Total
291487 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-3749 | 2025-04-24 | N/A | 6.4 MEDIUM | ||
| The Breeze Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘cal_size’ parameter in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-1294 | 2025-04-24 | N/A | 7.2 HIGH | ||
| The eForm - WordPress Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.18.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-8926 | 1 Php-fpm | 1 Php-fpm | 2025-04-24 | N/A | 8.1 HIGH |
| In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using a certain non-standard configurations of Windows codepages, the fixes for CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3 may still be bypassed and the same command injection related to Windows "Best Fit" codepage behavior can be achieved. This may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc. | |||||
| CVE-2025-43861 | 2025-04-24 | N/A | 4.4 MEDIUM | ||
| ManageWiki is a MediaWiki extension allowing users to manage wikis. Prior to commit 2f177dc, ManageWiki is vulnerable to reflected or stored XSS in the review dialog. A logged-in attacker must change a form field to include a malicious payload. If that same user then opens the "Review Changes" dialog, the payload will be rendered and executed in the context of their own session. This issue has been patched in commit 2f177dc. | |||||
| CVE-2024-30127 | 2025-04-24 | N/A | 3.2 LOW | ||
| Missing "no cache" headers in HCL Leap permits sensitive data to be cached. | |||||
| CVE-2023-37516 | 2025-04-24 | N/A | 3.2 LOW | ||
| Missing "no cache" headers in HCL Leap permits user directory information to be cached. | |||||
| CVE-2022-45480 | 1 Beappsmobile | 1 Pc Keyboard Wifi \& Bluetooth | 2025-04-24 | N/A | 5.9 MEDIUM |
| PC Keyboard WiFi & Bluetooth allows an attacker (in a man-in-the-middle position between the server and a connected device) to see all data (including keypresses) in cleartext. CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N | |||||
| CVE-2022-44959 | 1 Webtareas Project | 1 Webtareas | 2025-04-24 | N/A | 5.4 MEDIUM |
| webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /meetings/listmeetings.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | |||||
| CVE-2022-44957 | 1 Webtareas Project | 1 Webtareas | 2025-04-24 | N/A | 5.4 MEDIUM |
| webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /clients/listclients.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | |||||
| CVE-2022-44956 | 1 Webtareas Project | 1 Webtareas | 2025-04-24 | N/A | 5.4 MEDIUM |
| webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /projects/listprojects.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | |||||
| CVE-2022-44760 | 2025-04-24 | N/A | 4.6 MEDIUM | ||
| Unsafe default file type filter policy in HCL Leap allows execution of unsafe JavaScript in deployed applications. | |||||
| CVE-2022-44759 | 2025-04-24 | N/A | 4.6 MEDIUM | ||
| Improper sanitization of SVG files in HCL Leap allows client-side script injection in deployed applications. | |||||
| CVE-2022-44291 | 1 Webtareas Project | 1 Webtareas | 2025-04-24 | N/A | 9.8 CRITICAL |
| webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in phasesets.php. | |||||
| CVE-2022-44290 | 1 Webtareas Project | 1 Webtareas | 2025-04-24 | N/A | 9.8 CRITICAL |
| webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in deleteapprovalstages.php. | |||||
| CVE-2022-44277 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2025-04-24 | N/A | 7.2 HIGH |
| Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/classes/Master.php?f=delete_product. | |||||
| CVE-2022-44136 | 1 Tribalsystems | 1 Zenario | 2025-04-24 | N/A | 9.8 CRITICAL |
| Zenario CMS 9.3.57186 is vulnerable to Remote Code Excution (RCE). | |||||
| CVE-2022-44097 | 1 Book Store Management System Project | 1 Book Store Management System | 2025-04-24 | N/A | 9.8 CRITICAL |
| Book Store Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel. | |||||
| CVE-2022-40849 | 1 Thinkcmf | 1 Thinkcmf | 2025-04-24 | N/A | 5.4 MEDIUM |
| ThinkCMF version 6.0.7 is affected by Stored Cross-Site Scripting (XSS). An attacker who successfully exploited this vulnerability could inject a Persistent XSS payload in the Slideshow Management section that execute arbitrary JavaScript code on the client side, e.g., to steal the administrator's PHP session token (PHPSESSID). | |||||
| CVE-2022-40489 | 1 Thinkcmf | 1 Thinkcmf | 2025-04-24 | N/A | 8.8 HIGH |
| ThinkCMF version 6.0.7 is affected by a Cross Site Request Forgery (CSRF) vulnerability that allows a Super Administrator user to be injected into administrative users. | |||||
| CVE-2022-3713 | 1 Sophos | 2 Xg Firewall, Xg Firewall Firmware | 2025-04-24 | N/A | 8.8 HIGH |
| A code injection vulnerability allows adjacent attackers to execute code in the Wifi controller of Sophos Firewall releases older than version 19.5 GA. | |||||