Export limit exceeded: 336584 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (336584 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-40745 | 1 Convert Forms Project | 1 Convert Forms | 2025-06-04 | 5.4 Medium |
| Reflected Cross site scripting vulnerability in Convert Forms component for Joomla in versions before 4.4.8. | ||||
| CVE-2024-40747 | 1 Joomla | 1 Joomla\! | 2025-06-04 | 6.1 Medium |
| Various module chromes didn't properly process inputs, leading to XSS vectors. | ||||
| CVE-2024-40748 | 1 Joomla | 1 Joomla\! | 2025-06-04 | 7.5 High |
| Lack of output escaping in the id attribute of menu lists. | ||||
| CVE-2024-40749 | 1 Joomla | 1 Joomla\! | 2025-06-04 | 7.5 High |
| Improper Access Controls allows access to protected views. | ||||
| CVE-2025-22204 | 1 Regularlabs | 1 Sourcerer | 2025-06-04 | 9.8 Critical |
| Improper control of generation of code in the sourcerer extension for Joomla in versions before 11.0.0 lead to a remote code execution vulnerability. | ||||
| CVE-2025-22205 | 1 Admiror-design-studio | 1 Admiror Gallery | 2025-06-04 | 7.5 High |
| Improper handling of input variables lead to multiple path traversal vulnerabilities in the Admiror Gallery extension for Joomla in version branch 4.x. | ||||
| CVE-2025-22206 | 1 Joomsky | 1 Js Jobs | 2025-06-04 | 4.7 Medium |
| A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.2 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the 'fieldfor' parameter in the GDPR Field feature. | ||||
| CVE-2025-22208 | 1 Joomsky | 1 Js Jobs | 2025-06-04 | 4.7 Medium |
| A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the 'filter_email' parameter in the GDPR Erase Data Request search feature. | ||||
| CVE-2025-22209 | 1 Joomsky | 1 Js Jobs | 2025-06-04 | 4.7 Medium |
| A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the 'searchpaymentstatus' parameter in the Employer Payment History search feature. | ||||
| CVE-2025-22210 | 1 Hikashop | 1 Hikashop | 2025-06-04 | 7.2 High |
| A SQL injection vulnerability in the Hikashop component versions 3.3.0-5.1.4 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the category management area in backend. | ||||
| CVE-2025-25226 | 1 Joomla | 1 Joomla\! | 2025-06-04 | 9.8 Critical |
| Improper handling of identifiers lead to a SQL injection vulnerability in the quoteNameStr method of the database package. Please note: the affected method is a protected method. It has no usages in the original packages in neither the 2.x nor 3.x branch and therefore the vulnerability in question can not be exploited when using the original database class. However, classes extending the affected class might be affected, if the vulnerable method is used. | ||||
| CVE-2025-25227 | 1 Joomla | 1 Joomla\! | 2025-06-04 | 7.5 High |
| Insufficient state checks lead to a vector that allows to bypass 2FA checks. | ||||
| CVE-2024-10144 | 1 Robosoft | 1 Robo Gallery | 2025-06-04 | 4.8 Medium |
| The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.22 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-10054 | 1 Happyforms | 1 Happyforms | 2025-06-04 | 4.8 Medium |
| The Happyforms WordPress plugin before 1.26.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-10107 | 1 Seedprod | 1 Rafflepress | 2025-06-04 | 4.8 Medium |
| The Giveaways and Contests by RafflePress WordPress plugin before 1.12.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-10145 | 1 Devpups | 1 Social Pug | 2025-06-04 | 4.8 Medium |
| The Hubbub Lite WordPress plugin before 1.34.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-10504 | 1 Reputeinfosystems | 1 Arforms | 2025-06-04 | 5.4 Medium |
| The Contact Form, Survey, Quiz & Popup Form Builder WordPress plugin before 1.7.1 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site Scripting attacks. | ||||
| CVE-2024-11109 | 1 Ljapps | 1 Wp Google Review Slider | 2025-06-04 | 4.8 Medium |
| The WP Google Review Slider WordPress plugin before 15.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2020-27298 | 1 Philips | 5 Coronary Tools, Dynamic Coronary Roadmap, Interventional Workspot and 2 more | 2025-06-04 | 6.5 Medium |
| Philips Interventional Workspot (Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5), Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live (Release 1.0), ViewForum (Release 6.3V1L10). The software constructs all or part of an OS command using externally influenced input from an upstream component but does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when sent to a downstream component. | ||||
| CVE-2020-14506 | 1 Philips | 1 Clinical Collaboration Platform | 2025-06-04 | 3.4 Low |
| Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly. | ||||