Export limit exceeded: 363318 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363318 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-46223 | 2025-04-23 | N/A | ||
| Not used | ||||
| CVE-2025-46222 | 2025-04-23 | N/A | ||
| Not used | ||||
| CVE-2025-46221 | 2025-04-23 | N/A | ||
| Not used | ||||
| CVE-2025-46220 | 2025-04-23 | N/A | ||
| Not used | ||||
| CVE-2025-46219 | 2025-04-23 | N/A | ||
| Not used | ||||
| CVE-2025-46218 | 2025-04-23 | N/A | ||
| Not used | ||||
| CVE-2025-46217 | 2025-04-23 | N/A | ||
| Not used | ||||
| CVE-2025-46216 | 2025-04-23 | N/A | ||
| Not used | ||||
| CVE-2024-29392 | 1 Silverpeas | 1 Silverpeas | 2025-04-23 | 5.4 Medium |
| Silverpeas Core 6.3 is vulnerable to Cross Site Scripting (XSS) via ClipboardSessionController. | ||||
| CVE-2023-40492 | 1 Lg | 1 Simple Editor | 2025-04-23 | 9.1 Critical |
| LG Simple Editor deleteCheckSession Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the deleteCheckSession method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of SYSTEM. . Was ZDI-CAN-19919. | ||||
| CVE-2024-33102 | 1 Thinksaas | 1 Thinksaas | 2025-04-23 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the component /pubs/counter.php of ThinkSAAS v3.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the code parameter. | ||||
| CVE-2024-33101 | 1 Thinksaas | 1 Thinksaas | 2025-04-23 | 6.1 Medium |
| A stored cross-site scripting (XSS) vulnerability in the component /action/anti.php of ThinkSAAS v3.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the word parameter. | ||||
| CVE-2024-33338 | 1 Jizhicms | 1 Jizhicms | 2025-04-23 | 7.3 High |
| Cross Site Scripting vulnerability in jizhicms v.2.5.4 allows a remote attacker to obtain sensitive information via a crafted article publication request. | ||||
| CVE-2023-51254 | 1 Jfinalcms Project | 1 Jfinalcms | 2025-04-23 | 6.1 Medium |
| Cross Site Scripting vulnerability in Jfinalcms v.5.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the friendship link component. | ||||
| CVE-2024-46410 | 1 Publiccms | 1 Publiccms | 2025-04-23 | 4.8 Medium |
| PublicCMS V4.0.202406.d was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted script to the Category Managment feature | ||||
| CVE-2024-45894 | 1 Bluecms Project | 1 Bluecms | 2025-04-23 | 4.9 Medium |
| BlueCMS 1.6 suffers from Arbitrary File Deletion via the file_name parameter in an /admin/database.php?act=del request. | ||||
| CVE-2024-46078 | 2 Adonesevangelista, Sports Management System Project | 2 Sports Management System, Sports Management System | 2025-04-23 | 7.5 High |
| itsourcecode Sports Management System Project 1.0 is vulnerable to SQL Injection in the function delete_category of the file sports_scheduling/player.php via the argument id. | ||||
| CVE-2024-41290 | 1 Flatpress | 1 Flatpress | 2025-04-23 | 8.1 High |
| FlatPress CMS v1.3.1 1.3 was discovered to use insecure methods to store authentication data via the cookie's component. | ||||
| CVE-2024-48454 | 2 Oretnom23, Purchase Order Management System Project | 2 Purchase Order Management System, Purchase Order Management System | 2025-04-23 | 7.2 High |
| An issue in SourceCodester Purchase Order Management System v1.0 allows a remote attacker to execute arbitrary code via the /admin?page=user component | ||||
| CVE-2022-30354 | 1 Ovaledge | 1 Ovaledge | 2025-04-23 | 7.5 High |
| OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserWithTeam. Authentication is required. The information disclosed is associated with all registered user ID numbers. | ||||