Export limit exceeded: 364424 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364424 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-24932 | 1 Razormist | 1 Complaint Management System | 2026-03-06 | 9.8 Critical |
| An SQL Injection vulnerability exists in Sourcecodester Complaint Management System 1.0 via the cid parameter in complaint-details.php. | ||||
| CVE-2022-42965 | 1 Snowflake | 1 Snowflake Connector | 2026-03-06 | 3.7 Low |
| An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the snowflake-connector-python PyPI package, when an attacker is able to supply arbitrary input to the undocumented get_file_transfer_type method | ||||
| CVE-2023-2881 | 1 Pimcore | 1 Customer Management Framework | 2026-03-06 | 4.9 Medium |
| Storing Passwords in a Recoverable Format in GitHub repository pimcore/customer-data-framework prior to 3.3.10. | ||||
| CVE-2023-4145 | 1 Pimcore | 2 Customer-data-framework, Customer Management Framework | 2026-03-06 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/customer-data-framework prior to 3.4.2. | ||||
| CVE-2023-41655 | 1 Heiglandreas | 1 Authldap | 2026-03-06 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Andreas Heigl authLdap plugin <= 2.5.9 versions. | ||||
| CVE-2023-41654 | 1 Heiglandreas | 1 Authldap | 2026-03-06 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Andreas Heigl authLdap plugin <= 2.5.8 versions. | ||||
| CVE-2025-67505 | 1 Okta | 2 Java Management Sdk, Sdk-java | 2026-03-06 | 8.4 High |
| Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another request’s response. This issue is fixed in version 20.0.1. | ||||
| CVE-2025-67490 | 1 Auth0 | 1 Nextjs-auth0 | 2026-03-06 | 5.4 Medium |
| The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in versions 4.11.2 and 4.12.1. | ||||
| CVE-2025-66033 | 1 Okta | 2 Java Management Sdk, Sdk-java | 2026-03-06 | 5.3 Medium |
| Okta Java Management SDK facilitates interactions with the Okta management API. In versions 21.0.0 through 24.0.0, specific multithreaded implementations may encounter memory issues as threads are not properly cleaned up after requests are completed. Over time, this can degrade performance and availability in long-running applications and may result in a denial-of-service condition under sustained load. In addition to using the affected versions, users may be at risk if they are implementing a long-running application using the ApiClient in a multi-threaded manner. This issue is fixed in version 24.0.1. | ||||
| CVE-2021-25042 | 1 Codepress | 1 Visitor Statistics | 2026-03-06 | 5.4 Medium |
| The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 5.5 does not have authorisation and CSRF checks in the updateIpAddress AJAX action, allowing any authenticated user to call it, or make a logged in user do it via a CSRF attack and add an arbitrary IP address to exclude. Furthermore, due to the lack of validation, sanitisation and escaping, users could set a malicious value and perform Cross-Site Scripting attacks against logged in admin | ||||
| CVE-2023-0600 | 1 Codepress | 1 Visitor Statistics | 2026-03-06 | 9.8 Critical |
| The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 6.9 does not escape user input which is concatenated to an SQL query, allowing unauthenticated visitors to conduct SQL Injection attacks. | ||||
| CVE-2022-4656 | 1 Codepress | 1 Visitor Statistics | 2026-03-06 | 5.4 Medium |
| The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 6.5 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. | ||||
| CVE-2022-33965 | 1 Codepress | 1 Visitor Statistics | 2026-03-06 | 9.3 Critical |
| Multiple Unauthenticated SQL Injection (SQLi) vulnerabilities in Osamaesh WP Visitor Statistics plugin <= 5.7 at WordPress. | ||||
| CVE-2025-67716 | 1 Auth0 | 1 Nextjs-auth0 | 2026-03-06 | 5.7 Medium |
| The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions 4.9.0 through 4.12.1 contain an input-validation flaw in the returnTo parameter, which could allow attackers to inject unintended OAuth query parameters into the Auth0 authorization request. Successful exploitation may result in tokens being issued with unintended parameters. This issue is fixed in version 4.13.0. | ||||
| CVE-2025-67510 | 2 Neuron-ai, Neuron-core | 2 Neuron, Neuron-ai | 2026-03-06 | 9.4 Critical |
| Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare() + execute() without semantic restrictions. This is consistent with the name (“write tool”), but in an LLM/agent context it becomes a high-risk capability: prompt injection or indirect prompt manipulation can cause execution of destructive queries such as DROP TABLE, TRUNCATE, DELETE, ALTER, or privilege-related statements (subject to DB permissions). Deployments that expose an agent with MySQLWriteTool enabled to untrusted input and/or run the tool with a DB user that has broad privileges are impacted. This issue is fixed in version 2.8.12. | ||||
| CVE-2025-67509 | 2 Neuron-ai, Neuron-core | 2 Neuron, Neuron-ai | 2026-03-06 | 8.2 High |
| Neuron is a PHP framework for creating and orchestrating AI Agents. Versions 2.8.11 and below use MySQLSelectTool, which is vulnerable to Read-Only Bypass. MySQLSelectTool is intended to be a read-only SQL tool (e.g., for LLM agent querying, however, validation based on the first keyword (e.g., SELECT) and a forbidden-keyword list does not block file-writing constructs such as INTO OUTFILE / INTO DUMPFILE. As a result, an attacker who can influence the tool input (e.g., via prompt injection through a public agent endpoint) may write arbitrary files to the DB server if the MySQL/MariaDB account has the FILE privilege and server configuration permits writes to a useful location (e.g., a web-accessible directory). This issue is fixed in version 2.8.12. | ||||
| CVE-2021-24750 | 1 Codepress | 1 Visitor Statistics | 2026-03-06 | 8.8 High |
| The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 4.8 does not properly sanitise and escape the refUrl in the refDetails AJAX action, available to any authenticated user, which could allow users with a role as low as subscriber to perform SQL injection attacks | ||||
| CVE-2026-3653 | 2026-03-06 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage. | ||||
| CVE-2022-20338 | 1 Google | 1 Android | 2026-03-06 | 3.3 Low |
| In HierarchicalUri.readFrom of Uri.java, there is a possible way to craft a malformed Uri object due to improper input validation. This could lead to a local escalation of privilege, preventing processes from validating URIs correctly, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-171966843 | ||||
| CVE-2022-0410 | 1 Codepress | 1 Visitor Statistics | 2026-03-06 | 8.8 High |
| The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 5.6 does not sanitise and escape the id parameter before using it in a SQL statement via the refUrlDetails AJAX action, available to any authenticated user, leading to a SQL injection | ||||