Search
Search Results (332369 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-50837 | 2 Kashipara, Lopalopa | 2 E Learning Management System Project, E-learning Management System | 2025-05-06 | 5.4 Medium |
| A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/admin_user.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the firstname and username parameters. | ||||
| CVE-2024-50838 | 2 Kashipara, Lopalopa | 2 E Learning Management System Project, E-learning Management System | 2025-05-06 | 5.4 Medium |
| A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/department.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the d and pi parameters. | ||||
| CVE-2024-23527 | 1 Ivanti | 1 Avalanche | 2025-05-06 | 7.5 High |
| An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory. | ||||
| CVE-2024-2328 | 2 Devowl, Wordpress | 2 Real Media Library, Real Media Library | 2025-05-06 | 6.4 Medium |
| The Real Media Library: Media Library Folder & File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image title and alt text in all versions up to, and including, 4.22.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author access and higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2018-1359 | 2025-05-06 | N/A | ||
| Not used | ||||
| CVE-2024-22778 | 1 Hackmd | 1 Codimd | 2025-05-06 | 7.5 High |
| HackMD CodiMD <2.5.2 is vulnerable to Denial of Service. | ||||
| CVE-2025-47303 | 2025-05-06 | N/A | ||
| Not used | ||||
| CVE-2025-47302 | 2025-05-06 | N/A | ||
| Not used | ||||
| CVE-2025-47301 | 2025-05-06 | N/A | ||
| Not used | ||||
| CVE-2025-47300 | 2025-05-06 | N/A | ||
| Not used | ||||
| CVE-2025-47299 | 2025-05-06 | N/A | ||
| Not used | ||||
| CVE-2025-47298 | 2025-05-06 | N/A | ||
| Not used | ||||
| CVE-2025-47297 | 2025-05-06 | N/A | ||
| Not used | ||||
| CVE-2025-47296 | 2025-05-06 | N/A | ||
| Not used | ||||
| CVE-2023-46716 | 2025-05-06 | N/A | ||
| Not used | ||||
| CVE-2022-34662 | 1 Apache | 1 Dolphinscheduler | 2025-05-06 | 6.5 Medium |
| When users add resources to the resource center with a relation path will cause path traversal issues and only for logged-in users. You could upgrade to version 3.0.0 or higher | ||||
| CVE-2022-32924 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-05-06 | 7.8 High |
| The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1, macOS Big Sur 11.7, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6. An app may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2022-32923 | 2 Apple, Redhat | 8 Ipados, Iphone Os, Macos and 5 more | 2025-05-06 | 6.5 Medium |
| A correctness issue in the JIT was addressed with improved checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may disclose internal states of the app. | ||||
| CVE-2022-32903 | 1 Apple | 3 Iphone Os, Tvos, Watchos | 2025-05-06 | 7.8 High |
| A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 16, iOS 16, watchOS 9. An app may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2022-32895 | 1 Apple | 1 Macos | 2025-05-06 | 4.7 Medium |
| A race condition was addressed with improved state handling. This issue is fixed in macOS Ventura 13. An app may be able to modify protected parts of the file system. | ||||