Export limit exceeded: 363994 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363994 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363994 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-47409 1 Fp Newsletter Project 1 Fp Newsletter 2025-04-21 9.1 Critical
An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Attackers can unsubscribe everyone via a series of modified subscription UIDs in deleteAction operations.
CVE-2022-47408 1 Fp Newsletter Project 1 Fp Newsletter 2025-04-21 9.1 Critical
An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. There is a CAPTCHA bypass that can lead to subscribing many people.
CVE-2022-47407 1 Master-quiz Project 1 Master-quiz 2025-04-21 6.5 Medium
An issue was discovered in the fp_masterquiz (aka Master-Quiz) extension before 2.2.1, and 3.x before 3.5.1, for TYPO3. An attacker can continue the quiz of a different user. In doing so, the attacker can view that user's answers and modify those answers.
CVE-2022-47406 1 Change Password For Frontend Users Project 1 Change Password For Frontend Users 2025-04-21 5.4 Medium
An issue was discovered in the fe_change_pwd (aka Change password for frontend users) extension before 2.0.5, and 3.x before 3.0.3, for TYPO3. The extension fails to revoke existing sessions for the current user when the password has been changed.
CVE-2022-46997 1 Passhunt Project 1 Passhunt 2025-04-21 9.8 Critical
Passhunt commit 54eb987d30ead2b8ebbf1f0b880aa14249323867 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.
CVE-2022-46996 1 Vsphere Selfuse Project 1 Vsphere Selfuse 2025-04-21 9.8 Critical
vSphere_selfuse commit 2a9fe074a64f6a0dd8ac02f21e2f10d66cac5749 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.
CVE-2022-32916 1 Apple 1 Iphone Os 2025-04-21 5.5 Medium
An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 16. An app may be able to disclose kernel memory.
CVE-2022-32860 1 Apple 3 Ipados, Iphone Os, Macos 2025-04-21 7.8 High
An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, macOS Big Sur 11.6.8. An app may be able to execute arbitrary code with kernel privileges.
CVE-2022-32833 1 Apple 3 Iphone Os, Macos, Safari 2025-04-21 5.3 Medium
An issue existed with the file paths used to store website data. The issue was resolved by improving how website data is stored. This issue is fixed in iOS 16. An unauthorized user may be able to access browsing history.
CVE-2021-39428 1 Eyoucms 1 Eyoucms 2025-04-21 5.4 Medium
Cross Site Scripting (XSS) vulnerability in Users.php in eyoucms 1.5.4 allows remote attackers to run arbitrary code and gain escalated privilege via the filename for edit_users_head_pic.
CVE-2021-39427 1 Vtimecn 1 188jianzhan 2025-04-21 5.4 Medium
Cross site scripting vulnerability in 188Jianzhan 2.10 allows attackers to execute arbitrary code via the username parameter to /admin/reg.php.
CVE-2021-39426 1 Seacms 1 Seacms 2025-04-21 9.8 Critical
An issue was discovered in /Upload/admin/admin_notify.php in Seacms 11.4 allows attackers to execute arbitrary php code via the notify1 parameter when the action parameter equals set.
CVE-2021-36573 1 Feehi 1 Feehicms 2025-04-21 5.4 Medium
File Upload vulnerability in Feehi CMS thru 2.1.1 allows attackers to run arbitrary code via crafted image upload.
CVE-2021-36572 1 Feehi 1 Feehicms 2025-04-21 6.1 Medium
Cross Site Scripting (XSS) vulnerability in Feehi CMS thru 2.1.1 allows attackers to run arbitrary code via the user name field of the login page.
CVE-2022-23501 1 Typo3 1 Typo3 2025-04-21 5.9 Medium
TYPO3 is an open source PHP based web content management system. In versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 TYPO3 is vulnerable to Improper Authentication. Restricting frontend login to specific users, organized in different storage folders (partitions), can be bypassed. A potential attacker might use this ambiguity in usernames to get access to a different account - however, credentials must be known to the adversary. This issue is patched in versions 8.7.49 ELTS, 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1.
CVE-2025-29045 1 Alfa 2 Wifi Camppro, Wifi Camppro Firmware 2025-04-21 9.8 Critical
Buffer Overflow vulnerability in ALFA_CAMPRO-co-2.29 allows a remote attacker to execute arbitrary code via the newap_text_0 key value
CVE-2022-23502 1 Typo3 1 Typo3 2025-04-21 5.4 Medium
TYPO3 is an open source PHP based web content management system. In versions prior to 10.4.33, 11.5.20, and 12.1.1, When users reset their password using the corresponding password recovery functionality, existing sessions for that particular user account were not revoked. This applied to both frontend user sessions and backend user sessions. This issue is patched in versions 10.4.33, 11.5.20, 12.1.1.
CVE-2025-29044 1 Netgear 2 R6100, R6100 Firmware 2025-04-21 9.8 Critical
Buffer Overflow vulnerability in Netgear- R61 router V1.0.1.28 allows a remote attacker to execute arbitrary code via the QUERY_STRING key value
CVE-2025-24446 1 Adobe 1 Coldfusion 2025-04-21 9.1 Critical
ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution. Exploitation of this issue does not require user interaction, but admin panel privileges are required, and scope is changed.
CVE-2025-30293 1 Adobe 1 Coldfusion 2025-04-21 6.8 Medium
ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security protections and gain unauthorized write access. Exploitation of this issue does not require user interaction and scope is changed.