Export limit exceeded: 336203 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (336204 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-26998 | 1 Netscout | 1 Ngeniusone | 2025-06-03 | 5.4 Medium |
| Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code via the creator parameter of the Alert Configuration page. | ||||
| CVE-2022-48504 | 1 Apple | 1 Macos | 2025-06-03 | 5.5 Medium |
| The issue was addressed with improved handling of caches. This issue is fixed in macOS Ventura 13. An app may be able to access user-sensitive data. | ||||
| CVE-2022-3328 | 1 Canonical | 2 Snapd, Ubuntu Linux | 2025-06-03 | 7.8 High |
| Race condition in snap-confine's must_mkdir_and_open_with_perms() | ||||
| CVE-2022-39009 | 1 Huawei | 2 Emui, Harmonyos | 2025-06-03 | 9.8 Critical |
| The WLAN module has a vulnerability in permission verification. Successful exploitation of this vulnerability may cause third-party apps to affect WLAN functions. | ||||
| CVE-2020-26627 | 1 Phpgurukul | 1 Hospital Management System | 2025-06-03 | 4.9 Medium |
| A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a crafted payload entered into the 'Admin Remark' parameter under the 'Contact Us Queries -> Unread Query' tab. | ||||
| CVE-2020-26623 | 1 Gilacms | 1 Gila Cms | 2025-06-03 | 3.8 Low |
| SQL Injection vulnerability discovered in Gila CMS 1.15.4 and earlier allows a remote attacker to execute arbitrary web scripts via the Area parameter under the Administration>Widget tab after the login portal. | ||||
| CVE-2018-25095 | 1 Snapcreek | 1 Duplicator | 2025-06-03 | 9.8 Critical |
| The Duplicator WordPress plugin before 1.3.0 does not properly escape values when its installer script replaces values in WordPress configuration files. If this installer script is left on the site after use, it could be use to run arbitrary code on the server. | ||||
| CVE-2024-22776 | 2 Ellite, Wallosapp | 2 Wallos, Wallos | 2025-06-03 | 4.7 Medium |
| Wallos 0.9 is vulnerable to Cross Site Scripting (XSS) in all text-based input fields without proper validation, excluding those requiring specific formats like date fields. | ||||
| CVE-2024-29320 | 2 Ellite, Wallosapp | 2 Wallos, Wallos | 2025-06-03 | 8.1 High |
| Wallos before 1.15.3 is vulnerable to SQL Injection via the category and payment parameters to /subscriptions/get.php. | ||||
| CVE-2024-55371 | 1 Wallosapp | 1 Wallos | 2025-06-03 | 9.8 Critical |
| Wallos <= 2.38.2 has a file upload vulnerability in the restore backup function, which allows authenticated users to restore backups by uploading a ZIP file. The contents of the ZIP file are extracted on the server. This functionality enables an authenticated attacker (being an administrator is not required) to upload malicious files to the server. Once a web shell is installed, the attacker gains the ability to execute arbitrary commands. | ||||
| CVE-2024-55372 | 1 Wallosapp | 1 Wallos | 2025-06-03 | 9.8 Critical |
| Wallos <=2.38.2 has a file upload vulnerability in the restore database function, which allows unauthenticated users to restore database by uploading a ZIP file. The contents of the ZIP file are extracted on the server. This functionality enables an unauthenticated attacker to upload malicious files to the server. Once a web shell is installed, the attacker gains the ability to execute arbitrary commands. | ||||
| CVE-2024-51508 | 1 Tiki | 1 Tiki | 2025-06-03 | 4.8 Medium |
| Tiki through 27.0 allows users who have certain permissions to insert a "Create/Edit External Wiki" stored XSS payload in the Index. | ||||
| CVE-2024-51509 | 1 Tiki | 1 Tiki | 2025-06-03 | 4.8 Medium |
| Tiki through 27.0 allows users who have certain permissions to insert a "Modules" (aka tiki-admin_modules.php) stored XSS payload in the Name. | ||||
| CVE-2024-51507 | 1 Tiki | 1 Tiki | 2025-06-03 | 4.8 Medium |
| Tiki through 27.0 allows users who have certain permissions to insert a "Create/Edit External Wiki" stored XSS payload in the Name. | ||||
| CVE-2024-0181 | 1 Nia | 1 Rrj Nueva Ecija Engineer Online Portal | 2025-06-03 | 2.4 Low |
| A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/admin_user.php of the component Admin Panel. The manipulation of the argument Firstname/Lastname/Username leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249433 was assigned to this vulnerability. | ||||
| CVE-2024-0182 | 1 Janobe | 1 Engineers Online Portal | 2025-06-03 | 7.3 High |
| A vulnerability was found in SourceCodester Engineers Online Portal 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/ of the component Admin Login. The manipulation of the argument username/password leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-249440. | ||||
| CVE-2024-51506 | 1 Tiki | 1 Tiki | 2025-06-03 | 4.8 Medium |
| Tiki through 27.0 allows users who have certain permissions to insert a "Create a Wiki Pages" stored XSS payload in the description. | ||||
| CVE-2024-0186 | 1 Huiran Host Reseller System Project | 1 Huiran Host Reseller System | 2025-06-03 | 3.7 Low |
| A vulnerability classified as problematic has been found in HuiRan Host Reseller System up to 2.0.0. Affected is an unknown function of the file /user/index/findpass?do=4 of the component HTTP POST Request Handler. The manipulation leads to weak password recovery. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249444. | ||||
| CVE-2023-33014 | 1 Qualcomm | 74 Ar8035, Ar8035 Firmware, Fastconnect 6700 and 71 more | 2025-06-03 | 7.6 High |
| Information disclosure in Core services while processing a Diag command. | ||||
| CVE-2023-33030 | 1 Qualcomm | 596 315 5g Iot Modem, 315 5g Iot Modem Firmware, 9205 Lte Modem and 593 more | 2025-06-03 | 9.3 Critical |
| Memory corruption in HLOS while running playready use-case. | ||||