Export limit exceeded: 26350 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 364939 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364939 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-3830 | 1 Themeum | 1 Wp Page Builder | 2025-04-24 | 4.8 Medium |
| The WP Page Builder WordPress plugin through 1.2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2022-3694 | 1 Syncee | 1 Syncee - Global Dropshipping | 2025-04-24 | 7.5 High |
| The Syncee WordPress plugin before 1.0.10 leaks the administrator token that can be used to take over the administrator's account. | ||||
| CVE-2022-3677 | 1 Addonspress | 1 Advanced Import | 2025-04-24 | 6.5 Medium |
| The Advanced Import WordPress plugin before 1.3.8 does not have CSRF check when installing and activating plugins, which could allow attackers to make a logged in admin install arbitrary plugins from WordPress.org, and activate arbitrary ones from the blog via CSRF attacks | ||||
| CVE-2022-3426 | 1 Advanced Wp Columns Project | 1 Advanced Wp Columns | 2025-04-24 | 4.8 Medium |
| The Advanced WP Columns WordPress plugin through 2.0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2022-39134 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-24 | 4.7 Medium |
| In audio driver, there is a use after free due to a race condition. This could lead to local denial of service in kernel. | ||||
| CVE-2022-39133 | 2 Google, Unisoc | 14 Android, S8022, Sc7731e and 11 more | 2025-04-24 | 5.5 Medium |
| In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. | ||||
| CVE-2022-39132 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-24 | 5.5 Medium |
| In camera driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. | ||||
| CVE-2022-39131 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-24 | 5.5 Medium |
| In camera driver, there is a possible memory corruption due to improper locking. This could lead to local denial of service in kernel. | ||||
| CVE-2022-39130 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-24 | 5.5 Medium |
| In face detect driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. | ||||
| CVE-2022-39129 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-24 | 5.5 Medium |
| In face detect driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. | ||||
| CVE-2022-39106 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-24 | 5.5 Medium |
| In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. | ||||
| CVE-2022-39102 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-24 | 7.8 High |
| In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. | ||||
| CVE-2022-39101 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-24 | 7.8 High |
| In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. | ||||
| CVE-2022-39100 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-24 | 7.8 High |
| In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. | ||||
| CVE-2022-35259 | 1 Ivanti | 1 Endpoint Manager | 2025-04-24 | 7.8 High |
| XML Injection with Endpoint Manager 2022. 3 and below causing a download of a malicious file to run and possibly execute to gain unauthorized privileges. | ||||
| CVE-2022-27773 | 1 Ivanti | 1 Endpoint Manager | 2025-04-24 | 9.8 Critical |
| A privilege escalation vulnerability is identified in Ivanti EPM (LANDesk Management Suite) that allows a user to execute commands with elevated privileges. | ||||
| CVE-2021-39434 | 1 Zkteco | 1 Zktime | 2025-04-24 | 7.5 High |
| A default username and password for an administrator account was discovered in ZKTeco ZKTime 10.0 through 11.1.0, builds 20180901, 20190510.1, 20200309.3, 20200930, 20201231, and 20210220. | ||||
| CVE-2021-34181 | 1 Tomexam | 1 Tomexam | 2025-04-24 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in TomExam 3.0 via p_name parameter to list.thtml. | ||||
| CVE-2025-29458 | 1 Mybb | 1 Mybb | 2025-04-24 | 7.6 High |
| An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Change Avatar function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators and because of SSRF mitigation. | ||||
| CVE-2025-29457 | 1 Mybb | 1 Mybb | 2025-04-24 | 7.6 High |
| An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Import a Theme function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators and because of SSRF mitigation. | ||||