Export limit exceeded: 363500 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363500 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363500 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-0782 | 2025-05-20 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2022-29623 | 1 Connect-multiparty Project | 1 Connect-multiparty | 2025-05-20 | 7.8 High |
| An arbitrary file upload vulnerability in the file upload module of Express Connect-Multiparty 2.2.0 allows attackers to execute arbitrary code via a crafted PDF file. NOTE: the Supplier has not verified this vulnerability report. | ||||
| CVE-2022-42235 | 1 Student Clearance System Project | 1 Student Clearance System | 2025-05-19 | 5.4 Medium |
| A Stored XSS issue in Student Clearance System v.1.0 allows the injection of arbitrary JavaScript in the Student registration form. | ||||
| CVE-2022-42230 | 1 Simple Cold Storage Management System Project | 1 Simple Cold Storage Managment System | 2025-05-19 | 7.2 High |
| Simple Cold Storage Management System v1.0 is vulnerable to SQL Injection via /csms/admin/?page=user/manage_user&id=. | ||||
| CVE-2022-42229 | 1 Wedding Planner Project | 1 Wedding Planner | 2025-05-19 | 8.8 High |
| Wedding Planner v1.0 is vulnerable to Arbitrary code execution via package_edit.php. | ||||
| CVE-2022-42044 | 1 Democritus | 1 D8s-asns | 2025-05-19 | 9.8 Critical |
| The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-html package. The affected version is 0.1.0. | ||||
| CVE-2022-42043 | 1 Democritus | 1 D8s-xml | 2025-05-19 | 9.8 Critical |
| The d8s-xml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-html package. The affected version is 0.1.0. | ||||
| CVE-2022-42042 | 1 Democritus | 1 D8s-networking | 2025-05-19 | 9.8 Critical |
| The d8s-networking package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hashes package. The affected version is 0.1.0. | ||||
| CVE-2022-42041 | 1 Democritus | 1 D8s-file-system | 2025-05-19 | 9.8 Critical |
| The d8s-file-system package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hashes package. The affected version is 0.1.0. | ||||
| CVE-2022-42040 | 1 Democritus | 1 D8s-algorithms | 2025-05-19 | 9.8 Critical |
| The d8s-algorithms package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0. | ||||
| CVE-2022-42039 | 1 Democritus | 1 D8s-lists | 2025-05-19 | 9.8 Critical |
| The d8s-lists package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0. | ||||
| CVE-2022-42038 | 1 Democritus | 1 D8s-ip-addresses | 2025-05-19 | 9.8 Critical |
| The d8s-ip-addresses package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0. | ||||
| CVE-2022-41530 | 1 Open Source Sacco Management System Project | 1 Open Source Sacco Management System | 2025-05-19 | 7.2 High |
| Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_borrower. | ||||
| CVE-2022-41408 | 1 Online Pet Shop We App Project | 1 Online Pet Shop We App | 2025-05-19 | 9.8 Critical |
| Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/view_order. | ||||
| CVE-2022-41407 | 1 Online Pet Shop We App Project | 1 Online Pet Shop We App | 2025-05-19 | 7.2 High |
| Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/view_order. | ||||
| CVE-2024-4757 | 1 Wp-master | 1 Logo Manager For Enamad | 2025-05-19 | 8.1 High |
| The Logo Manager For Enamad WordPress plugin through 0.7.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | ||||
| CVE-2024-4900 | 1 Seopress | 1 Seopress | 2025-05-19 | 6.1 Medium |
| The SEOPress WordPress plugin before 7.8 does not validate and escape one of its Post settings, which could allow contributor and above role to perform Open redirect attacks against any user viewing a malicious post | ||||
| CVE-2024-4899 | 1 Seopress | 1 Seopress | 2025-05-19 | 5.0 Medium |
| The SEOPress WordPress plugin before 7.8 does not sanitise and escape some of its Post settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2024-5522 | 1 Bplugins | 1 Html5 Video Player | 2025-05-19 | 6.5 Medium |
| The HTML5 Video Player WordPress plugin before 2.5.27 does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks | ||||
| CVE-2024-5573 | 1 Magazine3 | 1 Easy Table Of Contents | 2025-05-19 | 5.9 Medium |
| The Easy Table of Contents WordPress plugin before 2.0.66 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | ||||