Export limit exceeded: 363660 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363660 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-6439 | 1 Rockwellautomation | 17 1756-enbt, 1756-eweb, 1768-enbt and 14 more | 2025-06-30 | N/A |
| When an affected product receives a valid CIP message from an unauthorized or unintended source to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP that changes the product’s configuration and network parameters, a DoS condition can occur. This situation could cause loss of availability and a disruption of communication with other connected devices. Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 | ||||
| CVE-2022-36350 | 1 Pukiwiki | 1 Pukiwiki | 2025-06-30 | 6.1 Medium |
| Stored cross-site scripting vulnerability in PukiWiki versions 1.3.1 to 1.5.3 allows a remote attacker to inject an arbitrary script via unspecified vectors. | ||||
| CVE-2020-35509 | 1 Redhat | 2 Keycloak, Red Hat Single Sign On | 2025-06-30 | 5.4 Medium |
| A flaw was found in keycloak affecting versions 11.0.3 and 12.0.0. An expired certificate would be accepted by the direct-grant authenticator because of missing time stamp validations. The highest threat from this vulnerability is to data confidentiality and integrity. | ||||
| CVE-2024-4399 | 1 Apereo | 1 Central Authentication Service | 2025-06-30 | 9.1 Critical |
| The does not validate a parameter before making a request to it, which could allow unauthenticated users to perform SSRF attack | ||||
| CVE-2024-22059 | 1 Ivanti | 1 Neurons For Itsm | 2025-06-30 | N/A |
| A SQL injection vulnerability in web component of Ivanti Neurons for ITSM allows a remote authenticated user to read/modify/delete information in the underlying database. This may also lead to DoS. | ||||
| CVE-2024-22060 | 1 Ivanti | 1 Neurons For Itsm | 2025-06-30 | 4.9 Medium |
| An unrestricted file upload vulnerability in web component of Ivanti Neurons for ITSM allows a remote, authenticated, high privileged user to write arbitrary files into sensitive directories of ITSM server. | ||||
| CVE-2024-4750 | 1 Buddyboss | 1 Buddyboss | 2025-06-30 | 5.3 Medium |
| The buddyboss-platform WordPress plugin before 2.6.0 contains an IDOR vulnerability that allows a user to like a private post by manipulating the ID included in the request | ||||
| CVE-2023-34001 | 1 Wpplugins | 1 Hide My Wp Ghost | 2025-06-30 | 5.3 Medium |
| Improper Restriction of Excessive Authentication Attempts vulnerability in WPPlugins – WordPress Security Plugins Hide My WP Ghost allows Functionality Bypass.This issue affects Hide My WP Ghost: from n/a through 5.0.25. | ||||
| CVE-2024-27264 | 1 Ibm | 1 I | 2025-06-30 | 7.4 High |
| IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 284563. | ||||
| CVE-2024-31634 | 1 Xunruicms | 1 Xunruicms | 2025-06-30 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in Xunruicms versions 4.6.3 and before, allows remote attacker to execute arbitrary code via the Security.php file in the catalog \XunRuiCMS\dayrui\Fcms\Library. | ||||
| CVE-2024-4456 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Server | 2025-06-30 | 4.1 Medium |
| In affected versions of Octopus Server with certain access levels it was possible to embed a Cross-Site Scripting payload on the audit page. | ||||
| CVE-2024-2697 | 1 Swiftideas | 1 Swift Framework | 2025-06-30 | 6.5 Medium |
| The socialdriver-framework WordPress plugin before 2024.0.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | ||||
| CVE-2024-29212 | 1 Veeam | 1 Veeam Service Provider Console | 2025-06-30 | N/A |
| Due to an unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server in communication between the management agent and its components, under certain conditions, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine. | ||||
| CVE-2024-34338 | 1 Tenda | 3 O3, O3 Firmware, O3v2 | 2025-06-30 | 7.2 High |
| Tenda O3V2 with firmware versions V1.0.0.10 and V1.0.0.12 was discovered to contain a Blind Command Injection via dest parameter in /goform/getTraceroute. This vulnerability allows attackers to execute arbitrary commands with root privileges. Authentication is required to exploit this vulnerability. | ||||
| CVE-2024-3634 | 2 Benaceur-php, Month Name Translation Benaceur Wordpress Plugin | 2 Month Name Translation Benaceur, Month Name Translation Benaceur Wordpress Plugin | 2025-06-30 | 4.8 Medium |
| The month name translation benaceur WordPress plugin before 2.3.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2023-46012 | 1 Linksys | 2 Ea7500, Ea7500 Firmware | 2025-06-30 | 9.8 Critical |
| Buffer Overflow vulnerability LINKSYS EA7500 3.0.1.207964 allows a remote attacker to execute arbitrary code via an HTTP request to the IGD UPnP. | ||||
| CVE-2023-32154 | 1 Mikrotik | 1 Routeros | 2025-06-30 | N/A |
| Mikrotik RouterOS RADVD Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Mikrotik RouterOS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Router Advertisement Daemon. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-19797. | ||||
| CVE-2019-3578 | 1 Mybb | 1 Mybb | 2025-06-30 | 6.1 Medium |
| MyBB 1.8.19 has XSS in the resetpassword function. | ||||
| CVE-2019-3579 | 1 Mybb | 1 Mybb | 2025-06-30 | 5.3 Medium |
| MyBB 1.8.19 allows remote attackers to obtain sensitive information because it discloses the username upon receiving a password-reset request that lacks the code parameter. | ||||
| CVE-2025-53017 | 2025-06-30 | N/A | ||
| Reason: This candidate was issued in error. | ||||