Total
291487 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-51313 | 1 Phpjabbers | 1 Restaurant Booking System | 2025-04-23 | N/A | 8.8 HIGH |
| PHPJabbers Restaurant Booking System v3.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used to construct CSV file. | |||||
| CVE-2025-29459 | 2025-04-23 | N/A | 7.6 HIGH | ||
| An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Mail function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators and because of SSRF mitigation. | |||||
| CVE-2023-4725 | 1 Sayandatta | 1 Simple Posts Ticker | 2025-04-23 | N/A | 4.8 MEDIUM |
| The Simple Posts Ticker WordPress plugin before 1.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2025-3268 | 1 Qinguoyi | 1 Tinywebserver | 2025-04-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been found in qinguoyi TinyWebServer up to 1.0 and classified as critical. This vulnerability affects unknown code of the file http/http_conn.cpp. The manipulation of the argument m_url_real leads to improper authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-3380 | 1 Pcman | 1 Ftp Server | 2025-04-23 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability, which was classified as critical, has been found in PCMan FTP Server 2.0.7. Affected by this issue is some unknown functionality of the component FEAT Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-46494 | 1 Typecho | 1 Typecho | 2025-04-23 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Typecho v1.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into Name parameter under a comment for an Article. | |||||
| CVE-2024-8176 | 2025-04-23 | N/A | 7.5 HIGH | ||
| A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage. | |||||
| CVE-2024-12133 | 2025-04-23 | N/A | 5.3 MEDIUM | ||
| A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack. | |||||
| CVE-2024-12243 | 2025-04-23 | N/A | 5.3 MEDIUM | ||
| A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition. | |||||
| CVE-2025-46224 | 2025-04-23 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-46223 | 2025-04-23 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-46222 | 2025-04-23 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-46221 | 2025-04-23 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-46220 | 2025-04-23 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-46219 | 2025-04-23 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-46218 | 2025-04-23 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-46217 | 2025-04-23 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-46216 | 2025-04-23 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2024-29392 | 1 Silverpeas | 1 Silverpeas | 2025-04-23 | N/A | 5.4 MEDIUM |
| Silverpeas Core 6.3 is vulnerable to Cross Site Scripting (XSS) via ClipboardSessionController. | |||||
| CVE-2023-40492 | 1 Lg | 1 Simple Editor | 2025-04-23 | N/A | 9.1 CRITICAL |
| LG Simple Editor deleteCheckSession Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the deleteCheckSession method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of SYSTEM. . Was ZDI-CAN-19919. | |||||