Export limit exceeded: 364840 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364840 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-12717 1 Aklamator 1 Infeed 2025-04-21 4.8 Medium
The Aklamator INfeed WordPress plugin through 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVE-2024-12731 1 Aklamator 1 Infeed 2025-04-21 6.1 Medium
The Aklamator INfeed WordPress plugin through 2.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
CVE-2025-22983 1 Thecosy 1 Icecms 2025-04-21 7.5 High
An access control issue in the component /square/getAllSquare/circle of iceCMS v2.2.0 allows unauthenticated attackers to access sensitive information.
CVE-2024-55341 1 Dotnetfoundation 1 Piranha Cms 2025-04-21 4.7 Medium
A stored cross-site scripting (XSS) vulnerability in Piranha CMS 11.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by creating a page via the /manager/pages and then adding a markdown content with the XSS payload.
CVE-2024-54774 1 Dcatadmin 1 Dcat Admin 2025-04-21 4.8 Medium
Dcat Admin v2.2.0-beta contains a cross-site scripting (XSS) vulnerability in /admin/articles/create.
CVE-2024-43767 1 Google 1 Android 2025-04-21 8.8 High
In prepare_to_draw_into_mask of SkBlurMaskFilterImpl.cpp, there is a possible heap overflow due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-43769 1 Google 1 Android 2025-04-21 7.8 High
In isPackageDeviceAdmin of PackageManagerService.java, there is a possible edge case which could prevent the uninstallation of CloudDpc due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-56365 1 Phpoffice 1 Phpspreadsheet 2025-04-21 5.4 Medium
PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 are vulnerable to unauthorized reflected cross-site scripting in the constructor of the `Downloader` class. Using the `/vendor/phpoffice/phpspreadsheet/samples/download.php` script, an attacker can perform a cross-site scripting attack. Versions 3.7.0, 2.3.5, 2.1.6, and 1.29.7 contain a patch for the issue.
CVE-2024-56366 1 Phpoffice 1 Phpspreadsheet 2025-04-21 5.4 Medium
PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 are vulnerable to unauthorized reflected cross-site scripting in the `Accounting.php` file. Using the `/vendor/phpoffice/phpspreadsheet/samples/Wizards/NumberFormat/Accounting.php` script, an attacker can perform a cross-site scripting attack. Versions 3.7.0, 2.3.5, 2.1.6, and 1.29.7 contain a patch for the issue.
CVE-2024-52724 1 Zzcms 1 Zzcms 2025-04-21 9.8 Critical
ZZCMS 2023 was discovered to contain a SQL injection vulnerability in /q/show.php.
CVE-2024-42195 1 Hcltechsw 2 Hcl Devops Deploy, Hcl Launch 2025-04-21 3.1 Low
HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.
CVE-2022-46832 1 Sick 42 Rfu620-10100, Rfu620-10100 Firmware, Rfu620-10101 and 39 more 2025-04-21 6.5 Medium
Use of a Broken or Risky Cryptographic Algorithm in SICK RFU62x firmware version < 2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the firmware update is available from the responsible SICK customer contact person.
CVE-2022-46689 1 Apple 6 Ipados, Iphone Os, Macos and 3 more 2025-04-21 7 High
A race condition was addressed with additional validation. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges.
CVE-2022-46634 1 Totolink 2 A7100ru, A7100ru Firmware 2025-04-21 9.8 Critical
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiWpsCfg function.
CVE-2022-46631 1 Totolink 2 A7100ru, A7100ru Firmware 2025-04-21 9.8 Critical
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiSignalCfg function.
CVE-2022-42863 2 Apple, Redhat 8 Ipados, Iphone Os, Macos and 5 more 2025-04-21 8.8 High
A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2022-42862 1 Apple 3 Ipados, Iphone Os, Macos 2025-04-21 5.5 Medium
This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. An app may be able to bypass Privacy preferences.
CVE-2022-42861 1 Apple 3 Ipados, Iphone Os, Macos 2025-04-21 8.8 High
This issue was addressed with improved checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2. An app may be able to break out of its sandbox.
CVE-2022-42855 1 Apple 4 Ipados, Iphone Os, Macos and 1 more 2025-04-21 7.1 High
A logic issue was addressed with improved state management. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2. An app may be able to use arbitrary entitlements.
CVE-2022-42844 1 Apple 2 Ipados, Iphone Os 2025-04-21 8.6 High
The issue was addressed with improved memory handling. This issue is fixed in iOS 16.2 and iPadOS 16.2. An app may be able to break out of its sandbox.