Export limit exceeded: 364500 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364500 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-46350 1 Innovadeluxe 1 Manufacturer Or Supplier Alphabetical Search 2025-06-20 9.8 Critical
SQL injection vulnerability in InnovaDeluxe "Manufacturer or supplier alphabetical search" (idxrmanufacturer) module for PrestaShop versions 2.0.4 and before, allows remote attackers to escalate privileges and obtain sensitive information via the methods IdxrmanufacturerFunctions::getCornersLink, IdxrmanufacturerFunctions::getManufacturersLike and IdxrmanufacturerFunctions::getSuppliersLike.
CVE-2024-24736 1 Ypopsemail 1 Ypops\! 2025-06-20 7.5 High
The POP3 service in YahooPOPs (aka YPOPs!) 1.6 allows a remote denial of service (reboot) via a long string to TCP port 110, a related issue to CVE-2004-1558.
CVE-2024-24470 1 Flusity 1 Flusity 2025-06-20 8.8 High
Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the update_post.php component.
CVE-2024-24325 1 Totolink 2 A3300r, A3300r Firmware 2025-06-20 9.8 Critical
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setParentalRules function.
CVE-2024-24324 1 Totolink 2 A8000ru, A8000ru Firmware 2025-06-20 9.8 Critical
TOTOLINK A8000RU v7.1cu.643_B20200521 was discovered to contain a hardcoded password for root stored in /etc/shadow.
CVE-2024-24136 1 Remyandrade 1 Math Game 2025-06-20 6.1 Medium
The 'Your Name' field in the Submit Score section of Sourcecodester Math Game with Leaderboard v1.0 is vulnerable to Cross-Site Scripting (XSS) attacks.
CVE-2024-23905 1 Jenkins 1 Red Hat Dependency Analytics 2025-06-20 5.4 Medium
Jenkins Red Hat Dependency Analytics Plugin 0.7.1 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download.
CVE-2024-23904 1 Jenkins 1 Log Command 2025-06-20 7.5 High
Jenkins Log Command Plugin 1.0.2 and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read content from arbitrary files on the Jenkins controller file system.
CVE-2024-23898 2 Jenkins, Redhat 2 Jenkins, Ocp Tools 2025-06-20 8.8 High
Jenkins 2.217 through 2.441 (both inclusive), LTS 2.222.1 through 2.426.2 (both inclusive) does not perform origin validation of requests made through the CLI WebSocket endpoint, resulting in a cross-site WebSocket hijacking (CSWSH) vulnerability, allowing attackers to execute CLI commands on the Jenkins controller.
CVE-2024-23747 1 Modernasistemas 1 Modernanet Hospital Management System 2024 2025-06-20 7.5 High
The Moderna Sistemas ModernaNet Hospital Management System 2024 is susceptible to an Insecure Direct Object Reference (IDOR) vulnerability. This vulnerability resides in the system's handling of user data access through a /Modernanet/LAUDO/LAU0000100/Laudo?id= URI. By manipulating this id parameter, an attacker can gain access to sensitive medical information.
CVE-2024-23183 1 Appleple 1 A-blog Cms 2025-06-20 5.4 Medium
Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute an arbitrary script on the logged-in user's web browser.
CVE-2024-23181 1 Appleple 1 A-blog Cms 2025-06-20 6.1 Medium
Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote unauthenticated attacker to execute an arbitrary script on the logged-in user's web browser.
CVE-2024-23032 1 Eyoucms 1 Eyoucms 2025-06-20 6.1 Medium
Cross Site Scripting vulnerability in num parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.
CVE-2024-22751 1 Dlink 2 Dir-882 A1, Dir-882 A1 Firmware 2025-06-20 9.8 Critical
D-Link DIR-882 DIR882A1_FW130B06 was discovered to contain a stack overflow via the sub_477AA0 function.
CVE-2024-22662 1 Totolink 2 A3700r, A3700r Firmware 2025-06-20 9.8 Critical
TOTOLINK A3700R_V9.1.2u.6165_20211012 has a stack overflow vulnerability via setParentalRules
CVE-2024-22660 1 Totolink 2 A3700r, A3700r Firmware 2025-06-20 9.8 Critical
TOTOLINK_A3700R_V9.1.2u.6165_20211012has a stack overflow vulnerability via setLanguageCfg
CVE-2024-22648 1 Seopanel 1 Seo Panel 2025-06-20 5.3 Medium
A Blind SSRF vulnerability exists in the "Crawl Meta Data" functionality of SEO Panel version 4.10.0. This makes it possible for remote attackers to scan ports in the local environment.
CVE-2024-22635 1 Webcalendar Project 1 Webcalendar 2025-06-20 6.1 Medium
WebCalendar v1.3.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /WebCalendarvqsmnseug2/edit_entry.php.
CVE-2024-22570 1 Njtech 1 Greencms 2025-06-20 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in /install.php?m=install&c=index&a=step3 of GreenCMS v2.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2024-22523 1 Fuwushe 1 Ifair 2025-06-20 7.5 High
Directory Traversal vulnerability in Qiyu iFair version 23.8_ad0 and before, allows remote attackers to obtain sensitive information via uploadimage component.