Export limit exceeded: 364448 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364448 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-41207 | 1 Sap | 1 Biller Direct | 2025-05-01 | 6.1 Medium |
| SAP Biller Direct allows an unauthenticated attacker to craft a legitimate looking URL. When clicked by an unsuspecting victim, it will use an unsensitized parameter to redirect the victim to a malicious site of the attacker's choosing which can result in disclosure or modification of the victim's information. | ||||
| CVE-2024-34088 | 1 Frrouting | 1 Frrouting | 2025-05-01 | 7.5 High |
| In FRRouting (FRR) through 9.1, it is possible for the get_edge() function in ospf_te.c in the OSPF daemon to return a NULL pointer. In cases where calling functions do not handle the returned NULL value, the OSPF daemon crashes, leading to denial of service. | ||||
| CVE-2024-31951 | 1 Frrouting | 1 Frrouting | 2025-05-01 | 6.5 Medium |
| In the Opaque LSA Extended Link parser in FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ext_link for OSPF LSA packets during an attempt to read Segment Routing Adjacency SID subTLVs (lengths are not validated). | ||||
| CVE-2024-31950 | 1 Frrouting | 1 Frrouting | 2025-05-01 | 6.5 Medium |
| In FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ri for OSPF LSA packets during an attempt to read Segment Routing subTLVs (their size is not validated). | ||||
| CVE-2023-7167 | 1 Danialhatami | 1 Persian Fonts | 2025-05-01 | 6.1 Medium |
| The Persian Fonts WordPress plugin through 1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-48743 | 2 Tektronix, Telestream | 2 Sentry, Sentry | 2025-05-01 | 6.5 Medium |
| Cross Site Scripting vulnerability in Sentry v.6.0.9 allows a remote attacker to execute arbitrary code via the z parameter. | ||||
| CVE-2023-7198 | 2 Jeroensormani, Wp-dashboard-notes | 2 Wp Dashboard Notes, Wp Dashboard Notes | 2025-05-01 | 4.3 Medium |
| The WP Dashboard Notes WordPress plugin before 1.0.11 is vulnerable to Insecure Direct Object References (IDOR) in post_id= parameter. Authenticated users are able to delete private notes associated with different user accounts. This poses a significant security risk as it violates the principle of least privilege and compromises the integrity and privacy of user data. | ||||
| CVE-2025-3474 | 1 Drupal | 1 Panels | 2025-05-01 | 6.5 Medium |
| Missing Authentication for Critical Function vulnerability in Drupal Panels allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Panels: from 0.0.0 before 4.9.0. | ||||
| CVE-2024-10276 | 1 Telestream | 1 Sentry | 2025-05-01 | 3.5 Low |
| A vulnerability has been found in Telestream Sentry 6.0.9 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /?page=reports of the component Reports Page. The manipulation of the argument z leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-31692 | 1 Drupal | 1 Artificial Intelligence | 2025-05-01 | 7.5 High |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.5. | ||||
| CVE-2025-31674 | 1 Drupal | 1 Drupal | 2025-05-01 | 7.5 High |
| Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3. | ||||
| CVE-2024-30202 | 1 Gnu | 2 Emacs, Org Mode | 2025-05-01 | 7.8 High |
| In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23. | ||||
| CVE-2024-30203 | 3 Debian, Gnu, Redhat | 4 Debian Linux, Emacs, Org Mode and 1 more | 2025-05-01 | 5.5 Medium |
| In Emacs before 29.3, Gnus treats inline MIME contents as trusted. | ||||
| CVE-2024-30204 | 3 Debian, Gnu, Redhat | 4 Debian Linux, Emacs, Org Mode and 1 more | 2025-05-01 | 2.8 Low |
| In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments. | ||||
| CVE-2024-30205 | 3 Debian, Gnu, Redhat | 4 Debian Linux, Emacs, Org Mode and 1 more | 2025-05-01 | 7.1 High |
| In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23. | ||||
| CVE-2023-7202 | 1 Verygoodplugins | 1 Fatal Error Notify | 2025-05-01 | 6.1 Medium |
| The Fatal Error Notify WordPress plugin before 1.5.3 does not have authorisation and CSRF checks in its test_error AJAX action, allowing any authenticated users, such as subscriber to call it and spam the admin email address with error messages. The issue is also exploitable via CSRF | ||||
| CVE-2024-42586 | 1 Siamonhasan | 1 Warehouse Inventory System | 2025-05-01 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) in the component categorie.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. | ||||
| CVE-2024-42585 | 1 Siamonhasan | 1 Warehouse Inventory System | 2025-05-01 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) in the component delete_media.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. | ||||
| CVE-2024-42578 | 2 Oswapp, Siamonhasan | 2 Warehouse Inventory System, Warehouse Inventory System | 2025-05-01 | 8 High |
| A Cross-Site Request Forgery (CSRF) in the component edit_product.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. | ||||
| CVE-2024-42576 | 1 Siamonhasan | 1 Warehouse Inventory System | 2025-05-01 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) in the component edit_categorie.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. | ||||