Export limit exceeded: 364872 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364872 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-8054 1 Opentext 1 Xm Fax 2026-02-27 7.5 High
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText™ XM Fax allows Path Traversal.  The vulnerability could allow an attacker to arbitrarily disclose content of files on the local filesystem. This issue affects XM Fax: 24.2.
CVE-2025-8055 1 Opentext 1 Xm Fax 2026-02-27 5.3 Medium
Server-Side Request Forgery (SSRF) vulnerability in OpenText™ XM Fax allows Server Side Request Forgery.  The vulnerability could allow an attacker to perform blind SSRF to other systems accessible from the XM Fax server. This issue affects XM Fax: 24.2.
CVE-2025-9208 1 Opentext 1 Web Site Management Server 2026-02-27 5.4 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Web Site Management Server allows Stored XSS. The vulnerability could execute malicious scripts on the client side when the download query parameter is removed from the file URL, allowing attackers to compromise user sessions and data. This issue affects Web Site Management Server: 16.7.X, 16.8, 16.8.1.
CVE-2026-2647 2026-02-27 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2015-10105 1 Ad33lx 1 Ip Blacklist Cloud 2026-02-27 6.3 Medium
A vulnerability, which was classified as critical, was found in IP Blacklist Cloud Plugin up to 3.42 on WordPress. This affects the function valid_js_identifier of the file ip_blacklist_cloud.php of the component CSV File Import. The manipulation of the argument filename leads to path traversal. It is possible to initiate the attack remotely. Upgrading to version 3.43 is able to address this issue. The identifier of the patch is 6e6fe8c6fda7cbc252eef083105e08d759c07312. It is recommended to upgrade the affected component. The identifier VDB-227757 was assigned to this vulnerability.
CVE-2022-42462 1 Ad33lx 1 Ip Blacklist Cloud 2026-02-27 4.8 Medium
Auth. Stored Cross-Site Scripting (XSS) vulnerability in Adeel Ahmed's IP Blacklist Cloud plugin <= 5.00 versions.
CVE-2022-43462 1 Ad33lx 1 Ip Blacklist Cloud 2026-02-27 9.1 Critical
Auth. SQL Injection (SQLi) vulnerability in Adeel Ahmed's IP Blacklist Cloud plugin <= 5.00 versions.
CVE-2024-37212 1 Ali2woo 1 Aliexpress Dropshipping With Alinext 2026-02-27 8.3 High
Cross-Site Request Forgery (CSRF) vulnerability in Ali2Woo Ali2Woo Lite.This issue affects Ali2Woo Lite: from n/a through 3.3.5.
CVE-2023-7151 1 Gravitymaster 1 Product Enquiry For Woocommerce 2026-02-27 6.1 Medium
The Product Enquiry for WooCommerce WordPress plugin before 3.2 does not sanitise and escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVE-2023-47512 1 Gravitymaster 1 Product Enquiry For Woocommerce 2026-02-27 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Gravity Master Product Enquiry for WooCommerce plugin <= 3.0 versions.
CVE-2024-35779 1 Blueastral 1 Page Builder\ 2026-02-27 6.5 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Live Composer Team Page Builder: Live Composer allows Stored XSS.This issue affects Page Builder: Live Composer: from n/a through 1.5.42.
CVE-2022-4669 1 Blueastral 1 Page Builder\ 2026-02-27 5.4 Medium
The Page Builder: Live Composer WordPress plugin before 1.5.23 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVE-2023-34153 3 Fedoraproject, Imagemagick, Redhat 4 Extra Packages For Enterprise Linux, Fedora, Imagemagick and 1 more 2026-02-27 7.8 High
A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding.
CVE-2024-48928 1 Piwigo 1 Piwigo 2026-02-27 7.5 High
Piwigo is an open source photo gallery application for the web. In versions on the 14.x branch, when installing, the secret_key configuration parameter is set to MD5(RAND()) in MySQL. However, RAND() only has 30 bits of randomness, making it feasible to brute-force the secret key. The CSRF token is constructed partially from the secret key, and this can be used to check if the brute force succeeded. Trying all possible values takes approximately one hour. The impact of this is limited. The auto login key uses the user's password on top of the secret key. The pwg token uses the user's session identifier on top of the secret key. It seems that values for get_ephemeral_key can be generated when one knows the secret key. Version 15.0.0 contains a fix for the issue.
CVE-2025-62512 1 Piwigo 1 Piwigo 2026-02-27 5.3 Medium
Piwigo is an open source photo gallery application for the web. In version 15.5.0 and likely earlier 15.x releases, the password reset functionality in Piwigo allows an unauthenticated attacker to determine whether a given username or email address exists in the system. The endpoint at password.php?action=lost returns distinct messages for valid vs. invalid accounts, enabling user enumeration. As of time of publication, no known patches are available.
CVE-2025-69207 1 Khoj 1 Khoj 2026-02-27 5.4 Medium
Khoj is a self-hostable artificial intelligence app. Prior to 2.0.0-beta.23, an IDOR in the Notion OAuth callback allows an attacker to hijack any user's Notion integration by manipulating the state parameter. The callback endpoint accepts any user UUID without verifying the OAuth flow was initiated by that user, allowing attackers to replace victims' Notion configurations with their own, resulting in data poisoning and unauthorized access to the victim's Khoj search index. This attack requires knowing the user's UUID which can be leaked through shared conversations where an AI generated image is present. This vulnerability is fixed in 2.0.0-beta.23.
CVE-2025-64712 2 Unstructured, Unstructured-io 2 Unstructured, Unstructured 2026-02-27 9.8 Critical
The unstructured library provides open-source components for ingesting and pre-processing images and text documents, such as PDFs, HTML, Word docs, and many more. Prior to version 0.18.18, a path traversal vulnerability in the partition_msg function allows an attacker to write or overwrite arbitrary files on the filesystem when processing malicious MSG files with attachments. This issue has been patched in version 0.18.18.
CVE-2026-27583 2026-02-27 N/A
Further research determined the situation described is not a vulnerability.
CVE-2026-27582 2026-02-27 N/A
Further research determined the situation described is not a vulnerability.
CVE-2026-27581 2026-02-27 N/A
Further research determined the situation described is not a vulnerability.