Export limit exceeded: 364878 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364878 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-42358 1 O-ran-sc 1 Ric-plt-e2mgr 2025-06-18 7.5 High
An issue was discovered in O-RAN Software Community ric-plt-e2mgr in the G-Release environment, allows remote attackers to cause a denial of service (DoS) via a crafted request to the E2Manager API component.
CVE-2023-39655 1 Perfood 1 Couchauth 2025-06-18 9.6 Critical
A host header injection vulnerability exists in the NPM package @perfood/couch-auth versions <= 0.20.0. By sending a specially crafted host header in the forgot password request, it is possible to send password reset links to users which, once clicked, lead to an attacker-controlled server and thus leak the password reset token. This may allow an attacker to reset other users' passwords and take over their accounts.
CVE-2023-27739 1 Easyxdm 1 Easyxdm 2025-06-18 6.1 Medium
easyXDM 2.5 allows XSS via the xdm_e parameter.
CVE-2020-13880 1 Irfanview 1 B3d 2025-06-18 9.8 Critical
IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+1cbf heap-based out-of-bounds write.
CVE-2025-22980 1 Slims 1 Senayan Library Management System Bulian 2025-06-18 6.7 Medium
A SQL Injection vulnerability exists in Senayan Library Management System SLiMS 9 Bulian 9.6.1 via the tempLoanID parameter in the loan form on /admin/modules/circulation/loan.php.
CVE-2025-48915 1 Drupal 1 Cookies Consent Management 2025-06-18 8.6 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).This issue affects COOKiES Consent Management: from 0.0.0 before 1.2.15.
CVE-2025-48914 1 Drupal 1 Cookies Consent Management 2025-06-18 8.6 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).This issue affects COOKiES Consent Management: from 0.0.0 before 1.2.15.
CVE-2021-20450 1 Ibm 1 Cognos Controller 2025-06-18 4.3 Medium
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 196640.
CVE-2025-5420 1 Juzaweb 1 Cms 2025-06-18 3.5 Low
A vulnerability classified as problematic was found in juzaweb CMS up to 3.4.2. Affected by this vulnerability is an unknown functionality of the file /admin-cp/file-manager/upload of the component Profile Page. The manipulation of the argument Upload leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-5421 1 Juzaweb 1 Cms 2025-06-18 6.3 Medium
A vulnerability, which was classified as critical, has been found in juzaweb CMS up to 3.4.2. Affected by this issue is some unknown functionality of the file /admin-cp/plugin/editor of the component Plugin Editor Page. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-5422 1 Juzaweb 1 Cms 2025-06-18 4.3 Medium
A vulnerability, which was classified as problematic, was found in juzaweb CMS up to 3.4.2. This affects an unknown part of the file /admin-cp/logs/email of the component Email Logs Page. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-5423 1 Juzaweb 1 Cms 2025-06-18 6.3 Medium
A vulnerability has been found in juzaweb CMS up to 3.4.2 and classified as critical. This vulnerability affects unknown code of the file /admin-cp/setting/system/general of the component General Setting Page. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-6485 1 Bplugins 1 Html5 Video Player 2025-06-18 5.4 Medium
The Html5 Video Player WordPress plugin before 2.5.19 does not sanitise and escape some of its player settings, which combined with missing capability checks around the plugin could allow any authenticated users, such as low as subscribers to perform Stored Cross-Site Scripting attacks against high privilege users like admins
CVE-2023-6421 1 W3eden 1 Download Manager 2025-06-18 7.5 High
The Download Manager WordPress plugin before 3.2.83 does not protect file download's passwords, leaking it upon receiving an invalid one.
CVE-2023-6113 1 Wp-staging 1 Wp Staging 2025-06-18 7.5 High
The WP STAGING WordPress Backup Plugin before 3.1.3 and WP STAGING Pro WordPress Backup Plugin before 5.1.3 do not prevent visitors from leaking key information about ongoing backups processes, allowing unauthenticated attackers to download said backups later.
CVE-2023-6037 1 Ljapps 1 Wp Tripadvisor Review Slider 2025-06-18 4.8 Medium
The WP TripAdvisor Review Slider WordPress plugin before 11.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVE-2023-6000 1 Sygnoos 1 Popup Builder 2025-06-18 6.1 Medium
The Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which could lead to Stored XSS attacks.
CVE-2025-5424 1 Juzaweb 1 Cms 2025-06-18 6.3 Medium
A vulnerability was found in juzaweb CMS up to 3.4.2 and classified as critical. This issue affects some unknown processing of the file /admin-cp/media of the component Media Page. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-49557 1 Yasm Project 1 Yasm 2025-06-18 5.5 Medium
An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the yasm_section_bcs_first function in the libyasm/section.c component.
CVE-2023-49554 1 Yasm Project 1 Yasm 2025-06-18 5.5 Medium
Use After Free vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the do_directive function in the modules/preprocs/nasm/nasm-pp.c component.