Export limit exceeded: 364170 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364170 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-35779 1 Blueastral 1 Page Builder\ 2026-02-27 6.5 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Live Composer Team Page Builder: Live Composer allows Stored XSS.This issue affects Page Builder: Live Composer: from n/a through 1.5.42.
CVE-2022-4669 1 Blueastral 1 Page Builder\ 2026-02-27 5.4 Medium
The Page Builder: Live Composer WordPress plugin before 1.5.23 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVE-2023-34153 3 Fedoraproject, Imagemagick, Redhat 4 Extra Packages For Enterprise Linux, Fedora, Imagemagick and 1 more 2026-02-27 7.8 High
A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding.
CVE-2024-48928 1 Piwigo 1 Piwigo 2026-02-27 7.5 High
Piwigo is an open source photo gallery application for the web. In versions on the 14.x branch, when installing, the secret_key configuration parameter is set to MD5(RAND()) in MySQL. However, RAND() only has 30 bits of randomness, making it feasible to brute-force the secret key. The CSRF token is constructed partially from the secret key, and this can be used to check if the brute force succeeded. Trying all possible values takes approximately one hour. The impact of this is limited. The auto login key uses the user's password on top of the secret key. The pwg token uses the user's session identifier on top of the secret key. It seems that values for get_ephemeral_key can be generated when one knows the secret key. Version 15.0.0 contains a fix for the issue.
CVE-2025-62512 1 Piwigo 1 Piwigo 2026-02-27 5.3 Medium
Piwigo is an open source photo gallery application for the web. In version 15.5.0 and likely earlier 15.x releases, the password reset functionality in Piwigo allows an unauthenticated attacker to determine whether a given username or email address exists in the system. The endpoint at password.php?action=lost returns distinct messages for valid vs. invalid accounts, enabling user enumeration. As of time of publication, no known patches are available.
CVE-2025-69207 1 Khoj 1 Khoj 2026-02-27 5.4 Medium
Khoj is a self-hostable artificial intelligence app. Prior to 2.0.0-beta.23, an IDOR in the Notion OAuth callback allows an attacker to hijack any user's Notion integration by manipulating the state parameter. The callback endpoint accepts any user UUID without verifying the OAuth flow was initiated by that user, allowing attackers to replace victims' Notion configurations with their own, resulting in data poisoning and unauthorized access to the victim's Khoj search index. This attack requires knowing the user's UUID which can be leaked through shared conversations where an AI generated image is present. This vulnerability is fixed in 2.0.0-beta.23.
CVE-2025-64712 2 Unstructured, Unstructured-io 2 Unstructured, Unstructured 2026-02-27 9.8 Critical
The unstructured library provides open-source components for ingesting and pre-processing images and text documents, such as PDFs, HTML, Word docs, and many more. Prior to version 0.18.18, a path traversal vulnerability in the partition_msg function allows an attacker to write or overwrite arbitrary files on the filesystem when processing malicious MSG files with attachments. This issue has been patched in version 0.18.18.
CVE-2026-27583 2026-02-27 N/A
Further research determined the situation described is not a vulnerability.
CVE-2026-27582 2026-02-27 N/A
Further research determined the situation described is not a vulnerability.
CVE-2026-27581 2026-02-27 N/A
Further research determined the situation described is not a vulnerability.
CVE-2026-27580 2026-02-27 N/A
Further research determined the situation described is not a vulnerability.
CVE-2026-27573 2026-02-27 N/A
Further research determined the situation described is not a vulnerability.
CVE-2026-27501 2026-02-27 N/A
Further research determined the situation described is not a vulnerability.
CVE-2026-27500 2026-02-27 N/A
Further research determined the situation described is not a vulnerability.
CVE-2026-27201 2026-02-27 N/A
Further research determined the situation described is not a vulnerability.
CVE-2026-27200 2026-02-27 N/A
Further research determined the situation described is not a vulnerability.
CVE-2025-33179 1 Nvidia 5 Cumulus Linux, Dgx Gb200, Gb300 Nvl72 and 2 more 2026-02-27 8 High
NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could run an unauthorized command. A successful exploit of this vulnerability might lead to escalation of privileges.
CVE-2025-33180 1 Nvidia 5 Cumulus Linux, Dgx Gb200, Gb300 Nvl72 and 2 more 2026-02-27 8 High
NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful exploit of this vulnerability might lead to escalation of privileges.
CVE-2025-33181 1 Nvidia 5 Cumulus Linux, Dgx Gb200, Gb300 Nvl72 and 2 more 2026-02-27 7.3 High
NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful exploit of this vulnerability might lead to escalation of privileges.
CVE-2025-61684 2 H20, H2o 2 Quickly, Quicly 2026-02-27 7.5 High
Quicly, an IETF QUIC protocol implementation, is susceptible to a denial-of-service attack prior to commit d9d3df6a8530a102b57d840e39b0311ce5c9e14e. A remote attacker can exploit these bugs to trigger an assertion failure that crashes process using Quicly. Commit d9d3df6a8530a102b57d840e39b0311ce5c9e14e fixes the issue.