Export limit exceeded: 366632 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366632 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-49335 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2025-05-09 | 8.3 High |
| Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while getting file server details. | ||||
| CVE-2023-49332 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2025-05-09 | 8.3 High |
| Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while adding file shares. | ||||
| CVE-2023-49331 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2025-05-09 | 8.3 High |
| Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the aggregate reports search option. | ||||
| CVE-2024-1290 | 1 Strategy11 | 1 User Registration Forms | 2025-05-09 | 6.5 Medium |
| The User Registration WordPress plugin before 2.12 does not prevent users with at least the contributor role from rendering sensitive shortcodes, allowing them to generate, and leak, valid password reset URLs, which they can use to take over any accounts. | ||||
| CVE-2025-1232 | 1 Geminilabs | 1 Site Reviews | 2025-05-09 | 8.8 High |
| The Site Reviews WordPress plugin before 7.2.5 does not properly sanitise and escape some of its Review fields, which could allow unauthenticated users to perform Stored XSS attacks | ||||
| CVE-2024-45027 | 1 Linux | 1 Linux Kernel | 2025-05-09 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Check for xhci->interrupters being allocated in xhci_mem_clearup() If xhci_mem_init() fails, it calls into xhci_mem_cleanup() to mop up the damage. If it fails early enough, before xhci->interrupters is allocated but after xhci->max_interrupters has been set, which happens in most (all?) cases, things get uglier, as xhci_mem_cleanup() unconditionally derefences xhci->interrupters. With prejudice. Gate the interrupt freeing loop with a check on xhci->interrupters being non-NULL. Found while debugging a DMA allocation issue that led the XHCI driver on this exact path. | ||||
| CVE-2025-4475 | 2025-05-08 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2025-4107 | 2025-05-08 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2024-26559 | 1 Dagg | 1 Uverif | 2025-05-08 | 5.3 Medium |
| An issue in uverif v.2.0 allows a remote attacker to obtain sensitive information. | ||||
| CVE-2022-36677 | 1 Lynchjames | 1 Obsidian Mind Map | 2025-05-08 | 6.1 Medium |
| Obsidian Mind Map v1.1.0 allows attackers to execute arbitrary code via a crafted payload injected into an uploaded document. | ||||
| CVE-2023-27151 | 1 Opencrx | 1 Opencrx | 2025-05-08 | 6.1 Medium |
| openCRX 5.2.0 was discovered to contain an HTML injection vulnerability for Search Criteria-Activity Number (in the Saved Search Activity) via the Name, Description, or Activity Number field. | ||||
| CVE-2023-51774 | 1 Json-jwt Project | 1 Json-jwt | 2025-05-08 | 8.4 High |
| The json-jwt (aka JSON::JWT) gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode. | ||||
| CVE-2024-25006 | 1 Xenforo | 1 Xenforo | 2025-05-08 | 8.1 High |
| XenForo before 2.2.14 allows Directory Traversal (with write access) by an authenticated user who has permissions to administer styles, and uses a ZIP archive for Styles Import. | ||||
| CVE-2022-43424 | 1 Jenkins | 2 Compuware Xpediter Code Coverage, Jenkins | 2025-05-08 | 5.3 Medium |
| Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process. | ||||
| CVE-2022-41415 | 1 Acer | 2 Altos W2000h-w570h F4, Altos W2000h-w570h F4 Firmware | 2025-05-08 | 9.8 Critical |
| Acer Altos W2000h-W570h F4 R01.03.0018 was discovered to contain a stack overflow in the RevserveMem component. This vulnerability allows attackers to cause a Denial of Service (DoS) via injecting crafted shellcode into the NVRAM variable. | ||||
| CVE-2021-38217 | 1 Sem-cms | 1 Semcms | 2025-05-08 | 9.8 Critical |
| SEMCMS v 1.2 is vulnerable to SQL Injection via SEMCMS_User.php. | ||||
| CVE-2024-2428 | 1 Prestoplayer | 1 Presto Player | 2025-05-08 | 4.7 Medium |
| The Ultimate Video Player For WordPress WordPress plugin before 2.2.3 does not have proper capability check when updating its settings via a REST route, allowing Contributor and above users to update them. Furthermore, due to the lack of escaping in one of the settings, this also allows them to perform Stored XSS attacks | ||||
| CVE-2024-2729 | 1 Themeisle | 1 Otter Blocks | 2025-05-08 | 6.1 Medium |
| The Otter Blocks WordPress plugin before 2.6.6 does not properly escape its mainHeadings blocks' attribute before appending it to the final rendered block, allowing contributors to conduct Stored XSS attacks. | ||||
| CVE-2024-2118 | 1 Inisev | 1 Social Media Share Buttons \& Social Sharing Icons | 2025-05-08 | 5.9 Medium |
| The Social Media Share Buttons & Social Sharing Icons WordPress plugin before 2.8.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2024-1219 | 1 Easysocialfeed | 1 Easy Social Feed | 2025-05-08 | 5.3 Medium |
| The Easy Social Feed WordPress plugin before 6.5.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin | ||||