Export limit exceeded: 10013 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (333745 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-3690 | 1 Code-atlantic | 1 Popup Maker | 2025-04-29 | 5.5 Medium |
| The Popup Maker WordPress plugin before 1.16.11 does not sanitise and escape some of its Popup options, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks, which could be used against admins | ||||
| CVE-2022-3688 | 1 2code | 1 Wpqa Builder | 2025-04-29 | 8.8 High |
| The WPQA Builder WordPress plugin before 5.9 does not have CSRF check when following and unfollowing users, which could allow attackers to make logged in users perform such actions via CSRF attacks | ||||
| CVE-2022-3634 | 1 Ciphercoin | 1 Contact Form 7 Database Addon | 2025-04-29 | 9.8 Critical |
| The Contact Form 7 Database Addon WordPress plugin before 1.2.6.5 does not validate data when output it back in a CSV file, which could lead to CSV injection | ||||
| CVE-2022-3618 | 1 Clevelandwebdeveloper | 1 Spacer | 2025-04-29 | 4.8 Medium |
| The Spacer WordPress plugin before 3.0.7 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup). | ||||
| CVE-2024-10918 | 1 Libmodbus | 1 Libmodbus | 2025-04-29 | 4.8 Medium |
| Stack-based Buffer Overflow vulnerability in libmodbus v3.1.10 allows to overflow the buffer allocated for the Modbus response if the function tries to reply to a Modbus request with an unexpected length. | ||||
| CVE-2025-25916 | 1 Wuzhicms | 1 Wuzhicms | 2025-04-29 | 5.4 Medium |
| wuzhicms v4.1.0 has a Cross Site Scripting (XSS) vulnerability in del function in \coreframe\app\member\admin\group.php. | ||||
| CVE-2025-1961 | 1 Mayurik | 1 Best Church Management Software | 2025-04-29 | 6.3 Medium |
| A vulnerability has been found in SourceCodester Best Church Management Software 1.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/app/web_crud.php. The manipulation of the argument encryption leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | ||||
| CVE-2024-56195 | 1 Apache | 1 Traffic Server | 2025-04-29 | 6.3 Medium |
| Improper Access Control vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.8, from 10.0.0 through 10.0.3. Users are recommended to upgrade to version 9.2.9 or 10.0.4, which fixes the issue. | ||||
| CVE-2024-56202 | 1 Apache | 1 Traffic Server | 2025-04-29 | 4.3 Medium |
| Expected Behavior Violation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 9.0.0 through 9.2.8, from 10.0.0 through 10.0.3. Users are recommended to upgrade to versions 9.2.9 or 10.0.4 or newer, which fixes the issue. | ||||
| CVE-2024-37407 | 1 Libarchive | 1 Libarchive | 2025-04-29 | 9.1 Critical |
| Libarchive before 3.7.4 allows name out-of-bounds access when a ZIP archive has an empty-name file and mac-ext is enabled. This occurs in slurp_central_directory in archive_read_support_format_zip.c. | ||||
| CVE-2024-38311 | 1 Apache | 1 Traffic Server | 2025-04-29 | 6.3 Medium |
| Improper Input Validation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.11, from 9.0.0 through 9.2.8, from 10.0.0 through 10.0.3. Users are recommended to upgrade to version 9.2.9 or 10.0.4, which fixes the issue. | ||||
| CVE-2025-29209 | 1 Totolink | 2 X18, X18 Firmware | 2025-04-29 | 9.8 Critical |
| TOTOLINK X18 v9.1.0cu.2024_B20220329 has an unauthorized arbitrary command execution in the enable parameter' of the sub_41105C function of cstecgi .cgi. | ||||
| CVE-2025-28137 | 1 Totolink | 2 A810r, A810r Firmware | 2025-04-29 | 9.8 Critical |
| The TOTOLINK A810R V4.1.2cu.5182_B20201026 were found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter. | ||||
| CVE-2025-28136 | 1 Totolink | 2 A800r, A800r Firmware | 2025-04-29 | 6.5 Medium |
| TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in the downloadFile.cgi. | ||||
| CVE-2025-29064 | 1 Totolink | 2 X18, X18 Firmware | 2025-04-29 | 9.8 Critical |
| An issue in TOTOLINK x18 v.9.1.0cu.2024_B20220329 allows a remote attacker to execute arbitrary code via the sub_410E54 function of the cstecgi.cgi. | ||||
| CVE-2025-25524 | 1 Totolink | 2 X6000r, X6000r Firmware | 2025-04-29 | 5.1 Medium |
| Buffer overflow vulnerability in TOTOLink X6000R routers V9.4.0cu.652_B20230116 due to the lack of length verification, which is related to the addition of Wi-Fi filtering rules. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands. | ||||
| CVE-2024-57036 | 1 Totolink | 2 A810r, A810r Firmware | 2025-04-29 | 8.1 High |
| TOTOLINK A810R V4.1.2cu.5032_B20200407 was found to contain a command insertion vulnerability in downloadFile.cgi main function. This vulnerability allows an attacker to execute arbitrary commands by sending HTTP request. | ||||
| CVE-2025-28031 | 1 Totolink | 1 A810r Firmware | 2025-04-29 | 6.5 Medium |
| TOTOLINK A810R V4.1.2cu.5182_B20201026 was discovered to contain a hardcoded password for the telnet service in product.ini. | ||||
| CVE-2025-28030 | 1 Totolink | 2 A810r, A810r Firmware | 2025-04-29 | 8.8 High |
| TOTOLINK A810R V4.1.2cu.5182_B20201026 was discovered to contain a stack overflow via the startTime and endTime parameters in setParentalRules function. | ||||
| CVE-2025-28024 | 1 Totolink | 2 A810r, A810r Firmware | 2025-04-29 | 9.8 Critical |
| TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in the cstecgi.cgi | ||||