Export limit exceeded: 339825 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (339825 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-38371 | 1 Siemens | 39 Apogee Modular Building Controller, Apogee Modular Building Controller Firmware, Apogee Modular Equiment Controller and 36 more | 2025-05-13 | 7.5 High |
| A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.7), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.21), APOGEE PXC Modular (BACnet) (All versions < V3.5.7), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.21), Desigo PXC00-E.D (All versions >= V2.3 < V6.30.37), Desigo PXC00-U (All versions >= V2.3 < V6.30.37), Desigo PXC001-E.D (All versions >= V2.3 < V6.30.37), Desigo PXC100-E.D (All versions >= V2.3 < V6.30.37), Desigo PXC12-E.D (All versions >= V2.3 < V6.30.37), Desigo PXC128-U (All versions >= V2.3 < V6.30.37), Desigo PXC200-E.D (All versions >= V2.3 < V6.30.37), Desigo PXC22-E.D (All versions >= V2.3 < V6.30.37), Desigo PXC22.1-E.D (All versions >= V2.3 < V6.30.37), Desigo PXC36.1-E.D (All versions >= V2.3 < V6.30.37), Desigo PXC50-E.D (All versions >= V2.3 < V6.30.37), Desigo PXC64-U (All versions >= V2.3 < V6.30.37), Desigo PXM20-E (All versions >= V2.3 < V6.30.37), Nucleus NET for Nucleus PLUS V1 (All versions < V5.2a), Nucleus NET for Nucleus PLUS V2 (All versions < V5.4), Nucleus ReadyStart V3 V2012 (All versions < V2012.08.1), Nucleus ReadyStart V3 V2017 (All versions < V2017.02.4), Nucleus Source Code (All versions including affected FTP server), TALON TC Compact (BACnet) (All versions < V3.5.7), TALON TC Modular (BACnet) (All versions < V3.5.7). The FTP server does not properly release memory resources that were reserved for incomplete connection attempts by FTP clients. This could allow a remote attacker to generate a denial of service condition on devices that incorporate a vulnerable version of the FTP server. | ||||
| CVE-2025-47864 | 2025-05-13 | N/A | ||
| Not used | ||||
| CVE-2025-47863 | 2025-05-13 | N/A | ||
| Not used | ||||
| CVE-2025-47862 | 2025-05-13 | N/A | ||
| Not used | ||||
| CVE-2025-47861 | 2025-05-13 | N/A | ||
| Not used | ||||
| CVE-2025-47860 | 2025-05-13 | N/A | ||
| Not used | ||||
| CVE-2025-47859 | 2025-05-13 | N/A | ||
| Not used | ||||
| CVE-2025-47858 | 2025-05-13 | N/A | ||
| Not used | ||||
| CVE-2025-32152 | 2025-05-13 | 7.5 High | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Essential Plugins by WP OnlineSupport Slider a SlidersPack allows PHP Local File Inclusion. This issue affects Slider a SlidersPack: from n/a through 2.3. | ||||
| CVE-2025-31789 | 2025-05-13 | 6.5 Medium | ||
| Missing Authorization vulnerability in Matat Technologies TextMe SMS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TextMe SMS: from n/a through 1.9.1. | ||||
| CVE-2024-8404 | 1 Papercut | 2 Papercut Mf, Papercut Ng | 2025-05-13 | 7.8 High |
| An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled. To exploit this vulnerability, an attacker must first obtain local login access to the Windows Server hosting PaperCut NG/MF and be capable of executing low-privilege code directly on the server via the web-print-hot-folder. Important: In most installations, this risk is mitigated by the default Windows Server configuration, which restricts local login access to Administrators only. However, this vulnerability could pose a risk to customers who allow non-administrative users to log into the local console of the Windows environment hosting the PaperCut NG/MF application server. Update: This CVE has been updated in May 2025 to update the fixed version and fix process. Please refer to the May 2025 Security Bulletin. Note: This CVE has been split from CVE-2024-3037. | ||||
| CVE-2023-51401 | 1 Brainstormforce | 1 Ultimate Addons For Beaver Builder | 2025-05-13 | 6.3 Medium |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder allows Relative Path Traversal.This issue affects Ultimate Addons for Beaver Builder: from n/a through 1.35.13. | ||||
| CVE-2024-34241 | 1 Rocketsoft | 1 Rocket Lms | 2025-05-13 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in Rocketsoft Rocket LMS 1.9 allows an administrator to store a JavaScript payload using the admin web interface when creating new courses and new course notifications. | ||||
| CVE-2024-2218 | 1 Theluckywp | 1 Luckywp Table Of Contents | 2025-05-13 | 4.6 Medium |
| The LuckyWP Table of Contents WordPress plugin through 2.1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2024-3965 | 1 Projectcaruso | 1 Pray For Me | 2025-05-13 | 5.4 Medium |
| The Pray For Me WordPress plugin through 1.0.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | ||||
| CVE-2024-3993 | 1 Wp-master | 1 Azan | 2025-05-13 | 4.6 Medium |
| The AZAN Plugin WordPress plugin through 0.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | ||||
| CVE-2024-4271 | 1 Svgator | 1 Svgator | 2025-05-13 | 4.6 Medium |
| The SVGator WordPress plugin through 1.2.6 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks. | ||||
| CVE-2024-4480 | 1 Goprayer | 1 Prayer | 2025-05-13 | 6.1 Medium |
| The WP Prayer II WordPress plugin through 2.4.7 does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF attack | ||||
| CVE-2024-3236 | 1 Ghozylab | 1 Popup Builder | 2025-05-13 | 5.4 Medium |
| The Popup Builder WordPress plugin before 1.1.33 does not sanitise and escape some of its Notification fields, which could allow users such as contributor and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2024-4305 | 2 Wpdownloadmanager, Wpxpo | 2 Gutenberg Blocks For Wordpress Download Manager, Postx | 2025-05-13 | 6.8 Medium |
| The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | ||||