Export limit exceeded: 364578 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364578 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-22559 | 1 Lightcms Project | 1 Lightcms | 2025-05-29 | 5.4 Medium |
| LightCMS v2.0 is vulnerable to Cross Site Scripting (XSS) in the Content Management - Articles field. | ||||
| CVE-2024-22551 | 1 Ushainformatique | 1 Whatacart | 2025-05-29 | 6.1 Medium |
| WhatACart v2.0.7 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /site/default/search. | ||||
| CVE-2024-22545 | 1 Trendnet | 2 Tew-824dru, Tew-824dru Firmware | 2025-05-29 | 7.8 High |
| An issue was discovered in TRENDnet TEW-824DRU version 1.04b01, allows unauthenticated attackers to execute arbitrary code via the system.ntp.server parameter in the sub_420AE0() function. The attack can be launched remotely. | ||||
| CVE-2024-20253 | 1 Cisco | 5 Unified Communications Manager, Unified Communications Manager Im And Presence Service, Unified Contact Center Express and 2 more | 2025-05-29 | 9.9 Critical |
| A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device. | ||||
| CVE-2023-7199 | 1 Relevanssi | 1 Relevanssi | 2025-05-29 | 5.3 Medium |
| The Relevanssi WordPress plugin before 4.22.0, Relevanssi Premium WordPress plugin before 2.25.0 allows any unauthenticated user to read draft and private posts via a crafted request | ||||
| CVE-2023-6530 | 1 Theme-junkie | 1 Tj Shortcodes | 2025-05-29 | 5.4 Medium |
| The TJ Shortcodes WordPress plugin through 0.1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2023-6391 | 1 Jeremiahorem | 1 Custom User Css | 2025-05-29 | 8.8 High |
| The Custom User CSS WordPress plugin through 0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. | ||||
| CVE-2023-52389 | 1 Pocoproject | 1 Poco | 2025-05-29 | 9.8 Critical |
| UTF32Encoding.cpp in POCO has a Poco::UTF32Encoding integer overflow and resultant stack buffer overflow because Poco::UTF32Encoding::convert() and Poco::UTF32::queryConvert() may return a negative integer if a UTF-32 byte sequence evaluates to a value of 0x80000000 or higher. This is fixed in 1.11.8p2, 1.12.5p2, and 1.13.0. | ||||
| CVE-2023-51840 | 1 Html-js | 1 Doracms | 2025-05-29 | 9.8 Critical |
| DoraCMS 2.1.8 is vulnerable to Use of Hard-coded Cryptographic Key. | ||||
| CVE-2023-51833 | 1 Trendnet | 2 Tew-411brpplus, Tew-411brpplus Firmware | 2025-05-29 | 8.1 High |
| A command injection issue in TRENDnet TEW-411BRPplus v.2.07_eu that allows a local attacker to execute arbitrary code via the data1 parameter in the debug.cgi page. | ||||
| CVE-2023-48202 | 1 Sunlight-cms | 1 Sunlight Cms | 2025-05-29 | 5.4 Medium |
| Cross-Site Scripting (XSS) vulnerability in Sunlight CMS 8.0.1 allows an authenticated low-privileged user to escalate privileges via a crafted SVG file in the File Manager component. | ||||
| CVE-2023-48201 | 1 Sunlight-cms | 1 Sunlight Cms | 2025-05-29 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability in Sunlight CMS v.8.0.1, allows remote authenticated attackers to execute arbitrary code and escalate privileges via a crafted script to the Content text editor component. | ||||
| CVE-2023-48128 | 1 Linecorp | 1 Line | 2025-05-29 | 5.4 Medium |
| An issue in UNITED BOXING GYM mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | ||||
| CVE-2023-48126 | 1 Linecorp | 1 Line | 2025-05-29 | 5.4 Medium |
| An issue in Luxe Beauty Clinic mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | ||||
| CVE-2023-38323 | 1 Opennds | 1 Opennds | 2025-05-29 | 9.8 Critical |
| An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the status path script entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands. | ||||
| CVE-2022-38527 | 1 Ucms Project | 1 Ucms | 2025-05-29 | 6.1 Medium |
| UCMS v1.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Import function under the Site Management page. | ||||
| CVE-2022-38509 | 1 Wedding Planner Project | 1 Wedding Planner | 2025-05-29 | 9.8 Critical |
| Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the booking_id parameter at /admin/budget.php. | ||||
| CVE-2022-38351 | 1 Supremainc | 1 Biostar 2 | 2025-05-29 | 8.8 High |
| A vulnerability in Suprema BioStar (aka Bio Star) 2 v2.8.16 allows attackers to escalate privileges to System Administrator via a crafted PUT request to the update profile page. | ||||
| CVE-2022-35060 | 1 Otfcc Project | 1 Otfcc | 2025-05-29 | 6.5 Medium |
| OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c0a32. | ||||
| CVE-2022-2995 | 2 Kubernetes, Redhat | 2 Cri-o, Openshift | 2025-05-29 | 7.1 High |
| Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container. | ||||