Export limit exceeded: 16563 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 335240 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (335240 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-38952 | 1 Zkteco | 1 Biotime | 2025-05-27 | 7.5 High |
| Insecure access control in ZKTeco BioTime through 9.0.1 allows authenticated attackers to escalate their privileges due to the fact that session ids are not validated for the type of user accessing the application by default. Privilege restrictions between non-admin and admin users are not enforced and any authenticated user can leverage admin functions without restriction by making direct requests to administrative endpoints. | ||||
| CVE-2023-38951 | 1 Zkteco | 1 Biotime | 2025-05-27 | 9.8 Critical |
| ZKTeco BioTime 8.5.5 through 9.x before 9.0.1 (20240617.19506) allows authenticated attackers to create or overwrite arbitrary files on the server via crafted requests to /base/sftpsetting/ endpoints that abuse a path traversal issue in the Username field and a lack of input sanitization on the SSH Key field. Overwriting specific files may lead to arbitrary code execution as NT AUTHORITY\SYSTEM. | ||||
| CVE-2022-32843 | 1 Apple | 2 Mac Os X, Macos | 2025-05-27 | 7.1 High |
| An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted Postscript file may result in unexpected app termination or disclosure of process memory. | ||||
| CVE-2022-32832 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2025-05-27 | 6.7 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app with root privileges may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2022-32807 | 1 Apple | 2 Mac Os X, Macos | 2025-05-27 | 7.1 High |
| This issue was addressed with improved file handling. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to overwrite arbitrary files. | ||||
| CVE-2022-28979 | 1 Liferay | 3 Digital Experience Platform, Dxp, Liferay Portal | 2025-05-27 | 6.1 Medium |
| Liferay Portal v7.1.0 through v7.4.2 and Liferay DXP 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 was discovered to contain a cross-site scripting (XSS) vulnerability in the Portal Search module's Custom Facet widget. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Parameter Name text field. | ||||
| CVE-2022-28802 | 1 Zapier | 1 Code By Zapier | 2025-05-27 | 8.8 High |
| Code by Zapier before 2022-08-17 allowed intra-account privilege escalation that included execution of Python or JavaScript code. In other words, Code by Zapier was providing a customer-controlled general-purpose virtual machine that unintentionally granted full access to all users of a company's account, but was supposed to enforce role-based access control within that company's account. Before 2022-08-17, a customer could have resolved this by (in effect) using a separate virtual machine for an application that held credentials - or other secrets - that weren't supposed to be shared among all of its employees. (Multiple accounts would have been needed to operate these independent virtual machines.) | ||||
| CVE-2022-28722 | 1 Hp | 198 A7w93a, A7w93a Firmware, D3q15a and 195 more | 2025-05-27 | 9.8 Critical |
| Certain HP Print Products are potentially vulnerable to Buffer Overflow. | ||||
| CVE-2022-28721 | 1 Hp | 600 1g5m0a, 1g5m0a Firmware, 1k7k6a and 597 more | 2025-05-27 | 9.8 Critical |
| Certain HP Print Products are potentially vulnerable to Remote Code Execution. | ||||
| CVE-2023-7229 | 1 Evanliewer | 1 Illi Link Party\! | 2025-05-27 | 5.5 Medium |
| The illi Link Party! WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. | ||||
| CVE-2023-7230 | 1 Evanliewer | 1 Illi Link Party\! | 2025-05-27 | 6.1 Medium |
| The illi Link Party! WordPress plugin through 1.0 does not sanitize and escape some parameters, which could allow users with a role as low as admin to perform Cross-Site Scripting attacks. | ||||
| CVE-2024-6718 | 1 Freebiesdownload | 1 Pvn Auth Popup | 2025-05-27 | 5.4 Medium |
| The PVN Auth Popup WordPress plugin through 1.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2024-8090 | 1 Justintadlock | 1 Javascript-logic | 2025-05-27 | 6.1 Medium |
| The JavaScript Logic WordPress plugin through 0.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | ||||
| CVE-2024-8094 | 1 Ionutstaicu | 1 Ntz Atispam | 2025-05-27 | 6.5 Medium |
| The Ntz Antispam WordPress plugin through 2.0e does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | ||||
| CVE-2024-8095 | 1 Ryanchristenson | 1 Babeiz | 2025-05-27 | 6.1 Medium |
| The BabelZ WordPress plugin through 1.1.5 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | ||||
| CVE-2024-8187 | 1 Shapedplugin | 1 Smart Post Show | 2025-05-27 | 4.8 Medium |
| The Smart Post Show WordPress plugin before 3.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-8426 | 1 Pagelayer | 1 Pagelayer | 2025-05-27 | 4.8 Medium |
| The Page Builder: Pagelayer WordPress plugin before 1.8.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | ||||
| CVE-2024-8618 | 1 Pagelayer | 1 Pagelayer | 2025-05-27 | 4.8 Medium |
| The Page Builder: Pagelayer WordPress plugin before 1.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2025-4717 | 1 Phpgurukul | 1 Company Visitor Management System | 2025-05-27 | 7.3 High |
| A vulnerability, which was classified as critical, was found in PHPGurukul Company Visitor Management System 2.0. Affected is an unknown function of the file /visitors-form.php. The manipulation of the argument fullname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-4725 | 1 Angeljudesuarez | 1 Placement Management System | 2025-05-27 | 7.3 High |
| A vulnerability, which was classified as critical, was found in itsourcecode Placement Management System 1.0. This affects an unknown part of the file /view_drive.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||