Export limit exceeded: 363604 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363604 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-41304 | 1 Wondercms | 1 Wondercms | 2025-04-11 | 5.4 Medium |
| An arbitrary file upload vulnerability in the uploadFileAction() function of WonderCMS v3.4.3 allows attackers to execute arbitrary code via a crafted SVG file. | ||||
| CVE-2024-5595 | 1 Wpdeveloper | 1 Essential Blocks | 2025-04-11 | 5.4 Medium |
| The Essential Blocks WordPress plugin before 4.7.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2022-42263 | 5 Citrix, Linux, Nvidia and 2 more | 12 Hypervisor, Linux Kernel, Cloud Gaming and 9 more | 2025-04-11 | 7.1 High |
| NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an Integer overflow may lead to denial of service or information disclosure. | ||||
| CVE-2024-6651 | 2 Iptanus, Wordpress File Upload Project | 2 Wordpress File Upload, Wordpress File Upload | 2025-04-11 | 6.1 Medium |
| The WordPress File Upload WordPress plugin before 4.24.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2024-6494 | 2 Iptanus, Wordpress File Upload Project | 2 Wordpress File Upload, Wordpress File Upload | 2025-04-11 | 6.1 Medium |
| The WordPress File Upload WordPress plugin before 4.24.8 does not properly sanitize and escape certain parameters, which could allow unauthenticated users to execute stored cross-site scripting (XSS) attacks. | ||||
| CVE-2022-42264 | 5 Citrix, Linux, Nvidia and 2 more | 12 Hypervisor, Linux Kernel, Cloud Gaming and 9 more | 2025-04-11 | 7.1 High |
| NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause the use of an out-of-range pointer offset, which may lead to data tampering, data loss, information disclosure, or denial of service. | ||||
| CVE-2024-42634 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2025-04-11 | 9.8 Critical |
| A Command Injection vulnerability exists in formWriteFacMac of the httpd binary in Tenda AC9 v15.03.06.42. As a result, attacker can execute OS commands with root privileges. | ||||
| CVE-2024-43280 | 1 Salonbookingsystem | 1 Salon Booking System | 2025-04-11 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Salon Booking System Salon booking system.This issue affects Salon booking system: from n/a through 10.8.1. | ||||
| CVE-2022-42265 | 1 Nvidia | 6 Geforce, Gpu Display Driver, Nvs and 3 more | 2025-04-11 | 5.3 Medium |
| NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to information disclosure or data tampering. | ||||
| CVE-2024-6792 | 2 Technowich, Wpulike | 2 Wp Ulike, Wp Ulike | 2025-04-11 | 3.5 Low |
| The WP ULike WordPress plugin before 4.7.2.1 does not properly sanitize user display names when rendering on a public page. | ||||
| CVE-2022-42266 | 2 Microsoft, Nvidia | 3 Windows, Cloud Gaming, Virtual Gpu | 2025-04-11 | 5.5 Medium |
| NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an unprivileged regular user can cause exposure of sensitive information to an actor that is not explicitly authorized to have access to that information, which may lead to limited information disclosure. | ||||
| CVE-2015-10005 | 1 Markdown-it Project | 1 Markdown-it | 2025-04-11 | 3.5 Low |
| A vulnerability was found in markdown-it up to 2.x. It has been classified as problematic. Affected is an unknown function of the file lib/common/html_re.js. The manipulation leads to inefficient regular expression complexity. Upgrading to version 3.0.0 is able to address this issue. The name of the patch is 89c8620157d6e38f9872811620d25138fc9d1b0d. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216852. | ||||
| CVE-2024-51246 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-11 | 8 High |
| In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doPPTP function. | ||||
| CVE-2024-51249 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-11 | 8 High |
| In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the reboot function. | ||||
| CVE-2024-7879 | 2 Technowich, Wpulike | 2 Wp Ulike, Wp Ulike | 2025-04-11 | 4.8 Medium |
| The WP ULike WordPress plugin before 4.7.5 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | ||||
| CVE-2024-39639 | 1 Iptanus | 1 Wordpress File Upload | 2025-04-11 | 4.3 Medium |
| Broken Access Control vulnerability in Nickolas Bossinas WordPress File Upload allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress File Upload: from n/a through 4.24.7. | ||||
| CVE-2024-51409 | 1 Tenda | 2 O3, O3 Firmware | 2025-04-11 | 6.5 Medium |
| Buffer Overflow vulnerability in Tenda O3 v.1.0.0.5 allows a remote attacker to cause a denial of service via a network packet in a fixed format to a router running the corresponding version of the firmware. | ||||
| CVE-2024-10104 | 1 Blueglass | 1 Jobs For Wordpress | 2025-04-11 | 5.9 Medium |
| The Jobs for WordPress plugin before 2.7.8 does not sanitise and escape some of its Job settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2022-45826 | 1 Sunshinephotocart | 1 Sunshine Photo Cart | 2025-04-11 | 5.4 Medium |
| Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through 2.9.13. | ||||
| CVE-2024-31544 | 1 Oretnom23 | 1 Computer Laboratory Management System | 2025-04-11 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in Computer Laboratory Management System v1.0 allows attackers to execute arbitrary JavaScript code by including malicious payloads into “remarks”, “borrower_name”, “faculty_department” parameters in /classes/Master.php?f=save_record. | ||||