Export limit exceeded: 364230 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 364230 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 364230 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364230 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-40663 | 1 Nikon | 1 Nis-elements Viewer | 2025-04-29 | 7.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF images. Crafted data in a TIF image can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15697. | ||||
| CVE-2024-55279 | 1 Uguu | 1 Uguu | 2025-04-29 | 6 Medium |
| Uguu through 1.8.9 allows Cross Site Scripting (XSS) via JavaScript in XML files. | ||||
| CVE-2022-3895 | 1 Hallowelt | 2 Bluespice, Common User Interface | 2025-04-29 | 4 Medium |
| Some UI elements of the Common User Interface Component are not properly sanitizing output and therefore prone to output arbitrary HTML (XSS). | ||||
| CVE-2024-11503 | 1 Shapedplugin | 1 Wp Tabs | 2025-04-29 | 6.1 Medium |
| The WP Tabs WordPress plugin before 2.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-12109 | 1 Acowebs | 1 Product Labels For Woocommerce \(sale Badges\) | 2025-04-29 | 4.1 Medium |
| The Product Labels For Woocommerce (Sale Badges) WordPress plugin before 1.5.9 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks | ||||
| CVE-2024-12769 | 1 Simple Banner Project | 1 Simple Banner | 2025-04-29 | 3.5 Low |
| The Simple Banner WordPress plugin before 3.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-13863 | 1 Wppluginbox | 1 Stylish Google Sheet Reader | 2025-04-29 | 7.1 High |
| The Stylish Google Sheet Reader 4.0 WordPress plugin before 4.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2024-9770 | 1 Plechevandrey | 1 Wp-recall | 2025-04-29 | 4.7 Medium |
| The WP-Recall WordPress plugin before 16.26.12 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks | ||||
| CVE-2022-4116 | 2 Quarkus, Redhat | 3 Quarkus, Build Of Quarkus, Quarkus | 2025-04-29 | 9.8 Critical |
| A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable to drive-by localhost attacks leading to remote code execution. | ||||
| CVE-2022-45536 | 1 Aerocms Project | 1 Aerocms | 2025-04-29 | 4.9 Medium |
| AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the id parameter at \admin\post_comments.php. This vulnerability allows attackers to access database information. | ||||
| CVE-2022-44158 | 1 Tenda | 2 Ac21, Ac21 Firmware | 2025-04-29 | 7.5 High |
| Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via function via set_device_name. | ||||
| CVE-2022-44156 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-04-29 | 7.5 High |
| Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetIpMacBind. | ||||
| CVE-2022-3690 | 1 Code-atlantic | 1 Popup Maker | 2025-04-29 | 5.5 Medium |
| The Popup Maker WordPress plugin before 1.16.11 does not sanitise and escape some of its Popup options, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks, which could be used against admins | ||||
| CVE-2022-3688 | 1 2code | 1 Wpqa Builder | 2025-04-29 | 8.8 High |
| The WPQA Builder WordPress plugin before 5.9 does not have CSRF check when following and unfollowing users, which could allow attackers to make logged in users perform such actions via CSRF attacks | ||||
| CVE-2022-3634 | 1 Ciphercoin | 1 Contact Form 7 Database Addon | 2025-04-29 | 9.8 Critical |
| The Contact Form 7 Database Addon WordPress plugin before 1.2.6.5 does not validate data when output it back in a CSV file, which could lead to CSV injection | ||||
| CVE-2022-3618 | 1 Clevelandwebdeveloper | 1 Spacer | 2025-04-29 | 4.8 Medium |
| The Spacer WordPress plugin before 3.0.7 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup). | ||||
| CVE-2025-25916 | 1 Wuzhicms | 1 Wuzhicms | 2025-04-29 | 5.4 Medium |
| wuzhicms v4.1.0 has a Cross Site Scripting (XSS) vulnerability in del function in \coreframe\app\member\admin\group.php. | ||||
| CVE-2025-1961 | 1 Mayurik | 1 Best Church Management Software | 2025-04-29 | 6.3 Medium |
| A vulnerability has been found in SourceCodester Best Church Management Software 1.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/app/web_crud.php. The manipulation of the argument encryption leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | ||||
| CVE-2024-56195 | 1 Apache | 1 Traffic Server | 2025-04-29 | 6.3 Medium |
| Improper Access Control vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.8, from 10.0.0 through 10.0.3. Users are recommended to upgrade to version 9.2.9 or 10.0.4, which fixes the issue. | ||||
| CVE-2024-56202 | 1 Apache | 1 Traffic Server | 2025-04-29 | 4.3 Medium |
| Expected Behavior Violation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 9.0.0 through 9.2.8, from 10.0.0 through 10.0.3. Users are recommended to upgrade to versions 9.2.9 or 10.0.4 or newer, which fixes the issue. | ||||