Export limit exceeded: 338929 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (338929 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-30480 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 3.7 Low |
| Authentication Bypass by Spoofing vulnerability in Pippin Williamson CGC Maintenance Mode allows Functionality Bypass.This issue affects CGC Maintenance Mode: from n/a through 1.2. | ||||
| CVE-2024-37158 | 1 Evmos | 1 Evmos | 2025-07-12 | 3.5 Low |
| Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. Preliminary checks on actions computed by the clawback vesting accounts are performed in the ante handler. Evmos core, implements two different ante handlers: one for Cosmos transactions and one for Ethereum transactions. Checks performed on the two implementation are different. The vulnerability discovered allowed a clawback account to bypass Cosmos ante handler checks by sending an Ethereum transaction targeting a precompile used to interact with a Cosmos SDK module. This vulnerability is fixed in 18.0.0. | ||||
| CVE-2024-2579 | 2 Data443, Wordpress | 2 Tracking Code Manager, Wordpress | 2025-07-12 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Data443 Tracking Code Manager.This issue affects Tracking Code Manager: from n/a through 2.0.16. | ||||
| CVE-2024-33522 | 1 Tigera | 3 Calico, Calico Cloud, Calico Enterprise | 2025-07-12 | 6.7 Medium |
| In vulnerable versions of Calico (v3.27.2 and below), Calico Enterprise (v3.19.0-1, v3.18.1, v3.17.3 and below), and Calico Cloud (v19.2.0 and below), an attacker who has local access to the Kubernetes node, can escalate their privileges by exploiting a vulnerability in the Calico CNI install binary. The issue arises from an incorrect SUID (Set User ID) bit configuration in the binary, combined with the ability to control the input binary, allowing an attacker to execute an arbitrary binary with elevated privileges. | ||||
| CVE-2022-45157 | 1 Rancher | 1 Rancher | 2025-07-12 | 9.1 Critical |
| A vulnerability has been identified in the way that Rancher stores vSphere's CPI (Cloud Provider Interface) and CSI (Container Storage Interface) credentials used to deploy clusters through the vSphere cloud provider. This issue leads to the vSphere CPI and CSI passwords being stored in a plaintext object inside Rancher. This vulnerability is only applicable to users that deploy clusters in vSphere environments. | ||||
| CVE-2024-13856 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.4 Medium |
| The Your Friendly Drag and Drop Page Builder — Make Builder plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.1.10 via the make_builder_ajax_subscribe() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | ||||
| CVE-2023-26526 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.7 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Nota-Info Bookly allows Path Traversal, Manipulating Web Input to File System Calls.This issue affects Bookly: from n/a through 21.7.1. | ||||
| CVE-2024-34375 | 2 Wordpress, Wppool | 2 Wordpress, Sheets To Wp Table Live Sync | 2025-07-12 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPPOOL Sheets To WP Table Live Sync allows Stored XSS.This issue affects Sheets To WP Table Live Sync: from n/a through 3.7.0. | ||||
| CVE-2024-12408 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.1 Medium |
| The WP on AWS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_POST data in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2024-34378 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 8.6 High |
| Missing Authorization vulnerability in LeadConnector.This issue affects LeadConnector: from n/a through 1.7. | ||||
| CVE-2025-46535 | 2 Alphaefficiencyteam, Wordpress | 2 Custom Login And Registration, Wordpress | 2025-07-12 | 5.4 Medium |
| Missing Authorization vulnerability in AlphaEfficiencyTeam Custom Login and Registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom Login and Registration: from n/a through 1.0.0. | ||||
| CVE-2022-49259 | 1 Linux | 1 Linux Kernel | 2025-07-12 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: block: don't delete queue kobject before its children kobjects aren't supposed to be deleted before their child kobjects are deleted. Apparently this is usually benign; however, a WARN will be triggered if one of the child kobjects has a named attribute group: sysfs group 'modes' not found for kobject 'crypto' WARNING: CPU: 0 PID: 1 at fs/sysfs/group.c:278 sysfs_remove_group+0x72/0x80 ... Call Trace: sysfs_remove_groups+0x29/0x40 fs/sysfs/group.c:312 __kobject_del+0x20/0x80 lib/kobject.c:611 kobject_cleanup+0xa4/0x140 lib/kobject.c:696 kobject_release lib/kobject.c:736 [inline] kref_put include/linux/kref.h:65 [inline] kobject_put+0x53/0x70 lib/kobject.c:753 blk_crypto_sysfs_unregister+0x10/0x20 block/blk-crypto-sysfs.c:159 blk_unregister_queue+0xb0/0x110 block/blk-sysfs.c:962 del_gendisk+0x117/0x250 block/genhd.c:610 Fix this by moving the kobject_del() and the corresponding kobject_uevent() to the correct place. | ||||
| CVE-2024-12816 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.4 Medium |
| The NOTICE BOARD BY TOWKIR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'notice-board' shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2023-40608 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 8.2 High |
| Missing Authorization vulnerability in Paid Memberships Pro Paid Memberships Pro CCBill Gateway.This issue affects Paid Memberships Pro CCBill Gateway: from n/a through 0.3. | ||||
| CVE-2024-56690 | 1 Linux | 1 Linux Kernel | 2025-07-12 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY Since commit 8f4f68e788c3 ("crypto: pcrypt - Fix hungtask for PADATA_RESET"), the pcrypt encryption and decryption operations return -EAGAIN when the CPU goes online or offline. In alg_test(), a WARN is generated when pcrypt_aead_decrypt() or pcrypt_aead_encrypt() returns -EAGAIN, the unnecessary panic will occur when panic_on_warn set 1. Fix this issue by calling crypto layer directly without parallelization in that case. | ||||
| CVE-2024-33919 | 1 Rometheme | 1 Romethemekit For Elementor | 2025-07-12 | 6.5 Medium |
| Missing Authorization vulnerability in Rometheme RomethemeKit For Elementor.This issue affects RomethemeKit For Elementor: from n/a through 1.4.1. | ||||
| CVE-2023-27440 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.2 High |
| Unrestricted Upload of File with Dangerous Type vulnerability in OnTheGoSystems Types.This issue affects Types: from n/a through 3.4.17. | ||||
| CVE-2024-5824 | 1 Parisneo | 1 Lollms | 2025-07-12 | N/A |
| A path traversal vulnerability in the `/set_personality_config` endpoint of parisneo/lollms version 9.4.0 allows an attacker to overwrite the `configs/config.yaml` file. This can lead to remote code execution by changing server configuration properties such as `force_accept_remote_access` and `turn_on_code_validation`. | ||||
| CVE-2024-41673 | 1 Decidim | 1 Decidim | 2025-07-12 | 7.1 High |
| Decidim is a participatory democracy framework. The version control feature used in resources is subject to potential XSS attack through a malformed URL. This vulnerability is fixed in 0.27.8. | ||||
| CVE-2024-41086 | 1 Linux | 1 Linux Kernel | 2025-07-12 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: bcachefs: Fix sb_field_downgrade validation - bch2_sb_downgrade_validate() wasn't checking for a downgrade entry extending past the end of the superblock section - for_each_downgrade_entry() is used in to_text() and needs to work on malformed input; it also was missing a check for a field extending past the end of the section | ||||