Export limit exceeded: 13657 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (332362 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-44050 | 1 Democritus | 1 D8s-networking | 2025-05-05 | 9.8 Critical |
| The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-json package. The affected version of d8s-htm is 0.1.0. | ||||
| CVE-2022-44049 | 1 Democritus | 1 D8s-python | 2025-05-05 | 9.8 Critical |
| The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-grammars package. The affected version of d8s-htm is 0.1.0. | ||||
| CVE-2022-44048 | 1 Democritus | 1 D8s-urls | 2025-05-05 | 9.8 Critical |
| The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-domains package. The affected version of d8s-htm is 0.1.0. | ||||
| CVE-2022-43359 | 1 Gifdec Project | 1 Gifdec | 2025-05-05 | 7.8 High |
| Gifdec commit 1dcbae19363597314f6623010cc80abad4e47f7c was discovered to contain an out-of-bounds read in the function read_image_data. This vulnerability is triggered when parsing a crafted Gif file. | ||||
| CVE-2022-43352 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2025-05-05 | 7.2 High |
| Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-sms/classes/Master.php?f=delete_quote. | ||||
| CVE-2022-42788 | 1 Apple | 1 Macos | 2025-05-05 | 5.5 Medium |
| A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in macOS Ventura 13. A malicious application may be able to read sensitive location information. | ||||
| CVE-2022-25918 | 1 Shescape Project | 1 Shescape | 2025-05-05 | 5.3 Medium |
| The package shescape from 1.5.10 and before 1.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the escape function in index.js, due to the usage of insecure regex in the escapeArgBash function. | ||||
| CVE-2019-8062 | 1 Adobe | 1 After Effects | 2025-05-05 | 7.8 High |
| Adobe After Effects versions 16 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbitrary code execution. | ||||
| CVE-2018-9866 | 1 Sonicwall | 1 Global Management System | 2025-05-05 | 9.8 Critical |
| A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System (GMS) virtual appliance's, allow remote user to execute arbitrary code. This vulnerability affected GMS version 8.1 and earlier. | ||||
| CVE-2017-6511 | 1 Finecms Project | 1 Finecms | 2025-05-05 | 6.1 Medium |
| andrzuk/FineCMS before 2017-03-06 is vulnerable to a reflected XSS in index.php because of missing validation of the action parameter in application/classes/application.php. | ||||
| CVE-2022-40183 | 1 Bosch | 2 Videojet Multi 4000, Videojet Multi 4000 Firmware | 2025-05-05 | 5.8 Medium |
| An error in the URL handler of the VIDEOJET multi 4000 may lead to a reflected cross site scripting (XSS) in the web-based interface. An attacker with knowledge of the encoder address can send a crafted link to a user, which will execute JavaScript code in the context of the user. | ||||
| CVE-2024-0779 | 1 Mediabetaprojects | 1 Enjoy Social Feed | 2025-05-05 | 8.8 High |
| The Enjoy Social Feed plugin for WordPress website WordPress plugin through 6.2.2 does not have authorisation and CSRF in various function hooked to admin_init, allowing unauthenticated users to call them and unlink arbitrary users Instagram Account for example | ||||
| CVE-2024-0858 | 1 Theinnovs | 1 Innovs Hr | 2025-05-05 | 8.8 High |
| The Innovs HR WordPress plugin through 1.0.3.4 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding them as employees. | ||||
| CVE-2022-3059 | 1 Schoolbox | 1 Schoolbox | 2025-05-05 | 8.6 High |
| The application was vulnerable to multiple instances of SQL injection (authenticated and unauthenticated) through a vulnerable parameter. Due to the stacked query support, complex SQL commands could be crafted and injected into the vulnerable parameter and using a sleep based inferential SQL injection it was possible to extract data from the database. | ||||
| CVE-2024-0973 | 1 Patelmilap | 1 Widget For Social Page Feeds | 2025-05-05 | 6.1 Medium |
| The Widget for Social Page Feeds WordPress plugin before 6.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2024-1401 | 1 Awplife | 1 Profile Box Shortcode And Widget | 2025-05-05 | 4.8 Medium |
| The Profile Box Shortcode And Widget WordPress plugin before 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2021-34643 | 1 Skaut-bazar Project | 1 Skaut-bazar | 2025-05-05 | 6.1 Medium |
| The Skaut bazar WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/skaut-bazar.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.3.2. | ||||
| CVE-2023-7246 | 1 Bowo | 1 System Dashboard | 2025-05-05 | 5.4 Medium |
| The System Dashboard WordPress plugin before 2.8.10 does not sanitize and escape some parameters, which could allow administrators in multisite WordPress configurations to perform Cross-Site Scripting attacks | ||||
| CVE-2021-34644 | 1 Multiplayer-plugin Project | 1 Multiplayer-plugin | 2025-05-05 | 6.1 Medium |
| The Multiplayer Games WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/multiplayergames.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.7. | ||||
| CVE-2021-34642 | 1 Followistic | 1 Smart Email Alerts | 2025-05-05 | 6.1 Medium |
| The Smart Email Alerts WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the api_key in the ~/views/settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.10. | ||||