Export limit exceeded: 363618 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363618 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-37929 1 Hpe 18 Hf20, Hf20 Firmware, Hf20c and 15 more 2025-05-02 6.7 Medium
Improper Privilege Management vulnerability in Hewlett Packard Enterprise Nimble Storage Hybrid Flash Arrays and Nimble Storage Secondary Flash Arrays.
CVE-2022-37928 1 Hpe 18 Hf20, Hf20 Firmware, Hf20c and 15 more 2025-05-02 8 High
Insufficient Verification of Data Authenticity vulnerability in Hewlett Packard Enterprise HPE Nimble Storage Hybrid Flash Arrays and Nimble Storage Secondary Flash Arrays.
CVE-2021-46846 2 Hp, Hpe 45 3par Service Processor, Apollo R2000 Chassis, Integrated Lights-out 5 Firmware and 42 more 2025-05-02 6.4 Medium
Cross Site Scripting vulnerability in Hewlett Packard Enterprise Integrated Lights-Out 5.
CVE-2021-38351 1 Outsidesource 1 Osd Subscribe 2025-05-02 6.1 Medium
The OSD Subscribe WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the osd_subscribe_message parameter found in the ~/options/osd_subscribe_options_subscribers.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2.3.
CVE-2021-38350 1 Spideranalyse Project 1 Spideranalyse 2025-05-02 6.1 Medium
The spideranalyse WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the date parameter found in the ~/analyse/index.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.0.1.
CVE-2021-38352 1 Feedify 1 Web Push Notifications 2025-05-02 6.1 Medium
The Feedify – Web Push Notifications WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the feedify_msg parameter found in the ~/includes/base.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.8.
CVE-2021-38333 1 Wp Scrippets Project 1 Wp Scrippets 2025-05-02 6.1 Medium
The WP Scrippets WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/wp-scrippets.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.5.1.
CVE-2021-38331 1 Wp-t-wap Project 1 Wp-t-wap 2025-05-02 6.1 Medium
The WP-T-Wap WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the posted parameter found in the ~/wap/writer.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.13.2.
CVE-2021-38338 1 Border Loading Bar Project 1 Border Loading Bar 2025-05-02 6.1 Medium
The Border Loading Bar WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the `f` and `t` parameter found in the ~/titan-framework/iframe-googlefont-preview.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.1.
CVE-2021-38328 1 Notices Project 1 Notices 2025-05-02 6.1 Medium
The Notices WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/notices.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 6.1.
CVE-2021-38329 1 Dj Emailpublish Project 1 Dj Emailpublish 2025-05-02 6.1 Medium
The DJ EmailPublish WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/dj-email-publish.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.7.2.
CVE-2022-41679 1 Formalms 1 Formalms 2025-05-02 4.7 Medium
Forma LMS version 3.1.0 and earlier are affected by an Cross-Site scripting vulnerability, that could allow a remote attacker to inject javascript code on the “back_url” parameter in appLms/index.php?modname=faq&op=play function. The exploitation of this vulnerability could allow an attacker to steal the user´s cookies in order to log in to the application.
CVE-2021-38348 1 Advance Search Project 1 Advance Search 2025-05-02 6.1 Medium
The Advance Search WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the wpas_id parameter found in the ~/inc/admin/views/html-advance-search-admin-options.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.1.2.
CVE-2021-38326 1 Wpleet 1 Post Title Counter 2025-05-02 6.1 Medium
The Post Title Counter WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the notice parameter found in the ~/post-title-counter.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.1.
CVE-2020-36084 1 Jkev 1 Responsive E-learning System 2025-05-02 9.8 Critical
SQL Injection vulnerability in SourceCodester Responsive E-Learning System 1.0 allows remote attackers to inject sql query in /elearning/delete_teacher_students.php?id= parameter via id field.
CVE-2025-22928 1 Os4ed 1 Opensis 2025-05-02 9.8 Critical
OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the cp_id parameter at /modules/messages/Inbox.php.
CVE-2021-38353 1 Webodid 1 Dropdown And Scrollable Text 2025-05-02 6.1 Medium
The Dropdown and scrollable Text WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the content parameter found in the ~/index.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.
CVE-2024-55496 1 1000projects 1 Bookstore Management System 2025-05-02 9.1 Critical
A vulnerability has been found in the 1000projects Bookstore Management System PHP MySQL Project 1.0. This issue affects some unknown functionality of add_company.php. Actions on the delete parameter result in SQL injection.
CVE-2024-48580 2 Mayurik, Php 2 Best Courier Management System, Best Courier Management System 2025-05-02 9.8 Critical
SQL Injection vulnerability in Best courier management system in php v.1.0 allows a remote attacker to execute arbitrary code via the email parameter of the login request.
CVE-2021-38349 1 Techastha 1 Integration Of Moneybird For Woocommerce 2025-05-02 6.1 Medium
The Integration of Moneybird for WooCommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the error_description parameter found in the ~/templates/wcmb-admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.1.