Export limit exceeded: 335838 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 335838 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (335838 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-4924 | 1 Heateor | 1 Sassy Social Share | 2025-05-30 | 6.1 Medium |
| The Social Sharing Plugin WordPress plugin before 3.3.63 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2023-31728 | 1 Teltonika-networks | 2 Rut240, Rut240 Firmware | 2025-05-30 | 7 High |
| Teltonika RUT240 devices with firmware before 07.04.2, when bridge mode is used, sometimes make SSH and HTTP services available on the IPv6 WAN interface even though the UI shows that they are only available on the LAN interface. | ||||
| CVE-2025-48252 | 1 Wpfactory | 1 Back Button Widget | 2025-05-30 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Back Button Widget allows Stored XSS. This issue affects Back Button Widget: from n/a through 1.6.8. | ||||
| CVE-2025-48144 | 1 Sidngr | 1 Import Export For Woocommerce | 2025-05-30 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in sidngr Import Export For WooCommerce allows Stored XSS. This issue affects Import Export For WooCommerce: from n/a through 1.6.2. | ||||
| CVE-2025-48138 | 1 Bertha | 1 Bertha Ai | 2025-05-30 | 4.3 Medium |
| Missing Authorization vulnerability in berthaai BERTHA AI allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects BERTHA AI: from n/a through 1.12.11. | ||||
| CVE-2024-23985 | 1 Ezhometech | 1 Ezserver | 2025-05-30 | 7.5 High |
| EzServer 6.4.017 allows a denial of service (daemon crash) via a long string, such as one for the RNTO command. | ||||
| CVE-2024-23902 | 1 Jenkins | 1 Github Branch Source | 2025-05-30 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier allows attackers to connect to an attacker-specified URL. | ||||
| CVE-2024-23901 | 1 Jenkins | 1 Github Branch Source | 2025-05-30 | 6.5 Medium |
| Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier unconditionally discovers projects that are shared with the configured owner group, allowing attackers to configure and share a project, resulting in a crafted Pipeline being built by Jenkins during the next scan of the group. | ||||
| CVE-2024-23848 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Eus | 2025-05-30 | 5.5 Medium |
| In the Linux kernel through 6.7.1, there is a use-after-free in cec_queue_msg_fh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c. | ||||
| CVE-2024-23771 | 1 Unix4lyfe | 1 Darkhttpd | 2025-05-30 | 9.8 Critical |
| darkhttpd before 1.15 uses strcmp (which is not constant time) to verify authentication, which makes it easier for remote attackers to bypass authentication via a timing side channel. | ||||
| CVE-2024-23770 | 1 Unix4lyfe | 1 Darkhttpd | 2025-05-30 | 5.5 Medium |
| darkhttpd through 1.15 allows local users to discover credentials (for --auth) by listing processes and their arguments. | ||||
| CVE-2024-23768 | 1 Dremio | 1 Dremio | 2025-05-30 | 8.8 High |
| Dremio before 24.3.1 allows path traversal. An authenticated user who has no privileges on certain folders (and the files and datasets in these folders) can access these folders, files, and datasets. To be successful, the user must have access to the source and at least one folder in the source. Affected versions are: 24.0.0 through 24.3.0, 23.0.0 through 23.2.3, and 22.0.0 through 22.2.2. Fixed versions are: 24.3.1 and later, 23.2.4 and later, and 22.2.3 and later. | ||||
| CVE-2024-23752 | 1 Gabrieleventuri | 1 Pandasai | 2025-05-30 | 9.8 Critical |
| GenerateSDFPipeline in synthetic_dataframe in PandasAI (aka pandas-ai) through 1.5.17 allows attackers to trigger the generation of arbitrary Python code that is executed by SDFCodeExecutor. An attacker can create a dataframe that provides an English language specification of this Python code. NOTE: the vendor previously attempted to restrict code execution in response to a separate issue, CVE-2023-39660. | ||||
| CVE-2024-23730 | 1 Llamahub | 1 Llamahub | 2025-05-30 | 9.8 Critical |
| The OpenAPI and ChatGPT plugin loaders in LlamaHub (aka llama-hub) before 0.0.67 allow attackers to execute arbitrary code because safe_load is not used for YAML. | ||||
| CVE-2024-23726 | 1 Ubeeinteractive | 2 Ddw365, Ddw365 Firmware | 2025-05-30 | 8.8 High |
| Ubee DDW365 XCNDDW365 devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. A remote attacker (in proximity to a Wi-Fi network) can derive the default WPA2-PSK value by observing a beacon frame. A PSK is generated by using the first six characters of the SSID and the last six of the BSSID, decrementing the last digit. | ||||
| CVE-2024-23725 | 1 Ghost | 1 Ghost | 2025-05-30 | 6.1 Medium |
| Ghost before 5.76.0 allows XSS via a post excerpt in excerpt.js. An XSS payload can be rendered in post summaries. | ||||
| CVE-2024-23689 | 1 Clickhouse | 1 Java Libraries | 2025-05-30 | 8.8 High |
| Exposure of sensitive information in exceptions in ClichHouse's clickhouse-r2dbc, com.clickhouse:clickhouse-jdbc, and com.clickhouse:clickhouse-client versions less than 0.4.6 allows unauthorized users to gain access to client certificate passwords via client exception logs. This occurs when 'sslkey' is specified and an exception, such as a ClickHouseException or SQLException, is thrown during database operations; the certificate password is then included in the logged exception message. | ||||
| CVE-2024-23685 | 1 Openlibraryfoundation | 1 Mod-remote-storage | 2025-05-30 | 5.3 Medium |
| Hard-coded credentials in mod-remote-storage versions under 1.7.2 and from 2.0.0 to 2.0.3 allows unauthorized users to gain read access to mod-inventory-storage records including instances, holdings, items, contributor-types, and identifier-types. | ||||
| CVE-2024-23679 | 1 Enonic | 1 Xp | 2025-05-30 | 9.8 Critical |
| Enonic XP versions less than 7.7.4 are vulnerable to a session fixation issue. An remote and unauthenticated attacker can use prior sessions due to the lack of invalidating session attributes. | ||||
| CVE-2024-23387 | 1 Fusionpbx | 1 Fusionpbx | 2025-05-30 | 4.8 Medium |
| FusionPBX prior to 5.1.0 contains a cross-site scripting vulnerability. If this vulnerability is exploited by a remote authenticated attacker with an administrative privilege, an arbitrary script may be executed on the web browser of the user who is logging in to the product. | ||||