Export limit exceeded: 366276 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366276 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-20124 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | 8.8 High |
| Wuzhi CMS v4.1.0 contains a remote code execution (RCE) vulnerability in \attachment\admin\index.php. | ||||
| CVE-2022-27431 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | 9.8 Critical |
| Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the groupid parameter at /coreframe/app/member/admin/group.php. | ||||
| CVE-2023-31860 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | 5.4 Medium |
| Wuzhi CMS v3.1.2 has a storage type XSS vulnerability in the backend of the Five Finger CMS b2b system. | ||||
| CVE-2024-1331 | 1 Wpdarko | 1 Team Members | 2025-05-05 | 6.1 Medium |
| The Team Members WordPress plugin before 5.3.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the author role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2024-1333 | 1 Wpdarko | 1 Responsive Pricing Table | 2025-05-05 | 5.4 Medium |
| The Responsive Pricing Table WordPress plugin before 5.1.11 does not validate and escape some of its Pricing Table options before outputting them back in a page/post where the related shortcode is embed, which could allow users with the author role and above to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2024-1658 | 2 Wordpress, Wpdarko | 2 Grid Shortcodes, Grid Shortcodes | 2025-05-05 | 5.4 Medium |
| The Grid Shortcodes WordPress plugin before 1.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2023-7085 | 1 Sterlinghamilton | 1 Scalable Vector Graphics \(svg\) | 2025-05-05 | 5.4 Medium |
| The Scalable Vector Graphics (SVG) WordPress plugin through 3.4 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. | ||||
| CVE-2023-7236 | 1 Backupbolt | 1 Backup Bolt | 2025-05-05 | 4.7 Medium |
| The Backup Bolt WordPress plugin through 1.3.0 is vulnerable to Information Exposure via the unprotected access of debug logs. This makes it possible for unauthenticated attackers to retrieve the debug log which may contain information like system errors which could contain sensitive information. | ||||
| CVE-2024-20019 | 1 Mediatek | 3 Mt7925, Mt7927, Software Package | 2025-05-05 | 5.9 Medium |
| In wlan driver, there is a possible memory leak due to improper input handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00351241; Issue ID: MSV-1173. | ||||
| CVE-2024-28424 | 1 Zenml | 1 Zenml | 2025-05-05 | 8.8 High |
| zenml v0.55.4 was discovered to contain an arbitrary file upload vulnerability in the load function at /materializers/cloudpickle_materializer.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted file. | ||||
| CVE-2022-3409 | 1 Openbmc-project | 1 Openbmc | 2025-05-05 | 8.2 High |
| A vulnerability in bmcweb of OpenBMC Project allows user to cause denial of service. This vulnerability was identified during mitigation for CVE-2022-2809. When fuzzing the multipart_parser code using AFL++ with address sanitizer enabled to find smallest memory corruptions possible. It detected problem in how multipart_parser handles unclosed http headers. If long enough http header is passed in the multipart form without colon there is one byte overwrite on heap. It can be conducted multiple times in a loop to cause DoS. | ||||
| CVE-2021-47208 | 1 Mojolicious | 1 Mojolicious | 2025-05-05 | 4.3 Medium |
| The Mojolicious module before 9.11 for Perl has a bug in format detection that can potentially be exploited for denial of service. | ||||
| CVE-2024-20017 | 2 Mediatek, Openwrt | 8 Mt6890, Mt7622, Mt7915 and 5 more | 2025-05-05 | 9.8 Critical |
| In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation Patch ID: WCNCR00350938; Issue ID: MSV-1132. | ||||
| CVE-2024-30849 | 2 Donbermoy, Sourcecodester | 2 Complete E-commerce Site, Complete Ecommerce Site | 2025-05-05 | 9.8 Critical |
| Arbitrary file upload vulnerability in Sourcecodester Complete E-Commerce Site v1.0, allows remote attackers to execute arbitrary code via filename parameter in admin/products_photo.php. | ||||
| CVE-2024-32342 | 1 Boidcms | 1 Boidcms | 2025-05-05 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the Create Page of Boid CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Permalink parameter. | ||||
| CVE-2024-32343 | 1 Boidcms | 1 Boidcms | 2025-05-05 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the Create Page of Boid CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content parameter. | ||||
| CVE-2024-32481 | 1 Vyperlang | 1 Vyper | 2025-05-05 | 5.3 Medium |
| Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. Starting in version 0.3.8 and prior to version 0.4.0b1, when looping over a `range` of the form `range(start, start + N)`, if `start` is negative, the execution will always revert. This issue is caused by an incorrect assertion inserted by the code generation of the range `stmt.parse_For_range()`. The issue arises when `start` is signed, instead of using `sle`, `le` is used and `start` is interpreted as an unsigned integer for the comparison. If it is a negative number, its 255th bit is set to `1` and is hence interpreted as a very large unsigned integer making the assertion always fail. Any contract having a `range(start, start + N)` where `start` is a signed integer with the possibility for `start` to be negative is affected. If a call goes through the loop while supplying a negative `start` the execution will revert. Version 0.4.0b1 fixes the issue. | ||||
| CVE-2024-25288 | 2 Slims, Slims Project | 2 Senayan Library Management System, Slims | 2025-05-05 | 4.9 Medium |
| SLIMS (Senayan Library Management Systems) 9 Bulian v9.6.1 is vulnerable to SQL Injection via pop-scope-vocabolary.php. | ||||
| CVE-2024-25165 | 1 Swftools | 1 Swftools | 2025-05-05 | 8.8 High |
| A global-buffer-overflow vulnerability was found in SWFTools v0.9.2, in the function LineText at lib/swf5compiler.flex. | ||||
| CVE-2023-26793 | 1 Libmodbus | 1 Libmodbus | 2025-05-05 | 9.8 Critical |
| libmodbus v3.1.10 has a heap-based buffer overflow vulnerability in read_io_status function in src/modbus.c. | ||||