Export limit exceeded: 16450 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10010 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 333432 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 333432 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 333432 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (333432 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-34875 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2025-04-29 | 3.3 Low |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of ADBC objects. By performing actions in JavaScript, an attacker can trigger a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16981. | ||||
| CVE-2025-46239 | 1 Plugin-planet | 1 Theme Switcha | 2025-04-29 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeff Starr Theme Switcha allows Stored XSS. This issue affects Theme Switcha: from n/a through 3.4. | ||||
| CVE-2025-46240 | 1 Plugin-planet | 1 Simple Download Counter | 2025-04-29 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeff Starr Simple Download Counter allows Stored XSS. This issue affects Simple Download Counter: from n/a through 2.2. | ||||
| CVE-2025-46241 | 1 Codepeople | 1 Appointment Booking Calendar | 2025-04-29 | 8.2 High |
| Cross-Site Request Forgery (CSRF) vulnerability in codepeople Appointment Booking Calendar allows SQL Injection. This issue affects Appointment Booking Calendar: from n/a through 1.3.92. | ||||
| CVE-2025-46242 | 1 Kibokolabs | 1 Watu Quiz | 2025-04-29 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bob Watu Quiz allows SQL Injection. This issue affects Watu Quiz: from n/a through 3.4.3. | ||||
| CVE-2025-46243 | 1 Sktthemes | 1 Recover Abandoned Cart For Woocommerce | 2025-04-29 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in sonalsinha21 Recover abandoned cart for WooCommerce allows Cross Site Request Forgery. This issue affects Recover abandoned cart for WooCommerce: from n/a through 2.2. | ||||
| CVE-2022-40663 | 1 Nikon | 1 Nis-elements Viewer | 2025-04-29 | 7.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF images. Crafted data in a TIF image can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15697. | ||||
| CVE-2025-46244 | 1 Multidots | 1 Advanced Linked Variations For Woocommerce | 2025-04-29 | 5.3 Medium |
| Missing Authorization vulnerability in Dotstore Advanced Linked Variations for Woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced Linked Variations for Woocommerce: from n/a through 1.0.3. | ||||
| CVE-2025-46245 | 1 Cminds | 1 Cm Ad Changer | 2025-04-29 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM Ad Changer allows Cross Site Request Forgery. This issue affects CM Ad Changer: from n/a through 2.0.5. | ||||
| CVE-2025-46246 | 1 Cminds | 1 Cm Answers | 2025-04-29 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM Answers allows Cross Site Request Forgery. This issue affects CM Answers: from n/a through 3.3.3. | ||||
| CVE-2025-46247 | 1 Codepeople | 1 Appointment Booking Calendar | 2025-04-29 | 5.3 Medium |
| Missing Authorization vulnerability in codepeople Appointment Booking Calendar allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Appointment Booking Calendar: from n/a through 1.3.92. | ||||
| CVE-2024-9053 | 1 Vllm-project | 1 Vllm | 2025-04-29 | 9.8 Critical |
| vllm-project vllm version 0.6.0 contains a vulnerability in the AsyncEngineRPCServer() RPC server entrypoints. The core functionality run_server_loop() calls the function _make_handler_coro(), which directly uses cloudpickle.loads() on received messages without any sanitization. This can result in remote code execution by deserializing malicious pickle data. | ||||
| CVE-2024-55279 | 1 Uguu | 1 Uguu | 2025-04-29 | 6 Medium |
| Uguu through 1.8.9 allows Cross Site Scripting (XSS) via JavaScript in XML files. | ||||
| CVE-2022-3895 | 1 Hallowelt | 2 Bluespice, Common User Interface | 2025-04-29 | 4 Medium |
| Some UI elements of the Common User Interface Component are not properly sanitizing output and therefore prone to output arbitrary HTML (XSS). | ||||
| CVE-2024-11503 | 1 Shapedplugin | 1 Wp Tabs | 2025-04-29 | 6.1 Medium |
| The WP Tabs WordPress plugin before 2.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-12109 | 1 Acowebs | 1 Product Labels For Woocommerce \(sale Badges\) | 2025-04-29 | 4.1 Medium |
| The Product Labels For Woocommerce (Sale Badges) WordPress plugin before 1.5.9 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks | ||||
| CVE-2024-12769 | 1 Simple Banner Project | 1 Simple Banner | 2025-04-29 | 3.5 Low |
| The Simple Banner WordPress plugin before 3.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-13863 | 1 Wppluginbox | 1 Stylish Google Sheet Reader | 2025-04-29 | 7.1 High |
| The Stylish Google Sheet Reader 4.0 WordPress plugin before 4.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2024-9770 | 1 Plechevandrey | 1 Wp-recall | 2025-04-29 | 4.7 Medium |
| The WP-Recall WordPress plugin before 16.26.12 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks | ||||
| CVE-2024-9095 | 1 Lunary | 1 Lunary | 2025-04-29 | 9.8 Critical |
| In lunary-ai/lunary version v1.4.28, the /bigquery API route lacks proper access control, allowing any logged-in user to create a Datastream to Google BigQuery and export the entire database. This includes sensitive data such as password hashes and secret API keys. The route is protected by a config check (`config.DATA_WAREHOUSE_EXPORTS_ALLOWED`), but it does not verify the user's access level or implement any access control middleware. This vulnerability can lead to the extraction of sensitive data, disruption of services, credential compromise, and service integrity breaches. | ||||