Total
291487 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-2345 | 1 Ninjateam | 1 Filebird | 2025-04-23 | N/A | 6.4 MEDIUM |
| The FileBird – WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the folder name parameter in all versions up to, and including, 5.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-33102 | 1 Thinksaas | 1 Thinksaas | 2025-04-23 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the component /pubs/counter.php of ThinkSAAS v3.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the code parameter. | |||||
| CVE-2024-33101 | 1 Thinksaas | 1 Thinksaas | 2025-04-23 | N/A | 6.1 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the component /action/anti.php of ThinkSAAS v3.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the word parameter. | |||||
| CVE-2024-33338 | 1 Jizhicms | 1 Jizhicms | 2025-04-23 | N/A | 7.3 HIGH |
| Cross Site Scripting vulnerability in jizhicms v.2.5.4 allows a remote attacker to obtain sensitive information via a crafted article publication request. | |||||
| CVE-2023-51254 | 1 Jfinalcms Project | 1 Jfinalcms | 2025-04-23 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in Jfinalcms v.5.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the friendship link component. | |||||
| CVE-2024-46410 | 1 Publiccms | 1 Publiccms | 2025-04-23 | N/A | 4.8 MEDIUM |
| PublicCMS V4.0.202406.d was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted script to the Category Managment feature | |||||
| CVE-2024-8488 | 1 Ays-pro | 1 Survey Maker | 2025-04-23 | N/A | 4.4 MEDIUM |
| The Survey Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Survey fields in all versions up to, and including, 4.9.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | |||||
| CVE-2024-45894 | 1 Bluecms Project | 1 Bluecms | 2025-04-23 | N/A | 4.9 MEDIUM |
| BlueCMS 1.6 suffers from Arbitrary File Deletion via the file_name parameter in an /admin/database.php?act=del request. | |||||
| CVE-2024-46078 | 1 Adonesevangelista | 1 Sports Management System | 2025-04-23 | N/A | 7.5 HIGH |
| itsourcecode Sports Management System Project 1.0 is vulnerable to SQL Injection in the function delete_category of the file sports_scheduling/player.php via the argument id. | |||||
| CVE-2024-41290 | 1 Flatpress | 1 Flatpress | 2025-04-23 | N/A | 8.1 HIGH |
| FlatPress CMS v1.3.1 1.3 was discovered to use insecure methods to store authentication data via the cookie's component. | |||||
| CVE-2024-48454 | 1 Oretnom23 | 1 Purchase Order Management System | 2025-04-23 | N/A | 7.2 HIGH |
| An issue in SourceCodester Purchase Order Management System v1.0 allows a remote attacker to execute arbitrary code via the /admin?page=user component | |||||
| CVE-2022-30354 | 1 Ovaledge | 1 Ovaledge | 2025-04-23 | N/A | 7.5 HIGH |
| OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserWithTeam. Authentication is required. The information disclosed is associated with all registered user ID numbers. | |||||
| CVE-2025-3441 | 2025-04-22 | N/A | N/A | ||
| Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | |||||
| CVE-2025-29394 | 2025-04-22 | N/A | 8.1 HIGH | ||
| An insecure permissions vulnerability in verydows v2.0 allows a remote attacker to execute arbitrary code by uploading a file type. | |||||
| CVE-2022-4123 | 2 Fedoraproject, Podman Project | 2 Fedora, Podman | 2025-04-22 | N/A | 3.3 LOW |
| A flaw was found in Buildah. The local path and the lowest subdirectory may be disclosed due to incorrect absolute path traversal, resulting in an impact to confidentiality. | |||||
| CVE-2022-4122 | 2 Fedoraproject, Podman Project | 2 Fedora, Podman | 2025-04-22 | N/A | 5.3 MEDIUM |
| A vulnerability was found in buildah. Incorrect following of symlinks while reading .containerignore and .dockerignore results in information disclosure. | |||||
| CVE-2022-45968 | 1 Alist Project | 1 Alist | 2025-04-22 | N/A | 8.8 HIGH |
| Alist v3.4.0 is vulnerable to File Upload. A user with only file upload permission can upload any file to any folder (even a password protected one). | |||||
| CVE-2022-45910 | 1 Apache | 1 Manifoldcf | 2025-04-22 | N/A | 5.3 MEDIUM |
| Improper neutralization of special elements used in an LDAP query ('LDAP Injection') vulnerability in ActiveDirectory and Sharepoint ActiveDirectory authority connectors of Apache ManifoldCF allows an attacker to manipulate the LDAP search queries (DoS, additional queries, filter manipulation) during user lookup, if the username or the domain string are passed to the UserACLs servlet without validation. This issue affects Apache ManifoldCF version 2.23 and prior versions. | |||||
| CVE-2022-44213 | 1 Zkteco | 1 Automatic Data Master Server | 2025-04-22 | N/A | 4.8 MEDIUM |
| ZKTeco Xiamen Information Technology ZKBio ECO ADMS <=3.1-164 is vulnerable to Cross Site Scripting (XSS). | |||||
| CVE-2022-44031 | 1 Redmine | 1 Redmine | 2025-04-22 | N/A | 6.1 MEDIUM |
| Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization of the blockquote syntax in Textile-formatted fields. | |||||