Export limit exceeded: 364878 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 364878 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364878 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-40241 1 Xfig Project 1 Xfig 2025-05-07 9.8 Critical
xfig 3.2.7 is vulnerable to Buffer Overflow.
CVE-2021-38728 1 Sem-cms 1 Semcms 2025-05-07 6.1 Medium
SEMCMS SHOP v 1.1 is vulnerable to Cross Site Scripting (XSS) via Ant_M_Coup.php.
CVE-2020-21016 1 Dlink 2 Dir-846, Dir-846 Firmware 2025-05-07 9.8 Critical
D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary code as root via HNAP1/control/SetGuestWLanSettings.php.
CVE-2024-52553 1 Jenkins 2 Openid, Openid Connect Authentication 2025-05-07 8.8 High
Jenkins OpenId Connect Authentication Plugin 4.418.vccc7061f5b_6d and earlier does not invalidate the previous session on login.
CVE-2024-49362 2 Joplin Project, Joplinapp 2 Joplin, Joplin 2025-05-07 7.7 High
Joplin is a free, open source note taking and to-do application. Joplin-desktop has a vulnerability that leads to remote code execution (RCE) when a user clicks on an <a> link within untrusted notes. The issue arises due to insufficient sanitization of <a> tag attributes introduced by the Mermaid. This vulnerability allows the execution of untrusted HTML content within the Electron window, which has full access to Node.js APIs, enabling arbitrary shell command execution.
CVE-2022-3203 1 Oringnet 4 Iap-420, Iap-420\+, Iap-420\+ Firmware and 1 more 2025-05-07 9.8 Critical
On ORing net IAP-420(+) with FW version 2.0m a telnet server is enabled by default and cannot permanently be disabled. You can connect to the device via LAN or WiFi with hardcoded credentials and get an administrative shell. These credentials are reset to defaults with every reboot.
CVE-2022-34439 1 Dell 1 Emc Powerscale Onefs 2025-05-07 5.3 Medium
Dell PowerScale OneFS, versions 8.2.0.x-9.4.0.x contain allocation of Resources Without Limits or Throttling vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service and performance issue on that node.
CVE-2021-45925 1 Lannerinc 2 Iac-ast2500a, Iac-ast2500a Firmware 2025-05-07 5.3 Medium
Observable discrepancies in the login process allow an attacker to guess legitimate user names registered in the BMC. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.
CVE-2024-4311 2 Zenml, Zenmlio 2 Zenml, Zenml 2025-05-07 5.4 Medium
zenml-io/zenml version 0.56.4 is vulnerable to an account takeover due to the lack of rate-limiting in the password change function. An attacker can brute-force the current password in the 'Update Password' function, allowing them to take over the user's account. This vulnerability is due to the absence of rate-limiting on the '/api/v1/current-user' endpoint, which does not restrict the number of attempts an attacker can make to guess the current password. Successful exploitation results in the attacker being able to change the password and take control of the account.
CVE-2021-46279 1 Lannerinc 2 Iac-ast2500a, Iac-ast2500a Firmware 2025-05-07 5.8 Medium
Session fixation and insufficient session expiration vulnerabilities allow an attacker to perfom session hijacking attacks against users. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.
CVE-2023-49952 1 Joinmastodon 1 Mastodon 2025-05-07 7.5 High
Mastodon 4.1.x before 4.1.17 and 4.2.x before 4.2.9 allows a bypass of rate limiting via a crafted HTTP request header.
CVE-2022-25600 2 Fedoraproject, Weplugins 2 Fedora, Wp Maps 2025-05-07 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability affecting Delete Marker Category, Delete Map, and Copy Map functions in WP Google Map plugin (versions <= 4.2.3).
CVE-2023-28172 1 Weplugins 1 Wp Maps 2025-05-07 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in flippercode WordPress Plugin for Google Maps – WP MAPS (formerly WP Google Map Plugin) plugin <= 4.4.2 versions.
CVE-2023-23878 1 Weplugins 1 Wp Maps 2025-05-07 5.9 Medium
Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in flippercode WordPress Plugin for Google Maps – WP MAPS plugin <= 4.3.9 versions.
CVE-2015-9305 1 Weplugins 1 Wp Maps 2025-05-07 N/A
The wp-google-map-plugin plugin before 2.3.7 for WordPress has XSS related to the add_query_arg() and remove_query_arg() functions.
CVE-2015-9307 1 Weplugins 1 Wp Maps 2025-05-07 8.8 High
The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit location feature.
CVE-2015-9308 1 Weplugins 1 Wp Maps 2025-05-07 8.8 High
The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit map feature.
CVE-2015-9309 1 Weplugins 1 Wp Maps 2025-05-07 8.8 High
The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit category feature.
CVE-2016-10878 1 Weplugins 1 Wp Maps 2025-05-07 6.1 Medium
The wp-google-map-plugin plugin before 3.1.2 for WordPress has XSS.
CVE-2021-24130 1 Weplugins 1 Wp Maps 2025-05-07 7.2 High
Unvalidated input in the WP Google Map Plugin WordPress plugin, versions before 4.1.5, in the Manage Locations page within the plugin settings was vulnerable to SQL Injection through a high privileged user (admin+).