Search

Search Results (363262 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-25988 1 If-me 1 Ifme 2025-04-30 5.4 Medium
In “ifme”, versions 1.0.0 to v7.31.4 are vulnerable against stored XSS vulnerability (notifications section) which can be directly triggered by sending an ally request to the admin.
CVE-2021-25989 1 If-me 1 Ifme 2025-04-30 5.4 Medium
In “ifme”, versions 1.0.0 to v7.31.4 are vulnerable against stored XSS vulnerability in the markdown editor. It can be exploited by making a victim a Leader of a group which triggers the payload for them.
CVE-2021-25990 1 If-me 1 Ifme 2025-04-30 5.4 Medium
In “ifme”, versions v7.22.0 to v7.31.4 are vulnerable against self-stored XSS in the contacts field as it allows loading XSS payloads fetched via an iframe.
CVE-2021-25991 1 If-me 1 Ifme 2025-04-30 5.7 Medium
In Ifme, versions v5.0.0 to v7.32 are vulnerable against an improper access control, which makes it possible for admins to ban themselves leading to their deactivation from Ifme account and complete loss of admin access to Ifme.
CVE-2021-25993 1 Requarks 1 Wiki.js 2025-04-30 5.4 Medium
In Requarks wiki.js, versions 2.0.0-beta.147 to 2.5.255 are affected by Stored XSS vulnerability, where a low privileged (editor) user can upload a SVG file that contains malicious JavaScript while uploading assets in the page. That will send the JWT tokens to the attacker’s server and will lead to account takeover when accessed by the victim.
CVE-2022-34315 1 Ibm 1 Cics Tx 2025-04-30 5.4 Medium
IBM CICS TX 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229451.
CVE-2025-29046 1 Alfa 2 Wifi Camppro, Wifi Camppro Firmware 2025-04-30 9.8 Critical
Buffer Overflow vulnerability inALFA WiFi CampPro router ALFA_CAMPRO-co-2.29 allows a remote attacker to execute arbitrary code via the GAPSMinute3 key value
CVE-2025-29047 1 Alfa 2 Wifi Camppro, Wifi Camppro Firmware 2025-04-30 9.8 Critical
Buffer Overflow vulnerability inALFA WiFi CampPro router ALFA_CAMPRO-co-2.29 allows a remote attacker to execute arbitrary code via the hiddenIndex in the function StorageEditUser
CVE-2024-20259 1 Cisco 98 Catalyst 9100, Catalyst 9105, Catalyst 9105ax and 95 more 2025-04-30 8.6 High
A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to a crafted IPv4 DHCP request packet being mishandled when endpoint analytics are enabled. An attacker could exploit this vulnerability by sending a crafted DHCP request through an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Note: The attack vector is listed as network because a DHCP relay anywhere on the network could allow exploits from networks other than the adjacent one.
CVE-2023-5482 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2025-04-30 8.8 High
Insufficient data validation in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
CVE-2022-45473 1 Drachtio 1 Drachtio-server 2025-04-30 5.5 Medium
In drachtio-server 0.8.18, /var/log/drachtio has mode 0777 and drachtio.log has mode 0666.
CVE-2022-45381 2 Jenkins, Redhat 2 Pipeline Utility Steps, Openshift 2025-04-30 8.1 High
Jenkins Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of Apache Commons Configuration library that enable the 'file:' prefix interpolator by default, allowing attackers able to configure Pipelines to read arbitrary files from the Jenkins controller file system.
CVE-2022-45380 2 Jenkins, Redhat 2 Junit, Openshift 2025-04-30 5.4 Medium
Jenkins JUnit Plugin 1159.v0b_396e1e07dd and earlier converts HTTP(S) URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2022-45163 1 Nxp 46 I.mx 6, I.mx 6 Firmware, I.mx 6dual and 43 more 2025-04-30 5.3 Medium
An information-disclosure vulnerability exists on select NXP devices when configured in Serial Download Protocol (SDP) mode: i.MX RT 1010, i.MX RT 1015, i.MX RT 1020, i.MX RT 1050, i.MX RT 1060, i.MX 6 Family, i.MX 7Dual/Solo, i.MX 7ULP, i.MX 8M Quad, i.MX 8M Mini, and Vybrid. In a device security-enabled configuration, memory contents could potentially leak to physically proximate attackers via the respective SDP port in cold and warm boot attacks. (The recommended mitigation is to completely disable the SDP mode by programming a one-time programmable eFUSE. Customers can contact NXP for additional information.)
CVE-2022-45132 1 Linaro 1 Lava 2025-04-30 9.8 Critical
In Linaro Automated Validation Architecture (LAVA) before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be used to trigger remote code execution in the LAVA server.
CVE-2022-43694 1 Concretecms 1 Concrete Cms 2025-04-30 6.1 Medium
Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the image manipulation library due to un-sanitized output.
CVE-2022-43693 1 Concretecms 1 Concrete Cms 2025-04-30 8.8 High
Concrete CMS is vulnerable to CSRF due to the lack of "State" parameter for external Concrete authentication service for users of Concrete who use the "out of the box" core OAuth.
CVE-2022-43265 1 Canteen Management System Project 1 Canteen Management System 2025-04-30 9.8 Critical
An arbitrary file upload vulnerability in the component /pages/save_user.php of Canteen Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-43096 1 M5t 2 Mediatrix 4102s, Mediatrix 4102s Firmware 2025-04-30 6.8 Medium
Mediatrix 4102 before v48.5.2718 allows local attackers to gain root access via the UART port.
CVE-2022-42954 1 Keyfactor 1 Kefactor Ejbca 2025-04-30 5.4 Medium
Keyfactor EJBCA before 7.10.0 allows XSS.