Export limit exceeded: 363169 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363169 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-33102 1 Thinksaas 1 Thinksaas 2025-04-23 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in the component /pubs/counter.php of ThinkSAAS v3.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the code parameter.
CVE-2024-33101 1 Thinksaas 1 Thinksaas 2025-04-23 6.1 Medium
A stored cross-site scripting (XSS) vulnerability in the component /action/anti.php of ThinkSAAS v3.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the word parameter.
CVE-2024-33338 1 Jizhicms 1 Jizhicms 2025-04-23 7.3 High
Cross Site Scripting vulnerability in jizhicms v.2.5.4 allows a remote attacker to obtain sensitive information via a crafted article publication request.
CVE-2023-51254 1 Jfinalcms Project 1 Jfinalcms 2025-04-23 6.1 Medium
Cross Site Scripting vulnerability in Jfinalcms v.5.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the friendship link component.
CVE-2024-46410 1 Publiccms 1 Publiccms 2025-04-23 4.8 Medium
PublicCMS V4.0.202406.d was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted script to the Category Managment feature
CVE-2024-45894 1 Bluecms Project 1 Bluecms 2025-04-23 4.9 Medium
BlueCMS 1.6 suffers from Arbitrary File Deletion via the file_name parameter in an /admin/database.php?act=del request.
CVE-2024-46078 2 Adonesevangelista, Sports Management System Project 2 Sports Management System, Sports Management System 2025-04-23 7.5 High
itsourcecode Sports Management System Project 1.0 is vulnerable to SQL Injection in the function delete_category of the file sports_scheduling/player.php via the argument id.
CVE-2024-41290 1 Flatpress 1 Flatpress 2025-04-23 8.1 High
FlatPress CMS v1.3.1 1.3 was discovered to use insecure methods to store authentication data via the cookie's component.
CVE-2024-48454 2 Oretnom23, Purchase Order Management System Project 2 Purchase Order Management System, Purchase Order Management System 2025-04-23 7.2 High
An issue in SourceCodester Purchase Order Management System v1.0 allows a remote attacker to execute arbitrary code via the /admin?page=user component
CVE-2022-30354 1 Ovaledge 1 Ovaledge 2025-04-23 7.5 High
OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserWithTeam. Authentication is required. The information disclosed is associated with all registered user ID numbers.
CVE-2025-3441 2025-04-22 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2022-4123 2 Fedoraproject, Podman Project 2 Fedora, Podman 2025-04-22 3.3 Low
A flaw was found in Buildah. The local path and the lowest subdirectory may be disclosed due to incorrect absolute path traversal, resulting in an impact to confidentiality.
CVE-2022-4122 3 Fedoraproject, Podman Project, Redhat 4 Fedora, Podman, Enterprise Linux and 1 more 2025-04-22 5.3 Medium
A vulnerability was found in buildah. Incorrect following of symlinks while reading .containerignore and .dockerignore results in information disclosure.
CVE-2022-45910 1 Apache 1 Manifoldcf 2025-04-22 5.3 Medium
Improper neutralization of special elements used in an LDAP query ('LDAP Injection') vulnerability in ActiveDirectory and Sharepoint ActiveDirectory authority connectors of Apache ManifoldCF allows an attacker to manipulate the LDAP search queries (DoS, additional queries, filter manipulation) during user lookup, if the username or the domain string are passed to the UserACLs servlet without validation. This issue affects Apache ManifoldCF version 2.23 and prior versions.
CVE-2022-44213 1 Zkteco 1 Automatic Data Master Server 2025-04-22 4.8 Medium
ZKTeco Xiamen Information Technology ZKBio ECO ADMS <=3.1-164 is vulnerable to Cross Site Scripting (XSS).
CVE-2022-44031 1 Redmine 1 Redmine 2025-04-22 6.1 Medium
Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization of the blockquote syntax in Textile-formatted fields.
CVE-2022-41559 1 Tibco 1 Nimbus 2025-04-22 9.3 Critical
The Web Client component of TIBCO Software Inc.'s TIBCO Nimbus contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to exploit an open redirect on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Nimbus: version 10.5.0.
CVE-2022-40939 1 Secu 2 Secustation, Secustation Firmware 2025-04-22 4.9 Medium
In certain Secustation products the administrator account password can be read. This affects V2.5.5.3116-S50-SMA-B20171107A, V2.3.4.1301-M20-TSA-B20150617A, V2.5.5.3116-S50-RXA-B20180502A, V2.5.5.3116-S50-SMA-B20190723A, V2.5.5.3116-S50-SMB-B20161012A, V2.3.4.2103-S50-NTD-B20170508B, V2.5.5.3116-S50-SMB-B20160601A, V2.5.5.2601-S50-TSA-B20151229A, and V2.5.5.3116-S50-SMA-B20170217.
CVE-2022-3906 1 Whitestudio 1 Easy Form Builder 2025-04-22 4.8 Medium
The Easy Form Builder WordPress plugin before 3.4.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVE-2022-3259 1 Redhat 1 Openshift 2025-04-22 7.4 High
Openshift 4.9 does not use HTTP Strict Transport Security (HSTS) which may allow man-in-the-middle (MITM) attacks.