Export limit exceeded: 363321 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363321 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-3268 1 Qinguoyi 1 Tinywebserver 2025-04-23 5.3 Medium
A vulnerability has been found in qinguoyi TinyWebServer up to 1.0 and classified as critical. This vulnerability affects unknown code of the file http/http_conn.cpp. The manipulation of the argument m_url_real leads to improper authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-3380 1 Pcman 1 Ftp Server 2025-04-23 7.3 High
A vulnerability, which was classified as critical, has been found in PCMan FTP Server 2.0.7. Affected by this issue is some unknown functionality of the component FEAT Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-46494 1 Typecho 1 Typecho 2025-04-23 5.4 Medium
A cross-site scripting (XSS) vulnerability in Typecho v1.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into Name parameter under a comment for an Article.
CVE-2025-46224 2025-04-23 N/A
Not used
CVE-2025-46223 2025-04-23 N/A
Not used
CVE-2025-46222 2025-04-23 N/A
Not used
CVE-2025-46221 2025-04-23 N/A
Not used
CVE-2025-46220 2025-04-23 N/A
Not used
CVE-2025-46219 2025-04-23 N/A
Not used
CVE-2025-46218 2025-04-23 N/A
Not used
CVE-2025-46217 2025-04-23 N/A
Not used
CVE-2025-46216 2025-04-23 N/A
Not used
CVE-2024-29392 1 Silverpeas 1 Silverpeas 2025-04-23 5.4 Medium
Silverpeas Core 6.3 is vulnerable to Cross Site Scripting (XSS) via ClipboardSessionController.
CVE-2023-40492 1 Lg 1 Simple Editor 2025-04-23 9.1 Critical
LG Simple Editor deleteCheckSession Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the deleteCheckSession method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of SYSTEM. . Was ZDI-CAN-19919.
CVE-2024-33102 1 Thinksaas 1 Thinksaas 2025-04-23 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in the component /pubs/counter.php of ThinkSAAS v3.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the code parameter.
CVE-2024-33101 1 Thinksaas 1 Thinksaas 2025-04-23 6.1 Medium
A stored cross-site scripting (XSS) vulnerability in the component /action/anti.php of ThinkSAAS v3.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the word parameter.
CVE-2024-33338 1 Jizhicms 1 Jizhicms 2025-04-23 7.3 High
Cross Site Scripting vulnerability in jizhicms v.2.5.4 allows a remote attacker to obtain sensitive information via a crafted article publication request.
CVE-2023-51254 1 Jfinalcms Project 1 Jfinalcms 2025-04-23 6.1 Medium
Cross Site Scripting vulnerability in Jfinalcms v.5.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the friendship link component.
CVE-2024-46410 1 Publiccms 1 Publiccms 2025-04-23 4.8 Medium
PublicCMS V4.0.202406.d was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted script to the Category Managment feature
CVE-2024-45894 1 Bluecms Project 1 Bluecms 2025-04-23 4.9 Medium
BlueCMS 1.6 suffers from Arbitrary File Deletion via the file_name parameter in an /admin/database.php?act=del request.