Export limit exceeded: 339825 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (339825 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-25400 | 1 Intelliants | 1 Subrion | 2025-05-23 | 9.8 Critical |
| Subrion CMS 4.2.1 is vulnerable to SQL Injection via ia.core.mysqli.php. NOTE: this is disputed by multiple third parties because it refers to an HTTP request to a PHP file that only contains a class, without any mechanism for accepting external input, and the reportedly vulnerable method is not present in the file. | ||||
| CVE-2024-27508 | 1 Atheme | 1 Atheme | 2025-05-23 | 7.5 High |
| Atheme 7.2.12 contains a memory leak vulnerability in /atheme/src/crypto-benchmark/main.c. | ||||
| CVE-2024-25840 | 1 Prestaworld | 2 Account Manager, Prestasalesmanager | 2025-05-23 | 7.5 High |
| In the module "Account Manager | Sales Representative & Dealers | CRM" (prestasalesmanager) up to 9.0 from Presta World for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack. | ||||
| CVE-2024-25841 | 1 Common-services | 1 So Flexibilite | 2025-05-23 | 5.9 Medium |
| In the module "So Flexibilite" (soflexibilite) from Common-Services for PrestaShop < 4.1.26, a guest (authenticated customer) can perform Cross Site Scripting (XSS) injection. | ||||
| CVE-2024-26458 | 3 Mit, Netapp, Redhat | 13 Kerberos 5, Active Iq Unified Manager, Cloud Volumes Ontap Mediator and 10 more | 2025-05-23 | 5.3 Medium |
| Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c. | ||||
| CVE-2024-53354 | 1 Easyvirt | 2 Co2scope, Dcscope | 2025-05-23 | 6.5 Medium |
| Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote authenticated attackers to execute arbitrary SQL commands via the (1) user parameter to /api/management/findfilterlist; the (2) user or (3) filter parameter to /api/audit/findmetawatcher; the (4) user parameter to /api/audit/findmetaalert; the (5) user parameter to /api/management/ds; the (6) user or (7) filter parameter to /api/audit/findmetarunalert; the (7) user parameter to /api/management/findtimeview; the (8) user, (9) filter or (10) target parameter to /api/management/getihmsettings; the (11) user or (12) filter parameter to /api/management/elementstype; the (14) login, (15) user, (16) is_local, (17) is_ldap, or (18) is_openid parameter to /api/user/addalias; the (19) role parameter to /api/user/addrole; the (20) user or (21) filter parameter to /api/management/addtimeview; the (22) TIMEAGO, (23) IDENTIFIER, (24) USER, (25) NAME, or (26) COST parameter to /api/management/addtagcosts; the (27) USER, or (28) VM_COST parameter to /api/management/updategenericcpucost; the (29) VM, (30) HOST, or (31) STORAGE parameter to /api/management/updatecostinfo; the (32) user, (33) filter, or (34) timeago parameter to /api/management/addfilter; the (35) user parameter to /api/report/getreporthistory. | ||||
| CVE-2023-51773 | 1 Bacnetstack | 1 Bacnet Stack | 2025-05-23 | 9.1 Critical |
| BACnet Stack before 1.3.2 has a decode function APDU buffer over-read in bacapp_decode_application_data in bacapp.c. | ||||
| CVE-2024-53355 | 1 Easyvirt | 2 Co2scope, Dcscope | 2025-05-23 | 8.8 High |
| Multiple incorrect access control issues in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote authenticated attackers, with low privileges, to (1) add an admin user via the /api/user/addalias route; (2) modifiy a user via the /api/user/updatealias route; (4) delete users via the /api/user/delalias route; (4) get users via the /api/user/aliases route; (5) add a root group via the /api/user/adduser route; (6) modifiy a group via the /api/user/updateuser route; (7) delete a group via the /api/user/deluser route; (8) get groups via the /api/user/users route; (9) add an admin role via the /api/user/addrole route; (10) modifiy a role via the /api/user/updaterole route; (11) delete a role via the /api/user/delrole route; (12) get roles via the /api/user/roles route. | ||||
| CVE-2024-53356 | 1 Easyvirt | 2 Co2scope, Dcscope | 2025-05-23 | 9.8 Critical |
| Weak JWT Secret vulnerabilitiy in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote attackers to generate JWT for privilege escalation. The HMAC secret used for generating tokens is hardcoded as "somerandomaccesstoken". A weak HMAC secret poses a risk because attackers can use the predictable secret to create valid JSON Web Tokens (JWTs), allowing them access to important information and actions within the application. | ||||
| CVE-2024-26461 | 3 Mit, Netapp, Redhat | 13 Kerberos 5, Active Iq Unified Manager, Cloud Volumes Ontap Mediator and 10 more | 2025-05-23 | 7.5 High |
| Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c. | ||||
| CVE-2025-0804 | 1 Flowdee | 1 Clickwhale | 2025-05-23 | 6.4 Medium |
| The ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via link titles in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-48761 | 1 Celk | 1 Celk Saude | 2025-05-23 | 8.8 High |
| Reflected XSS vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to inject arbitrary JavaScript code via the "erro" parameter. | ||||
| CVE-2024-51182 | 1 Celk | 1 Celk Saude | 2025-05-23 | 6.1 Medium |
| HTML Injection vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to inject arbitrary HTML code via the "erro" parameter. | ||||
| CVE-2024-54851 | 1 Sismics | 1 Teedy | 2025-05-23 | 8.8 High |
| Teedy <= 1.12 is vulnerable to Cross Site Request Forgery (CSRF), due to the lack of CSRF protection. | ||||
| CVE-2022-35096 | 1 Swftools | 1 Swftools | 2025-05-23 | 5.5 Medium |
| SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via draw_stroke at /gfxpoly/stroke.c. | ||||
| CVE-2022-35095 | 1 Swftools | 1 Swftools | 2025-05-23 | 5.5 Medium |
| SWFTools commit 772e55a2 was discovered to contain a segmentation violation via InfoOutputDev::type3D1 at /pdf/InfoOutputDev.cc. | ||||
| CVE-2022-35094 | 1 Swftools | 1 Swftools | 2025-05-23 | 5.5 Medium |
| SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via DCTStream::readHuffSym(DCTHuffTable*) at /xpdf/Stream.cc. | ||||
| CVE-2022-35093 | 1 Swftools | 1 Swftools | 2025-05-23 | 5.5 Medium |
| SWFTools commit 772e55a2 was discovered to contain a global buffer overflow via DCTStream::transformDataUnit at /xpdf/Stream.cc. | ||||
| CVE-2024-43687 | 1 Microchip | 2 Timeprovider 4100, Timeprovider 4100 Firmware | 2025-05-23 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip TimeProvider 4100 (banner config modules) allows Cross-Site Scripting (XSS).This issue affects TimeProvider 4100: from 1.0 before 2.4.7. | ||||
| CVE-2024-25844 | 1 Common-services | 1 So Flexibilite | 2025-05-23 | 7.5 High |
| An issue was discovered in Common-Services "So Flexibilite" (soflexibilite) module for PrestaShop before version 4.1.26, allows remote attackers to escalate privileges and obtain sensitive information via debug file. | ||||