommerce \(sale Badges\) 2025-05-05 4.1 Medium
The Product Labels For Woocommerce (Sale Badges) WordPress plugin before 1.5.11 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks
CVE-2024-13095 1 Wptriggers 1 Wp Triggers Lite 2025-05-05 4.8 Medium
The WP Triggers Lite WordPress plugin through 2.5.3 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks